From 083c33f07c322bbc9321b2730ffead32fbdf7e8f Mon Sep 17 00:00:00 2001 From: William-Francillette <79221284+William-Francillette@users.noreply.github.com> Date: Mon, 17 Oct 2022 09:01:57 +0100 Subject: [PATCH 001/187] tmp --- ...neDeviceEnrollmentPlatformRestriction.psm1 | 1198 ++++++++++++++--- ...ceEnrollmentPlatformRestriction.schema.mof | 53 +- 2 files changed, 1013 insertions(+), 238 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index c35491c6fb..90afd133ff 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -4,93 +4,53 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.Boolean] - $AndroidPlatformBlocked, - - [Parameter()] - [System.Boolean] - $AndroidPersonalDeviceEnrollmentBlocked, - - [Parameter()] - [System.String] - $AndroidOSMinimumVersion, - [Parameter()] [System.String] - $AndroidOSMaximumVersion, - - [Parameter()] - [System.Boolean] - $iOSPlatformBlocked, - - [Parameter()] - [System.Boolean] - $iOSPersonalDeviceEnrollmentBlocked, + $Identity, [Parameter()] [System.String] - $iOSOSMinimumVersion, + $DisplayName, [Parameter()] [System.String] - $iOSOSMaximumVersion, - - [Parameter()] - [System.Boolean] - $MacPlatformBlocked, + $Description, [Parameter()] - [System.Boolean] - $MacPersonalDeviceEnrollmentBlocked, + [Microsoft.Management.Infrastructure.CimInstance[]] + $IosRestriction, [Parameter()] - [System.String] - $MacOSMinimumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $WindowsRestriction, [Parameter()] - [System.String] - $MacOSMaximumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $WindowsHomeSkuRestriction, [Parameter()] - [System.Boolean] - $WindowsPlatformBlocked, + [Microsoft.Management.Infrastructure.CimInstance[]] + $WindowsMobileRestriction, [Parameter()] - [System.Boolean] - $WindowsPersonalDeviceEnrollmentBlocked, + [Microsoft.Management.Infrastructure.CimInstance[]] + $AndroidRestriction, [Parameter()] - [System.String] - $WindowsOSMinimumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $AndroidForWorkRestriction, [Parameter()] - [System.String] - $WindowsOSMaximumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $MacRestriction, [Parameter()] - [System.Boolean] - $WindowsMobilePlatformBlocked, + [Microsoft.Management.Infrastructure.CimInstance[]] + $MacOSRestriction, [Parameter()] - [System.Boolean] - $WindowsMobilePersonalDeviceEnrollmentBlocked, - - [Parameter()] - [System.String] - $WindowsMobileOSMinimumVersion, - - [Parameter()] - [System.String] - $WindowsMobileOSMaximumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, [Parameter(Mandatory = $true)] [System.String] @@ -123,7 +83,8 @@ function Get-TargetResource ) Write-Verbose -Message "Checking for the Intune Device Enrollment Restriction {$DisplayName}" $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters + -InboundParameters $PSBoundParameters -ProfileName beta + Select-MgProfile -Name beta #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -142,7 +103,17 @@ function Get-TargetResource try { - $config = Get-MgDeviceManagementDeviceEnrollmentConfiguration -Filter "displayName eq '$DisplayName'" | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' } + + $config = Get-MgDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $Identity -ErrorAction silentlyContinue + + if ($null -eq $config) + { + Write-Verbose -Message "No Device Enrollment Platform Restriction {$Identity} was found" + + $config = Get-MgDeviceManagementDeviceEnrollmentConfiguration -Filter "displayName eq '$DisplayName'" -ErrorAction silentlyContinue| Where-Object -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -like '#microsoft.graph.deviceEnrollmentPlatform*Configuration' } + } + if ($null -eq $config) { @@ -150,30 +121,11 @@ function Get-TargetResource return $nullResult } - Write-Verbose -Message "Found Device Enrollment Platform Restriction with Name {$DisplayName}" - return @{ + Write-Verbose -Message "Found Device Enrollment Platform Restriction with Name {$($config.DisplayName)}" + $results= @{ + Identity = $config.Id DisplayName = $config.DisplayName Description = $config.Description - AndroidPlatformBlocked = $config.AdditionalProperties.androidRestriction.platformBlocked - AndroidPersonalDeviceEnrollmentBlocked = $config.AdditionalProperties.androidRestriction.personalDeviceEnrollmentBlocked - AndroidOSMinimumVersion = $config.AdditionalProperties.androidRestriction.osMinimumVersion - AndroidOSMaximumVersion = $config.AdditionalProperties.androidRestriction.osMaximumVersion - iOSPlatformBlocked = $config.AdditionalProperties.iosRestriction.platformBlocked - iOSPersonalDeviceEnrollmentBlocked = $config.AdditionalProperties.iosRestriction.personalDeviceEnrollmentBlocked - iOSOSMinimumVersion = $config.AdditionalProperties.iosRestriction.osMinimumVersion - iOSOSMaximumVersion = $config.AdditionalProperties.iosRestriction.osMaximumVersion - MacPlatformBlocked = $config.AdditionalProperties.macOSRestriction.platformBlocked - MacPersonalDeviceEnrollmentBlocked = $config.AdditionalProperties.macOSRestriction.personalDeviceEnrollmentBlocked - MacOSMinimumVersion = $config.AdditionalProperties.macOSRestriction.minimumVersion - MacOSMaximumVersion = $config.AdditionalProperties.macOSRestriction.osMaximumVersion - WindowsPlatformBlocked = $config.AdditionalProperties.windowsRestriction.platformBlocked - WindowsPersonalDeviceEnrollmentBlocked = $config.AdditionalProperties.windowsRestriction.personalDeviceEnrollmentBlocked - WindowsOSMinimumVersion = $config.AdditionalProperties.windowsRestriction.osMinimumVersion - WindowsOSMaximumVersion = $config.AdditionalProperties.windowsRestriction.osMaximumVersion - WindowsMobilePlatformBlocked = $config.AdditionalProperties.windowsMobileRestriction.platformBlocked - WindowsMobilePersonalDeviceEnrollmentBlocked = $config.AdditionalProperties.windowsMobileRestriction.personalDeviceEnrollmentBlocked - WindowsMobileOSMinimumVersion = $config.AdditionalProperties.windowsMobileRestriction.osMinimumVersion - WindowsMobileOSMaximumVersion = $config.AdditionalProperties.windowsMobileRestriction.osMaximumVersion Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -182,6 +134,24 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent } + + $results+=get-DevicePlatformRestrictionSetting -Properties $config.AdditionalProperties + $AssignmentsValues=Get-MgDeviceManagementDeviceEnrollmentConfigurationAssignment -DeviceEnrollmentConfigurationId $config.Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) + + return $results + } catch { @@ -206,93 +176,53 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.String] - $Description, - - [Parameter()] - [System.Boolean] - $AndroidPlatformBlocked, - - [Parameter()] - [System.Boolean] - $AndroidPersonalDeviceEnrollmentBlocked, - - [Parameter()] - [System.String] - $AndroidOSMinimumVersion, - - [Parameter()] - [System.String] - $AndroidOSMaximumVersion, - - [Parameter()] - [System.Boolean] - $iOSPlatformBlocked, - - [Parameter()] - [System.Boolean] - $iOSPersonalDeviceEnrollmentBlocked, - - [Parameter()] - [System.String] - $iOSOSMinimumVersion, + $Identity, [Parameter()] [System.String] - $iOSOSMaximumVersion, - - [Parameter()] - [System.Boolean] - $MacPlatformBlocked, - - [Parameter()] - [System.Boolean] - $MacPersonalDeviceEnrollmentBlocked, + $DisplayName, [Parameter()] [System.String] - $MacOSMinimumVersion, + $Description, [Parameter()] - [System.String] - $MacOSMaximumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $IosRestriction, [Parameter()] - [System.Boolean] - $WindowsPlatformBlocked, + [Microsoft.Management.Infrastructure.CimInstance[]] + $WindowsRestriction, [Parameter()] - [System.Boolean] - $WindowsPersonalDeviceEnrollmentBlocked, + [Microsoft.Management.Infrastructure.CimInstance[]] + $WindowsHomeSkuRestriction, [Parameter()] - [System.String] - $WindowsOSMinimumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $WindowsMobileRestriction, [Parameter()] - [System.String] - $WindowsOSMaximumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $AndroidRestriction, [Parameter()] - [System.Boolean] - $WindowsMobilePlatformBlocked, + [Microsoft.Management.Infrastructure.CimInstance[]] + $AndroidForWorkRestriction, [Parameter()] - [System.Boolean] - $WindowsMobilePersonalDeviceEnrollmentBlocked, + [Microsoft.Management.Infrastructure.CimInstance[]] + $MacRestriction, [Parameter()] - [System.String] - $WindowsMobileOSMinimumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $MacOSRestriction, [Parameter()] - [System.String] - $WindowsMobileOSMaximumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, [Parameter(Mandatory = $true)] [System.String] @@ -384,93 +314,53 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.Boolean] - $AndroidPlatformBlocked, - - [Parameter()] - [System.Boolean] - $AndroidPersonalDeviceEnrollmentBlocked, - [Parameter()] [System.String] - $AndroidOSMinimumVersion, + $Identity, [Parameter()] [System.String] - $AndroidOSMaximumVersion, - - [Parameter()] - [System.Boolean] - $iOSPlatformBlocked, - - [Parameter()] - [System.Boolean] - $iOSPersonalDeviceEnrollmentBlocked, + $DisplayName, [Parameter()] [System.String] - $iOSOSMinimumVersion, + $Description, [Parameter()] - [System.String] - $iOSOSMaximumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $IosRestriction, [Parameter()] - [System.Boolean] - $MacPlatformBlocked, + [Microsoft.Management.Infrastructure.CimInstance[]] + $WindowsRestriction, [Parameter()] - [System.Boolean] - $MacPersonalDeviceEnrollmentBlocked, + [Microsoft.Management.Infrastructure.CimInstance[]] + $WindowsHomeSkuRestriction, [Parameter()] - [System.String] - $MacOSMinimumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $WindowsMobileRestriction, [Parameter()] - [System.String] - $MacOSMaximumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $AndroidRestriction, [Parameter()] - [System.Boolean] - $WindowsPlatformBlocked, + [Microsoft.Management.Infrastructure.CimInstance[]] + $AndroidForWorkRestriction, [Parameter()] - [System.Boolean] - $WindowsPersonalDeviceEnrollmentBlocked, + [Microsoft.Management.Infrastructure.CimInstance[]] + $MacRestriction, [Parameter()] - [System.String] - $WindowsOSMinimumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $MacOSRestriction, [Parameter()] - [System.String] - $WindowsOSMaximumVersion, - - [Parameter()] - [System.Boolean] - $WindowsMobilePlatformBlocked, - - [Parameter()] - [System.Boolean] - $WindowsMobilePersonalDeviceEnrollmentBlocked, - - [Parameter()] - [System.String] - $WindowsMobileOSMinimumVersion, - - [Parameter()] - [System.String] - $WindowsMobileOSMaximumVersion, + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, [Parameter(Mandatory = $true)] [System.String] @@ -515,20 +405,66 @@ function Test-TargetResource Write-Verbose -Message "Testing configuration of Device Enrollment Platform Restriction {$DisplayName}" $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if($CurrentValues.Ensure -eq "Absent") + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult=$true - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + #Compare Cim instances + foreach($key in $PSBoundParameters.Keys) + { + $source=$PSBoundParameters.$key + $target=$CurrentValues.$key + if($source.getType().Name -like "*CimInstance*") + { + $source=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult=Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if(-Not $testResult) + { + $testResult=$false + break; + } + + $ValuesToCheck.Remove($key)|Out-Null + + } + } - $ValuesToCheck = $PSBoundParameters $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys + #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if(($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + { + $CurrentValues[$key]=$CurrentValues[$key].toString() + } + } + + #Compare basic parameters + if($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } Write-Verbose -Message "Test-TargetResource returned $TestResult" @@ -570,7 +506,8 @@ function Export-TargetResource $ManagedIdentity ) $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters + -InboundParameters $PSBoundParameters -ProfileName beta + Select-MgProfile -Name beta #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -587,7 +524,8 @@ function Export-TargetResource try { [array]$configs = Get-MgDeviceManagementDeviceEnrollmentConfiguration -All:$true -Filter $Filter -ErrorAction Stop ` - | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' } + | Where-Object -FilterScript {$_.AdditionalProperties.'@odata.type' -like '#microsoft.graph.deviceEnrollmentPlatform*Configuration'} + $i = 1 $dscContent = '' if ($configs.Length -eq 0) @@ -602,6 +540,7 @@ function Export-TargetResource { Write-Host " |---[$i/$($configs.Count)] $($config.displayName)" -NoNewline $params = @{ + Identity = $config.id DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential @@ -612,6 +551,124 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent } $Results = Get-TargetResource @Params + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.Assignments) -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + if ($Results.IosRestriction) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.IosRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction + if ($complexTypeStringResult) + { + $Results.IosRestriction = $complexTypeStringResult + } + else + { + $Results.Remove('IosRestriction') | Out-Null + } + } + + if ($Results.WindowsRestriction) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.WindowsRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction + if ($complexTypeStringResult) + { + $Results.WindowsRestriction = $complexTypeStringResult + } + else + { + $Results.Remove('WindowsRestriction') | Out-Null + } + } + + if ($Results.WindowsHomeSkuRestriction) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.WindowsHomeSkuRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction + if ($complexTypeStringResult) + { + $Results.WindowsHomeSkuRestriction = $complexTypeStringResult + } + else + { + $Results.Remove('WindowsHomeSkuRestriction') | Out-Null + } + } + if ($Results.WindowsMobileRestriction) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.WindowsMobileRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction + if ($complexTypeStringResult) + { + $Results.WindowsMobileRestriction = $complexTypeStringResult + } + else + { + $Results.Remove('WindowsMobileRestriction') | Out-Null + } + } + + if ($Results.AndroidRestriction) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.AndroidRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction + if ($complexTypeStringResult) + { + $Results.AndroidRestriction = $complexTypeStringResult + } + else + { + $Results.Remove('AndroidRestriction') | Out-Null + } + } + + if ($Results.AndroidForWorkRestriction) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.AndroidForWorkRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction + if ($complexTypeStringResult) + { + $Results.AndroidForWorkRestriction = $complexTypeStringResult + } + else + { + $Results.Remove('AndroidForWorkRestriction') | Out-Null + } + } + + if ($Results.MacRestriction) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.MacRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction + if ($complexTypeStringResult) + { + $Results.MacRestriction = $complexTypeStringResult + } + else + { + $Results.Remove('MacRestriction') | Out-Null + } + } + + if ($Results.MacOSRestriction) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.MacOSRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction + if ($complexTypeStringResult) + { + $Results.MacOSRestriction = $complexTypeStringResult + } + else + { + $Results.Remove('MacOSRestriction') | Out-Null + } + } + + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` @@ -619,6 +676,57 @@ function Export-TargetResource -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential + + + if ($Results.Assignments) + { + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + } + + if ($Results.IosRestriction) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'IosRestriction' + } + + if ($Results.WindowsRestriction) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'WindowsRestriction' + } + + if ($Results.WindowsHomeSkuRestriction) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'WindowsHomeSkuRestriction' + } + if ($Results.WindowsMobileRestriction) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'WindowsMobileRestriction' + } + + if ($Results.AndroidRestriction) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'AndroidRestriction' + } + + if ($Results.AndroidForWorkRestriction) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'AndroidForWorkRestriction' + } + + if ($Results.MacRestriction) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'MacRestriction' + } + + if ($Results.MacOSRestriction) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'MacOSRestriction' + } + $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -629,6 +737,8 @@ function Export-TargetResource } catch { + Write-Host $_ + Write-Host $Global:M365DSCEmojiRedX if ($_.Exception -like '*401*') { @@ -650,7 +760,100 @@ function Export-TargetResource } } +function Get-DevicePlatformRestrictionSetting +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $Properties + ) + + $results=@{} + + if($null -ne $Properties.platformType) + { + $keyName=($Properties.platformType).Substring(0,1).toUpper()+($Properties.platformType).substring(1,$Properties.platformType.length-1)+'Restriction' + $keyValue=[Hashtable]::new($Properties.platformRestriction) + $hash=@{} + foreach($key in $keyValue.Keys) + { + if($null -ne $keyValue.$key) + { + switch -Wildcard ($keyValue.$key.getType().name) + { + "*[[\]]" + { + if($keyValue.$key.count -gt 0) + { + $hash.add($key,$keyValue.$key) + } + } + "String" + { + if(-Not [String]::IsNullOrEmpty($keyValue.$key)) + { + $hash.add($key,$keyValue.$key) + } + } + Default + { + $hash.add($key,$keyValue.$key) + } + } + } + } + $results.add($keyName,$hash) + } + else + { + $platformRestrictions=[Hashtable]::new($Properties) + $platformRestrictions.remove('@odata.type') + $platformRestrictions.remove('@odata.context') + foreach($key in $platformRestrictions.Keys) + { + $keyName=$key.Substring(0,1).toUpper()+$key.substring(1,$key.length-1) + $keyValue=[Hashtable]::new($platformRestrictions.$key) + $hash=@{} + foreach($key in $keyValue.Keys) + { + if($null -ne $keyValue.$key) + { + switch -Wildcard ($keyValue.$key.getType().name) + { + "*[[\]]" + { + if($keyValue.$key.count -gt 0) + { + $hash.add($key,$keyValue.$key) + } + } + "String" + { + if(-Not [String]::IsNullOrEmpty($keyValue.$key)) + { + $hash.add($key,$keyValue.$key) + } + } + Default + { + $hash.add($key,$keyValue.$key) + } + } + + } + } + $results.add($keyName,$hash) + + #$results.add($keyName,[Hashtable]::new($platformRestrictions.$key)) + } + + } + + return $results +} function Get-M365DSCIntuneDeviceEnrollmentPlatformRestrictionAdditionalProperties { [CmdletBinding()] @@ -696,5 +899,566 @@ function Get-M365DSCIntuneDeviceEnrollmentPlatformRestrictionAdditionalPropertie } return $results } +function Update-DeviceConfigurationPolicyAssignments +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $Targets + ) + try + { + $configurationPolicyAssignments = @() + + $Uri="https://graph.microsoft.com/beta/deviceManagement/configurationPolicies/$DeviceConfigurationPolicyId/assign" + + foreach ($target in $targets) + { + $formattedTarget = @{'@odata.type' = $target.dataType } + if ($target.groupId) + { + $formattedTarget.Add('groupId', $target.groupId) + } + if ($target.collectionId) + { + $formattedTarget.Add('collectionId', $target.collectionId) + } + if ($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) + } + if ($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) + } + $configurationPolicyAssignments += @{'target' = $formattedTarget } + } + $body = @{'assignments' = $configurationPolicyAssignments } | ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + + } + catch + { + try + { + Write-Verbose -Message $_ + $tenantIdValue = '' + $tenantIdValue = $Credential.UserName.Split('@')[1] + Add-M365DSCEvent -Message $_ -EntryType 'Error' ` + -EventID 1 -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $tenantIdValue + } + catch + { + Write-Verbose -Message $_ + } + return $null + } + + +} + +function Get-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter()] + $ComplexObject + ) + + if($null -eq $ComplexObject) + { + return $null + } + + + if($ComplexObject.getType().Fullname -like "*hashtable") + { + return $ComplexObject + } + if($ComplexObject.getType().Fullname -like "*hashtable[[\]]") + { + return ,[hashtable[]]$ComplexObject + } + + + if($ComplexObject.gettype().fullname -like "*[[\]]") + { + $results=@() + + foreach($item in $ComplexObject) + { + if($item) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results+=$hash + } + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + + $results = @{} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property' -and $_.Name -ne 'AdditionalProperties'} + + foreach ($key in $keys) + { + + if($ComplexObject.$($key.Name)) + { + $keyName = $key.Name[0].ToString().ToLower() + $key.Name.Substring(1, $key.Name.Length - 1) + + if($ComplexObject.