From bbaac62d49740d2176c628eed5366b213d6d8fb3 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Wed, 24 Apr 2024 11:24:00 +0200 Subject: [PATCH 01/52] fix #4596 --- .../DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 54a2ed0b09..79ceaa374c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -782,7 +782,7 @@ function Set-TargetResource } } - if ($currentGroup.IsAssignableToRole -eq $true) + if ($currentGroup.IsAssignableToRole -eq $true -and $currentParameters.ContainsKey('AssignedToRole')) { #AssignedToRole $currentAssignedToRoleValue = @() From d4e772db917b2e9b8732e99a4a34a79c16ffcd08 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Wed, 24 Apr 2024 12:44:18 +0200 Subject: [PATCH 02/52] fix Parameter AssigendToRole --- .../DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 | 2 +- Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 79ceaa374c..2f95c062f6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -428,7 +428,7 @@ function Set-TargetResource $currentParameters.Remove('Owners') | Out-Null $currentParameters.Remove('Members') | Out-Null $currentParameters.Remove('MemberOf') | Out-Null - $currentParameters.Remove('AssignedToRole') | Out-Null + #$currentParameters.Remove('AssignedToRole') | Out-Null if ($Ensure -eq 'Present' -and ` ($null -ne $GroupTypes -and $GroupTypes.Contains('Unified')) -and ` diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 index a53bbafc01..db68fc490f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 @@ -470,6 +470,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { GroupTypes = @() MailNickname = 'M365DSC' IsAssignableToRole = $true + AssignedToRole = @() Ensure = 'Present' } } From bcf9280b26c17e48960c265c38922bba11acaca9 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Wed, 24 Apr 2024 13:54:33 +0200 Subject: [PATCH 03/52] fix Remove role wrong cmdlet used --- .../DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 2f95c062f6..f943dd03ea 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -707,6 +707,9 @@ function Set-TargetResource elseif ($diff.SideIndicator -eq '<=') { Write-Verbose -Message "Removing new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}" + $memberObject = @{ + '@odata.id' = "https://graph.microsoft.com/v1.0/users/{$($user.Id)}" + } Remove-MgGroupMemberDirectoryObjectByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($user.Id) | Out-Null } } @@ -833,7 +836,7 @@ function Set-TargetResource elseif ($diff.SideIndicator -eq '<=') { Write-Verbose -Message "Removing AAD group {$($currentGroup.DisplayName)} from Directory Role {$($role.DisplayName)}" - Remove-MgBetaDirectoryRoleMemberByRef -DirectoryRoleId ($role.Id) -DirectoryObjectId ($currentGroup.Id) | Out-Null + Remove-MgBetaDirectoryRoleMemberDirectoryObjectByRef -DirectoryRoleId ($role.Id) -DirectoryObjectId ($currentGroup.Id) | Out-Null } } } From b9cd91113e1b6f66bba06dfd514a8418c2265fa9 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Wed, 24 Apr 2024 14:13:43 +0200 Subject: [PATCH 04/52] fix tests, remove/add cmdlet's mock --- Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 index db68fc490f..24444cf200 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 @@ -75,7 +75,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Remove-MgGroupMemberDirectoryObjectByRef -MockWith { } - Mock -CommandName Remove-MgBetaDirectoryRoleMemberByRef -MockWith { + Mock -CommandName Remove-MgBetaDirectoryRoleMemberDirectoryObjectByRef -MockWith { } # Mock Write-Host to hide output during the tests @@ -564,7 +564,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Set-TargetResource @testParams Should -Invoke -CommandName 'Get-MgGroup' -Exactly 1 Should -Invoke -CommandName 'Get-MgBetaDirectoryRole' -Exactly 1 - Should -Invoke -CommandName 'Remove-MgBetaDirectoryRoleMemberByRef' -Exactly 1 + Should -Invoke -CommandName 'Remove-MgBetaDirectoryRoleMemberDirectoryObjectByRef' -Exactly 1 } } From 268e4b984dfb1029b738fe2b3f1a9de89aa798c1 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Thu, 25 Apr 2024 16:39:55 +0200 Subject: [PATCH 05/52] feat/AADActivityBasedTimeoutPolicy initial version --- .../MSFT_AADActivityBasedTimeoutPolicy.psm1 | 541 ++++++++++++++++++ ...T_AADActivityBasedTimeoutPolicy.schema.mof | 16 + .../readme.md | 6 + .../settings.json | 39 ++ ...-AADActivityBasedTimeoutPolicy-Example.ps1 | 27 + ...SC.AADActivityBasedTimeoutPolicy.Tests.ps1 | 212 +++++++ Tests/Unit/Stubs/Microsoft365.psm1 | 310 ++++++++++ 7 files changed, 1151 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADActivityBasedTimeoutPolicy/1-AADActivityBasedTimeoutPolicy-Example.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADActivityBasedTimeoutPolicy.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.psm1 new file mode 100644 index 0000000000..5571838a5a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.psm1 @@ -0,0 +1,541 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $AzurePortalTimeOut, + + [Parameter()] + [System.String] + $DefaultTimeOut, + + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgBetaPolicyActivityBasedTimeoutPolicy -ErrorAction SilentlyContinue + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Azure AD Activity Based Timeout Policy with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Azure AD Activity Based Timeout Policy with Id {$Id} and DisplayName {$DisplayName} was found." + + #Azure portal timeout + $timeout = $getValue.Definition | ConvertFrom-Json + $AzurePortalTimeOut = ($timeout.ActivityBasedTimeoutPolicy.ApplicationPolicies | Where-Object{$_.ApplicationId -match "c44b4083-3bb0-49c1-b47d-974e53cbdf3c"}).WebSessionIdleTimeout + $DefaultTimeOut = ($timeout.ActivityBasedTimeoutPolicy.ApplicationPolicies | Where-Object{$_.ApplicationId -match "default"}).WebSessionIdleTimeout + + $results = @{ + #region resource generator code + DisplayName = $getValue.displayName + Id = $getValue.Id + AzurePortalTimeOut = $AzurePortalTimeOut + DefaultTimeOut = $DefaultTimeOut + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $AzurePortalTimeOut, + + [Parameter()] + [System.String] + $DefaultTimeOut, + + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $AzurePortalTimeOutexist = $false + $DefaultTimeOutexistst = $false + if($BoundParameters.ContainsKey('AzurePortalTimeOut') ` + -and $null -ne $BoundParameters.AzurePortalTimeOut ` + -and $BoundParameters.AzurePortalTimeOut -ne '' ` + -and $BoundParameters.AzurePortalTimeOut -ne $nullString) + { + $AzurePortalTimeOutexist = $true + } + if($BoundParameters.ContainsKey('DefaultTimeOut') ` + -and $null -ne $BoundParameters.DefaultTimeOut ` + -and $BoundParameters.DefaultTimeOut -ne '' ` + -and $BoundParameters.DefaultTimeOut -ne $nullString) + { + $DefaultTimeOutexistst = $true + } + $ApplicationPolicies = @() + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Azure AD Activity Based Timeout Policy with DisplayName {$DisplayName}" + if($AzurePortalTimeOutexist) + { + $ApplicationPolicies += @{ + ApplicationId = "c44b4083-3bb0-49c1-b47d-974e53cbdf3c" + WebSessionIdleTimeout = "$AzurePortalTimeOut" + } + } + if($DefaultTimeOutexistst) + { + $ApplicationPolicies += @{ + ApplicationId = "default" + WebSessionIdleTimeout = "$DefaultTimeOut" + } + } + if($null -eq $ApplicationPolicies) + { + throw "At least one of the parameters AzurePortalTimeOut or DefaultTimeOut must be specified" + } + elseif($AzurePortalTimeOutexist -or $DefaultTimeOutexistst) { + $policy = @{ + ActivityBasedTimeoutPolicy = @{ + Version = 1 + ApplicationPolicies = @( + $ApplicationPolicies + ) + } + } + + $json = $policy | ConvertTo-Json -Depth 10 -Compress + $params = @{ + definition = @( + "$json" + ) + displayName = "displayName-value" + isOrganizationDefault = $true + } + + New-MgBetaPolicyActivityBasedTimeoutPolicy -BodyParameter $params + } + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Creating an Azure AD Activity Based Timeout Policy with DisplayName {$DisplayName}" + if($AzurePortalTimeOutexist) + { + $ApplicationPolicies += @{ + ApplicationId = "c44b4083-3bb0-49c1-b47d-974e53cbdf3c" + WebSessionIdleTimeout = "$AzurePortalTimeOut" + } + } + if($DefaultTimeOutexistst) + { + $ApplicationPolicies += @{ + ApplicationId = "default" + WebSessionIdleTimeout = "$DefaultTimeOut" + } + } + if($null -eq $ApplicationPolicies) + { + throw "At least one of the parameters AzurePortalTimeOut or DefaultTimeOut must be specified" + } + elseif($AzurePortalTimeOutexist -or $DefaultTimeOutexistst) { + $policy = @{ + ActivityBasedTimeoutPolicy = @{ + Version = 1 + ApplicationPolicies = @( + $ApplicationPolicies + ) + } + } + + $json = $policy | ConvertTo-Json -Depth 10 -Compress + $params = @{ + definition = @( + "$json" + ) + displayName = "displayName-value" + isOrganizationDefault = $true + } + + Update-MgBetaPolicyActivityBasedTimeoutPolicy -ActivityBasedTimeoutPolicyId $currentInstance.Id -BodyParameter $params + } + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Azure AD Activity Based Timeout Policy with Id {$($currentInstance.Id)}" + Remove-MgBetaPolicyActivityBasedTimeoutPolicy -ActivityBasedTimeoutPolicyId $currentInstance.Id + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $AzurePortalTimeOut, + + [Parameter()] + [System.String] + $DefaultTimeOut, + + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Azure AD Activity Based Timeout Policy with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + $testResult = $false + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.remove('Id') | Out-Null + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgBetaPolicyActivityBasedTimeoutPolicy ` + -All ` + -ErrorAction Stop + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + DisplayName = $config.displayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.schema.mof new file mode 100644 index 0000000000..01e7dcc4ab --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/MSFT_AADActivityBasedTimeoutPolicy.schema.mof @@ -0,0 +1,16 @@ + +[ClassVersion("1.0.0.0"), FriendlyName("AADActivityBasedTimeoutPolicy")] +class MSFT_AADActivityBasedTimeoutPolicy : OMI_BaseResource +{ + [Key, Description("Display name for this policy. Required.")] String DisplayName; + [Write, Description("Id of the policy")] String Id; + [Write, Description("Timeout value in hh:mm:ss for c44b4083-3bb0-49c1-b47d-974e53cbdf3c: applies the policy to the Azure portal.")] String AzurePortalTimeOut; + [Write, Description("Timeout value in hh:mm:ss for default: applies the policy to all applications that support activity-based timeout functionality but don't have application-specific override.")] String DefaultTimeOut; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/readme.md new file mode 100644 index 0000000000..74739e571e --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/readme.md @@ -0,0 +1,6 @@ + +# AADActivityBasedTimeoutPolicy + +## Description + +This resource configure the Azure AD Activity Based Timeout Policy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json new file mode 100644 index 0000000000..4bd33000cd --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json @@ -0,0 +1,39 @@ +{ + "resourceName": "AADActivityBasedTimeoutPolicy", + "description": "This resource configures an Azure AD Activity Based Timeout Policy.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Policy.Read.All" + }, + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ] + }, + "application": { + "read": [ + { + "name": "Policy.Read.All" + }, + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ] + } + } +} + +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADActivityBasedTimeoutPolicy/1-AADActivityBasedTimeoutPolicy-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADActivityBasedTimeoutPolicy/1-AADActivityBasedTimeoutPolicy-Example.ps1 new file mode 100644 index 0000000000..1d915a10b4 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADActivityBasedTimeoutPolicy/1-AADActivityBasedTimeoutPolicy-Example.ps1 @@ -0,0 +1,27 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADActivityBasedTimeoutPolicy "AADActivityBasedTimeoutPolicy-displayName-value" + { + AzurePortalTimeOut = "02:00:00"; + DefaultTimeOut = "03:00:00"; + DisplayName = "displayName-value"; + Ensure = "Present"; + Id = "000000-0000-0000-0000-000000000000"; + Credential = $Credscredential + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADActivityBasedTimeoutPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADActivityBasedTimeoutPolicy.Tests.ps1 new file mode 100644 index 0000000000..89d50cb140 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADActivityBasedTimeoutPolicy.Tests.ps1 @@ -0,0 +1,212 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "AADActivityBasedTimeoutPolicy" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + } + + Mock -CommandName New-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + } + + Mock -CommandName Remove-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The AADActivityBasedTimeoutPolicy should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "03:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaPolicyActivityBasedTimeoutPolicy -Exactly 1 + } + } + + Context -Name "The AADActivityBasedTimeoutPolicy exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "03:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Absent" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + return @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "03:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Present" + Definition = @("{`"ActivityBasedTimeoutPolicy`":{`"Version`":1,`"ApplicationPolicies`":[{`"ApplicationId`":`"c44b4083-3bb0-49c1-b47d-974e53cbdf3c`",`"WebSessionIdleTimeout`":`"02:00:00`"},{`"ApplicationId`":`"default`",`"WebSessionIdleTimeout`":`"04:00:00`"}]}}"); + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaPolicyActivityBasedTimeoutPolicy -Exactly 1 + } + } + Context -Name "The AADActivityBasedTimeoutPolicy Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "04:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + return @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "04:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Present" + Definition = @("{`"ActivityBasedTimeoutPolicy`":{`"Version`":1,`"ApplicationPolicies`":[{`"ApplicationId`":`"c44b4083-3bb0-49c1-b47d-974e53cbdf3c`",`"WebSessionIdleTimeout`":`"02:00:00`"},{`"ApplicationId`":`"default`",`"WebSessionIdleTimeout`":`"04:00:00`"}]}}"); + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The AADActivityBasedTimeoutPolicy exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "03:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + return @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "03:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Present" + Definition = @("{`"ActivityBasedTimeoutPolicy`":{`"Version`":1,`"ApplicationPolicies`":[{`"ApplicationId`":`"c44b4083-3bb0-49c1-b47d-974e53cbdf3c`",`"WebSessionIdleTimeout`":`"02:00:00`"},{`"ApplicationId`":`"default`",`"WebSessionIdleTimeout`":`"04:00:00`"}]}}"); + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaPolicyActivityBasedTimeoutPolicy -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaPolicyActivityBasedTimeoutPolicy -MockWith { + return @{ + DisplayName = "displayName-value" + AzurePortalTimeOut = "02:00:00" + DefaultTimeOut = "03:00:00" + Id = "000000-0000-0000-0000-000000000000" + Ensure = "Present" + Definition = @("{`"ActivityBasedTimeoutPolicy`":{`"Version`":1,`"ApplicationPolicies`":[{`"ApplicationId`":`"c44b4083-3bb0-49c1-b47d-974e53cbdf3c`",`"WebSessionIdleTimeout`":`"02:00:00`"},{`"ApplicationId`":`"default`",`"WebSessionIdleTimeout`":`"04:00:00`"}]}}"); + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 6068acbb24..916999eb2b 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -81493,3 +81493,313 @@ function Update-MgBetaDeviceAppManagementMobileApp } #endregion +#region MgBetaPolicyActivityBasedTimeoutPolicy +function Get-MgBetaPolicyActivityBasedTimeoutPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $ActivityBasedTimeoutPolicyId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgBetaPolicyActivityBasedTimeoutPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.Collections.Hashtable] + $BodyParameter, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $AppliesTo, + + [Parameter()] + [System.String[]] + $Definition, + + [Parameter()] + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsOrganizationDefault, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgBetaPolicyActivityBasedTimeoutPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $ActivityBasedTimeoutPolicyId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgBetaPolicyActivityBasedTimeoutPolicy +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $ActivityBasedTimeoutPolicyId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Collections.Hashtable] + $BodyParameter, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $AppliesTo, + + [Parameter()] + [System.String[]] + $Definition, + + [Parameter()] + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsOrganizationDefault, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +#endregion From 554d776f2b5cc53233c81ad734b09a82a1dbbead Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Thu, 25 Apr 2024 16:42:03 +0200 Subject: [PATCH 06/52] Add Changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 764b863c49..7414aae638 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Change log for Microsoft365DSC +# UNRELEASED +* AADActivityBasedTimeoutPolicy + * Initial release, set the azure portal and default Timeout. + # 1.24.424.1 * EXORecipientPermission From d2a2c925018180bfed8688635868e5160f97310b Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Thu, 25 Apr 2024 16:45:03 +0200 Subject: [PATCH 07/52] Add Changelog entry --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 764b863c49..4e6ae0d7d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Change log for Microsoft365DSC +# +* AADGroup + * Fixes #4596 + # 1.24.424.1 * EXORecipientPermission From e0c244f38a403c11c4b5fae409ca1d57772d41ea Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Thu, 25 Apr 2024 16:58:05 +0200 Subject: [PATCH 08/52] fix needed permission --- .../settings.json | 69 +++++++++---------- 1 file changed, 34 insertions(+), 35 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json index 4bd33000cd..db47b59c8a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json @@ -1,39 +1,38 @@ { "resourceName": "AADActivityBasedTimeoutPolicy", "description": "This resource configures an Azure AD Activity Based Timeout Policy.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Policy.Read.All" - }, - { - "name": "Policy.ReadWrite.ApplicationConfiguration" - } - ], - "update": [ - { - "name": "Policy.ReadWrite.ApplicationConfiguration" - } - ] - }, - "application": { - "read": [ - { - "name": "Policy.Read.All" - }, - { - "name": "Policy.ReadWrite.ApplicationConfiguration" - } - ], - "update": [ - { - "name": "Policy.ReadWrite.ApplicationConfiguration" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Policy.Read.All" + }, + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ] + }, + "application": { + "read": [ + { + "name": "Policy.Read.All" + }, + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ], + "update": [ + { + "name": "Policy.ReadWrite.ApplicationConfiguration" + } + ] + } + } + } } From 980304c6a8ba97c38597327ddf38c0b749250e7a Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Thu, 25 Apr 2024 17:05:06 +0200 Subject: [PATCH 09/52] Add Remove-MgBetaDirectoryRoleMemberDirectoryObjectByRef for Tests --- Tests/Unit/Stubs/Microsoft365.psm1 | 42 ++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 6068acbb24..2921ed4a21 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -81493,3 +81493,45 @@ function Update-MgBetaDeviceAppManagementMobileApp } #endregion +function Remove-MgBetaDirectoryRoleMemberDirectoryObjectByRef +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [string] + $DirectoryObjectId, + + [Parameter(Mandatory = $true)] + [string] + $DirectoryRoleId, + + [Parameter()] + [string] + $IfMatch, + + [Parameter()] + [string] + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [switch] + $PassThru, + + [Parameter()] + [System.Management.Automation.ActionPreference] + $ProgressAction, + + [Parameter()] + [switch] + $WhatIf, + + [Parameter()] + [switch] + $Confirm + ) +} From 7541ace2466ba80c19adb71a34bbeb82b0f656df Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Thu, 25 Apr 2024 17:21:21 +0200 Subject: [PATCH 10/52] fix --- Tests/Unit/Stubs/Microsoft365.psm1 | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 2921ed4a21..6d90061903 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -81522,10 +81522,6 @@ function Remove-MgBetaDirectoryRoleMemberDirectoryObjectByRef [switch] $PassThru, - [Parameter()] - [System.Management.Automation.ActionPreference] - $ProgressAction, - [Parameter()] [switch] $WhatIf, From ef77d073fa4310061924608c6c3b40102f02edf8 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Fri, 26 Apr 2024 08:45:32 +0200 Subject: [PATCH 11/52] wip --- .../MSFT_AADActivityBasedTimeoutPolicy/settings.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json index db47b59c8a..a28a838240 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json @@ -9,12 +9,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.ReadWriteApplicationConfiguration" } ], "update": [ { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.ReadWriteApplicationConfiguration" } ] }, @@ -24,12 +24,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.ReadWriteApplicationConfiguration" } ], "update": [ { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.ReadWriteApplicationConfiguration" } ] } From fdd9400e8e156b5e9197c38176bb7ad5823f1711 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Fri, 26 Apr 2024 09:18:27 +0200 Subject: [PATCH 12/52] fix permission due to test errors --- .../MSFT_AADActivityBasedTimeoutPolicy/settings.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json index a28a838240..4d2c4b7297 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json @@ -9,12 +9,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.ReadWriteApplicationConfiguration" + "name": "Policy.Read.ApplicationConfiguration" } ], "update": [ { - "name": "Policy.ReadWriteApplicationConfiguration" + "name": "Policy.Read.ApplicationConfiguration" } ] }, @@ -24,12 +24,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.ReadWriteApplicationConfiguration" + "name": "Policy.Read.ApplicationConfiguration" } ], "update": [ { - "name": "Policy.ReadWriteApplicationConfiguration" + "name": "Policy.Read.ApplicationConfiguration" } ] } From 313619782d8fdbde019bd9c0b812212f069a244a Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Fri, 26 Apr 2024 09:35:53 +0200 Subject: [PATCH 13/52] Fix permission due to errors in tests --- .../MSFT_AADActivityBasedTimeoutPolicy/settings.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json index 4d2c4b7297..db47b59c8a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json @@ -9,12 +9,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.Read.ApplicationConfiguration" + "name": "Policy.ReadWrite.ApplicationConfiguration" } ], "update": [ { - "name": "Policy.Read.ApplicationConfiguration" + "name": "Policy.ReadWrite.ApplicationConfiguration" } ] }, @@ -24,12 +24,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.Read.ApplicationConfiguration" + "name": "Policy.ReadWrite.ApplicationConfiguration" } ], "update": [ { - "name": "Policy.Read.ApplicationConfiguration" + "name": "Policy.ReadWrite.ApplicationConfiguration" } ] } From 0b40607153e646a53c9d304c15d2fe455395416e Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Fri, 26 Apr 2024 09:48:42 +0200 Subject: [PATCH 14/52] wip --- .../MSFT_AADActivityBasedTimeoutPolicy/settings.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json index db47b59c8a..c64ae12524 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADActivityBasedTimeoutPolicy/settings.json @@ -9,12 +9,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.Read.All" } ], "update": [ { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.Read.All" } ] }, @@ -24,12 +24,12 @@ "name": "Policy.Read.All" }, { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.Read.All" } ], "update": [ { - "name": "Policy.ReadWrite.ApplicationConfiguration" + "name": "Policy.Read.All" } ] } From 5bb0576faba46f5e341f754ce8d54a10e417db3e Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Mon, 29 Apr 2024 14:00:10 +0200 Subject: [PATCH 15/52] add entry in changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 558889d8ad..ef9e2ae99f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.182. * MISC * Added support for Access Tokens across AAD resources. + * Fixing fake passwords in Unit Tests. # 1.24.424.1 From 0378c3187c8b79c8789752791f622c8063eb1b3a Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Fri, 3 May 2024 15:37:42 +0200 Subject: [PATCH 16/52] Update settings handling on removal and new properties --- CHANGELOG.md | 3 + ...ntivirusPolicyWindows10SettingCatalog.psm1 | 118 +++++++++++++++++- ...usPolicyWindows10SettingCatalog.schema.mof | Bin 37454 -> 39378 bytes 3 files changed, 119 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0724d80d0a..8ee7125203 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,9 @@ * SCAutoSensitivityLabelPolicy * Fix incorrect mandatory Credential parameter in Set and Test methods FIXES [#4283](https://github.com/microsoft/Microsoft365DSC/issues/4283) +* IntuneAntivirusPolicyWindows10SettingCatalog + * Add missing properties from templates + * Update setting handling so that the value is reverted to default when unset * DEPENDENCIES * Updated Microsoft.Graph to version 2.18.0. * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.182. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 index 9034e65ad2..23e3ca545d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 @@ -90,6 +90,14 @@ function Get-TargetResource [System.int32] $avgcpuloadfactor, + [Parameter] + [System.Int32] + $archivemaxdepth, + + [Parameter] + [System.Int32] + $archivemaxsize, + [Parameter()] [ValidateSet('0', '1')] [System.String] @@ -242,6 +250,11 @@ function Get-TargetResource [System.String] $engineupdateschannel, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $meteredconnectionupdates, + [Parameter()] [ValidateSet('0', '2', '3', '4', '5', '6')] [System.String] @@ -275,6 +288,21 @@ function Get-TargetResource [System.Int32] $schedulescantime, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disabletlsparsing, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $randomizescheduletasktimes, + + [Parameter()] + [ValidateRange(1,23)] + [System.Int32] + $schedulerrandomizationtime, + [Parameter()] [System.String[]] $signatureupdatefallbackorder, @@ -595,6 +623,14 @@ function Set-TargetResource [System.int32] $avgcpuloadfactor, + [Parameter] + [System.Int32] + $archivemaxdepth, + + [Parameter] + [System.Int32] + $archivemaxsize, + [Parameter()] [ValidateSet('0', '1')] [System.String] @@ -747,6 +783,11 @@ function Set-TargetResource [System.String] $engineupdateschannel, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $meteredconnectionupdates, + [Parameter()] [ValidateSet('0', '2', '3', '4', '5', '6')] [System.String] @@ -780,6 +821,21 @@ function Set-TargetResource [System.Int32] $schedulescantime, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disabletlsparsing, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $randomizescheduletasktimes, + + [Parameter()] + [ValidateRange(1,23)] + [System.Int32] + $schedulerrandomizationtime, + [Parameter()] [System.String[]] $signatureupdatefallbackorder, @@ -1052,6 +1108,14 @@ function Test-TargetResource [System.int32] $avgcpuloadfactor, + [Parameter] + [System.Int32] + $archivemaxdepth, + + [Parameter] + [System.Int32] + $archivemaxsize, + [Parameter()] [ValidateSet('0', '1')] [System.String] @@ -1204,6 +1268,11 @@ function Test-TargetResource [System.String] $engineupdateschannel, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $meteredconnectionupdates, + [Parameter()] [ValidateSet('0', '2', '3', '4', '5', '6')] [System.String] @@ -1237,6 +1306,21 @@ function Test-TargetResource [System.Int32] $schedulescantime, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disabletlsparsing, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $randomizescheduletasktimes, + + [Parameter()] + [ValidateRange(1,23)] + [System.Int32] + $schedulerrandomizationtime, + [Parameter()] [System.String[]] $signatureupdatefallbackorder, @@ -1355,16 +1439,46 @@ function Test-TargetResource Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" - $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + [Hashtable]$ValuesToCheck = @{} + $MyInvocation.MyCommand.Parameters.GetEnumerator() | ForEach-Object { + if ($_.Key -notlike '*Variable' -or $_.Key -notin @('Verbose', 'Debug', 'ErrorAction', 'WarningAction', 'InformationAction')) + { + if ($null -ne $CurrentValues[$_.Key] -or $null -ne $PSBoundParameters[$_.Key]) + { + $ValuesToCheck.Add($_.Key, $null) + if (-not $PSBoundParameters.ContainsKey($_.Key)) + { + $value = $null + switch ($CurrentValues[$_.Key].GetType().Name) + { + 'String' + { + $value = '' + } + 'Int32' + { + $value = 0 + } + 'String[]' + { + $value = @() + } + } + $PSBoundParameters.Add($_.Key, $value) + } + } + } + } $ValuesToCheck.Remove('Identity') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + $testResult = $true if ($CurrentValues.Ensure -ne $Ensure) { $testResult = $false } - #region Assignments if ($testResult) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof index 3c7370cd85744c907d5b13c7e24fa0c470a44725..162ee4e0119e4b20c41eee3bdf9ce47f76e89753 100644 GIT binary patch delta 975 zcmah|OG_J36h1}*n)(Q88lngzQW2`w7eWiAk|Kp@7lSDVM9MgmG=rImnMp$1jqSDz zH)q*JH~j&DfIq{9>n?Qb&aJC{=Uz?J_*mSWJLi7qJKuTa_;2K-8EFI=KKAGD(9yN+~UsEd3pous6;;G{{anXr}C)s0?XOae7ib$ERYd_Tz9qs`j5vfA~Q5{4QHt$@OLx zp|}QIsOrdG{d=B@)1$0INeNkWZ?;jHL9;lEv_w07xU|Tzaw+~-iKl{xBsDK8JH~&a CfYd4g delta 35 tcmV+;0Nnr5vjWbf0 Date: Wed, 8 May 2024 12:08:23 +0100 Subject: [PATCH 17/52] Add missing policy type TeamsVerticalPackagePolicy --- CHANGELOG.md | 9 ++++++--- .../MSFT_TeamsGroupPolicyAssignment.psm1 | 6 +++--- .../MSFT_TeamsGroupPolicyAssignment.schema.mof | 2 +- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9088b8b25e..1bafa5c2cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,10 +10,13 @@ * IntuneDeviceConfigurationCustomPolicyWindows10 * Fixed an issue where the payload of xml files was not encoded as base64. * IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 - * Fixed a creation and update issue when the exported policy contains a + * Fixed a creation and update issue when the exported policy contains a onboarding blob and the tenant is connected to Defender for Endpoint Service. +* TeamsGroupPolicyAssignment + * Add missing policy type TeamsVerticalPackagePolicy + FIXES [#4647](https://github.com/microsoft/Microsoft365DSC/issues/4647) * M365DSCUtil - * Fixed an issue where one could not pass empty arrays to the + * Fixed an issue where one could not pass empty arrays to the `Compare-PSCustomObjectArrays` function. * DEPENDENCIES * Updated Microsoft.Graph to version 2.18.0. @@ -36,7 +39,7 @@ * Fixed an issue where the update policy setting was not handled properly. * IntuneDeviceConfigurationWiredNetworkPolicyWindows10 * Added functionality for specifying the certificates with a display name since their - ids in the blueprint might be from a different source tenant. + ids in the blueprint might be from a different source tenant. FIXES [#4582](https://github.com/microsoft/Microsoft365DSC/issues/4582) * MISC * Added support for AccessTokens in EXO resources. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 index 2b44923618..daad71b876 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 @@ -13,7 +13,7 @@ function Get-TargetResource $GroupId, [Parameter(Mandatory = $true)] - [ValidateSet('ApplicationAccessPolicy','CallingLineIdentity','OnlineAudioConferencingRoutingPolicy','OnlineVoicemailPolicy','OnlineVoiceRoutingPolicy','TeamsAudioConferencingPolicy','TeamsCallHoldPolicy','TeamsCallParkPolicy','TeamsChannelsPolicy','TeamsComplianceRecordingPolicy','TeamsCortanaPolicy','TeamsEmergencyCallingPolicy','TeamsEnhancedEncryptionPolicy','TeamsFeedbackPolicy','TeamsFilesPolicy','TeamsIPPhonePolicy','TeamsMediaLoggingPolicy','TeamsMeetingBroadcastPolicy','TeamsMeetingPolicy','TeamsMessagingPolicy','TeamsMobilityPolicy','TeamsRoomVideoTeleConferencingPolicy','TeamsShiftsPolicy','TeamsUpdateManagementPolicy','TeamsVdiPolicy','TeamsVideoInteropServicePolicy','TenantDialPlan','ExternalAccessPolicy','TeamsAppSetupPolicy','TeamsCallingPolicy','TeamsEventsPolicy','TeamsMeetingBrandingPolicy','TeamsMeetingTemplatePermissionPolicy')] + [ValidateSet('ApplicationAccessPolicy','CallingLineIdentity','OnlineAudioConferencingRoutingPolicy','OnlineVoicemailPolicy','OnlineVoiceRoutingPolicy','TeamsAudioConferencingPolicy','TeamsCallHoldPolicy','TeamsCallParkPolicy','TeamsChannelsPolicy','TeamsComplianceRecordingPolicy','TeamsCortanaPolicy','TeamsEmergencyCallingPolicy','TeamsEnhancedEncryptionPolicy','TeamsFeedbackPolicy','TeamsFilesPolicy','TeamsIPPhonePolicy','TeamsMediaLoggingPolicy','TeamsMeetingBroadcastPolicy','TeamsMeetingPolicy','TeamsMessagingPolicy','TeamsMobilityPolicy','TeamsRoomVideoTeleConferencingPolicy','TeamsShiftsPolicy','TeamsUpdateManagementPolicy','TeamsVdiPolicy','TeamsVideoInteropServicePolicy','TenantDialPlan','ExternalAccessPolicy','TeamsAppSetupPolicy','TeamsCallingPolicy','TeamsEventsPolicy','TeamsMeetingBrandingPolicy','TeamsMeetingTemplatePermissionPolicy','TeamsVerticalPackagePolicy')] [System.String] $PolicyType, @@ -153,7 +153,7 @@ function Set-TargetResource $GroupId, [Parameter(Mandatory = $true)] - [ValidateSet('ApplicationAccessPolicy','CallingLineIdentity','OnlineAudioConferencingRoutingPolicy','OnlineVoicemailPolicy','OnlineVoiceRoutingPolicy','TeamsAudioConferencingPolicy','TeamsCallHoldPolicy','TeamsCallParkPolicy','TeamsChannelsPolicy','TeamsComplianceRecordingPolicy','TeamsCortanaPolicy','TeamsEmergencyCallingPolicy','TeamsEnhancedEncryptionPolicy','TeamsFeedbackPolicy','TeamsFilesPolicy','TeamsIPPhonePolicy','TeamsMediaLoggingPolicy','TeamsMeetingBroadcastPolicy','TeamsMeetingPolicy','TeamsMessagingPolicy','TeamsMobilityPolicy','TeamsRoomVideoTeleConferencingPolicy','TeamsShiftsPolicy','TeamsUpdateManagementPolicy','TeamsVdiPolicy','TeamsVideoInteropServicePolicy','TenantDialPlan','ExternalAccessPolicy','TeamsAppSetupPolicy','TeamsCallingPolicy','TeamsEventsPolicy','TeamsMeetingBrandingPolicy','TeamsMeetingTemplatePermissionPolicy')] + [ValidateSet('ApplicationAccessPolicy','CallingLineIdentity','OnlineAudioConferencingRoutingPolicy','OnlineVoicemailPolicy','OnlineVoiceRoutingPolicy','TeamsAudioConferencingPolicy','TeamsCallHoldPolicy','TeamsCallParkPolicy','TeamsChannelsPolicy','TeamsComplianceRecordingPolicy','TeamsCortanaPolicy','TeamsEmergencyCallingPolicy','TeamsEnhancedEncryptionPolicy','TeamsFeedbackPolicy','TeamsFilesPolicy','TeamsIPPhonePolicy','TeamsMediaLoggingPolicy','TeamsMeetingBroadcastPolicy','TeamsMeetingPolicy','TeamsMessagingPolicy','TeamsMobilityPolicy','TeamsRoomVideoTeleConferencingPolicy','TeamsShiftsPolicy','TeamsUpdateManagementPolicy','TeamsVdiPolicy','TeamsVideoInteropServicePolicy','TenantDialPlan','ExternalAccessPolicy','TeamsAppSetupPolicy','TeamsCallingPolicy','TeamsEventsPolicy','TeamsMeetingBrandingPolicy','TeamsMeetingTemplatePermissionPolicy','TeamsVerticalPackagePolicy')] [System.String] $PolicyType, @@ -273,7 +273,7 @@ function Test-TargetResource $GroupId, [Parameter(Mandatory = $true)] - [ValidateSet('ApplicationAccessPolicy','CallingLineIdentity','OnlineAudioConferencingRoutingPolicy','OnlineVoicemailPolicy','OnlineVoiceRoutingPolicy','TeamsAudioConferencingPolicy','TeamsCallHoldPolicy','TeamsCallParkPolicy','TeamsChannelsPolicy','TeamsComplianceRecordingPolicy','TeamsCortanaPolicy','TeamsEmergencyCallingPolicy','TeamsEnhancedEncryptionPolicy','TeamsFeedbackPolicy','TeamsFilesPolicy','TeamsIPPhonePolicy','TeamsMediaLoggingPolicy','TeamsMeetingBroadcastPolicy','TeamsMeetingPolicy','TeamsMessagingPolicy','TeamsMobilityPolicy','TeamsRoomVideoTeleConferencingPolicy','TeamsShiftsPolicy','TeamsUpdateManagementPolicy','TeamsVdiPolicy','TeamsVideoInteropServicePolicy','TenantDialPlan','ExternalAccessPolicy','TeamsAppSetupPolicy','TeamsCallingPolicy','TeamsEventsPolicy','TeamsMeetingBrandingPolicy','TeamsMeetingTemplatePermissionPolicy')] + [ValidateSet('ApplicationAccessPolicy','CallingLineIdentity','OnlineAudioConferencingRoutingPolicy','OnlineVoicemailPolicy','OnlineVoiceRoutingPolicy','TeamsAudioConferencingPolicy','TeamsCallHoldPolicy','TeamsCallParkPolicy','TeamsChannelsPolicy','TeamsComplianceRecordingPolicy','TeamsCortanaPolicy','TeamsEmergencyCallingPolicy','TeamsEnhancedEncryptionPolicy','TeamsFeedbackPolicy','TeamsFilesPolicy','TeamsIPPhonePolicy','TeamsMediaLoggingPolicy','TeamsMeetingBroadcastPolicy','TeamsMeetingPolicy','TeamsMessagingPolicy','TeamsMobilityPolicy','TeamsRoomVideoTeleConferencingPolicy','TeamsShiftsPolicy','TeamsUpdateManagementPolicy','TeamsVdiPolicy','TeamsVideoInteropServicePolicy','TenantDialPlan','ExternalAccessPolicy','TeamsAppSetupPolicy','TeamsCallingPolicy','TeamsEventsPolicy','TeamsMeetingBrandingPolicy','TeamsMeetingTemplatePermissionPolicy','TeamsVerticalPackagePolicy')] [System.String] $PolicyType, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof index fc3441d1de..2cc4a5f0af 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof @@ -3,7 +3,7 @@ class MSFT_TeamsGroupPolicyAssignment : OMI_BaseResource { [Key, Description("Group Displayname of the group the policys are assigned to")] string GroupDisplayName; [Write, Description("GroupId, alternatively to Group Displayname")] String GroupId; - [Key, Description("Teams PolicyType. The type of the policy to be assigned. Possible values:"), ValueMap{"ApplicationAccessPolicy","CallingLineIdentity","OnlineAudioConferencingRoutingPolicy","OnlineVoicemailPolicy","OnlineVoiceRoutingPolicy","TeamsAudioConferencingPolicy","TeamsCallHoldPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TeamsCortanaPolicy","TeamsEmergencyCallingPolicy","TeamsEnhancedEncryptionPolicy","TeamsFeedbackPolicy","TeamsFilesPolicy","TeamsIPPhonePolicy","TeamsMediaLoggingPolicy","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsMobilityPolicy","TeamsRoomVideoTeleConferencingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVdiPolicy","TeamsVideoInteropServicePolicy","TenantDialPlan","ExternalAccessPolicy","TeamsAppSetupPolicy","TeamsCallingPolicy","TeamsEventsPolicy","TeamsMeetingBrandingPolicy","TeamsMeetingTemplatePermissionPolicy"}, Values{"ApplicationAccessPolicy","CallingLineIdentity","OnlineAudioConferencingRoutingPolicy","OnlineVoicemailPolicy","OnlineVoiceRoutingPolicy","TeamsAudioConferencingPolicy","TeamsCallHoldPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TeamsCortanaPolicy","TeamsEmergencyCallingPolicy","TeamsEnhancedEncryptionPolicy","TeamsFeedbackPolicy","TeamsFilesPolicy","TeamsIPPhonePolicy","TeamsMediaLoggingPolicy","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsMobilityPolicy","TeamsRoomVideoTeleConferencingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVdiPolicy","TeamsVideoInteropServicePolicy","TenantDialPlan","ExternalAccessPolicy","TeamsAppSetupPolicy","TeamsCallingPolicy","TeamsEventsPolicy","TeamsMeetingBrandingPolicy","TeamsMeetingTemplatePermissionPolicy"}] String PolicyType; + [Key, Description("Teams PolicyType. The type of the policy to be assigned. Possible values:"), ValueMap{"ApplicationAccessPolicy","CallingLineIdentity","OnlineAudioConferencingRoutingPolicy","OnlineVoicemailPolicy","OnlineVoiceRoutingPolicy","TeamsAudioConferencingPolicy","TeamsCallHoldPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TeamsCortanaPolicy","TeamsEmergencyCallingPolicy","TeamsEnhancedEncryptionPolicy","TeamsFeedbackPolicy","TeamsFilesPolicy","TeamsIPPhonePolicy","TeamsMediaLoggingPolicy","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsMobilityPolicy","TeamsRoomVideoTeleConferencingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVdiPolicy","TeamsVideoInteropServicePolicy","TenantDialPlan","ExternalAccessPolicy","TeamsAppSetupPolicy","TeamsCallingPolicy","TeamsEventsPolicy","TeamsMeetingBrandingPolicy","TeamsMeetingTemplatePermissionPolicy","TeamsVerticalPackagePolicy"}, Values{"ApplicationAccessPolicy","CallingLineIdentity","OnlineAudioConferencingRoutingPolicy","OnlineVoicemailPolicy","OnlineVoiceRoutingPolicy","TeamsAudioConferencingPolicy","TeamsCallHoldPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TeamsCortanaPolicy","TeamsEmergencyCallingPolicy","TeamsEnhancedEncryptionPolicy","TeamsFeedbackPolicy","TeamsFilesPolicy","TeamsIPPhonePolicy","TeamsMediaLoggingPolicy","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsMobilityPolicy","TeamsRoomVideoTeleConferencingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVdiPolicy","TeamsVideoInteropServicePolicy","TenantDialPlan","ExternalAccessPolicy","TeamsAppSetupPolicy","TeamsCallingPolicy","TeamsEventsPolicy","TeamsMeetingBrandingPolicy","TeamsMeetingTemplatePermissionPolicy","TeamsVerticalPackagePolicy"}] String PolicyType; [Write, Description("Teams PolicyName. The name of the policy to be assigned.")] string PolicyName; [Write, Description("Teams Priority. The rank of the policy assignment, relative to other group policy assignments for the same policy type")] string Priority; [Write, Description("Present ensures the group policy assignment exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; From b410ca0845b85dd1116f588efcca5ec5ef17d4d7 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Wed, 8 May 2024 12:37:14 +0100 Subject: [PATCH 18/52] Remove properties from being tested in certain conditions --- CHANGELOG.md | 9 ++-- .../MSFT_SPOSharingSettings.psm1 | 53 +++++++++++++++++++ 2 files changed, 59 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9088b8b25e..f3548b3da9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,10 +10,13 @@ * IntuneDeviceConfigurationCustomPolicyWindows10 * Fixed an issue where the payload of xml files was not encoded as base64. * IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 - * Fixed a creation and update issue when the exported policy contains a + * Fixed a creation and update issue when the exported policy contains a onboarding blob and the tenant is connected to Defender for Endpoint Service. +* SPOSharingSettings + * Remove properties from being tested in certain conditions + FIXES [#4649](https://github.com/microsoft/Microsoft365DSC/issues/4649) * M365DSCUtil - * Fixed an issue where one could not pass empty arrays to the + * Fixed an issue where one could not pass empty arrays to the `Compare-PSCustomObjectArrays` function. * DEPENDENCIES * Updated Microsoft.Graph to version 2.18.0. @@ -36,7 +39,7 @@ * Fixed an issue where the update policy setting was not handled properly. * IntuneDeviceConfigurationWiredNetworkPolicyWindows10 * Added functionality for specifying the certificates with a display name since their - ids in the blueprint might be from a different source tenant. + ids in the blueprint might be from a different source tenant. FIXES [#4582](https://github.com/microsoft/Microsoft365DSC/issues/4582) * MISC * Added support for AccessTokens in EXO resources. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 index b8c873870f..91ce4fc1fd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 @@ -707,6 +707,59 @@ function Test-TargetResource $ValuesToCheck['DefaultLinkPermission'] = 'Edit' } + if ($null -eq $SharingAllowedDomainList -and $null -eq $SharingBlockedDomainList -and + ($null -ne $RequireAcceptingAccountMatchInvitedAccount -and $RequireAcceptingAccountMatchInvitedAccount -eq $false)) + { + Write-Warning -Message 'If SharingAllowedDomainList / SharingBlockedDomainList are set to null RequireAcceptingAccountMatchInvitedAccount must be set to True ' + $ValuesToCheck.Remove('RequireAcceptingAccountMatchInvitedAccount') | Out-Null + } + + if ($null -eq $SignInAccelerationDomain) + { + $ValuesToCheck.Remove('SignInAccelerationDomain') | Out-Null + $ValuesToCheck.Remove('EnableGuestSignInAcceleration') | Out-Null #removing EnableGuestSignInAcceleration since it can only be configured with a configured SignINAccerlation domain + } + if ($SharingCapability -ne 'ExternalUserAndGuestSharing') + { + Write-Warning -Message 'The sharing capabilities for the tenant are not configured to be ExternalUserAndGuestSharing for that the RequireAnonymousLinksExpireInDays property cannot be configured' + $ValuesToCheck.Remove('RequireAnonymousLinksExpireInDays') | Out-Null + } + if ($ExternalUserExpireInDays -and $ExternalUserExpirationRequired -eq $false) + { + Write-Warning -Message 'ExternalUserExpirationRequired is set to be false. For that the ExternalUserExpireInDays property cannot be configured' + $ValuesToCheck.Remove('ExternalUserExpireInDays') | Out-Null + } + if ($RequireAcceptingAccountMatchInvitedAccount -eq $false) + { + Write-Warning -Message 'RequireAcceptingAccountMatchInvitedAccount is set to be false. For that SharingAllowedDomainList / SharingBlockedDomainList cannot be configured' + $ValuesToCheck.Remove('SharingAllowedDomainList') | Out-Null + $ValuesToCheck.Remove('SharingBlockedDomainList') | Out-Null + } + + if ($SharingCapability -ne 'ExternalUserAndGuestSharing' -and ($null -ne $FileAnonymousLinkType -or $null -ne $FolderAnonymousLinkType)) + { + Write-Warning -Message 'If anonymous file or folder links are set, SharingCapability must be set to ExternalUserAndGuestSharing ' + $ValuesToCheck.Remove('FolderAnonymousLinkType') | Out-Null + $ValuesToCheck.Remove('FileAnonymousLinkType') | Out-Null + } + + if ($SharingDomainRestrictionMode -eq 'None') + { + Write-Warning -Message 'SharingDomainRestrictionMode is set to None. For that SharingAllowedDomainList / SharingBlockedDomainList cannot be configured' + $ValuesToCheck.Remove('SharingAllowedDomainList') | Out-Null + $ValuesToCheck.Remove('SharingBlockedDomainList') | Out-Null + } + elseif ($SharingDomainRestrictionMode -eq 'AllowList') + { + Write-Verbose -Message 'SharingDomainRestrictionMode is set to AllowList. For that SharingBlockedDomainList cannot be configured' + $ValuesToCheck.Remove('SharingBlockedDomainList') | Out-Null + } + elseif ($SharingDomainRestrictionMode -eq 'BlockList') + { + Write-Warning -Message 'SharingDomainRestrictionMode is set to BlockList. For that SharingAllowedDomainList cannot be configured' + $ValuesToCheck.Remove('SharingAllowedDomainList') | Out-Null + } + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` From aa07704e6cc2aa6e5f5382185c010c6528b27886 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Wed, 8 May 2024 12:52:27 +0100 Subject: [PATCH 19/52] Remove unnecessary parameters --- CHANGELOG.md | 10 ++-- .../MSFT_TeamsUpdateManagementPolicy.psm1 | 48 +++++++++---------- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9088b8b25e..2bc289d714 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,10 +10,14 @@ * IntuneDeviceConfigurationCustomPolicyWindows10 * Fixed an issue where the payload of xml files was not encoded as base64. * IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 - * Fixed a creation and update issue when the exported policy contains a + * Fixed a creation and update issue when the exported policy contains a onboarding blob and the tenant is connected to Defender for Endpoint Service. +* TeamsUpdateManagementPolicy + * Remove unnecessary parameters from PSBoundParameters such as authentication + methods, Ensure and Verbose by calling Remove-M365DSCAuthenticationParameter + FIXES [#4651](https://github.com/microsoft/Microsoft365DSC/issues/4651) * M365DSCUtil - * Fixed an issue where one could not pass empty arrays to the + * Fixed an issue where one could not pass empty arrays to the `Compare-PSCustomObjectArrays` function. * DEPENDENCIES * Updated Microsoft.Graph to version 2.18.0. @@ -36,7 +40,7 @@ * Fixed an issue where the update policy setting was not handled properly. * IntuneDeviceConfigurationWiredNetworkPolicyWindows10 * Added functionality for specifying the certificates with a display name since their - ids in the blueprint might be from a different source tenant. + ids in the blueprint might be from a different source tenant. FIXES [#4582](https://github.com/microsoft/Microsoft365DSC/issues/4582) * MISC * Added support for AccessTokens in EXO resources. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 index 18083f32cd..5acac79304 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 @@ -230,34 +230,19 @@ function Set-TargetResource -InboundParameters $PSBoundParameters $CurrentValues = Get-TargetResource @PSBoundParameters + $PSBoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters if ($CurrentValues.Ensure -eq 'Absent' -and $Ensure -eq 'Present') { Write-Verbose "Creating new Teams Update Management Policy {$Identity}" - $newParams = $PSBoundParameters - $newParams.Remove('Ensure') | Out-Null - $newParams.Remove('Credential') | Out-Null - $newParams.Remove('ApplicationId') | Out-Null - $newParams.Remove('TenantId') | Out-Null - $newParams.Remove('CertificateThumbprint') | Out-Null - $newParams.Remove('ManagedIdentity') | Out-Null - $newParams.Remove('AccessTokens') | Out-Null - - New-CsTeamsUpdateManagementPolicy @newParams | Out-Null + + New-CsTeamsUpdateManagementPolicy @PSBoundParameters | Out-Null } elseif ($CurrentValues.Ensure -eq 'Present' -and $Ensure -eq 'Present') { Write-Verbose "Updating existing Teams Update Management Policy {$Identity}" - $setParams = $PSBoundParameters - $setParams.Remove('Ensure') | Out-Null - $setParams.Remove('Credential') | Out-Null - $setParams.Remove('ApplicationId') | Out-Null - $setParams.Remove('TenantId') | Out-Null - $setParams.Remove('CertificateThumbprint') | Out-Null - $setParams.Remove('ManagedIdentity') | Out-Null - $setParams.Remove('AccessTokens') | Out-Null - - Set-CsTeamsUpdateManagementPolicy @setParams | Out-Null + + Set-CsTeamsUpdateManagementPolicy @PSBoundParameters | Out-Null } elseif ($CurrentValues.Ensure -eq 'Present' -and $Ensure -eq 'Absent') { @@ -355,16 +340,27 @@ function Test-TargetResource Write-Verbose -Message "Testing configuration of Team Update Management Policy {$Identity}" $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" - $ValuesToCheck = $PSBoundParameters - - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys + if ($testResult) + { + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } Write-Verbose -Message "Test-TargetResource returned $TestResult" From 1737774dd47bd2770318e7e332da720d497bd755 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Wed, 8 May 2024 13:41:17 +0100 Subject: [PATCH 20/52] Fix creation and set of resource --- CHANGELOG.md | 9 ++++++--- .../MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 | 9 +++++++++ 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9088b8b25e..3aa0a2e752 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,10 +10,13 @@ * IntuneDeviceConfigurationCustomPolicyWindows10 * Fixed an issue where the payload of xml files was not encoded as base64. * IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 - * Fixed a creation and update issue when the exported policy contains a + * Fixed a creation and update issue when the exported policy contains a onboarding blob and the tenant is connected to Defender for Endpoint Service. +* TeamsMeetingPolicy + * Fix creation and set of resource when cloud recording is set to false (off) + FIXES [#4653](https://github.com/microsoft/Microsoft365DSC/issues/4653) * M365DSCUtil - * Fixed an issue where one could not pass empty arrays to the + * Fixed an issue where one could not pass empty arrays to the `Compare-PSCustomObjectArrays` function. * DEPENDENCIES * Updated Microsoft.Graph to version 2.18.0. @@ -36,7 +39,7 @@ * Fixed an issue where the update policy setting was not handled properly. * IntuneDeviceConfigurationWiredNetworkPolicyWindows10 * Added functionality for specifying the certificates with a display name since their - ids in the blueprint might be from a different source tenant. + ids in the blueprint might be from a different source tenant. FIXES [#4582](https://github.com/microsoft/Microsoft365DSC/issues/4582) * MISC * Added support for AccessTokens in EXO resources. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 index 73b48dc9a3..f37ab0979d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 @@ -755,6 +755,10 @@ function Set-TargetResource $SetParameters.Remove('ManagedIdentity') | Out-Null $SetParameters.Remove('Verbose') | Out-Null # Needs to be implicitly removed for the cmdlet to work $SetParameters.Remove('AccessTokens') | Out-Null + if ($AllowCloudRecording -eq $false -and $SetParameters.Keys -contains 'AllowRecordingStorageOutsideRegion') + { + $SetParameters.Remove('AllowRecordingStorageOutsideRegion') | Out-Null + } if ($Ensure -eq 'Present' -and $CurrentValues.Ensure -eq 'Absent') { @@ -1135,6 +1139,11 @@ function Test-TargetResource # The AllowUserToJoinExternalMeeting doesn't do anything based on official documentation $ValuesToCheck.Remove('AllowUserToJoinExternalMeeting') | Out-Null + if ($AllowCloudRecording -eq $false -and $ValuesToCheck.Keys -contains 'AllowRecordingStorageOutsideRegion') + { + $ValuesToCheck.Remove('AllowRecordingStorageOutsideRegion') | Out-Null + } + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` From 69191e87ae81d5b50790aa9389976c7cef01b412 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Wed, 8 May 2024 14:14:05 +0100 Subject: [PATCH 21/52] Fix export and creation/set --- CHANGELOG.md | 11 ++++++++--- .../MSFT_TeamsAudioConferencingPolicy.psm1 | 7 ++++++- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9088b8b25e..0acb6b52c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,10 +10,15 @@ * IntuneDeviceConfigurationCustomPolicyWindows10 * Fixed an issue where the payload of xml files was not encoded as base64. * IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 - * Fixed a creation and update issue when the exported policy contains a + * Fixed a creation and update issue when the exported policy contains a onboarding blob and the tenant is connected to Defender for Endpoint Service. +* TeamsAudioConferencingPolicy + * Fix export and creation/set of this resource by converting a string array + into a comma-separated string and a comma-separated string into a string + array respectively + FIXES [#4655](https://github.com/microsoft/Microsoft365DSC/issues/4655) * M365DSCUtil - * Fixed an issue where one could not pass empty arrays to the + * Fixed an issue where one could not pass empty arrays to the `Compare-PSCustomObjectArrays` function. * DEPENDENCIES * Updated Microsoft.Graph to version 2.18.0. @@ -36,7 +41,7 @@ * Fixed an issue where the update policy setting was not handled properly. * IntuneDeviceConfigurationWiredNetworkPolicyWindows10 * Added functionality for specifying the certificates with a display name since their - ids in the blueprint might be from a different source tenant. + ids in the blueprint might be from a different source tenant. FIXES [#4582](https://github.com/microsoft/Microsoft365DSC/issues/4582) * MISC * Added support for AccessTokens in EXO resources. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAudioConferencingPolicy/MSFT_TeamsAudioConferencingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAudioConferencingPolicy/MSFT_TeamsAudioConferencingPolicy.psm1 index d438a9435f..16e5d8b808 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAudioConferencingPolicy/MSFT_TeamsAudioConferencingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAudioConferencingPolicy/MSFT_TeamsAudioConferencingPolicy.psm1 @@ -75,7 +75,7 @@ function Get-TargetResource $results = @{ Identity = $instance.Identity AllowTollFreeDialin = $instance.AllowTollFreeDialin - MeetingInvitePhoneNumbers = $instance.MeetingInvitePhoneNumbers + MeetingInvitePhoneNumbers = $instance.MeetingInvitePhoneNumbers -join ',' Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -171,6 +171,11 @@ function Set-TargetResource $PSBoundParameters.Remove('ManagedIdentity') | Out-Null $PSBoundParameters.Remove('AccessTokens') | Out-Null + if (![String]::IsNullOrEmpty($MeetingInvitePhoneNumbers)) + { + [String[]]$MeetingInvitePhoneNumbers = $MeetingInvitePhoneNumbers.Split(',') + } + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { $CreateParameters = ([Hashtable]$PSBoundParameters).Clone() From a6db0fabfa0fcedf7d4c2682acfdfe1da51a1337 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 9 May 2024 12:49:19 +0100 Subject: [PATCH 22/52] Simplify --- .../MSFT_SPOTenantCdnPolicy/MSFT_SPOTenantCdnPolicy.psm1 | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantCdnPolicy/MSFT_SPOTenantCdnPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantCdnPolicy/MSFT_SPOTenantCdnPolicy.psm1 index 0c112334ac..29a9a1f931 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantCdnPolicy/MSFT_SPOTenantCdnPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantCdnPolicy/MSFT_SPOTenantCdnPolicy.psm1 @@ -190,15 +190,10 @@ function Set-TargetResource { Write-Verbose 'Found difference in IncludeFileExtensions' - $stringValue = '' - foreach ($entry in $IncludeFileExtensions.Split(',')) - { - $stringValue += $entry + ',' - } - $stringValue = $stringValue.Remove($stringValue.Length - 1, 1) + $IncludeFileExtensions = $IncludeFileExtensions -join ',' Set-PnPTenantCdnPolicy -CdnType $CDNType ` -PolicyType 'IncludeFileExtensions' ` - -PolicyValue $stringValue + -PolicyValue $IncludeFileExtensions } if ($null -ne (Compare-Object -ReferenceObject $curPolicies.ExcludeRestrictedSiteClassifications ` From e74d3520e83afffac7df371a579e3ae4177dad12 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 9 May 2024 12:49:43 +0100 Subject: [PATCH 23/52] Add missing join --- .../MSFT_SPOTenantCdnPolicy/MSFT_SPOTenantCdnPolicy.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantCdnPolicy/MSFT_SPOTenantCdnPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantCdnPolicy/MSFT_SPOTenantCdnPolicy.psm1 index 29a9a1f931..5a0cdd86ed 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantCdnPolicy/MSFT_SPOTenantCdnPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantCdnPolicy/MSFT_SPOTenantCdnPolicy.psm1 @@ -201,10 +201,10 @@ function Set-TargetResource { Write-Verbose 'Found difference in ExcludeRestrictedSiteClassifications' - + $ExcludeRestrictedSiteClassifications = $ExcludeRestrictedSiteClassifications -join ',' Set-PnPTenantCdnPolicy -CdnType $CDNType ` -PolicyType 'ExcludeRestrictedSiteClassifications' ` - -PolicyValue $stringValue + -PolicyValue $ExcludeRestrictedSiteClassifications } } From c27478112d66d04dc517d674f679de7aaa7c9c1f Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 9 May 2024 12:50:35 +0100 Subject: [PATCH 24/52] Add CDNType to the heuristics --- Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 3f2a8485b2..775b1e711c 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -437,12 +437,10 @@ function Compare-PSCustomObjectArrays param ( [Parameter(Mandatory = $true)] - [AllowEmptyCollection()] [System.Object[]] $DesiredValues, [Parameter(Mandatory = $true)] - [AllowEmptyCollection()] [System.Object[]] $CurrentValues ) @@ -3462,6 +3460,10 @@ function Get-M365DSCExportContentForResource { $primaryKey = $Results.Id } + elseif ($Keys.Contains('CDNType')) + { + $primaryKey = $Results.CDNType + } if ([String]::IsNullOrEmpty($primaryKey) -and ` -not $Keys.Contains('IsSingleInstance')) From 11d4040d5a5c379f25deb16cb1ec5947fa6a7537 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 9 May 2024 12:53:36 +0100 Subject: [PATCH 25/52] Update CHANGELOG.md --- CHANGELOG.