Merge pull request #5341 from mpoulson/mpoulson/5339_5340

Fixes Static references to graph.microsoft.com

CHANGELOG.md

@@ -198,6 +198,16 @@
     export. We will only append a GUID if the IsSingleInstance property is not found on the resource.
   * Add check in AADGroupSettings for NewUnifiedGroupWritebackDefault not existing in Government by default
     FIXES [#5213](https://github.com/microsoft/Microsoft365DSC/issues/5213)
+  * Fix static refrences to graph.microsoft.com
+    FIXES [#5339](https://github.com/microsoft/Microsoft365DSC/issues/5339)
+    AADNetworkAccessForwardingPolicy. AADOrganizationCertificateBasedAuthConfiguration,
+    AADAuthenticationMethodPolicyExternal, AADEnrichedAuditLogs
+    FIXES [#5340](https://github.com/microsoft/Microsoft365DSC/issues/5340)
+    IntuneDeviceManagementEnrollmentAndroidGooglePlay, IntuneAppleMDMPushNotificationCertificate
+  * Fixes static OData refrences to graph.microsoft.com
+    AADApplication, AADEntitlementManagementAccessPackage, AADEntitlementManagementConnectedOrganization
+    AADServicePrincipal
+    FIXES [#5342](https://github.com/microsoft/Microsoft365DSC/issues/5342)
 * DEPENDENCIES
   * Updated Microsoft.Graph to version 2.24.0.
   * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.199.

Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1

@@ -925,7 +925,7 @@ function Set-TargetResource
                 {
                     $Type = 'directoryObjects'
                 }
-                $ObjectUri = 'https://graph.microsoft.com/v1.0/{0}/{1}' -f $Type, $diff.InputObject
+                $ObjectUri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/{0}/{1}' -f $Type, $diff.InputObject
                 $ownerObject = @{
                     '@odata.id' = $ObjectUri
                 }
@@ -1136,7 +1136,7 @@ function Set-TargetResource
         $onPremisesPublishingValue.Add('singleSignOnSettings', $singleSignOnValues)
         $onPremisesPayload = ConvertTo-Json $onPremisesPublishingValue -Depth 10 -Compress
         Write-Verbose -Message "Updating the OnPremisesPublishing settings for application {$($currentAADApp.DisplayName)} with payload: $onPremisesPayload"
-        
+
         $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/applications/$($currentAADApp.Id)/onPremisesPublishing"
         Invoke-MgGraphRequest -Method 'PATCH' `
                               -Uri $Uri `

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyExternal/MSFT_AADAuthenticationMethodPolicyExternal.psm1

@@ -96,7 +96,7 @@ function Get-TargetResource
             }
             else
             {
-                $response = Invoke-MgGraphRequest -Method Get -Uri "https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/"
+                $response = Invoke-MgGraphRequest -Method Get -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/policies/authenticationMethodsPolicy/"
                 $getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript {$_.DisplayName -eq $DisplayName}
             }
         }
@@ -300,7 +300,7 @@ function Set-TargetResource
     {
         Write-Verbose -Message "Updating the Azure AD Authentication Method Policy External with name {$($currentInstance.displayName)}"
 
-        $response = Invoke-MgGraphRequest -Method Get -Uri "https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/"
+        $response = Invoke-MgGraphRequest -Method Get -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/policies/authenticationMethodsPolicy/"
         $getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript {$_.displayName -eq $currentInstance.displayName}
 
         $params.Remove('displayName') | Out-Null
@@ -313,7 +313,7 @@ function Set-TargetResource
     {
         Write-Verbose -Message "Removing the Azure AD Authentication Method Policy External with Id {$($currentInstance.displayName)}"
 
-        $response = Invoke-MgGraphRequest -Method Get -Uri "https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/"
+        $response = Invoke-MgGraphRequest -Method Get -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/policies/authenticationMethodsPolicy/"
         $getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript {$_.displayName -eq $currentInstance.displayName}
 
         Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $getValue.Id
@@ -505,7 +505,7 @@ function Export-TargetResource
     {
         #region resource generator code
         $desiredType = "#microsoft.graph.externalAuthenticationMethodConfiguration"
-        $getPolicy = Invoke-MgGraphRequest -Method Get -Uri "https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/"
+        $getPolicy = Invoke-MgGraphRequest -Method Get -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/policies/authenticationMethodsPolicy/"
         $getValue = $getPolicy.AuthenticationMethodConfigurations | Where-Object -FilterScript {$_.'@odata.type' -eq $desiredType}
         #endregion
 