$($key.Name).gettype().fullname -like "*CimInstance*") + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$($key.Name) + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$($key.Name)) + } + } + } + + return [hashtable]$results +} + +function Get-M365DSCDRGComplexTypeToString +{ + [CmdletBinding()] + #[OutputType([System.String])] + param( + [Parameter()] + $ComplexObject, + + [Parameter(Mandatory = $true)] + [System.String] + $CIMInstanceName, + + [Parameter()] + [Array] + $ComplexTypeMapping, + + [Parameter()] + [System.String] + $Whitespace="", + + [Parameter()] + [switch] + $isArray=$false + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + #If ComplexObject is an Array + if ($ComplexObject.GetType().FullName -like "*[[\]]") + { + $currentProperty=@() + foreach ($item in $ComplexObject) + { + $split=@{ + 'ComplexObject'=$item + 'CIMInstanceName'=$CIMInstanceName + 'Whitespace'=" $whitespace" + } + if ($ComplexTypeMapping) + { + $split.add('ComplexTypeMapping',$ComplexTypeMapping) + } + + $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @split + + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,$currentProperty + } + + $currentProperty="" + if($isArray) + { + $currentProperty += "`r`n" + } + $currentProperty += "$whitespace`MSFT_$CIMInstanceName{`r`n" + $keyNotNull = 0 + foreach ($key in $ComplexObject.Keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyNotNull++ + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + { + $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + + #overwrite type if object defined in mapping complextypemapping + if($key -in $ComplexTypeMapping.Name) + { + $hashPropertyType=($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName + $hashProperty=$ComplexObject[$key] + } + else + { + $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + } + + if($key -notin $ComplexTypeMapping.Name) + { + $Whitespace+=" " + } + + if(-not $isArray -or ($isArray -and $key -in $ComplexTypeMapping.Name )) + { + $currentProperty += $whitespace + $key + " = " + if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + { + $currentProperty += "@(" + } + } + + if($key -in $ComplexTypeMapping.Name) + { + $Whitespace="" + + } + $currentProperty += Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -Whitespace $Whitespace ` + -ComplexTypeMapping $ComplexTypeMapping + + if($ComplexObject.$key.GetType().FullName -like "*[[\]]") + { + $currentProperty += ")" + } + } + else + { + if(-not $isArray) + { + $Whitespace= " " + } + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($Whitespace+" ") + } + } + else + { + $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + + if($mappedKey -and $mappedKey.isRequired) + { + if($mappedKey.isArray) + { + $currentProperty += "$Whitespace $key = @()`r`n" + } + else + { + $currentProperty += "$Whitespace $key = `$null`r`n" + } + } + } + } + $currentProperty += "$Whitespace}" + + return $currentProperty +} + +Function Get-M365DSCDRGSimpleObjectTypeToString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory = 'true')] + [System.String] + $Key, -Export-ModuleMember -Function *-TargetResource + [Parameter(Mandatory = 'true')] + $Value, + + [Parameter()] + [System.String] + $Space=" " + + ) + + $returnValue="" + switch -Wildcard ($Value.GetType().Fullname ) + { + "*.Boolean" + { + $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + } + "*.String" + { + if($key -eq '@odata.type') + { + $key='odataType' + } + $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + } + "*.DateTime" + { + $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + } + "*[[\]]" + { + $returnValue= $Space + $key + " = @(" + $whitespace="" + $newline="" + if($Value.count -gt 1) + { + $returnValue += "`r`n" + $whitespace=$Space+" " + $newline="`r`n" + } + foreach ($item in $Value) + { + switch -Wildcard ($item.GetType().Fullname ) + { + "*.String" + { + $returnValue += "$whitespace'$item'$newline" + } + "*.DateTime" + { + $returnValue += "$whitespace'$item'$newline" + } + Default + { + $returnValue += "$whitespace$item$newline" + } + } + } + if($Value.count -gt 1) + { + $returnValue += "$Space)`r`n" + } + else + { + $returnValue += ")`r`n" + + } + } + Default + { + $returnValue= $Space + $Key + " = " + $Value + "`r`n" + } + } + return $returnValue +} + +function Compare-M365DSCComplexObject +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param( + [Parameter()] + $Source, + [Parameter()] + $Target + ) + + #Comparing full objects + if($null -eq $Source -and $null -eq $Target) + { + return $true + } + + $sourceValue="" + $targetValue="" + if (($null -eq $Source) -xor ($null -eq $Target)) + { + if($null -eq $Source) + { + $sourceValue="Source is null" + } + + if($null -eq $Target) + { + $targetValue="Target is null" + } + Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" + return $false + } + + if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + { + if($source.count -ne $target.count) + { + write-verbose ("source") + write-verbose ($source|fl|out-string) + + write-verbose ("Target") + write-verbose ($target|fl|out-string) + + Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" + return $false + } + if($source.count -eq 0) + { + return $true + } + + $i=0 + foreach($item in $Source) + { + + $compareResult= Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source[$i]) ` + -Target $Target[$i] + + if(-not $compareResult) + { + Write-Verbose -Message "Configuration drift - The complex array items are not identical" + return $false + } + $i++ + } + return $true + } + + $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + foreach ($key in $keys) + { + #write-verbose -message "Comparing key: {$key}" + #Matching possible key names between Source and Target + $skey=$key + $tkey=$key + if($key -eq 'odataType') + { + $skey='@odata.type' + } + else + { + $tmpkey=$Target.keys|Where-Object -FilterScript {$_ -eq "$key"} + if($tkey) + { + $tkey=$tmpkey|Select-Object -First 1 + } + } + + $sourceValue=$Source.$key + $targetValue=$Target.$tkey + #One of the item is null and not the other + if (($null -eq $Source.$skey) -xor ($null -eq $Target.$tkey)) + { + + if($null -eq $Source.$skey) + { + $sourceValue="null" + } + + if($null -eq $Target.$tkey) + { + $targetValue="null" + } + + Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + + #Both keys aren't null or empty + if(($null -ne $Source.$skey) -and ($null -ne $Target.$tkey)) + { + if($Source.$skey.getType().FullName -like "*CimInstance*" -or $Source.$skey.getType().FullName -like "*hashtable*" ) + { + #Recursive call for complex object + $compareResult= Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$skey) ` + -Target $Target.$tkey + + if(-not $compareResult) + { + Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + else + { + #Simple object comparison + $referenceObject=$Target.$tkey + $differenceObject=$Source.