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9088b8b25e..21aabbdd65 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,11 +10,20 @@ * IntuneDeviceConfigurationCustomPolicyWindows10 * Fixed an issue where the payload of xml files was not encoded as base64. * IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 - * Fixed a creation and update issue when the exported policy contains a + * Fixed a creation and update issue when the exported policy contains a onboarding blob and the tenant is connected to Defender for Endpoint Service. +* SPOTenantCdnPolicy + * Fixed an issue when both IncludeFileExtensions and + ExcludeRestrictedSiteClassifications needed to be changed but the latter got + the value of the former instead of the correct one + FIXES [#4658](https://github.com/microsoft/Microsoft365DSC/issues/4658) * M365DSCUtil - * Fixed an issue where one could not pass empty arrays to the + * Fixed an issue where one could not pass empty arrays to the `Compare-PSCustomObjectArrays` function. + * Fixed an issue with how the ResourceInstanceName was being assigned for + resource SPOTenantCdnPolicy by adding its primary key CDNType to the + heuristics + FIXES [#4658](https://github.com/microsoft/Microsoft365DSC/issues/4658) * DEPENDENCIES * Updated Microsoft.Graph to version 2.18.0. * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.182. @@ -36,7 +45,7 @@ * Fixed an issue where the update policy setting was not handled properly. * IntuneDeviceConfigurationWiredNetworkPolicyWindows10 * Added functionality for specifying the certificates with a display name since their - ids in the blueprint might be from a different source tenant. + ids in the blueprint might be from a different source tenant. FIXES [#4582](https://github.com/microsoft/Microsoft365DSC/issues/4582) * MISC * Added support for AccessTokens in EXO resources. From 0adfa2cc3438c79ae96d608de350fc29de41d550 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 9 May 2024 13:19:15 +0100 Subject: [PATCH 26/52] Fix unit tests --- .../MSFT_SPOTenantCdnPolicy.psm1 | 4 ++-- .../Microsoft365DSC.SPOTenantCDNPolicy.Tests.ps1 | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantCdnPolicy/MSFT_SPOTenantCdnPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantCdnPolicy/MSFT_SPOTenantCdnPolicy.psm1 index 5a0cdd86ed..46da2addef 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantCdnPolicy/MSFT_SPOTenantCdnPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantCdnPolicy/MSFT_SPOTenantCdnPolicy.psm1 @@ -190,7 +190,7 @@ function Set-TargetResource { Write-Verbose 'Found difference in IncludeFileExtensions' - $IncludeFileExtensions = $IncludeFileExtensions -join ',' + [String]$IncludeFileExtensions = [String[]]$IncludeFileExtensions -join ',' Set-PnPTenantCdnPolicy -CdnType $CDNType ` -PolicyType 'IncludeFileExtensions' ` -PolicyValue $IncludeFileExtensions @@ -201,7 +201,7 @@ function Set-TargetResource { Write-Verbose 'Found difference in ExcludeRestrictedSiteClassifications' - $ExcludeRestrictedSiteClassifications = $ExcludeRestrictedSiteClassifications -join ',' + [String]$ExcludeRestrictedSiteClassifications = [String[]]$ExcludeRestrictedSiteClassifications -join ',' Set-PnPTenantCdnPolicy -CdnType $CDNType ` -PolicyType 'ExcludeRestrictedSiteClassifications' ` -PolicyValue $ExcludeRestrictedSiteClassifications diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantCDNPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantCDNPolicy.Tests.ps1 index 20e8b9c3ee..ef6d55496d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantCDNPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantCDNPolicy.Tests.ps1 @@ -55,8 +55,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-PnPTenantCDNPolicies -MockWith { return @{ CDNType = 'Public' - ExcludeRestrictedSiteClassifications = @('Secured') - IncludeFileExtensions = @('.php') + ExcludeRestrictedSiteClassifications = 'Secured' + IncludeFileExtensions = '.php' } } } @@ -87,8 +87,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return @{ CDNType = 'Private' ExcludeIfNoScriptDisabled = $false - ExcludeRestrictedSiteClassifications = @('Secured') - IncludeFileExtensions = @('.php') + ExcludeRestrictedSiteClassifications = 'Secured' + IncludeFileExtensions = '.php' } } } @@ -119,8 +119,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return @{ CDNType = 'Public' ExcludeIfNoScriptDisabled = $false - ExcludeRestrictedSiteClassifications = @('Secured') - IncludeFileExtensions = @('.php') + ExcludeRestrictedSiteClassifications = 'Secured' + IncludeFileExtensions = '.php' } } } From 74588ce6a46647b188038da739d1565762337474 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 10 May 2024 19:59:47 +0530 Subject: [PATCH 27/52] Added Support for AccessTokens to SC and SP resource. --- CHANGELOG.md | 8 ++- .../MSFT_M365DSCRuleEvaluation.schema.mof | 1 + .../MSFT_O365AdminAuditLogConfig.schema.mof | 1 + .../MSFT_O365Group/MSFT_O365Group.schema.mof | 1 + ...SFT_O365OrgCustomizationSetting.schema.mof | 1 + .../MSFT_O365OrgSettings.schema.mof | 1 + ...chAndIntelligenceConfigurations.schema.mof | 1 + .../MSFT_ODSettings.schema.mof | 2 +- .../MSFT_SCAuditConfigurationPolicy.psm1 | 35 ++++++----- ...MSFT_SCAuditConfigurationPolicy.schema.mof | 1 + .../MSFT_SCAutoSensitivityLabelPolicy.psm1 | 38 ++++++----- ...FT_SCAutoSensitivityLabelPolicy.schema.mof | 1 + .../MSFT_SCAutoSensitivityLabelRule.psm1 | 37 ++++++----- ...MSFT_SCAutoSensitivityLabelRule.schema.mof | 1 + .../MSFT_SCCaseHoldPolicy.psm1 | 37 ++++++----- .../MSFT_SCCaseHoldPolicy.schema.mof | 1 + .../MSFT_SCCaseHoldRule.psm1 | 36 ++++++----- .../MSFT_SCCaseHoldRule.schema.mof | 1 + .../MSFT_SCComplianceCase.psm1 | 36 ++++++----- .../MSFT_SCComplianceCase.schema.mof | 1 + .../MSFT_SCComplianceSearch.psm1 | 38 ++++++----- .../MSFT_SCComplianceSearch.schema.mof | 1 + .../MSFT_SCComplianceSearchAction.psm1 | 37 ++++++----- .../MSFT_SCComplianceSearchAction.schema.mof | 1 + .../MSFT_SCComplianceTag.psm1 | 37 ++++++----- .../MSFT_SCComplianceTag.schema.mof | 1 + .../MSFT_SCDLPCompliancePolicy.psm1 | 59 ++++++++++++------ .../MSFT_SCDLPCompliancePolicy.schema.mof | 1 + .../MSFT_SCDLPComplianceRule.psm1 | 38 ++++++----- .../MSFT_SCDLPComplianceRule.schema.mof | 1 + .../MSFT_SCDeviceConditionalAccessPolicy.psm1 | 37 ++++++----- ...SCDeviceConditionalAccessPolicy.schema.mof | 1 + .../MSFT_SCDeviceConfigurationPolicy.psm1 | 37 ++++++----- ...SFT_SCDeviceConfigurationPolicy.schema.mof | 1 + .../MSFT_SCFilePlanPropertyAuthority.psm1 | 36 ++++++----- ...SFT_SCFilePlanPropertyAuthority.schema.mof | 1 + .../MSFT_SCFilePlanPropertyCategory.psm1 | 36 ++++++----- ...MSFT_SCFilePlanPropertyCategory.schema.mof | 1 + .../MSFT_SCFilePlanPropertyCitation.psm1 | 36 ++++++----- ...MSFT_SCFilePlanPropertyCitation.schema.mof | 1 + .../MSFT_SCFilePlanPropertyDepartment.psm1 | 36 ++++++----- ...FT_SCFilePlanPropertyDepartment.schema.mof | 1 + .../MSFT_SCFilePlanPropertyReferenceId.psm1 | 36 ++++++----- ...T_SCFilePlanPropertyReferenceId.schema.mof | 1 + .../MSFT_SCFilePlanPropertySubCategory.psm1 | 36 ++++++----- ...T_SCFilePlanPropertySubCategory.schema.mof | 1 + .../MSFT_SCLabelPolicy.psm1 | 38 ++++++----- .../MSFT_SCLabelPolicy.schema.mof | 1 + .../MSFT_SCProtectionAlert.psm1 | 36 ++++++----- .../MSFT_SCProtectionAlert.schema.mof | 2 +- .../MSFT_SCRetentionCompliancePolicy.psm1 | 37 ++++++----- ...SFT_SCRetentionCompliancePolicy.schema.mof | 1 + .../MSFT_SCRetentionComplianceRule.psm1 | 37 ++++++----- .../MSFT_SCRetentionComplianceRule.schema.mof | 1 + .../MSFT_SCRetentionEventType.psm1 | 37 ++++++----- .../MSFT_SCRetentionEventType.schema.mof | 1 + .../MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 | 33 ++++++---- .../MSFT_SCRoleGroup.schema.mof | 1 + .../MSFT_SCRoleGroupMember.psm1 | 32 +++++++--- .../MSFT_SCRoleGroupMember.schema.mof | 1 + .../MSFT_SCSecurityFilter.psm1 | 42 ++++++++----- .../MSFT_SCSecurityFilter.schema.mof | 1 + .../MSFT_SCSensitivityLabel.psm1 | 36 +++++++---- .../MSFT_SCSensitivityLabel.schema.mof | 1 + .../MSFT_SCSupervisoryReviewPolicy.psm1 | 37 ++++++----- .../MSFT_SCSupervisoryReviewPolicy.schema.mof | 1 + .../MSFT_SCSupervisoryReviewRule.psm1 | 36 ++++++----- .../MSFT_SCSupervisoryReviewRule.schema.mof | 1 + .../MSFT_SPOAccessControlSettings.psm1 | 29 +++++++-- .../MSFT_SPOAccessControlSettings.schema.mof | 1 + .../DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 | 26 ++++++-- .../MSFT_SPOApp/MSFT_SPOApp.schema.mof | 2 +- .../MSFT_SPOBrowserIdleSignout.psm1 | 27 ++++++-- .../MSFT_SPOBrowserIdleSignout.schema.mof | 1 + .../MSFT_SPOHomeSite/MSFT_SPOHomeSite.psm1 | 26 ++++++-- .../MSFT_SPOHomeSite.schema.mof | 2 +- .../MSFT_SPOHubSite/MSFT_SPOHubSite.psm1 | 26 ++++++-- .../MSFT_SPOHubSite.schema.mof | 2 +- .../MSFT_SPOOrgAssetsLibrary.psm1 | 35 +++++++---- .../MSFT_SPOOrgAssetsLibrary.schema.mof | 1 + .../MSFT_SPOPropertyBag.psm1 | 26 ++++++-- .../MSFT_SPOPropertyBag.schema.mof | 1 + .../MSFT_SPOSearchManagedProperty.psm1 | 35 +++++++---- .../MSFT_SPOSearchManagedProperty.schema.mof | 1 + .../MSFT_SPOSearchResultSource.psm1 | 26 ++++++-- .../MSFT_SPOSearchResultSource.schema.mof | 1 + .../MSFT_SPOSharingSettings.psm1 | 29 +++++++-- .../MSFT_SPOSharingSettings.schema.mof | 1 + .../MSFT_SPOSite/MSFT_SPOSite.psm1 | 34 ++++++---- .../MSFT_SPOSite/MSFT_SPOSite.schema.mof | 1 + .../MSFT_SPOSiteAuditSettings.psm1 | 26 ++++++-- .../MSFT_SPOSiteAuditSettings.schema.mof | 1 + .../MSFT_SPOSiteDesign.psm1 | 35 +++++++---- .../MSFT_SPOSiteDesign.schema.mof | 2 +- .../MSFT_SPOSiteDesignRights.psm1 | 28 +++++++-- .../MSFT_SPOSiteDesignRights.schema.mof | 1 + .../MSFT_SPOSiteGroup/MSFT_SPOSiteGroup.psm1 | 34 ++++++---- .../MSFT_SPOSiteGroup.schema.mof | 2 +- .../MSFT_SPOSiteScript.psm1 | 26 ++++++-- .../MSFT_SPOSiteScript.schema.mof | Bin 3424 -> 3610 bytes .../MSFT_SPOStorageEntity.psm1 | 28 +++++++-- .../MSFT_SPOStorageEntity.schema.mof | 1 + .../MSFT_SPOTenantCdnEnabled.psm1 | 27 ++++++-- .../MSFT_SPOTenantCdnEnabled.schema.mof | 2 +- .../MSFT_SPOTenantCdnPolicy.psm1 | 26 ++++++-- .../MSFT_SPOTenantCdnPolicy.schema.mof | 1 + .../MSFT_SPOTenantSettings.psm1 | 29 +++++++-- .../MSFT_SPOTenantSettings.schema.mof | 1 + .../MSFT_SPOTheme/MSFT_SPOTheme.psm1 | 34 ++++++---- .../MSFT_SPOTheme/MSFT_SPOTheme.schema.mof | 1 + .../MSFT_SPOUserProfileProperty.psm1 | 26 ++++++-- .../MSFT_SPOUserProfileProperty.schema.mof | 1 + 112 files changed, 1258 insertions(+), 573 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9088b8b25e..17de34c376 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,16 +10,18 @@ * IntuneDeviceConfigurationCustomPolicyWindows10 * Fixed an issue where the payload of xml files was not encoded as base64. * IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 - * Fixed a creation and update issue when the exported policy contains a + * Fixed a creation and update issue when the exported policy contains a onboarding blob and the tenant is connected to Defender for Endpoint Service. * M365DSCUtil - * Fixed an issue where one could not pass empty arrays to the + * Fixed an issue where one could not pass empty arrays to the `Compare-PSCustomObjectArrays` function. * DEPENDENCIES * Updated Microsoft.Graph to version 2.18.0. * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.182. * MISC * Added support for Access Tokens across AAD resources. + * Added support for Access Tokens across SC resources. + * Added support for Access Tokens across SPO resources. * Added support for Access Tokens across Teams resources. * Fixing fake passwords in Unit Tests. @@ -36,7 +38,7 @@ * Fixed an issue where the update policy setting was not handled properly. * IntuneDeviceConfigurationWiredNetworkPolicyWindows10 * Added functionality for specifying the certificates with a display name since their - ids in the blueprint might be from a different source tenant. + ids in the blueprint might be from a different source tenant. FIXES [#4582](https://github.com/microsoft/Microsoft365DSC/issues/4582) * MISC * Added support for AccessTokens in EXO resources. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof index 5312d83fa4..81a1efa3dd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.schema.mof @@ -10,4 +10,5 @@ class MSFT_M365DSCRuleEvaluation : OMI_BaseResource [Write, Description("Secret of the Azure Active Directory application to authenticate with."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365AdminAuditLogConfig/MSFT_O365AdminAuditLogConfig.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365AdminAuditLogConfig/MSFT_O365AdminAuditLogConfig.schema.mof index 6cba94f8a2..8be2416a22 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365AdminAuditLogConfig/MSFT_O365AdminAuditLogConfig.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365AdminAuditLogConfig/MSFT_O365AdminAuditLogConfig.schema.mof @@ -11,4 +11,5 @@ class MSFT_O365AdminAuditLogConfig : OMI_BaseResource [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.schema.mof index 0e5417dc50..da4efabba8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.schema.mof @@ -13,4 +13,5 @@ class MSFT_O365Group : OMI_BaseResource [Write, Description("Secret of the Azure Active Directory application used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.schema.mof index 6b1fa5a53c..f58af2732c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.schema.mof @@ -9,4 +9,5 @@ class MSFT_O365OrgCustomizationSetting : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof index 024b86dc3a..2eb2767c73 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof @@ -35,4 +35,5 @@ class MSFT_O365OrgSettings : OMI_BaseResource [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof index a957be4321..80dfaf25b2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof @@ -7,4 +7,5 @@ class MSFT_O365SearchAndIntelligenceConfigurations : OMI_BaseResource [Write, Description("Specifies whether or not Person Insights should be available for the organization.")] Boolean PersonInsightsIsEnabledInOrganization; [Write, Description("Specifies a single Azure AD Group for which Person Insights needs to be disabled.")] String PersonInsightsDisabledForGroup; [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_ODSettings/MSFT_ODSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_ODSettings/MSFT_ODSettings.schema.mof index 8ded842c3c..8480f15bbe 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_ODSettings/MSFT_ODSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_ODSettings/MSFT_ODSettings.schema.mof @@ -23,5 +23,5 @@ class MSFT_ODSettings : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; - diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 index df65de69c0..3bbe70dde1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 @@ -36,7 +36,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SCAuditConfigurationPolicy for Workload {$Workload}" @@ -99,6 +103,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -154,7 +159,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SCAuditConfigurationPolicy for $Workload" @@ -250,7 +259,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -271,16 +284,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -319,7 +322,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.schema.mof index 9c432cc3a1..aaf14d206b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.schema.mof @@ -9,4 +9,5 @@ class MSFT_SCAuditConfigurationPolicy : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 index c82516cd0b..d0e9f6df7d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 @@ -128,7 +128,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of Auto sensitivity Label Policy for $Name" @@ -209,6 +213,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -356,7 +361,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of Sensitivity label policy for $Name" @@ -401,6 +410,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null Write-Verbose "Creating new Auto Sensitivity label policy $Name." @@ -436,6 +446,7 @@ function Set-TargetResource $SetParams.Remove('CertificateThumbprint') | Out-Null $SetParams.Remove('ManagedIdentity') | Out-Null $SetParams.Remove('ApplicationSecret') | Out-Null + $SetParams.Remove('AccessTokens') | Out-Null Set-AutoSensitivityLabelPolicy @SetParams -Identity $Name } @@ -467,6 +478,7 @@ function Set-TargetResource $SetParams.Remove('CertificateThumbprint') | Out-Null $SetParams.Remove('ManagedIdentity') | Out-Null $SetParams.Remove('ApplicationSecret') | Out-Null + $SetParams.Remove('AccessTokens') | Out-Null try { @@ -623,7 +635,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #region Telemetry @@ -640,16 +656,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - if ($null -ne $RemoveExchangeLocation -or $null -ne $AddExchangeLocation -or $null -ne $ExchangeLocation) { $configData = New-PolicyData -configData $ExchangeLocation -currentData $CurrentValues.ExchangeLocation ` @@ -792,7 +798,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.schema.mof index 6cd6920db3..e605851bbb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.schema.mof @@ -32,4 +32,5 @@ class MSFT_SCAutoSensitivityLabelPolicy : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 index ab4ff4e9be..e098b6010d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 @@ -218,7 +218,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of DLPCompliancePolicy for $Name" @@ -351,6 +355,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } $paramsToRemove = @() @@ -603,7 +608,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of DLPComplianceRule for $Name" @@ -676,6 +685,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null Write-Verbose -Message 'Flipping the parent policy to Mode = TestWithoutNotification while we create the rule' $parentPolicy = Get-AutoSensitivityLabelPolicy -Identity $Policy @@ -745,6 +755,7 @@ function Set-TargetResource $UpdateParams.Remove('CertificateThumbprint') | Out-Null $UpdateParams.Remove('ManagedIdentity') | Out-Null $UpdateParams.Remove('ApplicationSecret') | Out-Null + $UpdateParams.Remove('AccessTokens') | Out-Null Write-Verbose -Message 'Flipping the parent policy to Mode = TestWithoutNotification while we editing the rule' $parentPolicy = Get-AutoSensitivityLabelPolicy -Identity $Policy @@ -988,7 +999,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' @@ -1007,16 +1022,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #region Test Sensitive Information Type # For each Desired SIT check to see if there is an existing rule with the same name if ($null -ne $ValuesToCheck['ContentContainsSensitiveInformation']) @@ -1101,7 +1106,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.schema.mof index 1794528c44..3cf16cb20d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.schema.mof @@ -90,4 +90,5 @@ class MSFT_SCAutoSensitivityLabelRule : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 index d1b762f7a6..42c646d0c8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 @@ -59,7 +59,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SCCaseHoldPolicy for $Name" @@ -117,6 +121,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -196,7 +201,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SCCaseHoldPolicy for $Name" @@ -232,6 +241,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null New-CaseHoldPolicy @CreationParams } @@ -251,6 +261,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null $policy = Get-CaseHoldPolicy -Identity $Name -Case $Case $CreationParams.Add('Identity', $policy.Name) @@ -392,7 +403,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -413,16 +428,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -461,7 +466,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.schema.mof index f72a91f853..7bb7633ff7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.schema.mof @@ -15,4 +15,5 @@ class MSFT_SCCaseHoldPolicy : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 index e70dce2d4d..76933e8f09 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 @@ -51,7 +51,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. @@ -108,6 +112,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword Ensure = 'Present' + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -179,7 +184,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SCCaseHoldRule for $Name" @@ -215,6 +224,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null Write-Verbose "Creating new Case Hold Rule $Name calling the New-CaseHoldRule cmdlet." New-CaseHoldRule @CreationParams @@ -291,7 +301,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -312,16 +326,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -360,7 +364,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.schema.mof index 64b31714d1..a6c732d13c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.schema.mof @@ -13,4 +13,5 @@ class MSFT_SCCaseHoldRule : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 index 777de72029..f994da49b5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 @@ -44,7 +44,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SCComplianceCase for $Name" @@ -102,6 +106,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword Ensure = 'Present' + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -165,7 +170,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SCComplianceCase for $Name" @@ -202,6 +211,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null Write-Verbose "Creating new Compliance Case $Name calling the New-ComplianceCase cmdlet." New-ComplianceCase @CreationParams @@ -286,7 +296,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -307,16 +321,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -355,7 +359,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.schema.mof index 198efeb8f2..04601a1416 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.schema.mof @@ -11,4 +11,5 @@ class MSFT_SCComplianceCase : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 index f0e4d7f2cd..18e5eadc36 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 @@ -83,7 +83,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SCComplianceSearch for $Name" @@ -153,6 +157,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword Ensure = 'Present' + AccessTokens = $AccessTokens } $nullParams = @() @@ -269,7 +274,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SCComplianceSearch for $Name" @@ -305,6 +314,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null Write-Verbose "Creating new Compliance Search $Name calling the New-ComplianceSearch cmdlet." New-ComplianceSearch @CreationParams @@ -327,6 +337,7 @@ function Set-TargetResource $SetParams.Remove('CertificateThumbprint') | Out-Null $SetParams.Remove('ManagedIdentity') | Out-Null $SetParams.Remove('ApplicationSecret') | Out-Null + $SetParams.Remove('AccessTokens') | Out-Null Set-ComplianceSearch @SetParams -Identity $Name } @@ -422,7 +433,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -443,16 +458,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -491,7 +496,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` @@ -561,6 +570,7 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } Write-Host " |---[$i/$($searches.Name.Count)] $($search.Name)" -NoNewline $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.schema.mof index 717e5ce660..3c87e41099 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.schema.mof @@ -21,4 +21,5 @@ class MSFT_SCComplianceSearch : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 index 1573313c8b..0ad798b17b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 @@ -70,7 +70,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SCComplianceSearchAction for $SearchName - $Action" if ($Global:CurrentModeIsExport) @@ -142,6 +146,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword Ensure = 'Present' + AccessTokens = $AccessTokens } if ($ActionName -eq 'Preview') { @@ -163,6 +168,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword Ensure = 'Present' + AccessTokens = $AccessTokens } } @@ -264,7 +270,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SCComplianceSearchAction for $SearchName - $Action" @@ -301,6 +311,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null if ($null -ne $ActionScope) { @@ -459,7 +470,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -479,16 +494,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -527,7 +532,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.schema.mof index 332dd71188..0c089b16aa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.schema.mof @@ -17,4 +17,5 @@ class MSFT_SCComplianceSearchAction : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 index 7de1bcf6c9..305306883f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 @@ -77,7 +77,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of ComplianceTag for $Name" @@ -137,6 +141,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword Ensure = 'Present' + AccessTokens = $AccessTokens } if (-not [System.String]::IsNullOrEmpty($tagObject.FilePlanMetadata)) @@ -239,7 +244,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of ComplianceTag for $Name" @@ -275,6 +284,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null #Convert File plan to JSON before Set if ($FilePlanProperty) @@ -307,6 +317,7 @@ function Set-TargetResource $SetParams.Remove('CertificateThumbprint') | Out-Null $SetParams.Remove('ManagedIdentity') | Out-Null $SetParams.Remove('ApplicationSecret') | Out-Null + $SetParams.Remove('AccessTokens') | Out-Null # Once set, a label can't be removed; if ($SetParams.IsRecordLabel -eq $false -and $CurrentTag.IsRecordLabel -eq $true) @@ -432,7 +443,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -454,16 +469,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestFilePlanProperties = Test-SCFilePlanProperties -CurrentProperty $CurrentValues ` -DesiredProperty $PSBoundParameters @@ -511,7 +516,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.schema.mof index c8544dc6c8..4814e8bc00 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.schema.mof @@ -29,4 +29,5 @@ class MSFT_SCComplianceTag : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 index bf578df467..0b9538e51e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 @@ -116,7 +116,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of DLPCompliancePolicy for $Name" @@ -206,6 +210,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -341,7 +346,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of DLPCompliancePolicy for $Name" @@ -366,27 +375,29 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentPolicy.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') - $CreationParams.Remove('ApplicationId') - $CreationParams.Remove('TenantId') - $CreationParams.Remove('CertificateThumbprint') - $CreationParams.Remove('CertificatePath') - $CreationParams.Remove('CertificatePassword') - $CreationParams.Remove('Ensure') + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('Ensure') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null New-DLPCompliancePolicy @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentPolicy.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') - $CreationParams.Remove('ApplicationId') - $CreationParams.Remove('TenantId') - $CreationParams.Remove('CertificateThumbprint') - $CreationParams.Remove('CertificatePath') - $CreationParams.Remove('CertificatePassword') - $CreationParams.Remove('Ensure') - $CreationParams.Remove('Name') - $CreationParams.Add('Identity', $Name) + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('Ensure') | Out-Null + $CreationParams.Remove('Name') | Out-Null + $CreationParams.Add('Identity', $Name) | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null # SharePoint Location is specified or already existing, we need to determine # the delta. @@ -854,7 +865,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -915,7 +930,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.schema.mof index a8d38e2d39..0392c191fe 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.schema.mof @@ -29,4 +29,5 @@ class MSFT_SCDLPCompliancePolicy : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 index 8e2cf780e5..b62340f1b4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 @@ -307,7 +307,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of DLPCompliancePolicy for $Name" @@ -461,6 +465,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } $paramsToRemove = @() @@ -801,7 +806,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of DLPComplianceRule for $Name" @@ -872,7 +881,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null - + $CreationParams.Remove('AccessTokens') | Out-Null Write-Verbose -Message "Calling New-DLPComplianceRule with Values: $(Convert-M365DscHashtableToString -Hashtable $CreationParams)" New-DLPComplianceRule @CreationParams @@ -930,6 +939,7 @@ function Set-TargetResource $UpdateParams.Remove('CertificateThumbprint') | Out-Null $UpdateParams.Remove('ManagedIdentity') | Out-Null $UpdateParams.Remove('ApplicationSecret') | Out-Null + $UpdateParams.Remove('AccessTokens') | Out-Null Write-Verbose "Updating Rule with values: $(Convert-M365DscHashtableToString -Hashtable $UpdateParams)" Set-DLPComplianceRule @UpdateParams @@ -1250,7 +1260,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -1272,16 +1286,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #region Test Sensitive Information Type # For each Desired SIT check to see if there is an existing rule with the same name if ($null -ne $ValuesToCheck['ContentContainsSensitiveInformation']) @@ -1367,7 +1371,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof index e827a0ecfa..16990b0c55 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof @@ -108,4 +108,5 @@ class MSFT_SCDLPComplianceRule : OMI_BaseResource [Write, Description("The SetHeader The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. You can specify multiple header name and value pairs separated by commas")] String SetHeader[]; [Write, Description("The ContentExtensionMatchesWords parameter specifies a condition for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas.")] String ContentExtensionMatchesWords[]; [Write, Description("The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas.")] String ExceptIfContentExtensionMatchesWords[]; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 index ee3ad5cdff..0fb94c806c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 @@ -43,7 +43,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of Device Conditional Access Policy for $Name" @@ -99,6 +103,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -162,7 +167,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of Device Conditional Access Policy for $Name" @@ -198,6 +207,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null New-DeviceConditionalAccessPolicy @CreationParams } @@ -217,6 +227,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null Write-Verbose "Updating Policy with values: $(Convert-M365DscHashtableToString -Hashtable $CreationParams)" Set-DeviceConditionalAccessPolicy @CreationParams @@ -273,7 +284,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -296,16 +311,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -344,7 +349,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.schema.mof index d11fb99dc0..aadf4a04a6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.schema.mof @@ -11,4 +11,5 @@ class MSFT_SCDeviceConditionalAccessPolicy : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 index 6a4809efc9..cf2ecfc407 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 @@ -43,7 +43,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of Device Configuration Policy for $Name" @@ -99,6 +103,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -162,7 +167,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of Device Configuration Policy for $Name" @@ -198,6 +207,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null New-DeviceConfigurationPolicy @CreationParams } @@ -216,6 +226,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null $CreationParams.Add('Identity', $Name) @@ -274,7 +285,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -297,16 +312,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -345,7 +350,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.schema.mof index b2bfef28a1..e40501c0ff 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.schema.mof @@ -11,4 +11,5 @@ class MSFT_SCDeviceConfigurationPolicy : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 index dadd25c22e..30ee99b616 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 @@ -35,7 +35,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SCFilePlanPropertyAuthority for $Name" @@ -88,6 +92,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword Ensure = 'Present' + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -142,7 +147,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SCFilePlanPropertyAuthority for $Name" @@ -178,6 +187,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null New-FilePlanPropertyAuthority @CreationParams } @@ -245,7 +255,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -266,16 +280,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -314,7 +318,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.schema.mof index 85a7f732e1..339ddb9d48 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.schema.mof @@ -9,4 +9,5 @@ class MSFT_SCFilePlanPropertyAuthority : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 index 6b215b5a80..5e613dbe33 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 @@ -35,7 +35,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SCFilePlanPropertyCategory for $Name" @@ -87,6 +91,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword Ensure = 'Present' + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -141,7 +146,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SCFilePlanPropertyCategory for $Name" @@ -177,6 +186,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null New-FilePlanPropertyCategory @CreationParams } @@ -244,7 +254,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. @@ -266,16 +280,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -314,7 +318,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.schema.mof index 0d46339c3c..ffb38cec68 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.schema.mof @@ -9,4 +9,5 @@ class MSFT_SCFilePlanPropertyCategory : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 index e7b4a5684d..18c98f6693 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 @@ -43,7 +43,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SCFilePlanPropertyCitation for $Name" @@ -99,6 +103,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword Ensure = 'Present' + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -161,7 +166,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SCFilePlanPropertyCitation for $Name" @@ -197,6 +206,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null New-FilePlanPropertyCitation @CreationParams } @@ -272,7 +282,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -293,16 +307,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -341,7 +345,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.schema.mof index ca93e7a793..d7c6be3d91 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.schema.mof @@ -11,4 +11,5 @@ class MSFT_SCFilePlanPropertyCitation : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 index 34ac454972..0ab98960c3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 @@ -35,7 +35,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SCFilePlanPropertyDepartment for $Name" @@ -88,6 +92,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword Ensure = 'Present' + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -142,7 +147,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SCFilePlanPropertyDepartment for $Name" @@ -178,6 +187,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null New-FilePlanPropertyDepartment @CreationParams } @@ -245,7 +255,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -266,16 +280,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -314,7 +318,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.schema.mof index 1612620c43..7e696bb12d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.schema.mof @@ -9,4 +9,5 @@ class MSFT_SCFilePlanPropertyDepartment : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 index bcde33b0ff..69ce25befd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 @@ -35,7 +35,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SCFilePlanPropertyReferenceId for $Name" @@ -88,6 +92,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword Ensure = 'Present' + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -142,7 +147,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SCFilePlanPropertyReferenceId for $Name" @@ -178,6 +187,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null New-FilePlanPropertyReferenceId @CreationParams } @@ -245,7 +255,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -266,16 +280,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -314,7 +318,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.schema.mof index 875e61ee2b..0c3e53fc80 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.schema.mof @@ -9,4 +9,5 @@ class MSFT_SCFilePlanPropertyReferenceId : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 index 651e16b9ab..716cb49d57 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 @@ -39,7 +39,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SCFilePlanPropertySubCategory for $Name" @@ -103,6 +107,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword Ensure = 'Present' + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -161,7 +166,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SCFilePlanPropertySubCategory for $Name" @@ -199,6 +208,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null New-FilePlanPropertySubCategory @CreationParams } @@ -271,7 +281,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. @@ -293,16 +307,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -341,7 +345,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.schema.mof index 3b78b1d9c3..e3dcf83a84 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.schema.mof @@ -10,4 +10,5 @@ class MSFT_SCFilePlanPropertySubCategory : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 index e773c24d7b..e83356729a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 @@ -103,7 +103,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of Sensitivity Label Policy for $Name" @@ -190,6 +194,7 @@ function Get-TargetResource ExchangeLocationException = Convert-ArrayList -CurrentProperty $policy.ExchangeLocationException ModernGroupLocation = Convert-ArrayList -CurrentProperty $policy.ModernGroupLocation ModernGroupLocationException = Convert-ArrayList -CurrentProperty $policy.ModernGroupLocationException + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -312,7 +317,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of Sensitivity label policy for $Name" @@ -389,6 +398,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null try { @@ -432,6 +442,7 @@ function Set-TargetResource $SetParams.Remove('CertificateThumbprint') | Out-Null $SetParams.Remove('ManagedIdentity') | Out-Null $SetParams.Remove('ApplicationSecret') | Out-Null + $SetParams.Remove('AccessTokens') | Out-Null Set-LabelPolicy @SetParams -Identity $Name } @@ -503,6 +514,7 @@ function Set-TargetResource $SetParams.Remove('CertificateThumbprint') | Out-Null $SetParams.Remove('ManagedIdentity') | Out-Null $SetParams.Remove('ApplicationSecret') | Out-Null + $SetParams.Remove('AccessTokens') | Out-Null try { @@ -634,7 +646,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -663,16 +679,6 @@ function Test-TargetResource $ValuesToCheck.Remove('RemoveModernGroupLocation') | Out-Null $ValuesToCheck.Remove('RemoveModernGroupLocationException') | Out-Null - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - if ($null -ne $AdvancedSettings) { $TestAdvancedSettings = Test-AdvancedSettings -DesiredProperty $AdvancedSettings -CurrentProperty $CurrentValues.AdvancedSettings @@ -803,7 +809,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.schema.mof index f89e820d1c..364f5c6bd8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.schema.mof @@ -33,4 +33,5 @@ class MSFT_SCLabelPolicy : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 index c2728a4451..9eb104a4a2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 @@ -132,7 +132,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SCProtectionAlert for $Name" @@ -207,6 +211,7 @@ function Get-TargetResource Threshold = $AlertObject.Threshold TimeWindow = $AlertObject.TimeWindow VolumeThreshold = $AlertObject.VolumeThreshold + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" return $result @@ -358,7 +363,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) @@ -393,6 +402,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentAlert.Ensure)) { @@ -552,7 +562,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -573,16 +587,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -621,7 +625,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.schema.mof index 8552ed7615..78ff9974fc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.schema.mof @@ -32,5 +32,5 @@ class MSFT_SCProtectionAlert : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; - diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 index 0a4922a2ac..f0ffb4061e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 @@ -111,7 +111,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of RetentionCompliancePolicy for $Name" @@ -172,6 +176,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } if ($PolicyObject.TeamsChannelLocation.Count -gt 0) @@ -217,6 +222,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } if ($PolicyObject.DynamicScopeLocation.Count -gt 0) @@ -398,7 +404,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) if ($null -eq $SharePointLocation -and $null -eq $ExchangeLocation -and $null -eq $OneDriveLocation -and ` @@ -454,6 +464,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null if ($CurrentPolicy.Ensure -eq 'Present') { @@ -971,7 +982,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -994,16 +1009,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -1042,7 +1047,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.schema.mof index ff8fec0e18..20c44c2678 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.schema.mof @@ -28,4 +28,5 @@ class MSFT_SCRetentionCompliancePolicy : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 index f04c0d9b71..9952853061 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 @@ -70,7 +70,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of RetentionComplianceRule for $Name" @@ -135,6 +139,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword Ensure = 'Present' + AccessTokens = $AccessTokens } if (-not $associatedPolicy.TeamsPolicy) { @@ -230,7 +235,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of RetentionComplianceRule for $Name" @@ -266,6 +275,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null Write-Verbose -Message 'Checking to see if the policy is a Teams based one.' $RuleObject = Get-RetentionComplianceRule -Identity $Name ` @@ -325,6 +335,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null Write-Verbose -Message 'Checking to see if the policy is a Teams based one.' $RuleObject = Get-RetentionComplianceRule -Identity $Name ` @@ -470,7 +481,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -491,16 +506,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -539,7 +544,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.schema.mof index 00128c7e27..6fb89c9722 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.schema.mof @@ -17,4 +17,5 @@ class MSFT_SCRetentionComplianceRule : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 index a567470820..4cc0b7c53f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 @@ -39,7 +39,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of Retention Event Type for $Name" @@ -93,6 +97,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword Ensure = 'Present' + AccessTokens = $AccessTokens } Write-Verbose -Message "Found RetentionComplianceEventType $($Name)" @@ -152,7 +157,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of RetentionComplianceEventType for $Name" @@ -188,6 +197,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null New-ComplianceRetentionEventType @CreationParams } @@ -207,6 +217,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null Set-ComplianceRetentionEventType @CreationParams } @@ -259,7 +270,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -280,16 +295,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -328,7 +333,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.schema.mof index b710420a62..662bbee635 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.schema.mof @@ -10,4 +10,5 @@ class MSFT_SCRetentionEventType : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 index 284d26b1ae..a3c39864b1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 @@ -48,7 +48,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting Role Group configuration for $Name" @@ -101,6 +105,7 @@ function Get-TargetResource CertificatePassword = $CertificatePassword Managedidentity = $ManagedIdentity.IsPresent TenantId = $TenantId + AccessTokens = $AccessTokens } Write-Verbose -Message "Found Role Group $($Name)" @@ -168,7 +173,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting Role Group configuration for $Name" @@ -270,7 +279,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -292,13 +305,6 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -342,7 +348,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters @@ -389,6 +399,7 @@ function Export-TargetResource CertificatePassword = $CertificatePassword Managedidentity = $ManagedIdentity.IsPresent CertificatePath = $CertificatePath + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.schema.mof index 77527cbec7..9348360605 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.schema.mof @@ -12,4 +12,5 @@ class MSFT_SCRoleGroup : OMI_BaseResource [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 index 7ac0804e19..b66ec192fb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 @@ -44,7 +44,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting Role Group configuration for $Name" @@ -108,6 +112,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword TenantId = $TenantId + AccessTokens = $AccessTokens } Write-Verbose -Message "Found Role Group $($Name)" @@ -171,7 +176,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting Role Group configuration for $Name" @@ -269,7 +278,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -291,12 +304,6 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -336,7 +343,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` @@ -385,6 +396,7 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint CertificatePassword = $CertificatePassword CertificatePath = $CertificatePath + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.schema.mof index 8c149af37c..b1e0ea0a39 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.schema.mof @@ -11,4 +11,5 @@ class MSFT_SCRoleGroupMember : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 index 1e87cf5340..6a2447f0fd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 @@ -71,7 +71,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of Security Filter for $FilterName" @@ -121,7 +125,7 @@ function Get-TargetResource else { Write-Verbose "Found existing Security Filter $($FilterName)" - $result = MapSecurityFilter $secFilter $Credential $ApplicationId $TenantId $CertificateThumbprint $CertificatePath $CertificatePassword + $result = Get-M365DSCSCMapSecurityFilter $secFilter $Credential $ApplicationId $TenantId $CertificateThumbprint $CertificatePath $CertificatePassword Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" return $result @@ -139,7 +143,7 @@ function Get-TargetResource } } -function MapSecurityFilter +function Get-M365DSCSCMapSecurityFilter { param( [Parameter(Mandatory = $true)] @@ -261,7 +265,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of Security Filter for $FilterName" @@ -301,6 +309,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null try { @@ -329,6 +338,7 @@ function Set-TargetResource $SetParams.Remove('CertificateThumbprint') | Out-Null $SetParams.Remove('ManagedIdentity') | Out-Null $SetParams.Remove('ApplicationSecret') | Out-Null + $SetParams.Remove('AccessTokens') | Out-Null try { @@ -428,7 +438,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -447,16 +461,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" @@ -497,7 +501,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` @@ -536,7 +544,7 @@ function Export-TargetResource # $GetParams = ([Hashtable]$PSBoundParameters).Clone() # $GetParams.Add("FilterName", $filter.FilterName) # $Results = Get-TargetResource @GetParams - $Results = MapSecurityFilter -Filter $filter -Credential $Credential -ApplicationId $ApplicationId ` + $Results = Get-M365DSCSCMapSecurityFilter -Filter $filter -Credential $Credential -ApplicationId $ApplicationId ` -TenantId $TenantId -CertificateThumbprint $CertificateThumbprint -CertificatePath $CertificatePath -CertificatePassword $CertificatePassword $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.schema.mof index 00455b3a46..a019a9a992 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.schema.mof @@ -14,4 +14,5 @@ class MSFT_SCSecurityFilter : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Specify if this label policy should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 index 92f4d76bc8..345f154e52 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 @@ -209,7 +209,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of Sensitivity Label for $Name" @@ -495,6 +499,7 @@ function Get-TargetResource SiteAndGroupProtectionBlockAccess = $siteAndGroupBlockAccess SiteAndGroupProtectionEnabled = $siteAndGroupEnabledValue SiteAndGroupExternalSharingControlType = ($protectsite | Where-Object { $_.Key -eq 'externalsharingcontroltype' }).Value + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -723,7 +728,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of Sensitivity label for $Name" @@ -796,6 +805,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null try { @@ -851,6 +861,7 @@ function Set-TargetResource $SetParams.Remove('CertificateThumbprint') | Out-Null $SetParams.Remove('ManagedIdentity') | Out-Null $SetParams.Remove('ApplicationSecret') | Out-Null + $SetParams.Remove('AccessTokens') | Out-Null try { @@ -1089,7 +1100,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -1113,15 +1128,6 @@ function Test-TargetResource $ValuesToCheck.Remove('AdvancedSettings') | Out-Null $ValuesToCheck.Remove('LocaleSettings') | Out-Null - # Remove authentication parameters - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - if ($null -ne $AdvancedSettings -and $null -ne $CurrentValues.AdvancedSettings) { Write-Verbose -Message 'Testing AdvancedSettings' @@ -1179,7 +1185,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.schema.mof index 9d63a91d33..1cedd8011b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.schema.mof @@ -63,4 +63,5 @@ class MSFT_SCSensitivityLabel : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 index de353a4ff4..43d369684d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 @@ -44,7 +44,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SupervisoryReviewPolicy for $Name" @@ -97,6 +101,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } Write-Verbose -Message "Found SupervisoryReviewPolicy $($Name)" @@ -161,7 +166,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SupervisoryReviewPolicy for $Name" @@ -197,6 +206,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null New-SupervisoryReviewPolicyV2 @CreationParams } @@ -216,6 +226,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null # Reviewers $currentReviewers = $CurrentPolicy.Reviewers @@ -302,7 +313,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -323,16 +338,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -371,7 +376,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.schema.mof index 6e6fbfd839..97e7c6279c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.schema.mof @@ -11,4 +11,5 @@ class MSFT_SCSupervisoryReviewPolicy : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 index 83159458b3..b2b15fad84 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 @@ -49,7 +49,11 @@ function Get-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SupervisoryReviewRule for $Name" @@ -105,6 +109,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } Write-Verbose -Message "Found SupervisoryReviewRule $($Name)" @@ -174,7 +179,11 @@ function Set-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SupervisoryReviewRule for $Name" @@ -210,6 +219,7 @@ function Set-TargetResource $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Remove('AccessTokens') | Out-Null New-SupervisoryReviewRule @CreationParams } @@ -277,7 +287,11 @@ function Test-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -298,16 +312,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters - # Remove authentication parameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -346,7 +350,11 @@ function Export-TargetResource [Parameter()] [System.Management.Automation.PSCredential] - $CertificatePassword + $CertificatePassword, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.schema.mof index 37d048e587..43908dd4e1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.schema.mof @@ -12,4 +12,5 @@ class MSFT_SCSupervisoryReviewRule : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 index 202a98956e..5a04937b91 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 @@ -85,7 +85,11 @@ function Get-TargetResource [Parameter()] [ValidateSet('AllowFullAccess', 'AllowLimitedAccess', 'BlockAccess', 'ProtectionLevel')] [System.String] - $ConditionalAccessPolicy + $ConditionalAccessPolicy, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message 'Getting configuration of SharePoint Online Access Control Settings' @@ -133,6 +137,7 @@ function Get-TargetResource Managedidentity = $ManagedIdentity.IsPresent Ensure = 'Present' ConditionalAccessPolicy = $SPOAccessControlSettings.ConditionalAccessPolicy + AccessTokens = $AccessTokens } } catch @@ -238,7 +243,11 @@ function Set-TargetResource [Parameter()] [ValidateSet('AllowFullAccess', 'AllowLimitedAccess', 'BlockAccess', 'ProtectionLevel')] [System.String] - $ConditionalAccessPolicy + $ConditionalAccessPolicy, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message 'Setting configuration of SharePoint Online Access Control Settings' @@ -258,7 +267,6 @@ function Set-TargetResource $ConnectionMode = New-M365DSCConnection -Workload 'PnP' ` -InboundParameters $PSBoundParameters - $CurrentParameters = $PSBoundParameters $CurrentParameters.Remove('Ensure') | Out-Null $CurrentParameters.Remove('Credential') | Out-Null @@ -270,6 +278,7 @@ function Set-TargetResource $CurrentParameters.Remove('CertificateThumbprint') | Out-Null $CurrentParameters.Remove('ManagedIdentity') | Out-Null $CurrentParameters.Remove('ApplicationSecret') | Out-Null + $CurrentParameters.Remove('AccessTokens') | Out-Null if ($IPAddressAllowList -eq '') { @@ -367,7 +376,11 @@ function Test-TargetResource [Parameter()] [ValidateSet('AllowFullAccess', 'AllowLimitedAccess', 'BlockAccess', 'ProtectionLevel')] [System.String] - $ConditionalAccessPolicy + $ConditionalAccessPolicy, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -392,7 +405,6 @@ function Test-TargetResource -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` -ValuesToCheck @('IsSingleInstance', ` - 'Credential', ` 'DisplayStartASiteOption', ` 'StartASiteFormUrl', ` 'IPAddressEnforcement', ` @@ -445,7 +457,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -475,6 +491,7 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent Credential = $Credential ApplicationSecret = $ApplicationSecret + AccessTokens = $AccessTokens } $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof index 0362970f0d..c3ca2476c9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof @@ -21,4 +21,5 @@ class MSFT_SPOAccessControlSettings : OMI_BaseResource [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; [Write, Description("Blocks or limits access to SharePoint and OneDrive content from un-managed devices."), ValueMap{"AllowFullAccess","AllowLimitedAccess","BlockAccess","ProtectionLevel"}, Values{"AllowFullAccess","AllowLimitedAccess","BlockAccess","ProtectionLevel"}] string ConditionalAccessPolicy; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 index fc0191e75b..a964fc495c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 @@ -55,7 +55,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration for app $Identity" @@ -100,6 +104,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Credential = $Credential + AccessTokens = $AccessTokens } } catch @@ -172,7 +177,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration for app $Identity" @@ -267,7 +276,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -335,7 +348,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -413,6 +430,7 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Credential = $Credential + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.schema.mof index 7e54b61c9c..bf83c609b7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.schema.mof @@ -14,5 +14,5 @@ class MSFT_SPOApp : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; - diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOBrowserIdleSignout/MSFT_SPOBrowserIdleSignout.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOBrowserIdleSignout/MSFT_SPOBrowserIdleSignout.psm1 index 67a98a11ac..b2403a4a3a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOBrowserIdleSignout/MSFT_SPOBrowserIdleSignout.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOBrowserIdleSignout/MSFT_SPOBrowserIdleSignout.psm1 @@ -53,7 +53,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message 'Getting configuration for SPO Browser Idle Signout settings' @@ -93,6 +97,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } } catch @@ -166,7 +171,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message 'Setting configuration for SPO Browser Idle Signout settings' @@ -197,6 +206,7 @@ function Set-TargetResource $CurrentParameters.Remove('CertificateThumbprint') | Out-Null $CurrentParameters.Remove('ManagedIdentity') | Out-Null $CurrentParameters.Remove('ApplicationSecret') | Out-Null + $CurrentParameters.Remove('AccessTokens') | Out-Null Set-PnPBrowserIdleSignout @CurrentParameters | Out-Null } @@ -255,7 +265,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. @@ -326,7 +340,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -357,6 +375,7 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent Credential = $Credential ApplicationSecret = $ApplicationSecret + AccessTokens = $AccessTokens } $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOBrowserIdleSignout/MSFT_SPOBrowserIdleSignout.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOBrowserIdleSignout/MSFT_SPOBrowserIdleSignout.schema.mof index 0a5f193f66..6228b0ace7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOBrowserIdleSignout/MSFT_SPOBrowserIdleSignout.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOBrowserIdleSignout/MSFT_SPOBrowserIdleSignout.schema.mof @@ -13,4 +13,5 @@ class MSFT_SPOBrowserIdleSignout : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHomeSite/MSFT_SPOHomeSite.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHomeSite/MSFT_SPOHomeSite.psm1 index ff0a2a3058..1b1feee0aa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHomeSite/MSFT_SPOHomeSite.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHomeSite/MSFT_SPOHomeSite.psm1 @@ -48,7 +48,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration for hub site collection $Url" @@ -93,6 +97,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return $result } @@ -158,7 +163,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. @@ -256,7 +265,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -329,7 +342,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -359,6 +376,7 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent Credential = $Credential ApplicationSecret = $ApplicationSecret + AccessTokens = $AccessTokens } $dscContent = '' $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHomeSite/MSFT_SPOHomeSite.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHomeSite/MSFT_SPOHomeSite.schema.mof index 78971afea3..5d97e0b6de 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHomeSite/MSFT_SPOHomeSite.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHomeSite/MSFT_SPOHomeSite.schema.mof @@ -12,5 +12,5 @@ class MSFT_SPOHomeSite : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; - diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHubSite/MSFT_SPOHubSite.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHubSite/MSFT_SPOHubSite.psm1 index 4ed0e7c9f1..f6ee6e089a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHubSite/MSFT_SPOHubSite.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHubSite/MSFT_SPOHubSite.psm1 @@ -67,7 +67,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration for hub site collection $Url" @@ -159,6 +163,7 @@ function Get-TargetResource ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } return $result } @@ -243,7 +248,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration for hub site collection $Url" @@ -516,7 +525,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -590,7 +603,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -653,6 +670,7 @@ function Export-TargetResource CertificatePassword = $CertificatePassword CertificatePath = $CertificatePath ApplicationSecret = $ApplicationSecret + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHubSite/MSFT_SPOHubSite.