Skip to content

Commit

Permalink
Merge pull request #4999 from microsoft/Dev
Browse files Browse the repository at this point in the history
Release 1.24.828.1
  • Loading branch information
NikCharlebois authored Aug 29, 2024
2 parents 3b3e152 + 2535a3c commit 567d4c8
Show file tree
Hide file tree
Showing 55 changed files with 1,350 additions and 739 deletions.
73 changes: 73 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,78 @@
# Change log for Microsoft365DSC

# 1.24.828.1

* AADAdministrativeUnit
* Fix Properties for Dynamic Administrative Units in Graph have moved
* AADConditionalAccessPolicy
* Fixing issue where the resource crashed when trying to retrieve groups
and users from Entra ID which no longer existed
* Fixes an issue where the `AuthenticationFlows` property changed in Graph
and updates on the documentation for the possible values of `TransferMethods`.
FIXES [#4961](https://github.com/microsoft/Microsoft365DSC/issues/4961)
FIXES [#4960](https://github.com/microsoft/Microsoft365DSC/issues/4960)
FIXES [#4734](https://github.com/microsoft/Microsoft365DSC/issues/4734)
FIXES [#4725](https://github.com/microsoft/Microsoft365DSC/issues/4725)
* AADGroup
* FIXES [#4994](https://github.com/microsoft/Microsoft365DSC/issues/4994)
* EXOAuthenticationPolicyAssignment
* Removes the 1000 user limit when exporting authentication policy assignments
FIXES [#4956](https://github.com/microsoft/Microsoft365DSC/issues/4956)
* EXOHostedContentFilterRule
* Don't check if associated `EXOHostedContentFilterPolicy` is present
while removing resource since it's not required
* EXORoleGroup
* Fix an issue where roles that have empty members cannot be compared
FIXES [#4977] (https://github.com/microsoft/Microsoft365DSC/issues/4977)
* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy
* Fixed issue if `PasswordComplexity` was set to 5 by allowing that value
FIXES [#4963](https://github.com/microsoft/Microsoft365DSC/issues/4963)
* IntuneDeviceCompliancePolicyWindows10
* Fix extraction of property `TpmRequired`
* IntuneDeviceConfigurationCustomPolicyWindows10
* Change app and delegated permissions for reading to
DeviceManagementConfiguration.ReadWrite.All to cope with
getOmaSettingPlainTextValue which is only working if RW is granted
FIXES [#4412](https://github.com/microsoft/Microsoft365DSC/issues/4412)
* IntuneDeviceRemediation
* Add export of global remediation scripts.
* O365OrgSettings
* FIXES [#4741](https://github.com/microsoft/Microsoft365DSC/issues/4741)
* SCAutoSensitivityLabelPolicy
* Fixes issue where Mode=Enabled is not supported for SP and OD. Changing
property to TestWithoutNotifications in those instances.
FIXES [#4990](https://github.com/microsoft/Microsoft365DSC/issues/4990)
* SCAutoSensitivityLabelRule
* Fixes issue where the export was looping through all possible workloads
instead of the actually targeted workload
FIXES [#4989](https://github.com/microsoft/Microsoft365DSC/issues/4989)
* SCSensitivityLabel
* Corrected issue where ExternalAccess properties were configured inverted
FIXES [#3782](https://github.com/microsoft/Microsoft365DSC/issues/3782)
* M365DSCDRGUtil
* Update Intune Settings Catalog Handling.
* Fixes an issue where the `MSFT_IntuneDeviceRemediationPolicyAssignments`
type would trigger an incorrect comparison in `Compare-M365DSCComplexObject`.
* M365DSCResourceGenerator
* Update Intune resource generation for the Settings Catalog.
* M365DSCUtil
* Fix `Compare-PSCustomObjectArrays` by allowing empty arrays as input
FIXES [#4952](https://github.com/microsoft/Microsoft365DSC/issues/4952)
* O365OrgSettings
* FIXES [#4741](https://github.com/microsoft/Microsoft365DSC/issues/4741)
* MISC
* Improve module updates and PowerShell Core support across the DSC
resources.
FIXES [#4941](https://github.com/microsoft/Microsoft365DSC/issues/4941)
* Replace some `Write-Host` occurrences in core engine with
appropriate alternatives.
FIXES [#4943](https://github.com/microsoft/Microsoft365DSC/issues/4943)
* Fixed a typo within M365DSCReport.psm1 related to a .png file
FIXES [#4983](https://github.com/microsoft/Microsoft365DSC/pull/4983)
* DEPENDENCIES
* Updated MicrosoftTeams to version 6.5.0.
* Updated MSCloudLoginAssistant to version 1.1.19.