$skey + + $compareResult = Compare-Object ` + -ReferenceObject ($referenceObject) ` + -DifferenceObject ($differenceObject) + + if ($null -ne $compareResult) + { + Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + + } + + } + } + + return $true +} +function Convert-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $ComplexObject + ) + + + if($ComplexObject.getType().Fullname -like "*[[\]]") + { + $results=@() + foreach($item in $ComplexObject) + { + $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results+=$hash + } + + #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject + + if($hashComplexObject) + { + + $results=$hashComplexObject.clone() + $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + foreach ($key in $keys) + { + if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + { + $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + } + else + { + $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) + $propertyValue=$results[$key] + $results.remove($key)|out-null + $results.add($propertyName,$propertyValue) + } + } + } + return [hashtable]$results +} +Export-ModuleMember -Function *-TargetResource,* diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof index ae2a05f377..1fe8400da0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof @@ -1,28 +1,39 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; + +[ClassVersion("1.0.0.0")] +class MSFT_DeviceEnrollmentPlatformRestriction +{ + [Write, Description("Block the platform from enrolling.")] Boolean PlatformBlocked; + [Write, Description("Block personally owned devices from enrolling.")] Boolean PersonalDeviceEnrollmentBlocked; + [Write, Description("Min OS version supported.")] String OsMinimumVersion; + [Write, Description("Max OS version supported.")] String OsMaximumVersion; + [Write, Description("Collection of blocked Manufacturers.")] String BlockedManufacturers[]; + [Write, Description("Collection of blocked Skus.")] String BlockedSkus[]; +}; + [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceEnrollmentPlatformRestriction")] class MSFT_IntuneDeviceEnrollmentPlatformRestriction : OMI_BaseResource { - [Key, Description("Display name of the device enrollment platform restriction.")] String DisplayName; + [Write, Description("Identity of the device enrollment platform restriction.")] String Identity; + [Write, Description("Display name of the device enrollment platform restriction.")] String DisplayName; [Write, Description("Description of the device enrollment platform restriction.")] String Description; - [Write, Description("N/A")] Boolean AndroidPlatformBlocked; - [Write, Description("N/A")] Boolean AndroidPersonalDeviceEnrollmentBlocked; - [Write, Description("N/A")] String AndroidOSMinimumVersion; - [Write, Description("N/A")] String AndroidOSMaximumVersion; - [Write, Description("N/A")] Boolean iOSPlatformBlocked; - [Write, Description("N/A")] Boolean iOSPersonalDeviceEnrollmentBlocked; - [Write, Description("N/A")] String iOSOSMinimumVersion; - [Write, Description("N/A")] String iOSOSMaximumVersion; - [Write, Description("N/A")] Boolean MacPlatformBlocked; - [Write, Description("N/A")] Boolean MacPersonalDeviceEnrollmentBlocked; - [Write, Description("N/A")] String MacOSMinimumVersion; - [Write, Description("N/A")] String MacOSMaximumVersion; - [Write, Description("N/A")] Boolean WindowsPlatformBlocked; - [Write, Description("N/A")] Boolean WindowsPersonalDeviceEnrollmentBlocked; - [Write, Description("N/A")] String WindowsOSMinimumVersion; - [Write, Description("N/A")] String WindowsOSMaximumVersion; - [Write, Description("N/A")] Boolean WindowsMobilePlatformBlocked; - [Write, Description("N/A")] Boolean WindowsMobilePersonalDeviceEnrollmentBlocked; - [Write, Description("N/A")] String WindowsMobileOSMinimumVersion; - [Write, Description("N/A")] String WindowsMobileOSMaximumVersion; + [Write, Description("Ios restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string IosRestriction; + [Write, Description("Windows restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string WindowsRestriction; + [Write, Description("Windows home Sku restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string WindowsHomeSkuRestriction; + [Write, Description("Windows Mobile restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string WindowsMobileRestriction; + [Write, Description("Android Device Administrator restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string AndroidRestriction; + [Write, Description("Android Entreprise restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string AndroidForWorkRestriction; + [Write, Description("Mac restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string MacRestriction; + [Write, Description("Mac OS restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string MacOSRestriction; + [Write, Description("Assignments of the policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] string Assignments[]; [Write, Description("Present ensures the restriction exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; From 8d8017b00986a1750ebbd1abb375564faf020612 Mon Sep 17 00:00:00 2001 From: William-Francillette <79221284+William-Francillette@users.noreply.github.com> Date: Fri, 21 Oct 2022 20:07:57 +0100 Subject: [PATCH 002/187] completed --- ...neDeviceEnrollmentPlatformRestriction.psm1 | 188 +++++++++++++----- ...ceEnrollmentPlatformRestriction.schema.mof | 1 + 2 files changed, 141 insertions(+), 48 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index 90afd133ff..8e0c9ea8a5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -17,35 +17,40 @@ function Get-TargetResource $Description, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [ValidateSet("singlePlatformRestriction","platformRestrictions")] + [System.String] + $DeviceEnrollmentConfigurationType, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] $IosRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $WindowsRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $WindowsHomeSkuRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $WindowsMobileRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $AndroidRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $AndroidForWorkRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $MacRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $MacOSRestriction, [Parameter()] @@ -106,6 +111,12 @@ function Get-TargetResource $config = Get-MgDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $Identity -ErrorAction silentlyContinue + + <# + Not using the DisplayName as a key due to android profiles + Android profile are generated using 2 singlePlatformRestriction policies: 1 for android and 1 for androidForWork + Both policies have the same name + if ($null -eq $config) { Write-Verbose -Message "No Device Enrollment Platform Restriction {$Identity} was found" @@ -113,11 +124,12 @@ function Get-TargetResource $config = Get-MgDeviceManagementDeviceEnrollmentConfiguration -Filter "displayName eq '$DisplayName'" -ErrorAction silentlyContinue| Where-Object -FilterScript { ` $_.AdditionalProperties.'