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1

@@ -1410,7 +1410,7 @@ function Set-TargetResource
         if ($currentParameters.ContainsKey('ServicePrincipalFilterMode') -and $currentParameters.ContainsKey('ServicePrincipalFilterRule'))
         {
             #check if the custom attribute exist.
-            $customattribute = Invoke-MgGraphRequest -Method GET -Uri https://graph.microsoft.com/v1.0/directory/customSecurityAttributeDefinitions
+            $customattribute = Invoke-MgGraphRequest -Method GET -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directory/customSecurityAttributeDefinitions"
             $ServicePrincipalFilterRule -match "CustomSecurityAttribute.(?<attribute>.*) -.*"
             $attrinrule = $matches.attribute
             if ($customattribute.value.id -contains $attrinrule){

Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1

@@ -167,7 +167,7 @@ function Set-TargetResource
         }
     }
     $body = ConvertTo-Json $values -Depth 10 -Compress
-    Invoke-MgGraphRequest -Uri 'https://graph.microsoft.com/beta/networkAccess/settings/enrichedAuditLogs' -Method PATCH -Body $body
+    Invoke-MgGraphRequest -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/networkAccess/settings/enrichedAuditLogs' -Method PATCH -Body $body
 }
 
 function Test-TargetResource

Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1

@@ -355,7 +355,7 @@ function Set-TargetResource
         foreach ($incompatibleAccessPackage in $IncompatibleAccessPackages)
         {
             $ref = @{
-                '@odata.id' = "https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage"
+                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage"
             }
 
             New-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef `
@@ -368,7 +368,7 @@ function Set-TargetResource
         foreach ($IncompatibleGroup in $IncompatibleGroups)
         {
             $ref = @{
-                '@odata.id' = "https://graph.microsoft.com/beta/groups/$IncompatibleGroup"
+                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/groups/$IncompatibleGroup"
             }
 
             New-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef `
@@ -485,7 +485,7 @@ function Set-TargetResource
         foreach ($incompatibleAccessPackage in $toBeAdded.InputObject)
         {
             $ref = @{
-                '@odata.id' = "https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage"
+                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage"
             }
 
             New-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef `
@@ -522,7 +522,7 @@ function Set-TargetResource
         {
 
             $ref = @{
-                '@odata.id' = "https://graph.microsoft.com/beta/groups/$incompatibleGroup"
+                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/groups/$incompatibleGroup"
             }
 
             New-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef `

Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1

@@ -446,7 +446,7 @@ function Set-TargetResource
             $directoryObjectType=$directoryObject.AdditionalProperties."@odata.type"
             $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1
             $directoryObjectRef=@{
-                "@odata.id" = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)"
+                "@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
             }
 
             New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef `
@@ -459,7 +459,7 @@ function Set-TargetResource
             $directoryObject = Get-MgBetaDirectoryObject -DirectoryObjectId $sponsor
             $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1
             $directoryObjectRef=@{
-                "@odata.id" = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)"
+                "@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
             }
 
             New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef `
@@ -515,7 +515,7 @@ function Set-TargetResource
             $directoryObjectType=$directoryObject.AdditionalProperties."@odata.type"
             $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1
             $directoryObjectRef=@{
-                "@odata.id" = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)"
+                "@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
             }
 
             New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef `
@@ -553,7 +553,7 @@ function Set-TargetResource
             $directoryObjectType=$directoryObject.AdditionalProperties."@odata.type"
             $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1
             $directoryObjectRef=@{
-                "@odata.id" = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)"
+                "@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
             }
 
             New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef `

Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1

@@ -202,7 +202,7 @@ function Set-TargetResource
             rules = $rulesParam
         }
 
-        Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/networkAccess/forwardingPolicies/$($currentPolicy.ID)/updatePolicyRules" -Method Post -Body $updateParams
+        Invoke-MgGraphRequest -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/networkAccess/forwardingPolicies/$($currentPolicy.ID)/updatePolicyRules" -Method Post -Body $updateParams
     }
     else {
         Write-Verbose "Can not modify the list of poilicy rules for the forwarding policy with name: $($setParameters.Name)"

Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1

@@ -201,7 +201,7 @@ function Set-TargetResource
 
     # Delete the old configuration
     Write-Verbose -Message "Removing the current Azure AD Organization Certificate Based Auth Configuration."
-    Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/organization/$OrganizationId/certificateBasedAuthConfiguration/$CertificateBasedAuthConfigurationId" -Method DELETE
+    Invoke-MgGraphRequest -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/$CertificateBasedAuthConfigurationId" -Method DELETE
 
     if ($Ensure -eq 'Present')
     {
@@ -225,7 +225,7 @@ function Set-TargetResource
             certificateAuthorities = $createCertAuthorities
         }
 