# 1.24.731.1

* AADAuthenticationMethodPolicyFido2
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -158,17 +158,17 @@ function Get-TargetResource
#endregion
}

if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.membershipType))
if (-not [string]::IsNullOrEmpty($getValue.membershipType))
{
$results.Add('MembershipType', $getValue.AdditionalProperties.membershipType)
$results.Add('MembershipType', $getValue.membershipType)
}
if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.membershipRule))
if (-not [string]::IsNullOrEmpty($getValue.membershipRule))
{
$results.Add('MembershipRule', $getValue.AdditionalProperties.membershipRule)
$results.Add('MembershipRule', $getValue.membershipRule)
}
if (-not [string]::IsNullOrEmpty($getValue.AdditionalProperties.membershipRuleProcessingState))
if (-not [string]::IsNullOrEmpty($getValue.membershipRuleProcessingState))
{
$results.Add('MembershipRuleProcessingState', $getValue.AdditionalProperties.membershipRuleProcessingState)
$results.Add('MembershipRuleProcessingState', $getValue.membershipRuleProcessingState)
}

Write-Verbose -Message "AU {$DisplayName} MembershipType {$($results.MembershipType)}"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -314,6 +314,7 @@ function Get-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
continue
}
if ($IncludeUser)
{
Expand Down Expand Up @@ -349,6 +350,7 @@ function Get-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
continue
}
if ($ExcludeUser)
{
Expand All @@ -372,7 +374,7 @@ function Get-TargetResource
$IncludeGroup = $null
try
{
$IncludeGroup = (Get-MgGroup -GroupId $IncludeGroupGUID).displayname
$IncludeGroup = (Get-MgGroup -GroupId $IncludeGroupGUID -ErrorAction Stop).displayname
}
catch
{
Expand All @@ -382,6 +384,7 @@ function Get-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
continue
}
if ($IncludeGroup)
{
Expand All @@ -400,7 +403,7 @@ function Get-TargetResource
$ExcludeGroup = $null
try
{
$ExcludeGroup = (Get-MgGroup -GroupId $ExcludeGroupGUID).displayname
$ExcludeGroup = (Get-MgGroup -GroupId $ExcludeGroupGUID -ErrorAction Stop).displayname
}
catch
{
Expand All @@ -410,6 +413,7 @@ function Get-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
continue
}
if ($ExcludeGroup)
{
Expand Down Expand Up @@ -1026,7 +1030,7 @@ function Set-TargetResource
$userguid = $null
try
{
$userguid = (Get-MgUser -UserId $includeuser).Id
$userguid = (Get-MgUser -UserId $includeuser -ErrorAction Stop).Id
}
catch
{
Expand Down Expand Up @@ -1073,7 +1077,7 @@ function Set-TargetResource
$userguid = $null
try
{
$userguid = (Get-MgUser -UserId $excludeuser).Id
$userguid = (Get-MgUser -UserId $excludeuser -ErrorAction Stop).Id
}
catch
{
Expand Down Expand Up @@ -1118,7 +1122,7 @@ function Set-TargetResource
$GroupLookup = $null
try
{
$GroupLookup = Get-MgGroup -Filter "DisplayName eq '$includegroup'"
$GroupLookup = Get-MgGroup -Filter "DisplayName eq '$includegroup'" -ErrorAction Stop
}
catch
{
Expand Down Expand Up @@ -1168,7 +1172,7 @@ function Set-TargetResource
$GroupLookup = $null
try
{
$GroupLookup = Get-MgGroup -Filter "DisplayName eq '$ExcludeGroup'"
$GroupLookup = Get-MgGroup -Filter "DisplayName eq '$ExcludeGroup'" -ErrorAction Stop
}
catch
{
Expand Down Expand Up @@ -1519,15 +1523,23 @@ function Set-TargetResource
if ($currentParameters.ContainsKey('TransferMethods'))
{
#create and provision TransferMethods condition object if used
$authenticationFlows = if ([System.String]::IsNullOrEmpty($TransferMethods))
{
$null
}
else
{
@{
transferMethods = $TransferMethods
}
}
if (-not $conditions.Contains('authenticationFlows'))
{
$conditions.Add('authenticationFlows', @{
transferMethods = $TransferMethods
})
$conditions.Add('authenticationFlows', $authenticationFlows)
}
else
{
$conditions.authenticationFlows.Add('transferMethods', $TransferMethods)
$conditions.authenticationFlows = $authenticationFlows
}