@odata.type' -like '#microsoft.graph.deviceEnrollmentPlatform*Configuration' } } + #> if ($null -eq $config) { - Write-Verbose -Message "No Device Enrollment Platform Restriction {$DisplayName} was found" + Write-Verbose -Message "No Device Enrollment Platform Restriction {$Identity} was found" return $nullResult } @@ -126,6 +138,7 @@ function Get-TargetResource Identity = $config.Id DisplayName = $config.DisplayName Description = $config.Description + DeviceEnrollmentConfigurationType = $config.DeviceEnrollmentConfigurationType Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -189,35 +202,40 @@ function Set-TargetResource $Description, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [ValidateSet("singlePlatformRestriction","platformRestrictions")] + [System.String] + $DeviceEnrollmentConfigurationType, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] $IosRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $WindowsRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $WindowsHomeSkuRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $WindowsMobileRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $AndroidRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $AndroidForWorkRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $MacRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $MacOSRestriction, [Parameter()] @@ -274,29 +292,103 @@ function Set-TargetResource $PSBoundParameters.Remove('ApplicationId') | Out-Null $PSBoundParameters.Remove('TenantId') | Out-Null $PSBoundParameters.Remove('ApplicationSecret') | Out-Null - $PSBoundParameters.Remove('DisplayName') | Out-Null - $PSBoundParameters.Remove('Description') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('Verbose') | Out-Null + $PSBoundParameters.Remove('Identity') | Out-Null if ($Ensure -eq 'Present' -and $currentCategory.Ensure -eq 'Absent') { Write-Verbose -Message "Creating new Device Enrollment Platform Restriction {$DisplayName}" - $AdditionalProperties = Get-M365DSCIntuneDeviceEnrollmentPlatformRestrictionAdditionalProperties -Properties $PSBoundParameters + $PSBoundParameters.Remove('Assignments') | Out-Null + + $keys=(([Hashtable]$PSBoundParameters).clone()).Keys + foreach($key in $keys) + { + $keyName=$key.substring(0,1).toLower()+$key.substring(1,$key.length-1) + $keyValue= $PSBoundParameters.$key + if($null -ne $PSBoundParameters.$key -and $PSBoundParameters.$key.getType().Name -like "*cimInstance*") + { + $keyValue= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $PSBoundParameters.$key + if($DeviceEnrollmentConfigurationType -eq 'singlePlatformRestriction' ) + { + $keyName='platformRestriction' + $PSBoundParameters.add('platformType',($key.replace("Restriction",""))) + } + } + $PSBoundParameters.remove($key) + $PSBoundParameters.add($keyName,$keyValue) + } + + $policyType="#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration" + if($DeviceEnrollmentConfigurationType -eq 'platformRestrictions' ) + { + $policyType="#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration" + $PSBoundParameters.add('deviceEnrollmentConfigurationType ','limit') + } + $PSBoundParameters.add("@odata.type",$policyType) + + write-verbose ($PSBoundParameters|convertTo-json -depth 20) - New-MgDeviceManagementDeviceEnrollmentConfiguration -DisplayName $DisplayName ` - -Description $Description ` - -AdditionalProperties $AdditionalProperties + $policy=New-MgDeviceManagementDeviceEnrollmentConfiguration ` + -BodyParameter $PSBoundParameters + + #Assignments from DefaultPolicy are not editable and will raise an alert + if($policy.Id -notlike "*_DefaultPlatformRestrictions") + { + $assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments + + Update-DeviceConfigurationPolicyAssignments ` + -DeviceConfigurationPolicyId $policy.Id ` + -Targets $assignmentsHash + } } elseif ($Ensure -eq 'Present' -and $currentCategory.Ensure -eq 'Present') { Write-Verbose -Message "Updating Device Enrollment Platform Restriction {$DisplayName}" - $config = Get-MgDeviceManagementDeviceEnrollmentConfiguration -Filter "displayName eq '$DisplayName'" ` - | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' } - $AdditionalProperties = Get-M365DSCIntuneDeviceEnrollmentPlatformRestrictionAdditionalProperties -Properties $PSBoundParameters - Update-MgDeviceManagementDeviceEnrollmentConfiguration -DisplayName $DisplayName ` - -Description $Description ` - -AdditionalProperties $AdditionalProperties ` - -DeviceEnrollmentConfigurationId $config.id + + $PSBoundParameters.Remove('Assignments') | Out-Null + + $keys=(([Hashtable]$PSBoundParameters).clone()).Keys + foreach($key in $keys) + { + $keyName=$key.substring(0,1).toLower()+$key.substring(1,$key.length-1) + $keyValue= $PSBoundParameters.$key + if($null -ne $PSBoundParameters.$key -and $PSBoundParameters.$key.getType().Name -like "*cimInstance*") + { + $keyValue= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $PSBoundParameters.$key + if($DeviceEnrollmentConfigurationType -eq 'singlePlatformRestriction' ) + { + $keyName='platformRestriction' + } + } + $PSBoundParameters.remove($key) + $PSBoundParameters.add($keyName,$keyValue) + } + + $policyType="#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration" + if($DeviceEnrollmentConfigurationType -eq 'platformRestrictions' ) + { + $policyType="#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration" + } + $PSBoundParameters.add("@odata.type",$policyType) + write-verbose ($PSBoundParameters|convertTo-json -depth 20) + Update-MgDeviceManagementDeviceEnrollmentConfiguration ` + -BodyParameter $PSBoundParameters ` + -DeviceEnrollmentConfigurationId $Identity + + #Assignments from DefaultPolicy are not editable and will raise an alert + if($Identity -notlike "*_DefaultPlatformRestrictions") + { + $assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments + + Update-DeviceConfigurationPolicyAssignments ` + -DeviceConfigurationPolicyId $Identity ` + -Targets $assignmentsHash + } + } elseif ($Ensure -eq 'Absent' -and $currentCategory.Ensure -eq 'Present') { @@ -327,35 +419,40 @@ function Test-TargetResource $Description, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [ValidateSet("singlePlatformRestriction","platformRestrictions")] + [System.String] + $DeviceEnrollmentConfigurationType, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] $IosRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $WindowsRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $WindowsHomeSkuRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $WindowsMobileRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $AndroidRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $AndroidForWorkRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $MacRestriction, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] + [Microsoft.Management.Infrastructure.CimInstance] $MacOSRestriction, [Parameter()] @@ -916,7 +1013,7 @@ function Update-DeviceConfigurationPolicyAssignments { $configurationPolicyAssignments = @() - $Uri="https://graph.microsoft.com/beta/deviceManagement/configurationPolicies/$DeviceConfigurationPolicyId/assign" + $Uri="https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations/$DeviceConfigurationPolicyId/assign" foreach ($target in $targets) { @@ -939,7 +1036,7 @@ function Update-DeviceConfigurationPolicyAssignments } $configurationPolicyAssignments += @{'target' = $formattedTarget } } - $body = @{'assignments' = $configurationPolicyAssignments } | ConvertTo-Json -Depth 20 + $body = @{'enrollmentConfigurationAssignments' = $configurationPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop @@ -1015,7 +1112,7 @@ function Get-M365DSCDRGComplexTypeToHashtable foreach ($key in $keys) { - if($ComplexObject.