Merge pull request #5402 from microsoft/Dev

Release 1.24.1113.1

CHANGELOG.md

@@ -1,5 +1,50 @@
 # Change log for Microsoft365DSC
 
+# UNRELEASED
+
+* AADConditionalAccessPolicy
+  * Fixed bug where an empty value was passed in the request for the
+    insiderRiskLevels parameter, which throws an error.
+    FIXES [#5389](https://github.com/microsoft/Microsoft365DSC/issues/5389)
+  * Fixes a bug where 3P apps could not be assigned by DisplayName for both
+    IncludeApplications and ExcludeApplications
+    FIXES [#5390](https://github.com/microsoft/Microsoft365DSC/issues/5390)
+* AADRoleEligibilityScheduleRequest
+  * FIXES [#3787](https://github.com/microsoft/Microsoft365DSC/issues/3787)
+  * FIXES [#5089](https://github.com/microsoft/Microsoft365DSC/issues/5089)
+* EXOATPBuiltInProtectionRule, EXOEOPProtectionRule
+  * Fixed issue where empty arrays were being compared incorrectly to null
+    strings
+    FIXES [#5394](https://github.com/microsoft/Microsoft365DSC/issues/5394)
+* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy
+  * Update property `PasswordAgeDays_AAD` to be lower-case.
+    FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (1/2)
+* IntuneAntivirusExclusionsPolicyMacOS
+  * Initial release.
+* IntuneAntivirusPolicyWindows10SettingCatalog
+  * Update properties to be upper-case.
+    Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373)
+* IntuneDeviceConfigurationCustomPolicyWindows10
+  * Fixed issue where `Value`, from `OmaSettings`, could not be compared
+    correctly if it was boolean and set to `$False`
+    FIXES [#5384](https://github.com/microsoft/Microsoft365DSC/issues/5384)
+* IntuneEndpointDetectionAndResponsePolicyWindows10
+  * Remove changed property name from export.
+    FIXES [#5300](https://github.com/microsoft/Microsoft365DSC/issues/5300)
+* IntuneSecurityBaselineMicrosoftEdge
+  * Deprecate property `authschemes` and replace with `AuthSchemes_AuthSchemes`
+* M365DSCDRGUtil
+  * Restrict CIM instance access to properties that appear multiple times.
+  * Switch log type for not found Intune assignments to `Warning`.
+* M365DSCIntuneSettingsCatalogUtil
+  * Add ADMX handling for `edge~httpauthentication_`.
+    FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (2/2)
+* TeamsUpgradePolicy
+  * Changes to how we are retrieving the users to improve performance.
+* DEPENDENCIES
+  * Updated DSCParser to version 2.0.0.12.
+  * Updated MSCloudLoginAssistant to version 1.1.28.
+
 # 1.24.1106.3
 
 * AzureBillingAccountScheduledAction
@@ -19,7 +64,6 @@
 * MISC
   * Fixed issues with API Url's parsing.
 
-
 # 1.24.1106.1
 
 * AADAccessReviewDefinition
@@ -116,13 +160,13 @@
 * EXOArcConfig
   * Fixed `Test-TargetResource` to correctly check property `ArcTrustedSealers`
     when it has an array
-* EXOM365DataAtRestEncryptionPolicy
-  * Initial release.
 * EXOMailboxAuditBypassAssociation
   * Initial release.
 * EXOMailboxSettings
   * Added support for AddressBookPolicy, RetentionPolicy, RoleAssignmentPolicy
     and SharingPolicy.
+* EXOMigration
+  * Initial release.
 * EXOServicePrincipal
   * Initial release.
 * EXOTenantAllowBlockListItems

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1

@@ -220,6 +220,7 @@ function Get-TargetResource
         $TransferMethods,
 
         [Parameter()]
+        [ValidateSet('minor', 'moderate', 'elevated', 'unknownFutureValue')]
         [System.String]
         $InsiderRiskLevels,
 
@@ -949,6 +950,7 @@ function Set-TargetResource
         $TransferMethods,
 
         [Parameter()]
+        [ValidateSet('minor', 'moderate', 'elevated', 'unknownFutureValue')]
         [System.String]
         $InsiderRiskLevels,
 
