Merge pull request #3779 from microsoft/Dev

Release 1.23.1011.1

CHANGELOG.md

@@ -1,5 +1,26 @@
 # Change log for Microsoft365DSC
 
+# 1.23.1011.1
+
+* AADRoleEligibilityScheduleRequest
+  * Added support for groups assignment.
+    FIXES [#3744](https://github.com/microsoft/Microsoft365DSC/issues/3744)
+* EXOCalendarProcessing
+  * Added support for retrieved groups as calendar delegates.
+* EXODistributionGroup
+  * Fixes the export of group membership to use Identity.
+* TeamsUpdateManagementPolicy
+  * Add support for the new acceptable value for UseNewTeamsClient
+    (NewTeamsAsDefault).
+* MISC
+  * M365DSCReport: Also define property dataType, if present, as being primary
+     key on CIM instances.
+* TeamsUpgradeConfiguration
+  * Fixes an issue where the SfBMeetingJoinUx property wasn't properly updated.
+* DEPENDENCIES
+  * Updated ExchangeOnlineManagement to version 3.4.0.
+  * Updated Microsoft.Graph dependencies to version 2.7.0.
+
 # 1.23.1004.1
 
 * AADEntitlementManagementAccessPackageAssignmentPolicy

Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1

@@ -12,6 +12,11 @@
         [System.String]
         $RoleDefinition,
 
+        [Parameter()]
+        [ValidateSet('User', 'Group')]
+        [System.String]
+        $PrincipalType = 'User',
+
         [Parameter()]
         [System.String]
         $Id,
@@ -120,15 +125,54 @@
             if ($null -ne $Script:exportedInstances -and $Script:ExportMode)
             {
                     Write-Verbose -Message "Getting Role Eligibility by PrincipalId and RoleDefinitionId"
-                    $PrincipalId = (Get-MgUser -Filter "UserPrincipalName eq '$Principal'").Id
+                    if ($PrincipalType -eq 'User')
+                    {
+                        $PrincipalIdValue = Get-MgUser -Filter "UserPrincipalName eq '$Principal'" -ErrorAction SilentlyContinue
+                        $PrincipalTypeValue = 'User'
+                    }
+                    if ($null -eq $PrincipalIdValue -or $PrincipalType -eq 'Group')
+                    {
+                        $PrincipalIdValue = Get-MgGroup -Filter "DisplayName eq '$Principal'" -ErrorAction SilentlyContinue
+                        $PrincipalTypeValue = 'Group'
+                    }
+
+                    if ($null -ne $PrincipalIdValue)
+                    {
+                        $PrincipalId = $PrincipalIdValue.Id
+                    }
+                    else
+                    {
+                        return $nullResult
+                    }
                     Write-Verbose -Message "Found Principal {$PrincipalId}"
                     $RoleDefinitionId = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id
                     $request = $Script:exportedInstances | Where-Object -FilterScript {$_.PrincipalId -eq $PrincipalId -and $_.RoleDefinitionId -eq $RoleDefinition}
             }
             else
             {
                 Write-Verbose -Message "Getting Role Eligibility by PrincipalId and RoleDefinitionId"
-                $PrincipalId = (Get-MgUser -Filter "UserPrincipalName eq '$Principal'").Id
+                if ($PrincipalType -eq 'User')
+                {
+                    Write-Verbose -Message "Retrieving principal {$Principal} of type {$PrincipalType}"
+                    $PrincipalIdValue = Get-MgUser -Filter "UserPrincipalName eq '$Principal'" -ErrorAction SilentlyContinue
+                    $PrincipalTypeValue = 'User'
+                }
+
+                if ($null -eq $PrincipalIdValue -or $PrincipalType -eq 'Group')
+                {
+                    Write-Verbose -Message "Retrieving principal {$Principal} of type {$PrincipalType}"
+                    $PrincipalIdValue = Get-MgGroup -Filter "DisplayName eq '$Principal'" -ErrorAction SilentlyContinue
+                    $PrincipalTypeValue = 'Group'
+                }
+
+                if ($null -ne $PrincipalIdValue)
+                {
+                    $PrincipalId = $PrincipalIdValue.Id
+                }
+                else
+                {
+                    return $nullResult
+                }
                 Write-Verbose -Message "Found Principal {$PrincipalId}"
                 $RoleDefinitionId = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id
                 Write-Verbose -Message "Found Role {$RoleDefinitionId}"
@@ -142,7 +186,21 @@
         }
 