}
Expand Down Expand Up @@ -1972,10 +1984,28 @@ function Test-TargetResource
$ValuesToCheck = $PSBoundParameters
$ValuesToCheck.Remove('Id') | Out-Null

$TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
-Source $($MyInvocation.MyCommand.Source) `
-DesiredValues $PSBoundParameters `
-ValuesToCheck $ValuesToCheck.Keys
# If no TransferMethod is specified, ignore it
# If a TransferMethod is specified, check if it is equal to the current value
# while ignoring the order of the values
if (-not $PSBoundParameters.ContainsKey('TransferMethods') -or
$null -eq (Compare-Object -ReferenceObject $TransferMethods.Split(',') -DifferenceObject $CurrentValues.TransferMethods.Split(',')))
{
$ValuesToCheck.Remove('TransferMethods') | Out-Null
$TestResult = $true
}
else
{
Write-Verbose -Message "TransferMethods are not equal: [$TransferMethods] - [$($CurrentValues.TransferMethods)]"
$TestResult = $false
}

if ($TestResult)
{
$TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
-Source $($MyInvocation.MyCommand.Source) `
-DesiredValues $PSBoundParameters `
-ValuesToCheck $ValuesToCheck.Keys
}

Write-Verbose -Message "Test-TargetResource returned $TestResult"

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
[Write, Description("Specifies, whether Browser Persistence is controlled by the Policy.")] Boolean PersistentBrowserIsEnabled;
[Write, Description("Specifies, what Browser Persistence control is enforced by the Policy."), ValueMap{"Always","Never",""}, Values{"Always","Never",""}] String PersistentBrowserMode;
[Write, Description("Name of the associated authentication strength policy.")] String AuthenticationStrength;
[Write, Description("Names of the associated authentication flow transfer methods")] String TransferMethods;
[Write, Description("Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'.")] String TransferMethods;
[Write, Description("Authentication context class references.")] String AuthenticationContexts[];
[Write, Description("Specify if the Azure AD CA Policy should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
[Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ function Get-TargetResource
[System.String[]]
$Members,

[Parameter()]
[System.String[]]
$GroupAsMembers,

[Parameter()]
[System.String[]]
$MemberOf,
Expand Down Expand Up @@ -213,12 +217,17 @@ function Get-TargetResource
# Members
[Array]$members = Get-MgGroupMember -GroupId $Group.Id -All:$true
$MembersValues = @()
$GroupAsMembersValues = @()
foreach ($member in $members)
{
if ($member.AdditionalProperties.userPrincipalName -ne $null)
if ($member.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.user")
{
$MembersValues += $member.AdditionalProperties.userPrincipalName
}
elseif($member.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.group")
{
$GroupAsMembersValues += $member.AdditionalProperties.displayName
}
}
}

Expand Down Expand Up @@ -265,6 +274,7 @@ function Get-TargetResource
Id = $Group.Id
Owners = $OwnersValues
Members = $MembersValues
GroupAsMembers = $GroupAsMembersValues
MemberOf = $MemberOfValues
Description = $Group.Description
GroupTypes = [System.String[]]$Group.GroupTypes
Expand Down Expand Up @@ -327,6 +337,10 @@ function Set-TargetResource
[System.String[]]
$Members,