@@ -1029,11 +1031,54 @@ function Set-TargetResource
         Write-Verbose -Message 'Set-Targetresource: create Application Condition object'
         if ($currentParameters.ContainsKey('IncludeApplications'))
         {
-            $conditions.Applications.Add('includeApplications', $IncludeApplications)
+            $IncludeApplicationsValue = @()
+            foreach ($app in $IncludeApplications)
+            {
+                $ObjectGuid = [System.Guid]::empty
+                if ([System.Guid]::TryParse($app, [System.Management.Automation.PSReference]$ObjectGuid))
+                {
+                    $IncludeApplicationsValue += $app
+                }
+                else
+                {
+                    $appInfo = Get-MgApplication -Filter "DisplayName eq '$app'" -ErrorAction SilentlyContinue
+                    if ($null -ne $appInfo)
+                    {
+                        $IncludeApplicationsValue += $appInfo.AppId
+                    }
+                    else
+                    {
+                        $IncludeApplicationsValue += $app
+                    }
+                }
+            }
+
+            $conditions.Applications.Add('includeApplications', $IncludeApplicationsValue)
         }
         if ($currentParameters.ContainsKey('excludeApplications'))
         {
-            $conditions.Applications.Add('excludeApplications', $ExcludeApplications)
+            $ExcludeApplicationsValue = @()
+            foreach ($app in $ExcludeApplications)
+            {
+                $ObjectGuid = [System.Guid]::empty
+                if ([System.Guid]::TryParse($app, [System.Management.Automation.PSReference]$ObjectGuid))
+                {
+                    $ExcludeApplicationsValue += $app
+                }
+                else
+                {
+                    $appInfo = Get-MgApplication -Filter "DisplayName eq '$app'" -ErrorAction SilentlyContinue
+                    if ($null -ne $appInfo)
+                    {
+                        $ExcludeApplicationsValue += $appInfo.AppId
+                    }
+                    else
+                    {
+                        $ExcludeApplicationsValue += $app
+                    }
+                }
+            }
+            $conditions.Applications.Add('excludeApplications', $ExcludeApplicationsValue)
         }
         if ($ApplicationsFilter -and $ApplicationsFilterMode)
         {
@@ -1586,7 +1631,7 @@ function Set-TargetResource
             }
         }
 
-        if ($null -ne $InsiderRiskLevels)
+        if ([String]::IsNullOrEmpty($InsiderRiskLevels) -eq $false)
         {
             $conditions.Add("insiderRiskLevels", $InsiderRiskLevels)
         }
@@ -2059,6 +2104,7 @@ function Test-TargetResource
         $TransferMethods,
 
         [Parameter()]
+        [ValidateSet('minor', 'moderate', 'elevated', 'unknownFutureValue')]
         [System.String]
         $InsiderRiskLevels,
 

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof

@@ -50,7 +50,7 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
     [Write, Description("Name of the associated authentication strength policy.")] String AuthenticationStrength;
     [Write, Description("Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'.")] String TransferMethods;
     [Write, Description("Authentication context class references.")] String AuthenticationContexts[];
-    [Write, Description("Insider risk levels conditions.")] String InsiderRiskLevels;
+    [Write, Description("Insider risk levels conditions."), ValueMap{"minor", "moderate", "elevated", "unknownFutureValue"}, Values{"minor", "moderate", "elevated", "unknownFutureValue"}] String InsiderRiskLevels;
     [Write, Description("Specify if the Azure AD CA Policy should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
     [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
@@ -60,3 +60,4 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
     [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
     [Write, Description("Access token used for authentication.")] String AccessTokens[];
 };
+

Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1

@@ -190,7 +190,7 @@
                         $schedule = $instance
                     }
                 }
-                [Array]$request = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -Filter "PrincipalId eq '$PrincipalId' and RoleDefinitionId eq '$($schedule.RoleDefinitionId)'" | Sort-Object -Property CompletedDateTime -Descending
+                [Array]$request = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -Filter "PrincipalId eq '$PrincipalId'" | Where-Object -FilterScript {$_.RoleDefinitionId -eq $schedule.RoleDefinitionId} | Sort-Object -Property CompletedDateTime -Descending
 `
                 if ($request.Length -gt 1)
                 {

Modules/Microsoft365DSC/DSCResources/MSFT_EXOATPBuiltInProtectionRule/MSFT_EXOATPBuiltInProtectionRule.psm1

@@ -249,6 +249,21 @@ function Test-TargetResource
     Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
     Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)"
 
+    foreach ($key in $ValuesToCheck.Keys)
+    {
+        if ($null -eq $CurrentValues[$key])
+        {
+            switch -regex ($key)
+            {
+                "^ExceptIf\w+$"
+                {
+                    $CurrentValues[$key] = @()
+                    break
+                }
+            }
+        }
+    }
+
     $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
         -Source $($MyInvocation.MyCommand.Source) `
         -DesiredValues $PSBoundParameters `

Modules/Microsoft365DSC/DSCResources/MSFT_EXOEOPProtectionPolicyRule/MSFT_EXOEOPProtectionPolicyRule.psm1

@@ -374,13 +374,26 @@ function Test-TargetResource
     Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
     Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)"
 
-    #Convert any DateTime to String
     foreach ($key in $ValuesToCheck.Keys)
     {
+        # Convert any DateTime to String
         if (($null -ne $CurrentValues[$key]) `
                 -and ($CurrentValues[$key].GetType().Name -eq 'DateTime'))
         {
             $CurrentValues[$key] = $CurrentValues[$key].toString()
+            continue
+        }
+
+        if ($null -eq $CurrentValues[$key])
+        {
+            switch -regex ($key)
+            {
+                "^ExceptIf\w+$|^RecipientDomainIs$|^SentTo(\w+)?$"
+                {
+                    $CurrentValues[$key] = @()
+                    break
+                }
+            }
         }
     }