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHubSite/MSFT_SPOHubSite.schema.mof index 5186fced42..4e444f5d70 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHubSite/MSFT_SPOHubSite.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHubSite/MSFT_SPOHubSite.schema.mof @@ -17,5 +17,5 @@ class MSFT_SPOHubSite : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; - diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOOrgAssetsLibrary/MSFT_SPOOrgAssetsLibrary.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOOrgAssetsLibrary/MSFT_SPOOrgAssetsLibrary.psm1 index eca36b378e..d0fe9461a0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOOrgAssetsLibrary/MSFT_SPOOrgAssetsLibrary.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOOrgAssetsLibrary/MSFT_SPOOrgAssetsLibrary.psm1 @@ -52,7 +52,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message 'Getting configuration of SPO Org Assets Library' @@ -146,6 +150,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" return $result @@ -221,7 +226,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message 'Setting configuration of SharePoint Org Site Assets' @@ -249,6 +258,7 @@ function Set-TargetResource $CurrentParameters.Remove('CertificateThumbprint') | Out-Null $CurrentParameters.Remove('ManagedIdentity') | Out-Null $CurrentParameters.Remove('ApplicationSecret') | Out-Null + $currentParameters.Remove('AccessTokens') | Out-Null $cdn = $null if ($CdnType -eq 'Public') @@ -361,7 +371,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -382,14 +396,6 @@ function Test-TargetResource Write-Verbose -Message "Target Values: `n $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -437,7 +443,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -484,6 +494,7 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent ApplicationSecret = $ApplicationSecret + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOOrgAssetsLibrary/MSFT_SPOOrgAssetsLibrary.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOOrgAssetsLibrary/MSFT_SPOOrgAssetsLibrary.schema.mof index 91dbed700c..75e2045352 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOOrgAssetsLibrary/MSFT_SPOOrgAssetsLibrary.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOOrgAssetsLibrary/MSFT_SPOOrgAssetsLibrary.schema.mof @@ -13,4 +13,5 @@ class MSFT_SPOOrgAssetsLibrary : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOPropertyBag/MSFT_SPOPropertyBag.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOPropertyBag/MSFT_SPOPropertyBag.psm1 index e43620e5fb..8f34692080 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOPropertyBag/MSFT_SPOPropertyBag.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOPropertyBag/MSFT_SPOPropertyBag.psm1 @@ -51,7 +51,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration of SPOPropertyBag for $Key" @@ -133,6 +137,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" @@ -203,7 +208,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration of SPOPropertyBag property for $Key at {$Url}" @@ -293,7 +302,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -360,7 +373,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -435,6 +452,7 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Credential = $Credential + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOPropertyBag/MSFT_SPOPropertyBag.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOPropertyBag/MSFT_SPOPropertyBag.schema.mof index facf5b247e..f8cfed524f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOPropertyBag/MSFT_SPOPropertyBag.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOPropertyBag/MSFT_SPOPropertyBag.schema.mof @@ -13,4 +13,5 @@ class MSFT_SPOPropertyBag : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.psm1 index e5ca05b501..b2de504e87 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.psm1 @@ -118,7 +118,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration for Managed Property instance $Name" @@ -224,6 +228,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Ensure = 'Present' + AccessTokens = $AccessTokens } } catch @@ -357,7 +362,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. @@ -821,7 +830,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -842,14 +855,7 @@ function Test-TargetResource Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` @@ -896,7 +902,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -944,6 +954,7 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.schema.mof index b3803bf400..beae68d52e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.schema.mof @@ -29,4 +29,5 @@ class MSFT_SPOSearchManagedProperty : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.psm1 index e41404458a..ed86dc5028 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.psm1 @@ -106,7 +106,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration for Result Source instance $Name" @@ -175,6 +179,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Ensure = 'Present' + AccessTokens = $AccessTokens } if ($null -ne $allowPartial) @@ -270,7 +275,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration for Result Source instance $Name" @@ -509,7 +518,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -575,7 +588,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -626,6 +643,7 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent CertificatePath = $CertificatePath CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.schema.mof index 0c0b4cfdf7..c718a9a8af 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.schema.mof @@ -18,4 +18,5 @@ class MSFT_SPOSearchResultSource : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 index b8c873870f..47a9fdb72b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 @@ -143,7 +143,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message 'Getting configuration for SPO Sharing settings' @@ -226,6 +230,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Ensure = 'Present' + AccessTokens = $AccessTokens } if (-not [System.String]::IsNullOrEmpty($MySiteSharingCapability)) @@ -395,7 +400,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message 'Setting configuration for SPO Sharing settings' @@ -427,6 +436,8 @@ function Set-TargetResource $CurrentParameters.Remove('CertificateThumbprint') | Out-Null $CurrentParameters.Remove('ManagedIdentity') | Out-Null $CurrentParameters.Remove('ApplicationSecret') | Out-Null + $CurrentParameters.Remove('AccessTokens') | Out-Null + [bool]$SetMySharingCapability = $false if ($null -ne $CurrentParameters['MySiteSharingCapability']) { @@ -669,7 +680,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. @@ -700,6 +715,7 @@ function Test-TargetResource $ValuesToCheck.Remove('CertificatePassword') | Out-Null $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('AccessTokens') | Out-Null if ($DefaultLinkPermission -eq 'None') { @@ -753,7 +769,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -783,6 +803,7 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Credential = $Credential + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.schema.mof index e463b0b177..add4742012 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.schema.mof @@ -34,4 +34,5 @@ class MSFT_SPOSharingSettings : OMI_BaseResource [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; [Write, Description("Enable Guest access to a site or Onedrive to expire after")] boolean ExternalUserExpirationRequired; [Write, Description("Specifies Number of days for Guest Access links to expire.")] uint32 ExternalUserExpireInDays; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSite/MSFT_SPOSite.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSite/MSFT_SPOSite.psm1 index f1a44d4b0e..a4275aaeb0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSite/MSFT_SPOSite.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSite/MSFT_SPOSite.psm1 @@ -150,7 +150,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'PnP' ` -InboundParameters $PSBoundParameters @@ -259,6 +263,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } } catch @@ -424,7 +429,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration for site collection $Url" @@ -812,7 +821,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -830,14 +843,6 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -888,7 +893,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -952,6 +961,7 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Credential = $Credential + AccessTokens = $AccessTokens } try diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSite/MSFT_SPOSite.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSite/MSFT_SPOSite.schema.mof index 05c276931f..d2955b9b57 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSite/MSFT_SPOSite.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSite/MSFT_SPOSite.schema.mof @@ -36,4 +36,5 @@ class MSFT_SPOSite : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteAuditSettings/MSFT_SPOSiteAuditSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteAuditSettings/MSFT_SPOSiteAuditSettings.psm1 index f62df060d8..0a331f4f69 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteAuditSettings/MSFT_SPOSiteAuditSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteAuditSettings/MSFT_SPOSiteAuditSettings.psm1 @@ -42,7 +42,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting SPOSiteAuditSettings for {$Url}" @@ -85,6 +89,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } } catch @@ -147,7 +152,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting Audit settings for {$Url}" @@ -223,7 +232,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -289,7 +302,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -348,6 +365,7 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Credential = $Credential + AccessTokens = $AccessTokens } $Results = Get-TargetResource @params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteAuditSettings/MSFT_SPOSiteAuditSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteAuditSettings/MSFT_SPOSiteAuditSettings.schema.mof index d5e0a98bb3..2b6e4a206e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteAuditSettings/MSFT_SPOSiteAuditSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteAuditSettings/MSFT_SPOSiteAuditSettings.schema.mof @@ -11,4 +11,5 @@ class MSFT_SPOSiteAuditSettings : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.psm1 index 82c64b5ca1..b3a5b989d7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.psm1 @@ -72,7 +72,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration for SPO SiteDesign for $Title" @@ -148,6 +152,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } } catch @@ -235,7 +240,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting configuration for SPO SiteDesign for $Title" @@ -276,6 +285,7 @@ function Set-TargetResource $CurrentParameters.Remove('CertificateThumbprint') | Out-Null $CurrentParameters.Remove('ManagedIdentity') | Out-Null $CurrentParameters.Remove('ApplicationSecret') | Out-Null + $CurrentParameters.Remove('AccessTokens') | Out-Null $CurrentParameters.Add('SiteScriptIds', $scriptIds) if ($curSiteDesign.Ensure -eq 'Absent' -and 'Present' -eq $Ensure ) @@ -378,7 +388,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -399,14 +413,6 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -454,7 +460,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -501,6 +511,7 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Credential = $Credential + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.schema.mof index c3af27fb98..1d29225804 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.schema.mof @@ -18,5 +18,5 @@ class MSFT_SPOSiteDesign : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; - diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.psm1 index 1827611002..8ca9e99049 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.psm1 @@ -52,7 +52,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting configuration for SPO SiteDesignRights for $SiteDesignTitle" @@ -116,6 +120,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } } catch @@ -183,7 +188,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. @@ -311,7 +320,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -380,7 +393,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -427,6 +444,7 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Credential = $Credential + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params if ($Results.Ensure -eq 'Present') @@ -454,6 +472,8 @@ function Export-TargetResource CertificatePath = $CertificatePath CertificateThumbprint = $CertificateThumbprint Credential = $Credential + ManagedIdentity = $ManagedIdentity + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params if ($Results.Ensure -eq 'Present') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.schema.mof index 2c6981d890..e97593e531 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.schema.mof @@ -13,4 +13,5 @@ class MSFT_SPOSiteDesignRights : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteGroup/MSFT_SPOSiteGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteGroup/MSFT_SPOSiteGroup.psm1 index 200c2d67c6..99f462d824 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteGroup/MSFT_SPOSiteGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteGroup/MSFT_SPOSiteGroup.psm1 @@ -54,7 +54,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Getting SPOSiteGroups for {$Url}" @@ -145,6 +149,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } } catch @@ -214,7 +219,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting SPOSiteGroups for {$Url}" @@ -389,7 +398,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -410,14 +423,6 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificatePath') | Out-Null - $ValuesToCheck.Remove('CertificatePassword') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -465,7 +470,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -550,6 +559,7 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Credential = $Credential + AccessTokens = $AccessTokens } try { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteGroup/MSFT_SPOSiteGroup.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteGroup/MSFT_SPOSiteGroup.schema.mof index 3843319d7d..319411b258 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteGroup/MSFT_SPOSiteGroup.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteGroup/MSFT_SPOSiteGroup.schema.mof @@ -14,5 +14,5 @@ class MSFT_SPOSiteGroup : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; - diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteScript/MSFT_SPOSiteScript.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteScript/MSFT_SPOSiteScript.psm1 index b4c814480d..63e1b90f2f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteScript/MSFT_SPOSiteScript.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteScript/MSFT_SPOSiteScript.psm1 @@ -55,7 +55,11 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) $ConnectionMode = New-M365DSCConnection -Workload 'PnP' ` -InboundParameters $PSBoundParameters @@ -118,6 +122,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } } catch @@ -188,7 +193,11 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) Write-Verbose -Message "Setting Site Script: $Title" @@ -369,7 +378,11 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -437,7 +450,11 @@ function Export-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens ) try @@ -484,6 +501,7 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Credential = $Credential + AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteScript/MSFT_SPOSiteScript.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteScript/MSFT_SPOSiteScript.schema.mof index 4d97b021d3a08dbe544c78ac5510c00563f82253..2717f4b6a5e6afa12b3aeb7b246efe5e3732ef6d 100644 GIT binary patch delta 98 zcmaDLHA`m0Jf6un*o`Ki;^~|GhS5meks%ofQyGeZP=TR@A)g@|$jh4?&0#!QhL>Y< c0uP@SvYHT>3ZVLEhFAt`23`g(hFT~M0A^_x#Q*>R delta 26 icmbOw^FV6DJRU~Q$qQMuCtu*{ Date: Fri, 10 May 2024 20:05:58 +0530 Subject: [PATCH 28/52] Update authentication-and-permissions.md --- .../user-guide/get-started/authentication-and-permissions.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/user-guide/get-started/authentication-and-permissions.md b/docs/docs/user-guide/get-started/authentication-and-permissions.md index 0027835736..4ac4f19396 100644 --- a/docs/docs/user-guide/get-started/authentication-and-permissions.md +++ b/docs/docs/user-guide/get-started/authentication-and-permissions.md @@ -29,8 +29,8 @@ The following table provides an overview of what authentication methods are supp | *OneDrive* | PnP.PowerShell (Connect-PnPOnline) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Cross](../../Images/check.png) | ![Check](../../Images/check.png) | | *Power Apps* | Microsoft.PowerApps.
Administration.PowerShell | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Cross](../../Images/cross.png) | ![Check](../../Images/check.png) | ![Cross](../../Images/cross.png) | ![Cross](../../Images/cross.png) | | *Planner** | Microsoft.Graph.Authentication
(Connect-MgGraph) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Cross](../../Images/cross.png) | ![Check](../../Images/check.png) | ![Cross](../../Images/check.png) | ![Cross](../../Images/cross.png) | -| *Security & Compliance Center* | ExchangeOnlineManagement
(Connect-IPPSSession) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Cross](../../Images/cross.png) | ![Cross](../../Images/cross.png) | ![Cross](../../Images/cross.png) | -| *SharePoint Online* | PnP.PowerShell
(Connect-PnPOnline) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Cross](../../Images/check.png) | ![Cross](../../Images/cross.png) | +| *Security & Compliance Center* | ExchangeOnlineManagement
(Connect-IPPSSession) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Cross](../../Images/cross.png) | ![Cross](../../Images/cross.png) | ![Check](../../Images/check.png) | +| *SharePoint Online* | PnP.PowerShell
(Connect-PnPOnline) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Cross](../../Images/check.png) | ![Check](../../Images/check.png) | | *Teams* | MicrosoftTeams
(Connect-MicrosoftTeams) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | ![Cross](../../Images/cross.png) | ![Cross](../../Images/cross.png) | ![Check](../../Images/check.png) | ![Check](../../Images/check.png) | > ![Check](../../Images/check.png) = Supported / ![Cross](../../Images/cross.png) = Not supported From e7f5cc77184a12512b35ccbc89c1db6cc8bc210e Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 10 May 2024 14:50:30 +0000 Subject: [PATCH 29/52] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/intune/M365DSCRuleEvaluation.md | 1 + docs/docs/resources/office365/O365AdminAuditLogConfig.md | 1 + docs/docs/resources/office365/O365Group.md | 1 + docs/docs/resources/office365/O365OrgCustomizationSetting.md | 1 + docs/docs/resources/office365/O365OrgSettings.md | 1 + .../office365/O365SearchAndIntelligenceConfigurations.md | 1 + docs/docs/resources/onedrive/ODSettings.md | 1 + .../resources/security-compliance/SCAuditConfigurationPolicy.md | 1 + .../security-compliance/SCAutoSensitivityLabelPolicy.md | 1 + .../resources/security-compliance/SCAutoSensitivityLabelRule.md | 1 + docs/docs/resources/security-compliance/SCCaseHoldPolicy.md | 1 + docs/docs/resources/security-compliance/SCCaseHoldRule.md | 1 + docs/docs/resources/security-compliance/SCComplianceCase.md | 1 + docs/docs/resources/security-compliance/SCComplianceSearch.md | 1 + .../resources/security-compliance/SCComplianceSearchAction.md | 1 + docs/docs/resources/security-compliance/SCComplianceTag.md | 1 + docs/docs/resources/security-compliance/SCDLPCompliancePolicy.md | 1 + docs/docs/resources/security-compliance/SCDLPComplianceRule.md | 1 + .../security-compliance/SCDeviceConditionalAccessPolicy.md | 1 + .../resources/security-compliance/SCDeviceConfigurationPolicy.md | 1 + .../resources/security-compliance/SCFilePlanPropertyAuthority.md | 1 + .../resources/security-compliance/SCFilePlanPropertyCategory.md | 1 + .../resources/security-compliance/SCFilePlanPropertyCitation.md | 1 + .../security-compliance/SCFilePlanPropertyDepartment.md | 1 + .../security-compliance/SCFilePlanPropertyReferenceId.md | 1 + .../security-compliance/SCFilePlanPropertySubCategory.md | 1 + docs/docs/resources/security-compliance/SCLabelPolicy.md | 1 + docs/docs/resources/security-compliance/SCProtectionAlert.md | 1 + .../resources/security-compliance/SCRetentionCompliancePolicy.md | 1 + .../resources/security-compliance/SCRetentionComplianceRule.md | 1 + docs/docs/resources/security-compliance/SCRetentionEventType.md | 1 + docs/docs/resources/security-compliance/SCRoleGroup.md | 1 + docs/docs/resources/security-compliance/SCRoleGroupMember.md | 1 + docs/docs/resources/security-compliance/SCSecurityFilter.md | 1 + docs/docs/resources/security-compliance/SCSensitivityLabel.md | 1 + .../resources/security-compliance/SCSupervisoryReviewPolicy.md | 1 + .../resources/security-compliance/SCSupervisoryReviewRule.md | 1 + docs/docs/resources/sharepoint/SPOAccessControlSettings.md | 1 + docs/docs/resources/sharepoint/SPOApp.md | 1 + docs/docs/resources/sharepoint/SPOBrowserIdleSignout.md | 1 + docs/docs/resources/sharepoint/SPOHomeSite.md | 1 + docs/docs/resources/sharepoint/SPOHubSite.md | 1 + docs/docs/resources/sharepoint/SPOOrgAssetsLibrary.md | 1 + docs/docs/resources/sharepoint/SPOPropertyBag.md | 1 + docs/docs/resources/sharepoint/SPOSearchManagedProperty.md | 1 + docs/docs/resources/sharepoint/SPOSearchResultSource.md | 1 + docs/docs/resources/sharepoint/SPOSharingSettings.md | 1 + docs/docs/resources/sharepoint/SPOSite.md | 1 + docs/docs/resources/sharepoint/SPOSiteAuditSettings.md | 1 + docs/docs/resources/sharepoint/SPOSiteDesign.md | 1 + docs/docs/resources/sharepoint/SPOSiteDesignRights.md | 1 + docs/docs/resources/sharepoint/SPOSiteGroup.md | 1 + docs/docs/resources/sharepoint/SPOSiteScript.md | 1 + docs/docs/resources/sharepoint/SPOStorageEntity.md | 1 + docs/docs/resources/sharepoint/SPOTenantCDNPolicy.md | 1 + docs/docs/resources/sharepoint/SPOTenantCdnEnabled.md | 1 + docs/docs/resources/sharepoint/SPOTenantSettings.md | 1 + docs/docs/resources/sharepoint/SPOTheme.md | 1 + docs/docs/resources/sharepoint/SPOUserProfileProperty.md | 1 + 59 files changed, 59 insertions(+) diff --git a/docs/docs/resources/intune/M365DSCRuleEvaluation.md b/docs/docs/resources/intune/M365DSCRuleEvaluation.md index 16d1597653..84e4143b74 100644 --- a/docs/docs/resources/intune/M365DSCRuleEvaluation.md +++ b/docs/docs/resources/intune/M365DSCRuleEvaluation.md @@ -13,6 +13,7 @@ | **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory application to authenticate with. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | # AAD Tenant Details diff --git a/docs/docs/resources/office365/O365AdminAuditLogConfig.md b/docs/docs/resources/office365/O365AdminAuditLogConfig.md index cac59d71ef..b663440bb4 100644 --- a/docs/docs/resources/office365/O365AdminAuditLogConfig.md +++ b/docs/docs/resources/office365/O365AdminAuditLogConfig.md @@ -14,6 +14,7 @@ | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/office365/O365Group.md b/docs/docs/resources/office365/O365Group.md index 91915dbb46..5eef1fac5d 100644 --- a/docs/docs/resources/office365/O365Group.md +++ b/docs/docs/resources/office365/O365Group.md @@ -16,6 +16,7 @@ | **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory application used for authentication. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/office365/O365OrgCustomizationSetting.md b/docs/docs/resources/office365/O365OrgCustomizationSetting.md index 2db392e80c..a03d738ccc 100644 --- a/docs/docs/resources/office365/O365OrgCustomizationSetting.md +++ b/docs/docs/resources/office365/O365OrgCustomizationSetting.md @@ -12,6 +12,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/office365/O365OrgSettings.md b/docs/docs/resources/office365/O365OrgSettings.md index c279b168ee..a7c8b31216 100644 --- a/docs/docs/resources/office365/O365OrgSettings.md +++ b/docs/docs/resources/office365/O365OrgSettings.md @@ -38,6 +38,7 @@ | **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/office365/O365SearchAndIntelligenceConfigurations.md b/docs/docs/resources/office365/O365SearchAndIntelligenceConfigurations.md index 33e58bd2c5..01870413d7 100644 --- a/docs/docs/resources/office365/O365SearchAndIntelligenceConfigurations.md +++ b/docs/docs/resources/office365/O365SearchAndIntelligenceConfigurations.md @@ -10,6 +10,7 @@ | **PersonInsightsIsEnabledInOrganization** | Write | Boolean | Specifies whether or not Person Insights should be available for the organization. | | | **PersonInsightsDisabledForGroup** | Write | String | Specifies a single Azure AD Group for which Person Insights needs to be disabled. | | | **Credential** | Write | PSCredential | Credentials of the Global Admin | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/onedrive/ODSettings.md b/docs/docs/resources/onedrive/ODSettings.md index cbd32d920b..9297f4f4f0 100644 --- a/docs/docs/resources/onedrive/ODSettings.md +++ b/docs/docs/resources/onedrive/ODSettings.md @@ -26,6 +26,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCAuditConfigurationPolicy.md b/docs/docs/resources/security-compliance/SCAuditConfigurationPolicy.md index 4951cec9f5..6a3dcf760d 100644 --- a/docs/docs/resources/security-compliance/SCAuditConfigurationPolicy.md +++ b/docs/docs/resources/security-compliance/SCAuditConfigurationPolicy.md @@ -12,6 +12,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCAutoSensitivityLabelPolicy.md b/docs/docs/resources/security-compliance/SCAutoSensitivityLabelPolicy.md index 7f000aaa59..0fb7b93b5d 100644 --- a/docs/docs/resources/security-compliance/SCAutoSensitivityLabelPolicy.md +++ b/docs/docs/resources/security-compliance/SCAutoSensitivityLabelPolicy.md @@ -35,6 +35,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCAutoSensitivityLabelRule.md b/docs/docs/resources/security-compliance/SCAutoSensitivityLabelRule.md index db63058dcd..31bd5f8d14 100644 --- a/docs/docs/resources/security-compliance/SCAutoSensitivityLabelRule.md +++ b/docs/docs/resources/security-compliance/SCAutoSensitivityLabelRule.md @@ -54,6 +54,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ### MSFT_SCHeaderPattern diff --git a/docs/docs/resources/security-compliance/SCCaseHoldPolicy.md b/docs/docs/resources/security-compliance/SCCaseHoldPolicy.md index 52359422d6..affeef4c86 100644 --- a/docs/docs/resources/security-compliance/SCCaseHoldPolicy.md +++ b/docs/docs/resources/security-compliance/SCCaseHoldPolicy.md @@ -18,6 +18,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCCaseHoldRule.md b/docs/docs/resources/security-compliance/SCCaseHoldRule.md index 945918bd4e..0d970b2829 100644 --- a/docs/docs/resources/security-compliance/SCCaseHoldRule.md +++ b/docs/docs/resources/security-compliance/SCCaseHoldRule.md @@ -16,6 +16,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCComplianceCase.md b/docs/docs/resources/security-compliance/SCComplianceCase.md index 052184fa5c..b60240a0cb 100644 --- a/docs/docs/resources/security-compliance/SCComplianceCase.md +++ b/docs/docs/resources/security-compliance/SCComplianceCase.md @@ -14,6 +14,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCComplianceSearch.md b/docs/docs/resources/security-compliance/SCComplianceSearch.md index 206e271b73..d1ae84835e 100644 --- a/docs/docs/resources/security-compliance/SCComplianceSearch.md +++ b/docs/docs/resources/security-compliance/SCComplianceSearch.md @@ -24,6 +24,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCComplianceSearchAction.md b/docs/docs/resources/security-compliance/SCComplianceSearchAction.md index d5a6e59445..e8a03a31b1 100644 --- a/docs/docs/resources/security-compliance/SCComplianceSearchAction.md +++ b/docs/docs/resources/security-compliance/SCComplianceSearchAction.md @@ -20,6 +20,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCComplianceTag.md b/docs/docs/resources/security-compliance/SCComplianceTag.md index 5a071bd77a..e967514bc9 100644 --- a/docs/docs/resources/security-compliance/SCComplianceTag.md +++ b/docs/docs/resources/security-compliance/SCComplianceTag.md @@ -22,6 +22,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ### MSFT_SCFilePlanProperty diff --git a/docs/docs/resources/security-compliance/SCDLPCompliancePolicy.md b/docs/docs/resources/security-compliance/SCDLPCompliancePolicy.md index b6ac07e2c0..2b14b6e10a 100644 --- a/docs/docs/resources/security-compliance/SCDLPCompliancePolicy.md +++ b/docs/docs/resources/security-compliance/SCDLPCompliancePolicy.md @@ -32,6 +32,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCDLPComplianceRule.md b/docs/docs/resources/security-compliance/SCDLPComplianceRule.md index 6e2890ec62..f47bb12b9b 100644 --- a/docs/docs/resources/security-compliance/SCDLPComplianceRule.md +++ b/docs/docs/resources/security-compliance/SCDLPComplianceRule.md @@ -78,6 +78,7 @@ | **SetHeader** | Write | StringArray[] | The SetHeader The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. You can specify multiple header name and value pairs separated by commas | | | **ContentExtensionMatchesWords** | Write | StringArray[] | The ContentExtensionMatchesWords parameter specifies a condition for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas. | | | **ExceptIfContentExtensionMatchesWords** | Write | StringArray[] | The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ### MSFT_SCDLPSensitiveInformation diff --git a/docs/docs/resources/security-compliance/SCDeviceConditionalAccessPolicy.md b/docs/docs/resources/security-compliance/SCDeviceConditionalAccessPolicy.md index 22dbffe5ee..923532674b 100644 --- a/docs/docs/resources/security-compliance/SCDeviceConditionalAccessPolicy.md +++ b/docs/docs/resources/security-compliance/SCDeviceConditionalAccessPolicy.md @@ -14,6 +14,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCDeviceConfigurationPolicy.md b/docs/docs/resources/security-compliance/SCDeviceConfigurationPolicy.md index 6d1be42339..2746333828 100644 --- a/docs/docs/resources/security-compliance/SCDeviceConfigurationPolicy.md +++ b/docs/docs/resources/security-compliance/SCDeviceConfigurationPolicy.md @@ -14,6 +14,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCFilePlanPropertyAuthority.md b/docs/docs/resources/security-compliance/SCFilePlanPropertyAuthority.md index 24bf1f6cf8..9a7e622405 100644 --- a/docs/docs/resources/security-compliance/SCFilePlanPropertyAuthority.md +++ b/docs/docs/resources/security-compliance/SCFilePlanPropertyAuthority.md @@ -12,6 +12,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCFilePlanPropertyCategory.md b/docs/docs/resources/security-compliance/SCFilePlanPropertyCategory.md index e34c3961ae..4df5842fa4 100644 --- a/docs/docs/resources/security-compliance/SCFilePlanPropertyCategory.md +++ b/docs/docs/resources/security-compliance/SCFilePlanPropertyCategory.md @@ -12,6 +12,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCFilePlanPropertyCitation.md b/docs/docs/resources/security-compliance/SCFilePlanPropertyCitation.md index 2f786898c6..3fb465aba6 100644 --- a/docs/docs/resources/security-compliance/SCFilePlanPropertyCitation.md +++ b/docs/docs/resources/security-compliance/SCFilePlanPropertyCitation.md @@ -14,6 +14,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCFilePlanPropertyDepartment.md b/docs/docs/resources/security-compliance/SCFilePlanPropertyDepartment.md index 646caa6b71..35c6575251 100644 --- a/docs/docs/resources/security-compliance/SCFilePlanPropertyDepartment.md +++ b/docs/docs/resources/security-compliance/SCFilePlanPropertyDepartment.md @@ -12,6 +12,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCFilePlanPropertyReferenceId.md b/docs/docs/resources/security-compliance/SCFilePlanPropertyReferenceId.md index dcc06c23bd..a27c864ae6 100644 --- a/docs/docs/resources/security-compliance/SCFilePlanPropertyReferenceId.md +++ b/docs/docs/resources/security-compliance/SCFilePlanPropertyReferenceId.md @@ -12,6 +12,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCFilePlanPropertySubCategory.md b/docs/docs/resources/security-compliance/SCFilePlanPropertySubCategory.md index e08a59824c..d8f49ee39f 100644 --- a/docs/docs/resources/security-compliance/SCFilePlanPropertySubCategory.md +++ b/docs/docs/resources/security-compliance/SCFilePlanPropertySubCategory.md @@ -13,6 +13,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCLabelPolicy.md b/docs/docs/resources/security-compliance/SCLabelPolicy.md index 42f3cc5d72..e01da5aece 100644 --- a/docs/docs/resources/security-compliance/SCLabelPolicy.md +++ b/docs/docs/resources/security-compliance/SCLabelPolicy.md @@ -29,6 +29,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ### MSFT_SCLabelSetting diff --git a/docs/docs/resources/security-compliance/SCProtectionAlert.md b/docs/docs/resources/security-compliance/SCProtectionAlert.md index 9d6d67b29d..9195232488 100644 --- a/docs/docs/resources/security-compliance/SCProtectionAlert.md +++ b/docs/docs/resources/security-compliance/SCProtectionAlert.md @@ -35,6 +35,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCRetentionCompliancePolicy.md b/docs/docs/resources/security-compliance/SCRetentionCompliancePolicy.md index f7f9ea48bd..bbeb8f4038 100644 --- a/docs/docs/resources/security-compliance/SCRetentionCompliancePolicy.md +++ b/docs/docs/resources/security-compliance/SCRetentionCompliancePolicy.md @@ -31,6 +31,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCRetentionComplianceRule.md b/docs/docs/resources/security-compliance/SCRetentionComplianceRule.md index b233501c88..9a73acb055 100644 --- a/docs/docs/resources/security-compliance/SCRetentionComplianceRule.md +++ b/docs/docs/resources/security-compliance/SCRetentionComplianceRule.md @@ -20,6 +20,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCRetentionEventType.md b/docs/docs/resources/security-compliance/SCRetentionEventType.md index 7f3e297081..e292b5d7f7 100644 --- a/docs/docs/resources/security-compliance/SCRetentionEventType.md +++ b/docs/docs/resources/security-compliance/SCRetentionEventType.md @@ -13,6 +13,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCRoleGroup.md b/docs/docs/resources/security-compliance/SCRoleGroup.md index 7b7abdff6f..db061cc3ed 100644 --- a/docs/docs/resources/security-compliance/SCRoleGroup.md +++ b/docs/docs/resources/security-compliance/SCRoleGroup.md @@ -15,6 +15,7 @@ | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCRoleGroupMember.md b/docs/docs/resources/security-compliance/SCRoleGroupMember.md index ac8263830c..3109a216bd 100644 --- a/docs/docs/resources/security-compliance/SCRoleGroupMember.md +++ b/docs/docs/resources/security-compliance/SCRoleGroupMember.md @@ -14,6 +14,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCSecurityFilter.md b/docs/docs/resources/security-compliance/SCSecurityFilter.md index bf0b11e483..cca7291c44 100644 --- a/docs/docs/resources/security-compliance/SCSecurityFilter.md +++ b/docs/docs/resources/security-compliance/SCSecurityFilter.md @@ -17,6 +17,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **Ensure** | Write | String | Specify if this label policy should exist or not. | `Present`, `Absent` | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCSensitivityLabel.md b/docs/docs/resources/security-compliance/SCSensitivityLabel.md index 7f33634cf0..6731ac0fff 100644 --- a/docs/docs/resources/security-compliance/SCSensitivityLabel.md +++ b/docs/docs/resources/security-compliance/SCSensitivityLabel.md @@ -54,6 +54,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ### MSFT_SCLabelSetting diff --git a/docs/docs/resources/security-compliance/SCSupervisoryReviewPolicy.md b/docs/docs/resources/security-compliance/SCSupervisoryReviewPolicy.md index bf6e887629..e67a73a6b4 100644 --- a/docs/docs/resources/security-compliance/SCSupervisoryReviewPolicy.md +++ b/docs/docs/resources/security-compliance/SCSupervisoryReviewPolicy.md @@ -14,6 +14,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/security-compliance/SCSupervisoryReviewRule.md b/docs/docs/resources/security-compliance/SCSupervisoryReviewRule.md index bd7bf93985..f6f2ea2c9e 100644 --- a/docs/docs/resources/security-compliance/SCSupervisoryReviewRule.md +++ b/docs/docs/resources/security-compliance/SCSupervisoryReviewRule.md @@ -15,6 +15,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOAccessControlSettings.md b/docs/docs/resources/sharepoint/SPOAccessControlSettings.md index 0cb58239af..cc24a9a375 100644 --- a/docs/docs/resources/sharepoint/SPOAccessControlSettings.md +++ b/docs/docs/resources/sharepoint/SPOAccessControlSettings.md @@ -24,6 +24,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | | **ConditionalAccessPolicy** | Write | String | Blocks or limits access to SharePoint and OneDrive content from un-managed devices. | `AllowFullAccess`, `AllowLimitedAccess`, `BlockAccess`, `ProtectionLevel` | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | # SPO Access Control Settings diff --git a/docs/docs/resources/sharepoint/SPOApp.md b/docs/docs/resources/sharepoint/SPOApp.md index f81dcd182f..654e72ec7c 100644 --- a/docs/docs/resources/sharepoint/SPOApp.md +++ b/docs/docs/resources/sharepoint/SPOApp.md @@ -17,6 +17,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOBrowserIdleSignout.md b/docs/docs/resources/sharepoint/SPOBrowserIdleSignout.md index 89c24222d1..4636a493c2 100644 --- a/docs/docs/resources/sharepoint/SPOBrowserIdleSignout.md +++ b/docs/docs/resources/sharepoint/SPOBrowserIdleSignout.md @@ -16,6 +16,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOHomeSite.md b/docs/docs/resources/sharepoint/SPOHomeSite.md index 45ac4d6a5a..09e5f32d67 100644 --- a/docs/docs/resources/sharepoint/SPOHomeSite.md +++ b/docs/docs/resources/sharepoint/SPOHomeSite.md @@ -15,6 +15,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOHubSite.md b/docs/docs/resources/sharepoint/SPOHubSite.md index 8a904ef42b..96ad357b1c 100644 --- a/docs/docs/resources/sharepoint/SPOHubSite.md +++ b/docs/docs/resources/sharepoint/SPOHubSite.md @@ -20,6 +20,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOOrgAssetsLibrary.md b/docs/docs/resources/sharepoint/SPOOrgAssetsLibrary.md index 3d1d871f28..1f92d0b969 100644 --- a/docs/docs/resources/sharepoint/SPOOrgAssetsLibrary.md +++ b/docs/docs/resources/sharepoint/SPOOrgAssetsLibrary.md @@ -16,6 +16,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOPropertyBag.md b/docs/docs/resources/sharepoint/SPOPropertyBag.md index 6de11f7495..d8fe7677a3 100644 --- a/docs/docs/resources/sharepoint/SPOPropertyBag.md +++ b/docs/docs/resources/sharepoint/SPOPropertyBag.md @@ -16,6 +16,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOSearchManagedProperty.md b/docs/docs/resources/sharepoint/SPOSearchManagedProperty.md index b17419f320..3fbe06cd3a 100644 --- a/docs/docs/resources/sharepoint/SPOSearchManagedProperty.md +++ b/docs/docs/resources/sharepoint/SPOSearchManagedProperty.md @@ -32,6 +32,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOSearchResultSource.md b/docs/docs/resources/sharepoint/SPOSearchResultSource.md index b7670b1773..139736cbc1 100644 --- a/docs/docs/resources/sharepoint/SPOSearchResultSource.md +++ b/docs/docs/resources/sharepoint/SPOSearchResultSource.md @@ -21,6 +21,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOSharingSettings.md b/docs/docs/resources/sharepoint/SPOSharingSettings.md index f4705c8d92..1869690d40 100644 --- a/docs/docs/resources/sharepoint/SPOSharingSettings.md +++ b/docs/docs/resources/sharepoint/SPOSharingSettings.md @@ -37,6 +37,7 @@ | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | | **ExternalUserExpirationRequired** | Write | Boolean | Enable Guest access to a site or Onedrive to expire after | | | **ExternalUserExpireInDays** | Write | UInt32 | Specifies Number of days for Guest Access links to expire. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOSite.md b/docs/docs/resources/sharepoint/SPOSite.md index b0725164dc..2a294bd4e2 100644 --- a/docs/docs/resources/sharepoint/SPOSite.md +++ b/docs/docs/resources/sharepoint/SPOSite.md @@ -39,6 +39,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOSiteAuditSettings.md b/docs/docs/resources/sharepoint/SPOSiteAuditSettings.md index af5e86368c..cfdfb17f1d 100644 --- a/docs/docs/resources/sharepoint/SPOSiteAuditSettings.md +++ b/docs/docs/resources/sharepoint/SPOSiteAuditSettings.md @@ -14,6 +14,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOSiteDesign.md b/docs/docs/resources/sharepoint/SPOSiteDesign.md index 703159a128..fd6023d7ea 100644 --- a/docs/docs/resources/sharepoint/SPOSiteDesign.md +++ b/docs/docs/resources/sharepoint/SPOSiteDesign.md @@ -21,6 +21,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOSiteDesignRights.md b/docs/docs/resources/sharepoint/SPOSiteDesignRights.md index 0c00f41046..e42a1d32d8 100644 --- a/docs/docs/resources/sharepoint/SPOSiteDesignRights.md +++ b/docs/docs/resources/sharepoint/SPOSiteDesignRights.md @@ -16,6 +16,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOSiteGroup.md b/docs/docs/resources/sharepoint/SPOSiteGroup.md index ddc34f1022..df508f3e20 100644 --- a/docs/docs/resources/sharepoint/SPOSiteGroup.md +++ b/docs/docs/resources/sharepoint/SPOSiteGroup.md @@ -17,6 +17,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOSiteScript.md b/docs/docs/resources/sharepoint/SPOSiteScript.md index dda398ce51..6cdaf50fc5 100644 --- a/docs/docs/resources/sharepoint/SPOSiteScript.md +++ b/docs/docs/resources/sharepoint/SPOSiteScript.md @@ -17,6 +17,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOStorageEntity.md b/docs/docs/resources/sharepoint/SPOStorageEntity.md index 42fa1e0444..e98936ddca 100644 --- a/docs/docs/resources/sharepoint/SPOStorageEntity.md +++ b/docs/docs/resources/sharepoint/SPOStorageEntity.md @@ -19,6 +19,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOTenantCDNPolicy.md b/docs/docs/resources/sharepoint/SPOTenantCDNPolicy.md index 38c1c94178..8fd21ad935 100644 --- a/docs/docs/resources/sharepoint/SPOTenantCDNPolicy.md +++ b/docs/docs/resources/sharepoint/SPOTenantCDNPolicy.md @@ -15,6 +15,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOTenantCdnEnabled.md b/docs/docs/resources/sharepoint/SPOTenantCdnEnabled.md index c1c7c0f3d3..5026978b56 100644 --- a/docs/docs/resources/sharepoint/SPOTenantCdnEnabled.md +++ b/docs/docs/resources/sharepoint/SPOTenantCdnEnabled.md @@ -15,6 +15,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ## Description diff --git a/docs/docs/resources/sharepoint/SPOTenantSettings.md b/docs/docs/resources/sharepoint/SPOTenantSettings.md index a588190908..a9527057ce 100644 --- a/docs/docs/resources/sharepoint/SPOTenantSettings.md +++ b/docs/docs/resources/sharepoint/SPOTenantSettings.md @@ -37,6 +37,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | # SPO Tenant Settings diff --git a/docs/docs/resources/sharepoint/SPOTheme.md b/docs/docs/resources/sharepoint/SPOTheme.md index 5e1de5d5d1..b26434625a 100644 --- a/docs/docs/resources/sharepoint/SPOTheme.md +++ b/docs/docs/resources/sharepoint/SPOTheme.md @@ -16,6 +16,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ### MSFT_SPOThemePaletteProperty diff --git a/docs/docs/resources/sharepoint/SPOUserProfileProperty.md b/docs/docs/resources/sharepoint/SPOUserProfileProperty.md index 457211f8e7..990ea1f04d 100644 --- a/docs/docs/resources/sharepoint/SPOUserProfileProperty.md +++ b/docs/docs/resources/sharepoint/SPOUserProfileProperty.md @@ -13,6 +13,7 @@ | **TenantId** | Write | String | Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ### MSFT_SPOUserProfilePropertyInstance From 4ad294eae18a5c6a3b13ba7f0d3bc3a995a1e4d7 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 10 May 2024 14:52:57 +0000 Subject: [PATCH 30/52] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 295 ++++++++++++++++++ 1 file changed, 295 insertions(+) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index f1e63389a1..8289908174 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -31561,6 +31561,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -31616,6 +31621,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -31681,6 +31691,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -31726,6 +31741,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -31901,6 +31921,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -31936,6 +31961,11 @@ "CIMType": "MSFT_Credential", "Name": "Credential", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -32051,6 +32081,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -32576,6 +32611,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -32736,6 +32776,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -33111,6 +33156,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -33186,6 +33236,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -33251,6 +33306,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -33306,6 +33366,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -33411,6 +33476,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -33496,6 +33566,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -33626,6 +33701,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -33681,6 +33761,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -33736,6 +33821,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -33881,6 +33971,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -34256,6 +34351,11 @@ "CIMType": "String[]", "Name": "ExceptIfContentExtensionMatchesWords", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -34301,6 +34401,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -34346,6 +34451,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -34401,6 +34511,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -34446,6 +34561,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -34491,6 +34611,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -34541,6 +34666,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -34686,6 +34816,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -34846,6 +34981,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -34986,6 +35126,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -35071,6 +35216,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -35121,6 +35271,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -35181,6 +35336,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -35236,6 +35396,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -35306,6 +35471,11 @@ "CIMType": "String", "Name": "Ensure", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -35576,6 +35746,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -35631,6 +35806,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -35691,6 +35871,11 @@ "CIMType": "String", "Name": "CertificatePath", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -35796,6 +35981,11 @@ "CIMType": "string", "Name": "ConditionalAccessPolicy", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -35866,6 +36056,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -35931,6 +36126,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -35991,6 +36191,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -36076,6 +36281,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -36141,6 +36351,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -36206,6 +36421,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -36351,6 +36571,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -36441,6 +36666,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -36611,6 +36841,11 @@ "CIMType": "uint32", "Name": "ExternalUserExpireInDays", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -36791,6 +37026,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -36846,6 +37086,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -36936,6 +37181,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -37001,6 +37251,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -37071,6 +37326,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -37141,6 +37401,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -37221,6 +37486,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -37281,6 +37551,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -37341,6 +37616,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -37511,6 +37791,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -37591,6 +37876,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, @@ -37656,6 +37946,11 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" } ] }, From bf9a8da005492bb4b1e8a7a6afdbcb640d420338 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Sun, 12 May 2024 17:36:32 +0200 Subject: [PATCH 31/52] Updates --- CHANGELOG.md | 2 + .../MSFT_EXOManagementRoleEntry.psm1 | 420 ++++++++++++++++++ .../MSFT_EXOManagementRoleEntry.schema.mof | 15 + .../MSFT_EXOManagementRoleEntry/readme.md | 5 + .../MSFT_EXOManagementRoleEntry/settings.json | 31 ++ .../EXOManagementRoleEntry/2-Update.ps1 | 24 + ...oft365DSC.EXOManagementRoleEntry.Tests.ps1 | 129 ++++++ 7 files changed, 626 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/EXOManagementRoleEntry/2-Update.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 17de34c376..ce2834ecbd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ * AADGroupSettings * Added support for parameter NewUnifiedGroupWritebackDefault +* EXOManagementRoleEntry + * Initial Rrelease * SCAutoSensitivityLabelPolicy * Fix incorrect mandatory Credential parameter in Set and Test methods FIXES [#4283](https://github.com/microsoft/Microsoft365DSC/issues/4283) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 new file mode 100644 index 0000000000..97236df00a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 @@ -0,0 +1,420 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String[]] + $Parameters, + + [Parameter()] + [ValidateSet('Cmdlet', 'Script', 'ApplicationPermission')] + [System.String] + $Type, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + Write-Verbose -Message "Getting Management Role Entry configuration for {$Identity}" + if ($Global:CurrentModeIsExport) + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + } + else + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $IdentityParts = $Identity.Split('\') + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $roleEntry = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $IdentityParts[0] -and $_.Name -eq $IdentityParts[1]} + } + else + { + $roleEntry = Get-ManagementRoleEntry -Identity $Identity -ResultSize 'Unlimited' -ErrorAction Stop + } + + if ($null -eq $roleEntry) + { + throw "Management Role Entry {$Identity} does not exist." + } + else + { + $result = @{ + Identity = $Identity + Parameters = $roleEntry.Parameters + Type = $roleEntry.Type + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + ManagedIdentity = $ManagedIdentity + AccessTokens = $AccessTokens + } + + Write-Verbose -Message "Found Management Role Entry {$Identity}." + return $result + } + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + throw $_ + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String[]] + $Parameters, + + [Parameter()] + [ValidateSet('Cmdlet', 'Script', 'ApplicationPermission')] + [System.String] + $Type, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + Write-Verbose -Message "Setting Management Role Entry configuration for {$Identity}" + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + $currentValues = Get-TargetResource @PSBoundParameters + $paramDifference = Compare-Object -ReferenceObject $currentValues.Parameters -DifferenceObject $Parameters + + $paramsToAdd = $paramDifference | Where-Object -FilterScript {$_.SideIndicator -eq '=>'} + $paramsToAddEntries = @() + foreach ($diff in $paramsToAdd) + { + $paramsToAddEntries += $diff.InputObject.ToString() + } + if ($paramsToAddEntries.Count -gt 0) + { + Write-Verbose -Message "Adding the following parameters to {$Identity}: $($paramsToAddEntries -join ',')" + Set-ManagementRoleEntry $Identity -AddParameter -Parameters $paramsToAddEntries + } + + $paramsToRemove = $paramDifference | Where-Object -FilterScript {$_.SideIndicator -eq '<='} + $paramsToRemoveEntries = @() + foreach ($diff in $paramsToRemove) + { + $paramsToRemoveEntries += $diff.InputObject.ToString() + } + if ($paramsToRemoveEntries.Count -gt 0) + { + Write-Verbose -Message "Removing the following parameters to {$Identity}: $($paramsToRemoveEntries -join ',')" + Set-ManagementRoleEntry $Identity -RemoveParameter -Parameters $paramsToRemoveEntries + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter()] + [System.String[]] + $Parameters, + + [Parameter()] + [ValidateSet('Cmdlet', 'Script', 'ApplicationPermission')] + [System.String] + $Type, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing Management Role Entry for {$Identity}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + $ValuesToCheck = $PSBoundParameters + + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $TestResult" + + return $TestResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-ManagementRoleEntry -Identity '*\*' -ResultSize 'Unlimited' + + $dscContent = [System.Text.StringBuilder]::New() + + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + $i = 1 + foreach ($roleEntry in $Script:exportedInstances) + { + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $($roleEntry.Identity + "\" + $roleEntry.Name)" -NoNewline + + $Params = @{ + Identity = $roleEntry.Identity + "\" + $roleEntry.Name + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + CertificatePath = $CertificatePath + AccessTokens = $AccessTokens + } + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent.Append($currentDSCBlock) | Out-Null + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + Write-Host $Global:M365DSCEmojiGreenCheckMark + $i++ + } + return $dscContent.ToString() + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource + diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.schema.mof new file mode 100644 index 0000000000..7ce992a9bc --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.schema.mof @@ -0,0 +1,15 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXOManagementRoleEntry")] +class MSFT_EXOManagementRoleEntry : OMI_BaseResource +{ + [Write, Description("The Identity parameter specifies the role entry that you want to modify.")] String Identity; + [Write, Description("The Parameters parameter specifies the parameters to be added to or removed from the role entry.")] String Parameters[]; + [Write, Description("The Type parameter specifies the type of role entry to return."), ValueMap{"Cmdlet","Script","ApplicationPermission"}, Values{"Cmdlet","Script","ApplicationPermission"}] String Type; + [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; + [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/readme.md new file mode 100644 index 0000000000..c92217fa69 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/readme.md @@ -0,0 +1,5 @@ +# EXOManagementRoleEntry + +## Description + +This resource configures RBAC Management Roles Entries in Exchange Online. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/settings.json new file mode 100644 index 0000000000..1c575b126b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/settings.json @@ -0,0 +1,31 @@ +{ + "resourceName": "EXOManagementRoleEntry", + "description": "", + "roles": { + "read": [ + "Global Reader" + ], + "update": [ + "Exchange Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Role Management", + "View-Only Configuration" + ], + "requiredrolegroups": "Organization Management" + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOManagementRoleEntry/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOManagementRoleEntry/2-Update.ps1 new file mode 100644 index 0000000000..35001eaa4d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOManagementRoleEntry/2-Update.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOManagementRoleEntry "UpdateRoleEntry" + { + Credential = $Credscredential; + Identity = "Information Rights Management\Get-BookingMailbox" + Parameters = @("ANR","RecipientTypeDetails", "ResultSize") + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 new file mode 100644 index 0000000000..dfa732086f --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 @@ -0,0 +1,129 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'EXOManagementRoleEntry' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + + BeforeAll { + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + $Global:PartialExportFileName = 'c:\TestPath' + + Mock -CommandName Save-M365DSCPartialExport -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + Context -Name 'Management Role Entry is already in the desired state.' -Fixture { + BeforeAll { + $testParams = @{ + Identity = "Information Rights Management\Get-BookingMailbox" + Parameters = @("ANR","RecipientTypeDetails", "ResultSize") + Credential = $Credential + } + + Mock -CommandName Get-ManagementRoleEntry -MockWith { + return @{ + Identity = 'Information Rights Management' + Name = "Get-BookingMailbox" + Type = "Cmdlet" + Properties = @("ANR", "RecipientTypeDetails", "ResultSize") + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + + It 'Should return Present from the Get Method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + } + + Context -Name 'Management Role Entry is NOT in the desired state.' -Fixture { + BeforeAll { + $testParams = @{ + Identity = "Information Rights Management\Get-BookingMailbox" + Parameters = @("ANR","RecipientTypeDetails", "ResultSize") + Credential = $Credential + } + + Mock -CommandName Get-ManagementRoleEntry -MockWith { + return @{ + Identity = 'Information Rights Management' + Name = "Get-BookingMailbox" + Type = "Cmdlet" + Properties = @("RecipientTypeDetails", "ResultSize") # Drift + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-ManagementRoleEntry -MockWith { + return @{ + Identity = 'Information Rights Management' + Name = "Get-BookingMailbox" + Type = "Cmdlet" + Properties = @("ANR", "RecipientTypeDetails", "ResultSize") + } + } + } + + It 'Should Reverse Engineer resource from the Export method when single' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From 0f6e1df074cf52000c32801d862e12a4b142dcff Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Sun, 12 May 2024 17:51:26 +0200 Subject: [PATCH 32/52] Fixes --- ...oft365DSC.EXOManagementRoleEntry.Tests.ps1 | 4 +++ Tests/Unit/Stubs/Microsoft365.psm1 | 29 +++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 index dfa732086f..75bfdea21a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 @@ -42,6 +42,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + + Mock -CommandName Set-ManagementRoleEntry -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 6068acbb24..1e8f5308ed 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -1156,6 +1156,35 @@ function Get-MalwareFilterRule $State ) } + +function Get-ManagementRoleEntry +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Identity + ) +} + +function Set-ManagementRoleEntry +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Parameters, + + [Parameter()] + [System.Boolean] + $AddParameter, + + [Parameter()] + [System.Boolean] + $RemoveParameter + ) +} + function Get-ManagementRole { [CmdletBinding()] From 68f0a2f565b18cf8b97408108ab0c8cda3a0b365 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Sun, 12 May 2024 18:04:01 +0200 Subject: [PATCH 33/52] Update MSFT_EXOManagementRoleEntry.schema.mof --- .../MSFT_EXOManagementRoleEntry.schema.mof | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.schema.mof index 7ce992a9bc..fc354aa94b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("EXOManagementRoleEntry")] class MSFT_EXOManagementRoleEntry : OMI_BaseResource { - [Write, Description("The Identity parameter specifies the role entry that you want to modify.")] String Identity; + [Key, Description("The Identity parameter specifies the role entry that you want to modify.")] String Identity; [Write, Description("The Parameters parameter specifies the parameters to be added to or removed from the role entry.")] String Parameters[]; [Write, Description("The Type parameter specifies the type of role entry to return."), ValueMap{"Cmdlet","Script","ApplicationPermission"}, Values{"Cmdlet","Script","ApplicationPermission"}] String Type; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; From 1afbde67149913950afc1764ae6dcf072cae94d2 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Sun, 12 May 2024 12:17:30 -0400 Subject: [PATCH 34/52] Update Microsoft365.psm1 --- Tests/Unit/Stubs/Microsoft365.psm1 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 1e8f5308ed..3c8b13cd30 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -1163,7 +1163,11 @@ function Get-ManagementRoleEntry param( [Parameter()] [System.String] - $Identity + $Identity, + + [Parameter()] + [System.String] + $ResultSize ) } From ff73d15d2f61a17a2abd3da35266c82b34c44876 Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Mon, 13 May 2024 13:33:22 +0200 Subject: [PATCH 35/52] Readd deleted schema definition --- ...usPolicyWindows10SettingCatalog.schema.mof | 99 +++++++++++++++++++ 1 file changed, 99 insertions(+) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof index e69de29bb2..01e5b4d249 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof @@ -0,0 +1,99 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneAntivirusPolicyWindows10SettingCatalog")] +class MSFT_IntuneAntivirusPolicyWindows10SettingCatalog : OMI_BaseResource +{ + [Key, Description("Display name of the endpoint protection policy for Windows 10.")] String DisplayName; + [Write, Description("Identity of the endpoint protection policy for Windows 10.")] String Identity; + [Write, Description("Description of the endpoint protection policy for Windows 10.")] String Description; + [Write, Description("Allows or disallows scanning of archives. (0: enable feature. 