         Write-Verbose -Message "Found existing AADRolelLigibilityScheduleRequest"
-        $PrincipalValue = Get-MgUser -UserId $request.PrincipalId
+        if ($PrincipalType -eq 'User')
+        {
+            $PrincipalInstance = Get-MgUser -UserId $request.PrincipalId -ErrorAction SilentlyContinue
+            $PrincipalTypeValue = 'User'
+        }
+        if ($null -eq $PrincipalInstance -or $PrincipalType -eq 'Group')
+        {
+            $PrincipalInstance = Get-MGGroup -GroupId $request.PrincipalId -ErrorAction SilentlyContinue
+            $PrincipalTypeValue = 'Group'
+        }
+
+        if ($null -eq $PrincipalInstance)
+        {
+            return $nullResult
+        }
         $RoleDefinitionValue = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $request.RoleDefinitionId
 
         $ScheduleInfoValue = @{}
@@ -195,8 +253,19 @@
             }
         }
 
+        $PrincipalValue = $null
+        if ($PrincipalTypeValue -eq 'User')
+        {
+            $PrincipalValue = $PrincipalInstance.UserPrincipalName
+        }
+        elseif ($PrincipalTypeValue -eq 'Group')
+        {
+            $PrincipalValue = $PrincipalInstance.DisplayName
+        }
+
         $results = @{
-            Principal             = $PrincipalValue.UserPrincipalName
+            Principal             = $PrincipalValue
+            PrincipalType         = $PrincipalTypeValue
             RoleDefinition        = $RoleDefinitionValue.DisplayName
             DirectoryScopeId      = $request.DirectoryScopeId
             AppScopeId            = $request.AppScopeId
@@ -242,6 +311,11 @@ function Set-TargetResource
         [System.String]
         $RoleDefinition,
 
+        [Parameter()]
+        [ValidateSet('User', 'Group')]
+        [System.String]
+        $PrincipalType = 'User',
+
         [Parameter()]
         [System.String]
         $Id,
@@ -339,8 +413,24 @@ function Set-TargetResource
 
     $ParametersOps = ([Hashtable]$PSBoundParameters).clone()
 
-    $PrincipalIdValue = (Get-MgUser -Filter "UserPrincipalName eq '$Principal'").Id
-    $ParametersOps.Add("PrincipalId", $PrincipalIdValue)
+    if ($PrincipalType -eq 'User')
+    {
+        [Array]$PrincipalIdValue = (Get-MgUser -Filter "UserPrincipalName eq '$Principal'").Id
+    }
+    elseif ($PrincipalType -eq 'Group')
+    {
+        [Array]$PrincipalIdValue = (Get-MgGroup -Filter "DisplayName eq '$Principal'").Id
+    }
+
+    if ($null -eq $PrincipalIdValue)
+    {
+        throw "Couldn't find Principal {$PrincipalId} of type {$PrincipalType}"
+    }
+    elseif ($PrincipalIdValue.Length -gt 1)
+    {
+        throw "Multiple Principal with ID {$PrincipalId} of type {$PrincipalType} were found. Cannot create schedule."
+    }
+    $ParametersOps.Add("PrincipalId", $PrincipalIdValue[0])
     $ParametersOps.Remove("Principal") | Out-Null
 
     $RoleDefinitionIdValue = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id
@@ -408,24 +498,24 @@ function Set-TargetResource
         Write-Verbose -Message "ScheduleInfo: $(Convert-M365DscHashtableToString -Hashtable $ScheduleInfoValue)"
         $ParametersOps.ScheduleInfo = $ScheduleInfoValue
     }
-
+    $ParametersOps.Remove("PrincipalType") | Out-Null
     if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
     {
-        Write-Verbose -Message "Creating an Azure AD Role Eligibility Schedule Request for user {$Principal} and role {$RoleDefinition}"
+        Write-Verbose -Message "Creating a Role Eligibility Schedule Request for user {$Principal} and role {$RoleDefinition}"
         $ParametersOps.Remove("Id") | Out-Null
-
+        Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $ParametersOps)"
         New-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest @ParametersOps
     }
     elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present')
     {
-        Write-Verbose -Message "Updating the Azure AD Role Eligibility Schedule Request for user {$Principal} and role {$RoleDefinition}"
+        Write-Verbose -Message "Updating the Role Eligibility Schedule Request for user {$Principal} and role {$RoleDefinition}"
         $ParametersOps.Remove("Id") | Out-Null
         $ParametersOps.Action = 'AdminUpdate'
         New-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest @ParametersOps
     }
     elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
     {
-        Write-Verbose -Message "Removing the Azure AD Role Eligibility Schedule Request for user {$Principal} and role {$RoleDefinition}"
+        Write-Verbose -Message "Removing the Role Eligibility Schedule Request for user {$Principal} and role {$RoleDefinition}"
         $ParametersOps.Remove("Id") | Out-Null
         $ParametersOps.Action = 'AdminRemove'
         New-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest @ParametersOps
@@ -446,6 +536,11 @@ function Test-TargetResource
         [System.String]
         $RoleDefinition,
 
