Merge pull request #5452 from NikCharlebois/Dev

Various Fixes

CHANGELOG.md

@@ -4,6 +4,12 @@
 
 * AAD
   * Added ApplicationSecret auth method to multiple resources
+* EXORecipientPermission
+  * Added logic to update an existing recipient's permissions.
+* EXOEOPProtectionPolicyRule
+  * Added support for AccessTokens.
+* EXOExternalInOutlook
+  * Added support for AccessTokens.
 * IntuneAndroidManagedStoreAppConfiguration
   * Initial release.
 * MISC

Modules/Microsoft365DSC/DSCResources/MSFT_EXOEOPProtectionPolicyRule/MSFT_EXOEOPProtectionPolicyRule.psm1

@@ -71,7 +71,11 @@ function Get-TargetResource
 
         [Parameter()]
         [System.Management.Automation.PSCredential]
-        $ApplicationSecret
+        $ApplicationSecret,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
     New-M365DSCConnection -Workload 'ExchangeOnline' `
@@ -118,6 +122,7 @@ function Get-TargetResource
             TenantId                  = $TenantId
             CertificateThumbprint     = $CertificateThumbprint
             ApplicationSecret         = $ApplicationSecret
+            AccessTokens              = $AccessTokens
         }
         return [System.Collections.Hashtable] $results
     }
@@ -205,7 +210,11 @@ function Set-TargetResource
 
         [Parameter()]
         [System.Management.Automation.PSCredential]
-        $ApplicationSecret
+        $ApplicationSecret,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
     New-M365DSCConnection -Workload 'ExchangeOnline' `
@@ -344,7 +353,11 @@ function Test-TargetResource
 
         [Parameter()]
         [System.Management.Automation.PSCredential]
-        $ApplicationSecret
+        $ApplicationSecret,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
     #Ensure the proper dependencies are installed in the current environment.
@@ -435,7 +448,11 @@ function Export-TargetResource
 
         [Parameter()]
         [Switch]
-        $ManagedIdentity
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
    $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' `
@@ -481,14 +498,14 @@ function Export-TargetResource
             }
             Write-Host "    |---[$i/$($getValue.Count)] $displayedKey" -NoNewline
             $params = @{
-                Identity = $config.Identity
-                Ensure = 'Present'
-                Credential = $Credential
-                ApplicationId = $ApplicationId
-                TenantId = $TenantId
+                Identity              = $config.Identity
+                Ensure                = 'Present'
+                Credential            = $Credential
+                ApplicationId         = $ApplicationId
+                TenantId              = $TenantId
                 CertificateThumbprint = $CertificateThumbprint
-                ApplicationSecret = $ApplicationSecret
-
+                ApplicationSecret     = $ApplicationSecret
+                AccessTokens          = $AccessTokens
             }
 
             $Results = Get-TargetResource @Params

Modules/Microsoft365DSC/DSCResources/MSFT_EXOEOPProtectionPolicyRule/MSFT_EXOEOPProtectionPolicyRule.schema.mof

@@ -18,4 +18,5 @@ class MSFT_EXOEOPProtectionPolicyRule : OMI_BaseResource
     [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
     [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
     [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;
+    [Write, Description("Access token used for authentication.")] String AccessTokens[];
 };

Modules/Microsoft365DSC/DSCResources/MSFT_EXOExternalInOutlook/MSFT_EXOExternalInOutlook.psm1

@@ -39,7 +39,11 @@ function Get-TargetResource
 
         [Parameter()]
         [System.Management.Automation.PSCredential]
-        $ApplicationSecret
+        $ApplicationSecret,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
     New-M365DSCConnection -Workload 'ExchangeOnline' `
@@ -78,6 +82,7 @@ function Get-TargetResource
             TenantId              = $TenantId
             CertificateThumbprint = $CertificateThumbprint
             ApplicationSecret     = $ApplicationSecret
+            AccessTokens          = $AccessTokens
         }
         return [System.Collections.Hashtable] $results
     }
@@ -133,7 +138,11 @@ function Set-TargetResource
 
         [Parameter()]
         [System.Management.Automation.PSCredential]
-        $ApplicationSecret
+        $ApplicationSecret,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
     New-M365DSCConnection -Workload 'ExchangeOnline' `
@@ -226,7 +235,11 @@ function Test-TargetResource
 
         [Parameter()]
         [System.Management.Automation.PSCredential]
-        $ApplicationSecret
+        $ApplicationSecret,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
     #Ensure the proper dependencies are installed in the current environment.
@@ -304,7 +317,11 @@ function Export-TargetResource
 
         [Parameter()]
         [Switch]
-        $ManagedIdentity
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
     )
 