1: disable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String tamperprotection; + [Write, Description("Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disableaccountprotectionui; + [Write, Description("Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disableappbrowserui; + [Write, Description("Disable the Clear TPM button in Windows Security. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disablecleartpmbutton; + [Write, Description("Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disabledevicesecurityui; + [Write, Description("Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disablefamilyui; + [Write, Description("Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disablehealthui; + [Write, Description("Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disablenetworkui; + [Write, Description("Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disableenhancednotifications; + [Write, Description("Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disabletpmfirmwareupdatewarning; + [Write, Description("Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disablevirusui; + [Write, Description("Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String hideransomwaredatarecovery; + [Write, Description("This policy setting hides the Windows Security notification area control. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String hidewindowssecuritynotificationareacontrol; + [Write, Description("Enable this policy to display your company name and contact options in the notifications. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String enablecustomizedtoasts; + [Write, Description("Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String enableinappcustomization; + [Write, Description("The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization.")] String companyname; + [Write, Description("The email address that is displayed to users. The default mail application is used to initiate email actions.")] String email; + [Write, Description("The phone number or Skype ID that is displayed to users. Skype is used to initiate the call.")] String phone; + [Write, Description("The help portal URL that is displayed to users. The default browser is used to initiate this action.")] String url; + [Write, Description("Allows or disallows scanning of archives. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowarchivescanning; + [Write, Description("Allows or disallows Windows Defender Behavior Monitoring functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowbehaviormonitoring; + [Write, Description("To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowcloudprotection; + [Write, Description("Allows or disallows Network Protection to enable datagram processing on Windows Server. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowdatagramprocessingonwinserver; + [Write, Description("Allows or disallows scanning of email. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowemailscanning; + [Write, Description("Allows or disallows a full scan of mapped network drives. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowfullscanonmappednetworkdrives; + [Write, Description("Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowfullscanremovabledrivescanning; + [Write, Description("https://github.com/MicrosoftDocs/memdocs/issues/2250 (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowintrusionpreventionsystem; + [Write, Description("Allows or disallows Windows Defender IOAVP Protection functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowioavprotection; + [Write, Description("Allows or disallows Network Protection to be configured into block or audit mode on windows downlevel of RS3. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allownetworkprotectiondownlevel; + [Write, Description("Allows or disallows Windows Defender real-time Monitoring functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowrealtimemonitoring; + [Write, Description("Allows or disallows a scanning of network files. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowscanningnetworkfiles; + [Write, Description("Allows or disallows Windows Defender Script Scanning functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowscriptscanning; + [Write, Description("Allows or disallows user access to the Windows Defender UI. I disallowed, all Windows Defender notifications will also be suppressed. (0: Prevents users from accessing UI. 1: Lets users access UI)"), ValueMap{"0","1"}, Values{"0","1"}] String allowuseruiaccess; + [Write, Description("Represents the average CPU load factor for the Windows Defender scan (in percent).")] sInt32 avgcpuloadfactor; + [Write, Description("Specify the maximum folder depth to extract from archive files for scanning.")] sInt32 archivemaxdepth; + [Write, Description("Specify the maximum size, in KB, of archive files to be extracted and scanned.")] sInt32 archivemaxsize; + [Write, Description("This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String checkforsignaturesbeforerunningscan; + [Write, Description("This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.(0: Default windows defender blocking level, 2: High blocking level, 4:High+ blocking level, 6:Zero tolerance blocking level)"), ValueMap{"0","2","4","6"}, Values{"0","2","4","6"}] String cloudblocklevel; + [Write, Description("This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50.")] sInt32 cloudextendedtimeout; + [Write, Description("Time period (in days) that quarantine items will be stored on the system.")] sInt32 daystoretaincleanedmalware; + [Write, Description("This policy setting allows you to configure catch-up scans for scheduled full scans. (1: disabled, 0: enabled)"), ValueMap{"0","1"}, Values{"0","1"}] String disablecatchupfullscan; + [Write, Description("This policy setting allows you to configure catch-up scans for scheduled quick scans. (1: disabled, 0: enabled)"), ValueMap{"0","1"}, Values{"0","1"}] String disablecatchupquickscan; + [Write, Description("Disables or enables DNS over TCP Parsing for Network Protection. (0: enable feature. 1: disable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disablednsovertcpparsing; + [Write, Description("Disables or enables HTTP Parsing for Network Protection. (0: enable feature. 1: disable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disablehttpparsing; + [Write, Description("This policy setting allows you to enable or disable low CPU priority for scheduled scans. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String enablelowcpupriority; + [Write, Description("This policy allows you to turn on network protection (block/audit) or off. (0: disabled, 1: block mode, 2: audit mode)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String enablenetworkprotection; + [Write, Description("Allows an administrator to specify a list of file type extensions to ignore during a scan.")] String excludedextensions[]; + [Write, Description("Allows an administrator to specify a list of directory paths to ignore during a scan.")] String excludedpaths[]; + [Write, Description("Allows an administrator to specify a list of files opened by processes to ignore during a scan.")] String excludedprocesses[]; + [Write, Description("Specifies the level of detection for potentially unwanted applications (PUAs). (0: disabled, 1: block mode, 2: audit mode)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String puaprotection; + [Write, Description("Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical)"), ValueMap{"0", "2", "3", "4", "5", "6"}, Values{"0", "2", "3", "4", "5", "6"}] String engineupdateschannel; + [Write, Description("Allow managed devices to update through metered connections. (0: disabled, 1: enabled)")] String meteredconnectionupdates; + [Write, Description("Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical)"), ValueMap{"0", "2", "3", "4", "5", "6"}, Values{"0", "2", "3", "4", "5", "6"}] String platformupdateschannel; + [Write, Description("Enable this policy to specify when devices receive Microsoft Defender security intelligence updates during the daily gradual rollout. (0: Not configured, 4: Current Channel (Staged), 5: Current Channel (Broad))"), ValueMap{"0", "4", "5"}, Values{"0", "4", "5"}] String securityintelligenceupdateschannel; + [Write, Description("Controls which sets of files should be monitored. (0: Monitor all files (bi-directional), 1: Monitor incoming files, 2: Monitor outgoing files)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String realtimescandirection; + [Write, Description("Selects whether to perform a quick scan or full scan. (1: Quick scan, 2: Full scan)"), ValueMap{"1","2"}, Values{"1","2"}] String scanparameter; + [Write, Description("Selects the time of day that the Windows Defender quick scan should run.")] sInt32 schedulequickscantime; + [Write, Description("Selects the day that the Windows Defender scan should run. (0: Every day, 1: Sunday, 2: Monday, 3: Tuesday, 4: Wednesday, 5: Thursday, 6: Friday, 7: Saturday, 8: No scheduled scan)"), ValueMap{"0","1","2","3","4","5","6","7","8"}, Values{"0","1","2","3","4","5","6","7","8"}] String schedulescanday; + [Write, Description("Selects the time of day that the Windows Defender scan should run.")] sInt32 schedulescantime; + [Write, Description("This setting disables TLS Parsing for Network Protection. (0: enabled, 1: disabled)"), ValueMap{"0","1"}, Values{"0","1"}] String disabletlsparsing; + [Write, Description("Specifies if the start time of the scan is randomized. (0: no randomization, 1: randomized)"), ValueMap{"0","1"}, Values{"0","1"}] String randomizescheduletasktimes; + [Write, Description("This setting allows you to configure the scheduler randomization in hours. The randomization interval is [1 - 23] hours.")] sInt32 schedulerrandomizationtime; + [Write, Description("This policy setting allows you to define the order in which different definition update sources should be contacted.")] String signatureupdatefallbackorder[]; + [Write, Description("This policy setting allows you to configure UNC file share sources for downloading definition updates.")] String signatureupdatefilesharessources[]; + [Write, Description("Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval.")] sInt32 signatureupdateinterval; + [Write, Description("Checks for the user consent level in Windows Defender to send data. (0: Always prompt, 1: Send safe samples automatically, 2: Never send, 3: Send all samples automatically)"), ValueMap{"0","1","2","3"}, Values{"0","1","2","3"}] String submitsamplesconsent; + [Write, Description("This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. (0: enable local admin merge, 1: disable local admin merge)"), ValueMap{"0","1"}, Values{"0","1"}] String disablelocaladminmerge; + [Write, Description("Allows or disallows Windows Defender On Access Protection functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowonaccessprotection; + [Write, Description("Allows an administrator to specify low severity threats corresponding action ID to take."),ValueMap{"clean", "quarantine","remove", "allow", "userdefined","block"}, Values{"clean", "quarantine","remove", "allow", "userdefined","block"}] String lowseveritythreats; + [Write, Description("Allows an administrator to specify moderate severity threats corresponding action ID to take."),ValueMap{"clean", "quarantine","remove", "allow", "userdefined","block"}, Values{"clean", "quarantine","remove", "allow", "userdefined","block"}] String moderateseveritythreats; + [Write, Description("Allows an administrator to specify high severity threats corresponding action ID to take."),ValueMap{"clean", "quarantine","remove", "allow", "userdefined","block"}, Values{"clean", "quarantine","remove", "allow", "userdefined","block"}] String severethreats; + [Write, Description("Allows an administrator to specify severe threats corresponding action ID to take."),ValueMap{"clean", "quarantine","remove", "allow", "userdefined","block"}, Values{"clean", "quarantine","remove", "allow", "userdefined","block"}] String highseveritythreats; + [Write, Description("Template Id of the policy."),ValueMap{"d948ff9b-99cb-4ee0-8012-1fbc09685377_1", "e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1", "45fea5e9-280d-4da1-9792-fb5736da0ca9_1","804339ad-1553-4478-a742-138fb5807418_1"}, Values{"d948ff9b-99cb-4ee0-8012-1fbc09685377_1", "e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1", "45fea5e9-280d-4da1-9792-fb5736da0ca9_1","804339ad-1553-4478-a742-138fb5807418_1"}] String templateId; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; From b31e441cf778bb78dfb881aad2072125e1e6eb92 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 13 May 2024 08:04:14 -0400 Subject: [PATCH 36/52] Fixes Unit Tests --- .../Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 index 75bfdea21a..64f0539f04 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 @@ -63,7 +63,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Identity = 'Information Rights Management' Name = "Get-BookingMailbox" Type = "Cmdlet" - Properties = @("ANR", "RecipientTypeDetails", "ResultSize") + Parameters = @("ANR", "RecipientTypeDetails", "ResultSize") } } } @@ -90,7 +90,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Identity = 'Information Rights Management' Name = "Get-BookingMailbox" Type = "Cmdlet" - Properties = @("RecipientTypeDetails", "ResultSize") # Drift + Parameters = @("RecipientTypeDetails", "ResultSize") # Drift } } } @@ -117,7 +117,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Identity = 'Information Rights Management' Name = "Get-BookingMailbox" Type = "Cmdlet" - Properties = @("ANR", "RecipientTypeDetails", "ResultSize") + Parameters = @("ANR", "RecipientTypeDetails", "ResultSize") } } } From 949f2fd84db066f06b95e085bfdf18b92324b728 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Mon, 13 May 2024 14:16:38 +0100 Subject: [PATCH 37/52] Allow value EnabledExceptAnonymous --- CHANGELOG.md | 4 ++++ .../MSFT_TeamsMeetingPolicy.psm1 | 6 +++--- .../MSFT_TeamsMeetingPolicy.schema.mof | Bin 31318 -> 31474 bytes 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 17de34c376..2196883360 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,10 @@ * IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 * Fixed a creation and update issue when the exported policy contains a onboarding blob and the tenant is connected to Defender for Endpoint Service. +* TeamsMeetingPolicy + * Fixed issue with property MeetingChatEnabledType by allowing the value + EnabledExceptAnonymous to be selected + FIXES [#4667](https://github.com/microsoft/Microsoft365DSC/issues/4667) * M365DSCUtil * Fixed an issue where one could not pass empty arrays to the `Compare-PSCustomObjectArrays` function. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 index 73b48dc9a3..23f268ee9f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 @@ -215,7 +215,7 @@ function Get-TargetResource $MediaBitRateKb, [Parameter()] - [ValidateSet('Disabled', 'Enabled')] + [ValidateSet('Disabled', 'Enabled', 'EnabledExceptAnonymous')] [System.String] $MeetingChatEnabledType = 'Enabled', @@ -636,7 +636,7 @@ function Set-TargetResource $MediaBitRateKb, [Parameter()] - [ValidateSet('Disabled', 'Enabled')] + [ValidateSet('Disabled', 'Enabled', 'EnabledExceptAnonymous')] [System.String] $MeetingChatEnabledType = 'Enabled', @@ -1014,7 +1014,7 @@ function Test-TargetResource $MediaBitRateKb, [Parameter()] - [ValidateSet('Disabled', 'Enabled')] + [ValidateSet('Disabled', 'Enabled', 'EnabledExceptAnonymous')] [System.String] $MeetingChatEnabledType = 'Enabled', diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.schema.mof index 3b15fdab69947b8e31702f95d029b8d227114216..21f53245748dc76ad1afda406b9dc0912737d5b1 100644 GIT binary patch delta 132 zcmccih4Ir@#tluJj5?DGIfc1X87df(8B!Sv7)mDJ4;7!>!dW&s&Vy}oj31w@D?*OJ oks*&EABZa%a)ERyL-FK;+=f6^0z|47OcbBoP{6l2itA5407D%n0ssI2 delta 34 scmV+-0Nwxc^#RuO0kDDzleP(XlbmiUlMqW5laLY;lN@mlv-S%7ZyC=I7XSbN From 3e9b5770d3e7da38fe25033c76be0d0cf10d79c7 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 13 May 2024 09:48:29 -0400 Subject: [PATCH 38/52] Fixes --- .../MSFT_EXOManagementRoleEntry.psm1 | 4 ++-- .../Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 | 6 +----- Tests/Unit/Stubs/Microsoft365.psm1 | 8 ++++++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 index 97236df00a..c0be8b1c49 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 @@ -203,7 +203,7 @@ function Set-TargetResource if ($paramsToAddEntries.Count -gt 0) { Write-Verbose -Message "Adding the following parameters to {$Identity}: $($paramsToAddEntries -join ',')" - Set-ManagementRoleEntry $Identity -AddParameter -Parameters $paramsToAddEntries + Set-ManagementRoleEntry -Identity $Identity -AddParameter -Parameters $paramsToAddEntries } $paramsToRemove = $paramDifference | Where-Object -FilterScript {$_.SideIndicator -eq '<='} @@ -215,7 +215,7 @@ function Set-TargetResource if ($paramsToRemoveEntries.Count -gt 0) { Write-Verbose -Message "Removing the following parameters to {$Identity}: $($paramsToRemoveEntries -join ',')" - Set-ManagementRoleEntry $Identity -RemoveParameter -Parameters $paramsToRemoveEntries + Set-ManagementRoleEntry -Identity $Identity -RemoveParameter -Parameters $paramsToRemoveEntries } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 index 64f0539f04..5185a109eb 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleEntry.Tests.ps1 @@ -71,10 +71,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should return true from the Test method' { Test-TargetResource @testParams | Should -Be $true } - - It 'Should return Present from the Get Method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } } Context -Name 'Management Role Entry is NOT in the desired state.' -Fixture { @@ -100,7 +96,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should call the Set method' { - Set-TargetResource @testParams + Set-TargetResource @testParams | Should -Invoke 'Set-ManagementRoleEntry' -Exactly 1 } } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 3c8b13cd30..537d1bfdb9 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -1177,14 +1177,18 @@ function Set-ManagementRoleEntry param( [Parameter()] [System.String] + $Identity, + + [Parameter()] + [System.String[]] $Parameters, [Parameter()] - [System.Boolean] + [Switch] $AddParameter, [Parameter()] - [System.Boolean] + [Switch] $RemoveParameter ) } From b83e315fdcc388da97c08917b905e3bd48aafe3d Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 13 May 2024 14:09:56 +0000 Subject: [PATCH 39/52] Updated Resources and Cmdlet documentation pages --- .../exchange/EXOManagementRoleEntry.md | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 docs/docs/resources/exchange/EXOManagementRoleEntry.md diff --git a/docs/docs/resources/exchange/EXOManagementRoleEntry.md b/docs/docs/resources/exchange/EXOManagementRoleEntry.md new file mode 100644 index 0000000000..07fb721e79 --- /dev/null +++ b/docs/docs/resources/exchange/EXOManagementRoleEntry.md @@ -0,0 +1,65 @@ +# EXOManagementRoleEntry + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | The Identity parameter specifies the role entry that you want to modify. | | +| **Parameters** | Write | StringArray[] | The Parameters parameter specifies the parameters to be added to or removed from the role entry. | | +| **Type** | Write | String | The Type parameter specifies the type of role entry to return. | `Cmdlet`, `Script`, `ApplicationPermission` | +| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | +| **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +## Description + +This resource configures RBAC Management Roles Entries in Exchange Online. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Role Management, View-Only Configuration + +#### Role Groups + +- Organization Management + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOManagementRoleEntry "UpdateRoleEntry" + { + Credential = $Credscredential; + Identity = "Information Rights Management\Get-BookingMailbox" + Parameters = @("ANR","RecipientTypeDetails", "ResultSize") + } + } +} +``` + From c72d877196958fffbcb6324ad3234b654bce9fa8 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 13 May 2024 14:12:06 +0000 Subject: [PATCH 40/52] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 60 +++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 8289908174..3b131ab7fb 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -10059,6 +10059,66 @@ } ] }, + { + "ClassName": "MSFT_EXOManagementRoleEntry", + "Parameters": [ + { + "CIMType": "String", + "Name": "Identity", + "Option": "Key" + }, + { + "CIMType": "String[]", + "Name": "Parameters", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Type", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "CertificatePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificatePath", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_EXOMessageClassification", "Parameters": [ From eea126ecc38aa79e3b6a1196e6fc94667547c6c9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 13 May 2024 15:00:46 -0400 Subject: [PATCH 41/52] Fix Unit Tests --- ...65DSC.AADAuthenticationMethodPolicyAuthenticator.Tests.ps1 | 2 +- ...nfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 | 2 +- ...ConfigurationDeliveryOptimizationPolicyWindows10.Tests.ps1 | 2 +- ...tionHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 | 2 +- ...ceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 | 2 +- ...eviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 | 2 +- ...t365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 | 2 +- ...neDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1 | 4 ++-- ...365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 | 2 +- ...365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 | 2 +- ...owsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 | 2 +- ...neWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 | 2 +- ...sInformationProtectionPolicyWindows10MdmEnrolled.Tests.ps1 | 2 +- ...wsUpdateForBusinessFeatureUpdateProfileWindows10.Tests.ps1 | 2 +- ...ndowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsAppPermissionPolicy.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsAppSetupPolicy.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsAudioConferencingPolicy.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsCallHoldPolicy.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsCallParkPolicy.Tests.ps1 | 2 +- .../Microsoft365DSC/Microsoft365DSC.TeamsCallQueue.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsComplianceRecordingPolicy.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsCortanaPolicy.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsEnhancedEncryptionPolicy.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsFeedbackPolicy.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsFilesPolicy.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsIPPhonePolicy.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsMobilityPolicy.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsNetworkRoamingPolicy.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsShiftsPolicy.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsTenantNetworkRegion.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsTenantNetworkSite.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsTenantNetworkSubnet.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsTenantTrustedIPAddress.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsTranslationRule.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsUnassignedNumberTreatment.Tests.ps1 | 2 +- .../Microsoft365DSC/Microsoft365DSC.TeamsVdiPolicy.Tests.ps1 | 2 +- .../Microsoft365DSC.TeamsWorkloadPolicy.Tests.ps1 | 2 +- 38 files changed, 39 insertions(+), 39 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyAuthenticator.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyAuthenticator.Tests.ps1 index f153640e41..70e5786306 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyAuthenticator.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyAuthenticator.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 index e4f2e04d72..1bdab9fafa 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.Tests.ps1 index ac12ba8c5d..0cf4e215fd 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 index 1cf766ede2..4e08ca61ba 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 index d8dbde3f73..f0f904a249 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 index ebbe87ad2b..10ad27cdb5 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 index 8706092fcf..64ade1f246 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1 index 552988d1d8..f93421bccd 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { @@ -384,7 +384,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = 'ClientCertificate' } } -ParameterFilter { $CertificateName -eq 'secondaryIdentityCertificateForClientAuthentication' } - + Mock -CommandName Get-IntuneDeviceConfigurationCertificateId -MockWith { return 'a485d322-13cd-43ef-beda-733f656f48ea' } -ParameterFilter { $DisplayName -eq 'RootCertificate' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 index 0609bdfd7c..4aa84407d2 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith {} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 index 8fadb45a9f..9468a1b899 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 index 6c27287d6d..7eae4ddc58 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 index e1ebec15da..19d9375c6c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.Tests.ps1 index 407a5148e7..c64f45305f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.Tests.ps1 index 17a011eb66..490fca3de0 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 index 24a490b496..819b32dd83 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsAppPermissionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsAppPermissionPolicy.Tests.ps1 index 0216eb6a1e..f7f8a996b8 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsAppPermissionPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsAppPermissionPolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsAppSetupPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsAppSetupPolicy.Tests.ps1 index f6377790c2..54b1abd499 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsAppSetupPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsAppSetupPolicy.Tests.ps1 @@ -20,7 +20,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsAudioConferencingPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsAudioConferencingPolicy.Tests.ps1 index 12d03bdb55..a41fdb458e 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsAudioConferencingPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsAudioConferencingPolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCallHoldPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCallHoldPolicy.Tests.ps1 index 140e83663a..5815330be5 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCallHoldPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCallHoldPolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCallParkPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCallParkPolicy.Tests.ps1 index 3eba207020..3227c8610a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCallParkPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCallParkPolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCallQueue.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCallQueue.Tests.ps1 index c6b3ebe411..16de9d9730 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCallQueue.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCallQueue.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsComplianceRecordingPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsComplianceRecordingPolicy.Tests.ps1 index 61777b81ef..01c660ea09 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsComplianceRecordingPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsComplianceRecordingPolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCortanaPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCortanaPolicy.Tests.ps1 index b0362bbb86..e5af170ded 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCortanaPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsCortanaPolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsEnhancedEncryptionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsEnhancedEncryptionPolicy.Tests.ps1 index d52bc8f527..8151469678 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsEnhancedEncryptionPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsEnhancedEncryptionPolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFeedbackPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFeedbackPolicy.Tests.ps1 index 67dee31f76..c0a7b199b7 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFeedbackPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFeedbackPolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFilesPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFilesPolicy.Tests.ps1 index abf2832706..a4bfbd1437 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFilesPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsFilesPolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsIPPhonePolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsIPPhonePolicy.Tests.ps1 index e77e50acf6..1750ed1d19 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsIPPhonePolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsIPPhonePolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsMobilityPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsMobilityPolicy.Tests.ps1 index dbb7170b37..5b23d4a05c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsMobilityPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsMobilityPolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsNetworkRoamingPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsNetworkRoamingPolicy.Tests.ps1 index 5d55a466b7..0ec126975a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsNetworkRoamingPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsNetworkRoamingPolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsShiftsPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsShiftsPolicy.Tests.ps1 index a8b9e96ee8..76b2c1cc6f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsShiftsPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsShiftsPolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantNetworkRegion.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantNetworkRegion.Tests.ps1 index 6a0cd5f9af..0e48e69e96 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantNetworkRegion.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantNetworkRegion.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantNetworkSite.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantNetworkSite.Tests.ps1 index 9ce681dc30..763627cbb1 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantNetworkSite.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantNetworkSite.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantNetworkSubnet.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantNetworkSubnet.Tests.ps1 index 8c56801e54..5cafc2294a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantNetworkSubnet.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantNetworkSubnet.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantTrustedIPAddress.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantTrustedIPAddress.Tests.ps1 index ff9a83bb49..82c5a471f1 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantTrustedIPAddress.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTenantTrustedIPAddress.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTranslationRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTranslationRule.Tests.ps1 index 9c659ae17b..89bec43c1d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTranslationRule.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTranslationRule.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUnassignedNumberTreatment.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUnassignedNumberTreatment.Tests.ps1 index 8c1db705be..0d011c3a91 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUnassignedNumberTreatment.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUnassignedNumberTreatment.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsVdiPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsVdiPolicy.Tests.ps1 index 02e8a35d6f..a4eb9cf963 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsVdiPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsVdiPolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsWorkloadPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsWorkloadPolicy.Tests.ps1 index defc86958a..ae6d3ef040 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsWorkloadPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsWorkloadPolicy.Tests.ps1 @@ -21,7 +21,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $secpasswd = ConvertTo-SecureString (New-GUID).ToString() -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { From 31897fb9fa38806a158ad6521c489f78224a0ae9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 13 May 2024 15:20:30 -0400 Subject: [PATCH 42/52] Added support for ConnectionString in Telemetry Client --- CHANGELOG.md | 1 + .../Modules/M365DSCTelemetryEngine.psm1 | 34 +++++++++++++++---- 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ce2834ecbd..a25e8ed1ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ * Added support for Access Tokens across SPO resources. * Added support for Access Tokens across Teams resources. * Fixing fake passwords in Unit Tests. + * Added ability to configure Telemetry client by ConnectionString. # 1.24.424.1 diff --git a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 index bd1c2161a6..4e8f051a5a 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 @@ -15,15 +15,25 @@ function Get-M365DSCApplicationInsightsTelemetryClient $AI = "$PSScriptRoot/../Dependencies/Microsoft.ApplicationInsights.dll" [Reflection.Assembly]::LoadFile($AI) | Out-Null - $InstrumentationKey = [System.Environment]::GetEnvironmentVariable('M365DSCTelemetryInstrumentationKey', ` - [System.EnvironmentVariableTarget]::Machine) + $TelClient = [Microsoft.ApplicationInsights.TelemetryClient]::new() - if ($null -eq $InstrumentationKey) + $connectionString = [System.Environment]::GetEnvironmentVariable('M365DSCTelemetryConnectionString', ` + [System.EnvironmentVariableTarget]::Machine) + if (-not [System.String]::IsNullOrEmpty($connectionString)) { - $InstrumentationKey = 'e670af5d-fd30-4407-a796-8ad30491ea7a' + $TelClient.TelemetryConfiguration.ConnectionString = $connectionString + } + else + { + $InstrumentationKey = [System.Environment]::GetEnvironmentVariable('M365DSCTelemetryInstrumentationKey', ` + [System.EnvironmentVariableTarget]::Machine) + + if ($null -eq $InstrumentationKey) + { + $InstrumentationKey = 'e670af5d-fd30-4407-a796-8ad30491ea7a' + } + $TelClient.InstrumentationKey = $InstrumentationKey } - $TelClient = [Microsoft.ApplicationInsights.TelemetryClient]::new() - $TelClient.InstrumentationKey = $InstrumentationKey $Global:M365DSCTelemetryEngine = $TelClient } @@ -330,7 +340,11 @@ function Set-M365DSCTelemetryOption [Parameter()] [System.String] - $ProjectName + $ProjectName, + + [Parameter()] + [System.String] + $ConnectionString ) if ($null -ne $Enabled) @@ -350,6 +364,12 @@ function Set-M365DSCTelemetryOption [System.Environment]::SetEnvironmentVariable('M365DSCTelemetryProjectName', $ProjectName, ` [System.EnvironmentVariableTarget]::Machine) } + + if ($null -ne $ConnectionString) + { + [System.Environment]::SetEnvironmentVariable('M365DSCTelemetryConnectionString', $ConnectionString, ` + [System.EnvironmentVariableTarget]::Machine) + } } <# From 2d6c91811703859f581c0865d8c633ae4fb7ef0b Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Mon, 13 May 2024 19:34:04 +0000 Subject: [PATCH 43/52] Updated Resources and Cmdlet documentation pages --- docs/docs/user-guide/cmdlets/Set-M365DSCTelemetryOption.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/docs/user-guide/cmdlets/Set-M365DSCTelemetryOption.md b/docs/docs/user-guide/cmdlets/Set-M365DSCTelemetryOption.md index d1d7bec317..812214008e 100644 --- a/docs/docs/user-guide/cmdlets/Set-M365DSCTelemetryOption.md +++ b/docs/docs/user-guide/cmdlets/Set-M365DSCTelemetryOption.md @@ -15,6 +15,7 @@ This function does not generate any output. | Enabled | False | Boolean | | | Enables or disables telemetry collection. | | InstrumentationKey | False | String | | | Specifies the Instrumention Key to be used to send the telemetry to. | | ProjectName | False | String | | | Specifies the name of the project to store the telemetry data under. | +| ConnectionString | False | String | | | | ## Examples From c27d3225727a2cc4881783e46d85ef77ba19170c Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 13 May 2024 16:16:40 -0400 Subject: [PATCH 44/52] MySite Logic for Sovereign --- CHANGELOG.md | 2 ++ .../MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a25e8ed1ca..3ff67fd6c4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,8 @@ * IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 * Fixed a creation and update issue when the exported policy contains a onboarding blob and the tenant is connected to Defender for Endpoint Service. +* SPOSharingSettings + * Changed logic to retrieve my site for sovereign clouds. * M365DSCUtil * Fixed an issue where one could not pass empty arrays to the `Compare-PSCustomObjectArrays` function. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 index 47a9fdb72b..6c5e601434 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 @@ -172,7 +172,7 @@ function Get-TargetResource try { $SPOSharingSettings = Get-PnPTenant -ErrorAction Stop - $MySite = Get-PnPTenantSite | Where-Object { $_.Url -match '-my.sharepoint.com/' -and $_.Template -notmatch '^RedirectSite#' } + $MySite = Get-PnPTenantSite | Where-Object { $_.Url -match '-my.sharepoint.' -and $_.Template -notmatch '^RedirectSite#' } if ($null -ne $MySite) { From ed9ca5c6e7cf68bbfcb4795752a323d07340603d Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 14 May 2024 11:26:39 +0000 Subject: [PATCH 45/52] Updated Resources and Cmdlet documentation pages --- .../intune/IntuneAntivirusPolicyWindows10SettingCatalog.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md b/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md index 86457f08c9..f06177ddeb 100644 --- a/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md +++ b/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md @@ -41,6 +41,8 @@ | **allowscriptscanning** | Write | String | Allows or disallows Windows Defender Script Scanning functionality. (0: disable feature. 1: enable feature) | `0`, `1` | | **allowuseruiaccess** | Write | String | Allows or disallows user access to the Windows Defender UI. I disallowed, all Windows Defender notifications will also be suppressed. (0: Prevents users from accessing UI. 1: Lets users access UI) | `0`, `1` | | **avgcpuloadfactor** | Write | SInt32 | Represents the average CPU load factor for the Windows Defender scan (in percent). | | +| **archivemaxdepth** | Write | SInt32 | Specify the maximum folder depth to extract from archive files for scanning. | | +| **archivemaxsize** | Write | SInt32 | Specify the maximum size, in KB, of archive files to be extracted and scanned. | | | **checkforsignaturesbeforerunningscan** | Write | String | This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. (0: disable feature. 1: enable feature) | `0`, `1` | | **cloudblocklevel** | Write | String | This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.(0: Default windows defender blocking level, 2: High blocking level, 4:High+ blocking level, 6:Zero tolerance blocking level) | `0`, `2`, `4`, `6` | | **cloudextendedtimeout** | Write | SInt32 | This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. | | @@ -56,6 +58,7 @@ | **excludedprocesses** | Write | StringArray[] | Allows an administrator to specify a list of files opened by processes to ignore during a scan. | | | **puaprotection** | Write | String | Specifies the level of detection for potentially unwanted applications (PUAs). (0: disabled, 1: block mode, 2: audit mode) | `0`, `1`, `2` | | **engineupdateschannel** | Write | String | Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical) | `0`, `2`, `3`, `4`, `5`, `6` | +| **meteredconnectionupdates** | Write | String | Allow managed devices to update through metered connections. (0: disabled, 1: enabled) | | | **platformupdateschannel** | Write | String | Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical) | `0`, `2`, `3`, `4`, `5`, `6` | | **securityintelligenceupdateschannel** | Write | String | Enable this policy to specify when devices receive Microsoft Defender security intelligence updates during the daily gradual rollout. (0: Not configured, 4: Current Channel (Staged), 5: Current Channel (Broad)) | `0`, `4`, `5` | | **realtimescandirection** | Write | String | Controls which sets of files should be monitored. (0: Monitor all files (bi-directional), 1: Monitor incoming files, 2: Monitor outgoing files) | `0`, `1`, `2` | @@ -63,6 +66,9 @@ | **schedulequickscantime** | Write | SInt32 | Selects the time of day that the Windows Defender quick scan should run. | | | **schedulescanday** | Write | String | Selects the day that the Windows Defender scan should run. (0: Every day, 1: Sunday, 2: Monday, 3: Tuesday, 4: Wednesday, 5: Thursday, 6: Friday, 7: Saturday, 8: No scheduled scan) | `0`, `1`, `2`, `3`, `4`, `5`, `6`, `7`, `8` | | **schedulescantime** | Write | SInt32 | Selects the time of day that the Windows Defender scan should run. | | +| **disabletlsparsing** | Write | String | This setting disables TLS Parsing for Network Protection. (0: enabled, 1: disabled) | `0`, `1` | +| **randomizescheduletasktimes** | Write | String | Specifies if the start time of the scan is randomized. (0: no randomization, 1: randomized) | `0`, `1` | +| **schedulerrandomizationtime** | Write | SInt32 | This setting allows you to configure the scheduler randomization in hours. The randomization interval is [1 - 23] hours. | | | **signatureupdatefallbackorder** | Write | StringArray[] | This policy setting allows you to define the order in which different definition update sources should be contacted. | | | **signatureupdatefilesharessources** | Write | StringArray[] | This policy setting allows you to configure UNC file share sources for downloading definition updates. | | | **signatureupdateinterval** | Write | SInt32 | Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | | @@ -82,7 +88,6 @@ | **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | -| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | ### MSFT_DeviceManagementConfigurationPolicyAssignments From 3bdbbfd26faa85f6a1f5e81b0780c16f544ff655 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 14 May 2024 11:28:53 +0000 Subject: [PATCH 46/52] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 35 ++++++++++++++++--- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 3b131ab7fb..992dc11ab0 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -15642,6 +15642,16 @@ "Name": "avgcpuloadfactor", "Option": "Write" }, + { + "CIMType": "sInt32", + "Name": "archivemaxdepth", + "Option": "Write" + }, + { + "CIMType": "sInt32", + "Name": "archivemaxsize", + "Option": "Write" + }, { "CIMType": "String", "Name": "checkforsignaturesbeforerunningscan", @@ -15717,6 +15727,11 @@ "Name": "engineupdateschannel", "Option": "Write" }, + { + "CIMType": "String", + "Name": "meteredconnectionupdates", + "Option": "Write" + }, { "CIMType": "String", "Name": "platformupdateschannel", @@ -15752,6 +15767,21 @@ "Name": "schedulescantime", "Option": "Write" }, + { + "CIMType": "String", + "Name": "disabletlsparsing", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "randomizescheduletasktimes", + "Option": "Write" + }, + { + "CIMType": "sInt32", + "Name": "schedulerrandomizationtime", + "Option": "Write" + }, { "CIMType": "String[]", "Name": "signatureupdatefallbackorder", @@ -15846,11 +15876,6 @@ "CIMType": "Boolean", "Name": "ManagedIdentity", "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "AccessTokens", - "Option": "Write" } ] }, From 3de9690a5afa924b4bd17f9e3f81710e4297ca69 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 14 May 2024 11:38:14 +0000 Subject: [PATCH 47/52] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/teams/TeamsGroupPolicyAssignment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/resources/teams/TeamsGroupPolicyAssignment.md b/docs/docs/resources/teams/TeamsGroupPolicyAssignment.md index e9d95d2010..046dab8eee 100644 --- a/docs/docs/resources/teams/TeamsGroupPolicyAssignment.md +++ b/docs/docs/resources/teams/TeamsGroupPolicyAssignment.md @@ -6,7 +6,7 @@ | --- | --- | --- | --- | --- | | **GroupDisplayName** | Key | String | Group Displayname of the group the policys are assigned to | | | **GroupId** | Write | String | GroupId, alternatively to Group Displayname | | -| **PolicyType** | Key | String | Teams PolicyType. The type of the policy to be assigned. Possible values: | `ApplicationAccessPolicy`, `CallingLineIdentity`, `OnlineAudioConferencingRoutingPolicy`, `OnlineVoicemailPolicy`, `OnlineVoiceRoutingPolicy`, `TeamsAudioConferencingPolicy`, `TeamsCallHoldPolicy`, `TeamsCallParkPolicy`, `TeamsChannelsPolicy`, `TeamsComplianceRecordingPolicy`, `TeamsCortanaPolicy`, `TeamsEmergencyCallingPolicy`, `TeamsEnhancedEncryptionPolicy`, `TeamsFeedbackPolicy`, `TeamsFilesPolicy`, `TeamsIPPhonePolicy`, `TeamsMediaLoggingPolicy`, `TeamsMeetingBroadcastPolicy`, `TeamsMeetingPolicy`, `TeamsMessagingPolicy`, `TeamsMobilityPolicy`, `TeamsRoomVideoTeleConferencingPolicy`, `TeamsShiftsPolicy`, `TeamsUpdateManagementPolicy`, `TeamsVdiPolicy`, `TeamsVideoInteropServicePolicy`, `TenantDialPlan`, `ExternalAccessPolicy`, `TeamsAppSetupPolicy`, `TeamsCallingPolicy`, `TeamsEventsPolicy`, `TeamsMeetingBrandingPolicy`, `TeamsMeetingTemplatePermissionPolicy` | +| **PolicyType** | Key | String | Teams PolicyType. The type of the policy to be assigned. Possible values: | `ApplicationAccessPolicy`, `CallingLineIdentity`, `OnlineAudioConferencingRoutingPolicy`, `OnlineVoicemailPolicy`, `OnlineVoiceRoutingPolicy`, `TeamsAudioConferencingPolicy`, `TeamsCallHoldPolicy`, `TeamsCallParkPolicy`, `TeamsChannelsPolicy`, `TeamsComplianceRecordingPolicy`, `TeamsCortanaPolicy`, `TeamsEmergencyCallingPolicy`, `TeamsEnhancedEncryptionPolicy`, `TeamsFeedbackPolicy`, `TeamsFilesPolicy`, `TeamsIPPhonePolicy`, `TeamsMediaLoggingPolicy`, `TeamsMeetingBroadcastPolicy`, `TeamsMeetingPolicy`, `TeamsMessagingPolicy`, `TeamsMobilityPolicy`, `TeamsRoomVideoTeleConferencingPolicy`, `TeamsShiftsPolicy`, `TeamsUpdateManagementPolicy`, `TeamsVdiPolicy`, `TeamsVideoInteropServicePolicy`, `TenantDialPlan`, `ExternalAccessPolicy`, `TeamsAppSetupPolicy`, `TeamsCallingPolicy`, `TeamsEventsPolicy`, `TeamsMeetingBrandingPolicy`, `TeamsMeetingTemplatePermissionPolicy`, `TeamsVerticalPackagePolicy` | | **PolicyName** | Write | String | Teams PolicyName. The name of the policy to be assigned. | | | **Priority** | Write | String | Teams Priority. The rank of the policy assignment, relative to other group policy assignments for the same policy type | | | **Ensure** | Write | String | Present ensures the group policy assignment exists, absent ensures it is removed. | `Present`, `Absent` | From 2c59574aa356127f009a82f044e0f9880af12b7a Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 14 May 2024 07:44:21 -0400 Subject: [PATCH 48/52] Updated Dependencies --- CHANGELOG.md | 5 ++- .../Dependencies/Manifest.psd1 | 40 +++++++++---------- 2 files changed, 23 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c6090aa7e8..e5f0d9cdc6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,8 +28,9 @@ * Fixed an issue where one could not pass empty arrays to the `Compare-PSCustomObjectArrays` function. * DEPENDENCIES - * Updated Microsoft.Graph to version 2.18.0. - * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.182. + * Updated DSCParser to version 2.0.0.4. + * Updated Microsoft.Graph to version 2.19.0. + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.187. * MISC * Added support for Access Tokens across AAD resources. * Added support for Access Tokens across SC resources. diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index bcfa507938..6da587efdd 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -2,7 +2,7 @@ Dependencies = @( @{ ModuleName = 'DSCParser' - RequiredVersion = '2.0.0.3' + RequiredVersion = '2.0.0.4' }, @{ ModuleName = 'ExchangeOnlineManagement' @@ -10,79 +10,79 @@ }, @{ ModuleName = 'Microsoft.Graph.Applications' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Authentication' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.Devices.CorporateManagement' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement.Administration' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement.Enrollment' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.DirectoryManagement' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.Governance' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.SignIns' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.Reports' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.Teams' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.DeviceManagement.Administration' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Beta.DirectoryObjects' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Groups' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Planner' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Sites' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Users' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.Graph.Users.Actions' - RequiredVersion = '2.18.0' + RequiredVersion = '2.19.0' }, @{ ModuleName = 'Microsoft.PowerApps.Administration.PowerShell' - RequiredVersion = '2.0.182' + RequiredVersion = '2.0.187' }, @{ ModuleName = 'MicrosoftTeams' From 48c1ce44fc3e840e6533d40573bc8bccb3e631bd Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 14 May 2024 18:35:35 +0000 Subject: [PATCH 49/52] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/teams/TeamsMeetingPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/resources/teams/TeamsMeetingPolicy.md b/docs/docs/resources/teams/TeamsMeetingPolicy.md index ccb8794a7a..0f044db4e6 100644 --- a/docs/docs/resources/teams/TeamsMeetingPolicy.md +++ b/docs/docs/resources/teams/TeamsMeetingPolicy.md @@ -9,7 +9,7 @@ | **AllowChannelMeetingScheduling** | Write | Boolean | Determines whether a user can schedule channel meetings. Set this to TRUE to allow a user to schedule channel meetings. Set this to FALSE to prohibit the user from scheduling channel meetings. Note this only restricts from scheduling and not from joining a meeting scheduled by another user. | | | **AllowMeetNow** | Write | Boolean | Determines whether a user can start ad-hoc meetings. Set this to TRUE to allow a user to start ad-hoc meetings. Set this to FALSE to prohibit the user from starting ad-hoc meetings. | | | **AllowPrivateMeetNow** | Write | Boolean | Determines whether a user can start private ad-hoc meetings. Set this to TRUE to allow a user to start private ad-hoc meetings. Set this to FALSE to prohibit the user from starting private ad-hoc meetings. | | -| **MeetingChatEnabledType** | Write | String | Determines whether or not Chat will be enabled or disabled for meetings. | `Disabled`, `Enabled` | +| **MeetingChatEnabledType** | Write | String | Determines whether or not Chat will be enabled, enabled except anonymous or disabled for meetings. | `Disabled`, `Enabled`, `EnabledExceptAnonymous` | | **LiveCaptionsEnabledType** | Write | String | Determines whether a user should have the option to view live captions or not in a meeting. | `Disabled`, `DisabledUserOverride` | | **AllowIPAudio** | Write | Boolean | Determines whether audio is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their audioo. Set this to FALSE to prohibit the user from sharing their audio. | | | **AllowIPVideo** | Write | Boolean | Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their video. Set this to FALSE to prohibit the user from sharing their video. | | From 8a7e2bbba1bf611a12e392e6eb70b483c92a587b Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 14 May 2024 23:01:24 +0000 Subject: [PATCH 50/52] Updated Resources and Cmdlet documentation pages --- .../azure-ad/AADActivityBasedTimeoutPolicy.md | 81 +++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 docs/docs/resources/azure-ad/AADActivityBasedTimeoutPolicy.md diff --git a/docs/docs/resources/azure-ad/AADActivityBasedTimeoutPolicy.md b/docs/docs/resources/azure-ad/AADActivityBasedTimeoutPolicy.md new file mode 100644 index 0000000000..4a0bbe08ae --- /dev/null +++ b/docs/docs/resources/azure-ad/AADActivityBasedTimeoutPolicy.md @@ -0,0 +1,81 @@ +# AADActivityBasedTimeoutPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Key | String | Display name for this policy. Required. | | +| **Id** | Write | String | Id of the policy | | +| **AzurePortalTimeOut** | Write | String | Timeout value in hh:mm:ss for c44b4083-3bb0-49c1-b47d-974e53cbdf3c: applies the policy to the Azure portal. | | +| **DefaultTimeOut** | Write | String | Timeout value in hh:mm:ss for default: applies the policy to all applications that support activity-based timeout functionality but don't have application-specific override. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + + +## Description + +This resource configure the Azure AD Activity Based Timeout Policy + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - Policy.Read.All, Policy.Read.All + +- **Update** + + - Policy.Read.All + +#### Application permissions + +- **Read** + + - Policy.Read.All, Policy.Read.All + +- **Update** + + - Policy.Read.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADActivityBasedTimeoutPolicy "AADActivityBasedTimeoutPolicy-displayName-value" + { + AzurePortalTimeOut = "02:00:00"; + DefaultTimeOut = "03:00:00"; + DisplayName = "displayName-value"; + Ensure = "Present"; + Id = "000000-0000-0000-0000-000000000000"; + Credential = $Credscredential + } + } +} +``` + From 249ea5f32286ede8cd55304fa31aa42e84949d6a Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 14 May 2024 23:03:49 +0000 Subject: [PATCH 51/52] Updated Schema Definition --- Modules/Microsoft365DSC/SchemaDefinition.json | 60 +++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 992dc11ab0..55936d8288 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -1,4 +1,64 @@ [ + { + "ClassName": "MSFT_AADActivityBasedTimeoutPolicy", + "Parameters": [ + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AzurePortalTimeOut", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DefaultTimeOut", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_MicrosoftGraphMember", "Parameters": [ From 42f1aaad08cebb256a4a16d0e6a3fe1d7ea809af Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 14 May 2024 19:04:00 -0400 Subject: [PATCH 52/52] Release 1.24.515.1 --- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 77 ++++++++++++++++---- 2 files changed, 65 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3dda108195..34e8631f43 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.24.515.1 * AADActivityBasedTimeoutPolicy * Initial release, set the azure portal and default Timeout. diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 9b5edf1c1c..067ccf4745 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-04-24 +# Generated on: 2024-05-14 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.424.1' + ModuleVersion = '1.24.515.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -142,19 +142,70 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* EXORecipientPermission - * Ensures we only return 1 Trustee per entry. - * EXOManagementRoleAssignment - * Removed logic to use Graph for Adminitrative Unit. + ReleaseNotes = '* AADActivityBasedTimeoutPolicy + * Initial release, set the azure portal and default Timeout. + * AADGroup + * Fixes #4596 + * AADGroupSettings + * Added support for parameter NewUnifiedGroupWritebackDefault + * EXOManagementRoleEntry + * Initial Rrelease + * IntuneAntivirusPolicyWindows10SettingCatalog + * Add missing properties from templates + * Update setting handling so that the value is reverted to default when unset + * IntuneDeviceConfigurationCustomPolicyWindows10 + * Fixed an issue where the payload of xml files was not encoded as base64. * IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 - * Fixed a comparison issue when Defender for Endpoint is connected to Intune and the - onboarding blob is generated by the Defender for Endpoint service. - * IntuneDeviceConfigurationPolicyMacOS - * Fixed an issue where the update policy setting was not handled properly. + * Fixed a creation and update issue when the exported policy contains a + onboarding blob and the tenant is connected to Defender for Endpoint Service. + * SCAutoSensitivityLabelPolicy + * Fix incorrect mandatory Credential parameter in Set and Test methods + FIXES [#4283](https://github.com/microsoft/Microsoft365DSC/issues/4283) + * SPOSharingSettings + * Remove properties from being tested in certain conditions + FIXES [#4649](https://github.com/microsoft/Microsoft365DSC/issues/4649) + * Changed logic to retrieve my site for sovereign clouds. + * SPOTenantCdnPolicy + * Fixed an issue when both IncludeFileExtensions and + ExcludeRestrictedSiteClassifications needed to be changed but the latter got + the value of the former instead of the correct one + FIXES [#4658](https://github.com/microsoft/Microsoft365DSC/issues/4658) + * TeamsAudioConferencingPolicy + * Fix export and creation/set of this resource by converting a string array + into a comma-separated string and a comma-separated string into a string + array respectively + FIXES [#4655](https://github.com/microsoft/Microsoft365DSC/issues/4655) + * TeamsMeetingPolicy + * Fix creation and set of resource when cloud recording is set to false (off) + FIXES [#4653](https://github.com/microsoft/Microsoft365DSC/issues/4653) + * Fixed issue with property MeetingChatEnabledType by allowing the value + EnabledExceptAnonymous to be selected + FIXES [#4667](https://github.com/microsoft/Microsoft365DSC/issues/4667) + * TeamsGroupPolicyAssignment + * Add missing policy type TeamsVerticalPackagePolicy + FIXES [#4647](https://github.com/microsoft/Microsoft365DSC/issues/4647) + * TeamsUpdateManagementPolicy + * Remove unnecessary parameters from PSBoundParameters such as authentication + methods, Ensure and Verbose by calling Remove-M365DSCAuthenticationParameter + FIXES [#4651](https://github.com/microsoft/Microsoft365DSC/issues/4651) + * M365DSCUtil + * Fixed an issue where one could not pass empty arrays to the + `Compare-PSCustomObjectArrays` function. + * Fixed an issue with how the ResourceInstanceName was being assigned for + resource SPOTenantCdnPolicy by adding its primary key CDNType to the + heuristics + FIXES [#4658](https://github.com/microsoft/Microsoft365DSC/issues/4658) + * DEPENDENCIES + * Updated DSCParser to version 2.0.0.4. + * Updated Microsoft.Graph to version 2.19.0. + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.187. * MISC - * Added support for AccessTokens in EXO resources. - * Updated MSCloudLoginAssistant dependencies to version 1.1.16. - * Added Filter support to Intune resources.' + * Added support for Access Tokens across AAD resources. + * Added support for Access Tokens across SC resources. + * Added support for Access Tokens across SPO resources. + * Added support for Access Tokens across Teams resources. + * Fixing fake passwords in Unit Tests. + * Added ability to configure Telemetry client by ConnectionString.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false