+        [Parameter()]
+        [ValidateSet('User', 'Group')]
+        [System.String]
+        $PrincipalType = 'User',
+
         [Parameter()]
         [System.String]
         $Id,
@@ -632,8 +727,14 @@ function Export-TargetResource
     {
         $Script:ExportMode = $true
         #region resource generator code
-        [array] $Script:exportedInstances = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -All `
-            -Filter "Status ne 'Revoked'" -ErrorAction Stop
+        $schedules = Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -All -ErrorAction Stop
+        [array] $Script:exportedInstances = @()
+        foreach ($schedule in $schedules)
+        {
+            [array] $allRequests = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -All `
+                -Filter "Status ne 'Revoked'" -ErrorAction Stop
+            [array] $Script:exportedInstances += $allRequests | Where-Object -FilterScript {$_.TargetScheduleId -eq $schedule.Id}
+        }
         #endregion
 
         $i = 1

Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.schema.mof

@@ -55,6 +55,7 @@ class MSFT_AADRoleEligibilityScheduleRequest : OMI_BaseResource
 {
     [Key, Description("User Principal Name of the eligibility request.")] String Principal;
     [Key, Description("Role associated with the eligibility request.")] String RoleDefinition;
+    [Write, Description("Represented the type of principal to assign the request to. Accepted values are: Group and User."), ValueMap{"Group","User"}, Values{"Group","User"}] String PrincipalType;
     [Write, Description("Identifier of the directory object representing the scope of the role eligibility. The scope of an role eligibility determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Either directoryScopeId or appScopeId is required.")] String DirectoryScopeId;
     [Write, Description("Identifier for the Role Eligibility Schedule Request.")] String Id;
     [Write, Description("Identifier of the app-specific scope when the role eligibility is scoped to an app. The scope of a role eligibility determines the set of resources for which the principal is eligible to access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Either directoryScopeId or appScopeId is required.")] String AppScopeId;

Modules/Microsoft365DSC/DSCResources/MSFT_EXOCalendarProcessing/MSFT_EXOCalendarProcessing.psm1

@@ -260,8 +260,8 @@ function Get-TargetResource
         {
             foreach ($user in $calendarProc.ResourceDelegates)
             {
-                $userInfo = Get-User -Identity $user
-                $ResourceDelegatesValue += $userInfo.UserPrincipalName
+                $userInfo = Get-Recipient -Identity $user
+                $ResourceDelegatesValue += $userInfo.PrimarySmtpAddress
             }
         }
 
@@ -868,7 +868,7 @@ function Export-TargetResource
 
     try
     {
-        $mailboxes = Get-Mailbox -ErrorAction Stop
+        $mailboxes = Get-Mailbox -ResultSize 'Unlimited' -ErrorAction Stop
 
         if ($null -eq $mailboxes)
         {

Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1

@@ -248,7 +248,7 @@ function Get-TargetResource
         if ($null -ne $Script:exportedInstances -and $Script:ExportMode)
         {
             $distributionGroup = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity}
-            $distributionGroupMembers = Get-DistributionGroupMember $Name  -ErrorAction Stop -ResultSize Unlimited
+            $distributionGroupMembers = Get-DistributionGroupMember -Identity $Identity  -ErrorAction Stop -ResultSize Unlimited
         }
         else
         {

Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxAutoReplyConfiguration/MSFT_EXOMailboxAutoReplyConfiguration.psm1

@@ -484,7 +484,7 @@ function Export-TargetResource
 
     try
     {
-        $mailboxes = Get-Mailbox
+        $mailboxes = Get-Mailbox -ResultSize 'Unlimited'
         $dscContent = ''
         $i = 1
 

Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarFolder/MSFT_EXOMailboxCalendarFolder.psm1

@@ -404,7 +404,7 @@ function Export-TargetResource
 
     try
     {
-        $mailboxes = Get-Mailbox -ErrorAction Stop
+        $mailboxes = Get-Mailbox -ResultSize 'Unlimited' -ErrorAction Stop
 
         if ($null -eq $mailboxes)
         {

Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1

@@ -400,7 +400,7 @@ function Export-TargetResource
 
     try
     {
-        [array]$mailboxes = Get-Mailbox -ErrorAction Stop
+        [array]$mailboxes = Get-Mailbox -ResultSize 'Unlimited' -ErrorAction Stop
 
         if ($mailboxes.Length -eq 0)
         {

Modules/Microsoft365DSC/DSCResources/MSFT_EXOPlace/MSFT_EXOPlace.psm1

@@ -586,7 +586,7 @@ function Export-TargetResource
     #endregion
     try
     {
-        [array]$places = Get-Place -ErrorAction Stop
+        [array]$places = Get-Place -ResultSize 'Unlimited' -ErrorAction Stop
         $dscContent = ''
 
         if ($places.Length -eq 0)

Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1

@@ -39,7 +39,7 @@ function Get-TargetResource
         $UpdateTimeOfDay,
 
         [Parameter()]
-        [ValidateSet('UserChoice', 'MicrosoftChoice', 'AdminDisabled')]
+        [ValidateSet('UserChoice', 'MicrosoftChoice', 'AdminDisabled', 'NewTeamsAsDefault')]
         [System.String]
         $UseNewTeamsClient,
 
@@ -169,7 +169,7 @@ function Set-TargetResource
         $UpdateTimeOfDay,
 
         [Parameter()]
-        [ValidateSet('UserChoice', 'MicrosoftChoice', 'AdminDisabled')]
+        [ValidateSet('UserChoice', 'MicrosoftChoice', 'AdminDisabled', 'NewTeamsAsDefault')]
         [System.String]
         $UseNewTeamsClient,
 
@@ -286,7 +286,7 @@ function Test-TargetResource
         $UpdateTimeOfDay,
 
         [Parameter()]
-        [ValidateSet('UserChoice', 'MicrosoftChoice', 'AdminDisabled')]
+        [ValidateSet('UserChoice', 'MicrosoftChoice', 'AdminDisabled', 'NewTeamsAsDefault')]
         [System.String]
         $UseNewTeamsClient,
 

Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.schema.mof

@@ -9,7 +9,7 @@ class MSFT_TeamsUpdateManagementPolicy : OMI_BaseResource
     [Write, Description("Determines the day of week to perform the updates. Value shoud be between 0 and 6.")] UInt32 UpdateDayOfWeek;
     [Write, Description("Determines the time of day to perform the updates. Must be a valid HH:MM format string with leading 0. For instance 08:30.")] String UpdateTime;
     [Write, Description("Determines the time of day to perform the updates. Accepts a DateTime as string. Only the time will be considered.")] String UpdateTimeOfDay;
-    [Write, Description("Determines whether or not users will use the new Teams client."), ValueMap{"UserChoice","MicrosoftChoice","AdminDisabled"}, Values{"UserChoice","MicrosoftChoice","AdminDisabled"}] String UseNewTeamsClient;
+    [Write, Description("Determines whether or not users will use the new Teams client."), ValueMap{"NewTeamsAsDefault","UserChoice","MicrosoftChoice","AdminDisabled"}, Values{"NewTeamsAsDefault","UserChoice","MicrosoftChoice","AdminDisabled"}] String UseNewTeamsClient;
     [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
     [Write, Description("Credentials of the Teams Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;

Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradeConfiguration/MSFT_TeamsUpgradeConfiguration.psm1

@@ -141,7 +141,8 @@ function Set-TargetResource
     $SetParameters.Remove('ApplicationId') | Out-Null
     $SetParameters.Remove('TenantId') | Out-Null
     $SetParameters.Remove('CertificateThumbprint') | Out-Null
-
+    $SetParameters.Add("Identity", "Global")
+    Write-Verbose -Message "Updating with Values: $(Convert-M365DscHashtableToString -Hashtable $SetParameters)"
     Set-CsTeamsUpgradeConfiguration @SetParameters
 }