    $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' `
@@ -352,7 +369,7 @@ function Export-TargetResource
                 TenantId                = $TenantId
                 CertificateThumbprint   = $CertificateThumbprint
                 ApplicationSecret       = $ApplicationSecret
-
+                AccessTokens            = $AccessTokens
             }
 
             $Results = Get-TargetResource @Params

Modules/Microsoft365DSC/DSCResources/MSFT_EXOExternalInOutlook/MSFT_EXOExternalInOutlook.schema.mof

@@ -10,4 +10,5 @@ class MSFT_EXOExternalInOutlook : OMI_BaseResource
     [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
     [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
     [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;
+    [Write, Description("Access token used for authentication.")] String AccessTokens[];
 };

Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1

@@ -251,18 +251,20 @@ function Set-TargetResource
     # Receipient Permission doesn't exist but it should
     if ($Ensure -eq 'Present' -and $currentState.Ensure -eq 'Absent')
     {
-        Write-Verbose -Message "The Receipient Permission for '$Trustee' with Access Rights '$($AccessRights -join ', ')' on mailbox '$Identity' does not exist but it should. Adding it."
+        Write-Verbose -Message "The Recipient Permission for '$Trustee' with Access Rights '$($AccessRights -join ', ')' on mailbox '$Identity' does not exist but it should. Adding it."
         Add-RecipientPermission @parameters -Confirm:$false
     }
     # Receipient Permission exists but shouldn't
     elseif ($Ensure -eq 'Absent' -and $currentState.Ensure -eq 'Present')
     {
-        Write-Verbose -Message "Receipient Permission for '$Trustee' with Access Rights '$($AccessRights -join ', ')' on mailbox '$Identity' exists but shouldn't. Removing it."
+        Write-Verbose -Message "Recipient Permission for '$Trustee' with Access Rights '$($AccessRights -join ', ')' on mailbox '$Identity' exists but shouldn't. Removing it."
         Remove-RecipientPermission @parameters -Confirm:$false
     }
     elseif ($Ensure -eq 'Present' -and $currentState.Ensure -eq 'Present')
     {
-        Write-Verbose -Message "Receipient Permission for '$Trustee' with Access Rights '$($AccessRights -join ', ')' on mailbox '$Identity' exists."
+        Write-Verbose -Message "Recipient Permission for '$Trustee' with Access Rights '$($AccessRights -join ', ')' on mailbox '$Identity' exists."
+        Remove-RecipientPermission @parameters -Confirm:$false
+        Add-RecipientPermission @parameters -Confirm:$false
     }
 }
 

Modules/Microsoft365DSC/Examples/Resources/EXOAuthenticationPolicyAssignment/2-Update.ps1

@@ -0,0 +1,50 @@
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        EXOAuthenticationPolicy 'ConfigureAuthenticationPolicy'
+        {
+            Identity                            = "My Assigned Policy"
+            AllowBasicAuthActiveSync            = $False
+            AllowBasicAuthAutodiscover          = $False
+            AllowBasicAuthImap                  = $False
+            AllowBasicAuthMapi                  = $False
+            AllowBasicAuthOfflineAddressBook    = $False
+            AllowBasicAuthOutlookService        = $False
+            AllowBasicAuthPop                   = $False
+            AllowBasicAuthPowerShell            = $False
+            AllowBasicAuthReportingWebServices  = $False
+            AllowBasicAuthRpc                   = $False
+            AllowBasicAuthSmtp                  = $False
+            AllowBasicAuthWebServices           = $False
+            Ensure                              = "Present"
+            ApplicationId                       = $ApplicationId
+            TenantId                            = $TenantId
+            CertificateThumbprint               = $CertificateThumbprint
+        }
+        EXOAuthenticationPolicyAssignment 'ConfigureAuthenticationPolicyAssignment'
+        {
+            UserName                 = "AdeleV@$TenantId"
+            AuthenticationPolicyName = "My Assigned Policy"
+            Ensure                   = "Present"
+            ApplicationId            = $ApplicationId
+            TenantId                 = $TenantId
+            CertificateThumbprint    = $CertificateThumbprint
+        }
+    }
+}

Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/2-Update.ps1

@@ -0,0 +1,38 @@
+
+<#
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+#>
+
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        EXORecipientPermission 'AddSendAs'
+        {
+            Identity              = "AlexW@$TenantId"
+            Trustee               = "AdeleV@$TenantId" # Drift
+            AccessRights          = 'SendAs'
+            Ensure                = 'Present'
+            ApplicationId         = $ApplicationId
+            TenantId              = $TenantId
+            CertificateThumbprint = $CertificateThumbprint
+        }
+    }
+}