[Parameter()]
[System.String[]]
$GroupAsMembers,

[Parameter()]
[System.String[]]
$MemberOf,
Expand Down Expand Up @@ -432,10 +446,12 @@ function Set-TargetResource
$currentParameters.Remove('ManagedIdentity') | Out-Null
$backCurrentOwners = $currentGroup.Owners
$backCurrentMembers = $currentGroup.Members
$backCurrentGroupAsMembers = $currentGroup.GroupAsMembers
$backCurrentMemberOf = $currentGroup.MemberOf
$backCurrentAssignedToRole = $currentGroup.AssignedToRole
$currentParameters.Remove('Owners') | Out-Null
$currentParameters.Remove('Members') | Out-Null
$currentParameters.Remove('GroupAsMembers') | Out-Null
$currentParameters.Remove('MemberOf') | Out-Null
$currentParameters.Remove('AssignedToRole') | Out-Null

Expand Down Expand Up @@ -728,6 +744,57 @@ function Set-TargetResource
Write-Verbose -Message 'Ignoring membership since this is a dynamic group.'
}

#GroupAsMembers
if ($MembershipRuleProcessingState -ne 'On' -and $PSBoundParameters.ContainsKey('GroupAsMembers'))
{
$currentGroupAsMembersValue = @()
if ($currentParameters.GroupAsMembers.Length -ne 0)
{
$currentGroupAsMembersValue = $backCurrentGroupAsMembers
}
$desiredGroupAsMembersValue = @()
if ($GroupAsMembers.Length -ne 0)
{
$desiredGroupAsMembersValue = $GroupAsMembers
}
if ($backCurrentGroupAsMembers -eq $null)
{
$backCurrentGroupAsMembers = @()
}
$groupAsMembersDiff = Compare-Object -ReferenceObject $backCurrentGroupAsMembers -DifferenceObject $desiredGroupAsMembersValue
foreach ($diff in $groupAsMembersDiff)
{
try
{
$groupAsMember = Get-MgGroup -Filter "DisplayName eq '$($diff.InputObject)'" -ErrorAction Stop
}
catch
{
$groupAsMember = $null
}
if ($null -eq $groupAsMember)
{
throw "Group '$($diff.InputObject)' does not exist"
}
else
{
if ($diff.SideIndicator -eq '=>')
{
Write-Verbose -Message "Adding AAD group {$($groupAsMember.DisplayName)} as member of AAD group {$($currentGroup.DisplayName)}"
$groupAsMemberObject = @{
"@odata.id"= "https://graph.microsoft.com/v1.0/directoryObjects/$($groupAsMember.Id)"
}
New-MgGroupMemberByRef -GroupId ($currentGroup.Id) -Body $groupAsMemberObject | Out-Null
}
if ($diff.SideIndicator -eq '<=')
{
Write-Verbose -Message "Removing AAD Group {$($groupAsMember.DisplayName)} from AAD group {$($currentGroup.DisplayName)}"
Remove-MgGroupMemberDirectoryObjectByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($groupAsMember.Id) | Out-Null
}
}
}
}

#MemberOf
if ($PSBoundParameters.ContainsKey('MemberOf'))
{
Expand Down Expand Up @@ -879,6 +946,10 @@ function Test-TargetResource
[System.String[]]
$Members,

[Parameter()]
[System.String[]]
$GroupAsMembers,

[Parameter()]
[System.String[]]
$MemberOf,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ class MSFT_AADGroup : OMI_BaseResource
[Write, Description("Specifies an ID for the group.")] String Id;
[Write, Description("User Service Principal values for the group's owners.")] String Owners[];
[Write, Description("User Service Principal values for the group's members.")] String Members[];
[Write, Description("Displayname values for the groups member of the group.")] String GroupAsMembers[];
[Write, Description("DisplayName values for the groups that this group is a member of.")] String MemberOf[];
[Write, Description("Specifies that the group is a dynamic group. To create a dynamic group, specify a value of DynamicMembership.")] String GroupTypes[];
[Write, Description("Specifies the membership rule for a dynamic group.")] String MembershipRule;
Expand Down
Loading

0 comments on commit 567d4c8

Please sign in to comment.