-        $policy = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/organization/$OrganizationId/certificateBasedAuthConfiguration/" -Method POST -Body $params
+        $policy = Invoke-MgGraphRequest -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/" -Method POST -Body $params
     }
 }
 

Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1

@@ -548,7 +548,7 @@ function Set-TargetResource
         {
             $userInfo = Get-MgUser -UserId $owner
             $body = @{
-                '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/$($userInfo.Id)"
+                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($userInfo.Id)"
             }
             Write-Verbose -Message "Adding new owner {$owner}"
             $newOwner = New-MgServicePrincipalOwnerByRef -ServicePrincipalId $newSP.Id -BodyParameter $body
@@ -593,7 +593,7 @@ function Set-TargetResource
             $CSAParams = @{
                 customSecurityAttributes = $currentAADServicePrincipal.CustomSecurityAttributes
             }
-            Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/servicePrincipals(appId='$($currentParameters.AppId)')" -Method Patch -Body $CSAParams
+            Invoke-MgGraphRequest -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/servicePrincipals(appId='$($currentParameters.AppId)')" -Method Patch -Body $CSAParams
         }
 
         Update-MgServicePrincipal -ServicePrincipalId $currentAADServicePrincipal.ObjectID @currentParameters
@@ -701,7 +701,7 @@ function Set-TargetResource
             if ($diff.SideIndicator -eq '=>')
             {
                 $body = @{
-                    '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/$($userInfo.Id)"
+                    '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($userInfo.Id)"
                 }
                 Write-Verbose -Message "Adding owner {$($userInfo.Id)}"
                 New-MgServicePrincipalOwnerByRef -ServicePrincipalId $currentAADServicePrincipal.ObjectId `
@@ -1223,7 +1223,7 @@ function Get-CustomSecurityAttributes {
         [String]$ServicePrincipalId
     )
 
-    $customSecurityAttributes = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/servicePrincipals/$($ServicePrincipalId)`?`$select=customSecurityAttributes" -Method Get
+    $customSecurityAttributes = Invoke-MgGraphRequest -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/servicePrincipals/$($ServicePrincipalId)`?`$select=customSecurityAttributes" -Method Get
     $customSecurityAttributes = $customSecurityAttributes.customSecurityAttributes
     $newCustomSecurityAttributes = @()
 

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1

@@ -222,7 +222,7 @@ function Set-TargetResource
         # so first check if it is $false, then make a post call to agree to the consent, this set the DataSharingConsetGranted to $true.
         $consentInstance = Get-MgBetaDeviceManagementDataSharingConsent -DataSharingConsentId "appleMDMPushCertificate"
         If($consentInstance.Granted -eq $False) {
-            Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/deviceManagement/dataSharingConsents/appleMDMPushCertificate/consentToDataSharing" -Headers @{ "Content-Type" = "application/json" }
+            Invoke-MgGraphRequest -Method POST -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/dataSharingConsents/appleMDMPushCertificate/consentToDataSharing" -Headers @{ "Content-Type" = "application/json" }
         }
         else {
             Write-Host "Data sharing conset is already granted, so it can't be revoked."

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1

@@ -225,7 +225,7 @@ function Set-TargetResource
         if ($dataSharingConsent.granted -eq $false)
         {
             Write-Verbose -Message "Consent not granted, requesting consent..."
-            $consentResult = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/deviceManagement/dataSharingConsents/androidManagedStore/consentToDataSharing" -Method 'POST' -Body @{
+            $consentResult = Invoke-MgGraphRequest -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/dataSharingConsents/androidManagedStore/consentToDataSharing" -Method 'POST' -Body @{
                 DataSharingConsentId = "androidManagedStore"
             } -ContentType "application/json"
         }
@@ -238,7 +238,7 @@ function Set-TargetResource
         #         hostName = "intune.microsoft.com"
         #     }
 
-        #     $signupUrl = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/requestSignupUrl" -Method 'POST' -Body @{
+        #     $signupUrl = Invoke-MgGraphRequest -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/requestSignupUrl" -Method 'POST' -Body @{
         #         hostName = "intune.microsoft.com"
         #     } -ContentType "application/json"
 
@@ -248,7 +248,7 @@ function Set-TargetResource
     elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
     {
             Write-Host "Remove the Intune Device Management Android Google Play Enrollment with Id {$($currentInstance.Id)}"
-        $unbindResult = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/unbind" -Method 'POST' -Body @{} -ContentType "application/json"
+        $unbindResult = Invoke-MgGraphRequest -Uri $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/unbind" -Method 'POST' -Body @{} -ContentType "application/json"
     }
 }