$($key.Name)) + if($null -ne $ComplexObject.$($key.Name)) { $keyName = $key.Name[0].ToString().ToLower() + $key.Name.Substring(1, $key.Name.Length - 1) @@ -1301,12 +1398,6 @@ function Compare-M365DSCComplexObject { if($source.count -ne $target.count) { - write-verbose ("source") - write-verbose ($source|fl|out-string) - - write-verbose ("Target") - write-verbose ($target|fl|out-string) - Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } @@ -1385,6 +1476,7 @@ function Compare-M365DSCComplexObject if(-not $compareResult) { + Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" return $false } @@ -1439,7 +1531,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($hashComplexObject) + if($null -ne $hashComplexObject) { $results=$hashComplexObject.clone() diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof index 1fe8400da0..2e2fd93a0b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof @@ -25,6 +25,7 @@ class MSFT_IntuneDeviceEnrollmentPlatformRestriction : OMI_BaseResource [Write, Description("Identity of the device enrollment platform restriction.")] String Identity; [Write, Description("Display name of the device enrollment platform restriction.")] String DisplayName; [Write, Description("Description of the device enrollment platform restriction.")] String Description; + [Write, Description("Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration."), ValueMap{"singlePlatformRestriction","platformRestrictions"}, Values{"singlePlatformRestriction","platformRestrictions"}] String DeviceEnrollmentConfigurationType; [Write, Description("Ios restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string IosRestriction; [Write, Description("Windows restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string WindowsRestriction; [Write, Description("Windows home Sku restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string WindowsHomeSkuRestriction; From a9bd559e747ba8553f48c997741af6201daff05b Mon Sep 17 00:00:00 2001 From: William-Francillette <79221284+William-Francillette@users.noreply.github.com> Date: Sat, 22 Oct 2022 19:20:08 +0100 Subject: [PATCH 003/187] Unit Test --- ...neDeviceEnrollmentPlatformRestriction.psm1 | 108 +++----- ...iceEnrollmentPlatformRestriction.Tests.ps1 | 257 ++++++------------ 2 files changed, 110 insertions(+), 255 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index 8e0c9ea8a5..1c96f771c5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -138,7 +138,7 @@ function Get-TargetResource Identity = $config.Id DisplayName = $config.DisplayName Description = $config.Description - DeviceEnrollmentConfigurationType = $config.DeviceEnrollmentConfigurationType + DeviceEnrollmentConfigurationType = $config.DeviceEnrollmentConfigurationType.toString() Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -338,11 +338,14 @@ function Set-TargetResource #Assignments from DefaultPolicy are not editable and will raise an alert if($policy.Id -notlike "*_DefaultPlatformRestrictions") { - $assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments + if($null -ne $Assignments -and $Assignments -ne @()) + { + $assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments - Update-DeviceConfigurationPolicyAssignments ` - -DeviceConfigurationPolicyId $policy.Id ` - -Targets $assignmentsHash + Update-DeviceConfigurationPolicyAssignments ` + -DeviceConfigurationPolicyId $policy.Id ` + -Targets $assignmentsHash + } } } elseif ($Ensure -eq 'Present' -and $currentCategory.Ensure -eq 'Present') @@ -382,11 +385,14 @@ function Set-TargetResource #Assignments from DefaultPolicy are not editable and will raise an alert if($Identity -notlike "*_DefaultPlatformRestrictions") { - $assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments + if($null -ne $Assignments -and $Assignments -ne @()) + { + $assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments - Update-DeviceConfigurationPolicyAssignments ` - -DeviceConfigurationPolicyId $Identity ` - -Targets $assignmentsHash + Update-DeviceConfigurationPolicyAssignments ` + -DeviceConfigurationPolicyId $Identity ` + -Targets $assignmentsHash + } } } @@ -649,7 +655,7 @@ function Export-TargetResource } $Results = Get-TargetResource @Params - if ($Results.Assignments) + if ($null -ne $Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.Assignments) -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) @@ -662,7 +668,7 @@ function Export-TargetResource } } - if ($Results.IosRestriction) + if ($null -ne $Results.IosRestriction) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.IosRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction if ($complexTypeStringResult) @@ -675,7 +681,7 @@ function Export-TargetResource } } - if ($Results.WindowsRestriction) + if ($null -ne $Results.WindowsRestriction) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.WindowsRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction if ($complexTypeStringResult) @@ -688,7 +694,7 @@ function Export-TargetResource } } - if ($Results.WindowsHomeSkuRestriction) + if ($null -ne $Results.WindowsHomeSkuRestriction) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.WindowsHomeSkuRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction if ($complexTypeStringResult) @@ -700,7 +706,7 @@ function Export-TargetResource $Results.Remove('WindowsHomeSkuRestriction') | Out-Null } } - if ($Results.WindowsMobileRestriction) + if ($null -ne $Results.WindowsMobileRestriction) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.WindowsMobileRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction if ($complexTypeStringResult) @@ -713,7 +719,7 @@ function Export-TargetResource } } - if ($Results.AndroidRestriction) + if ($null -ne $Results.AndroidRestriction) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.AndroidRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction if ($complexTypeStringResult) @@ -726,7 +732,7 @@ function Export-TargetResource } } - if ($Results.AndroidForWorkRestriction) + if ($null -ne $Results.AndroidForWorkRestriction) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.AndroidForWorkRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction if ($complexTypeStringResult) @@ -739,7 +745,7 @@ function Export-TargetResource } } - if ($Results.MacRestriction) + if ($null -ne $Results.MacRestriction) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.MacRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction if ($complexTypeStringResult) @@ -752,7 +758,7 @@ function Export-TargetResource } } - if ($Results.MacOSRestriction) + if ($null -ne $Results.MacOSRestriction) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ($Results.MacOSRestriction) -CIMInstanceName DeviceEnrollmentPlatformRestriction if ($complexTypeStringResult) @@ -775,7 +781,7 @@ function Export-TargetResource -Credential $Credential - if ($Results.Assignments) + if ($null -ne $Results.Assignments) { $isCIMArray = $false if ($Results.Assignments.getType().Fullname -like '*[[\]]') @@ -785,41 +791,41 @@ function Export-TargetResource $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray } - if ($Results.IosRestriction) + if ($null -ne $Results.IosRestriction) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'IosRestriction' } - if ($Results.WindowsRestriction) + if ($null -ne $Results.WindowsRestriction) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'WindowsRestriction' } - if ($Results.WindowsHomeSkuRestriction) + if ($null -ne $Results.WindowsHomeSkuRestriction) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'WindowsHomeSkuRestriction' } - if ($Results.WindowsMobileRestriction) + if ($null -ne $Results.WindowsMobileRestriction) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'WindowsMobileRestriction' } - if ($Results.AndroidRestriction) + if ($null -ne $Results.AndroidRestriction) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'AndroidRestriction' } - if ($Results.AndroidForWorkRestriction) + if ($null -ne $Results.AndroidForWorkRestriction) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'AndroidForWorkRestriction' } - if ($Results.MacRestriction) + if ($null -ne $Results.MacRestriction) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'MacRestriction' } - if ($Results.MacOSRestriction) + if ($null -ne $Results.MacOSRestriction) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'MacOSRestriction' } @@ -834,8 +840,6 @@ function Export-TargetResource } catch { - Write-Host $_ - Write-Host $Global:M365DSCEmojiRedX if ($_.Exception -like '*401*') { @@ -951,51 +955,7 @@ function Get-DevicePlatformRestrictionSetting return $results } -function Get-M365DSCIntuneDeviceEnrollmentPlatformRestrictionAdditionalProperties -{ - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param( - [Parameter(Mandatory = 'true')] - [System.Collections.Hashtable] - $Properties - ) - $results = @{ - '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' - androidRestriction = @{ - platformBlocked = $Properties.AndroidPlatformBlocked - personalDeviceEnrollmentBlocked = $Properties.AndroidPersonalDeviceEnrollmentBlocked - osMinimumVersion = $Properties.AndroidOSMinimumVersion - osMaximumVersion = $Properties.AndroidOSMaximumVersion - } - iosRestriction = @{ - platformBlocked = $Properties.iOSPlatformBlocked - personalDeviceEnrollmentBlocked = $Properties.iOSPersonalDeviceEnrollmentBlocked - osMinimumVersion = $Properties.iOSOSMinimumVersion - osMaximumVersion = $Properties.iOSOSMaximumVersion - } - macOSRestriction = @{ - platformBlocked = $Properties.MacPlatformBlocked - personalDeviceEnrollmentBlocked = $Properties.MacPersonalDeviceEnrollmentBlocked - osminimumVersion = $Properties.MacOSMinimumVersion - osMaximumVersion = $Properties.MacOSMaximumVersion - } - windowsRestriction = @{ - platformBlocked = $Properties.WindowsPlatformBlocked - personalDeviceEnrollmentBlocked = $Properties.WindowsPersonalDeviceEnrollmentBlocked - osMinimumVersion = $Properties.WindowsOSMinimumVersion - osMaximumVersion = $Properties.WindowsOSMaximumVersion - } - windowsMobileRestriction = @{ - platformBlocked = $Properties.WindowsMobilePlatformBlocked - personalDeviceEnrollmentBlocked = $Properties.WindowsMobilePersonalDeviceEnrollmentBlocked - osMinimumVersion = $Properties.WindowsMobileOSMinimumVersion - osMaximumVersion = $Properties.WindowsMobileOSMaximumVersion - } - } - return $results -} function Update-DeviceConfigurationPolicyAssignments { [CmdletBinding()] @@ -1553,4 +1513,4 @@ function Convert-M365DSCDRGComplexTypeToHashtable } return [hashtable]$results } -Export-ModuleMember -Function *-TargetResource,* +Export-ModuleMember -Function *-TargetResource diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 index 48b9701a24..b74740a584 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 @@ -23,15 +23,15 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $secpasswd = ConvertTo-SecureString "Pass@word1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin", $secpasswd) + $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) - Mock -CommandName Update-M365DSCExportAuthenticationResults -MockWith { - return @{} - } + #Mock -CommandName Update-M365DSCExportAuthenticationResults -MockWith { + # return @{} + #} - Mock -CommandName Get-M365DSCExportContentForResource -MockWith { + #Mock -CommandName Get-M365DSCExportContentForResource -MockWith { - } + #} Mock -CommandName Confirm-M365DSCDependencies -MockWith { @@ -47,28 +47,26 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName Remove-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { } + + Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfigurationAssignment -MockWith { + return @() + } } # Test contexts Context -Name "When the restriction doesn't already exist" -Fixture { BeforeAll { $testParams = @{ - AndroidPersonalDeviceEnrollmentBlocked = $False; - AndroidPlatformBlocked = $False; + Identity = "12345-12345-12345-12345-12345_SinglePlatformRestriction"; Description = ""; DisplayName = "My DSC Restriction"; Ensure = "Present" - Credential = $Credential; - iOSOSMaximumVersion = "11.0"; - iOSOSMinimumVersion = "9.0"; - iOSPersonalDeviceEnrollmentBlocked = $False; - iOSPlatformBlocked = $False; - MacPersonalDeviceEnrollmentBlocked = $False; - MacPlatformBlocked = $True; - WindowsMobilePersonalDeviceEnrollmentBlocked = $False; - WindowsMobilePlatformBlocked = $True; - WindowsPersonalDeviceEnrollmentBlocked = $True; - WindowsPlatformBlocked = $False; + DeviceEnrollmentConfigurationType = "singlePlatformRestriction"; + Credential = $Credential; + IosRestriction = (New-CimInstance -ClassName MSFT_DeviceEnrollmentPlatformRestriction -Property @{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + } -ClientOnly); } Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { @@ -90,196 +88,111 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "When the restriction already exists and is NOT in the Desired State" -Fixture { + Context -Name "When the restriction already exists and is in the Desired State" -Fixture { BeforeAll { $testParams = @{ - AndroidPersonalDeviceEnrollmentBlocked = $False; - AndroidPlatformBlocked = $False; + Identity = "12345-12345-12345-12345-12345_SinglePlatformRestriction" Description = ""; DisplayName = "My DSC Restriction"; Ensure = "Present" - Credential = $Credential; - iOSOSMaximumVersion = "11.0"; - iOSOSMinimumVersion = "9.0"; - iOSPersonalDeviceEnrollmentBlocked = $False; - iOSPlatformBlocked = $False; - MacPersonalDeviceEnrollmentBlocked = $False; - MacPlatformBlocked = $True; - WindowsMobilePersonalDeviceEnrollmentBlocked = $False; - WindowsMobilePlatformBlocked = $True; - WindowsPersonalDeviceEnrollmentBlocked = $True; - WindowsPlatformBlocked = $False; + DeviceEnrollmentConfigurationType = "singlePlatformRestriction" + Credential = $Credential; + IosRestriction = (New-CimInstance -ClassName MSFT_DeviceEnrollmentPlatformRestriction -Property @{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + } -ClientOnly) } Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { return @{ AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' - } - id = "12345-12345-12345-12345-12345" - AndroidRestriction = @{ - PersonalDeviceEnrollmentBlocked = $True; #Drift - PlatformBlocked = $False; - } - Description = ""; - DisplayName = "My DSC Restriction"; - Ensure = "Present" - Credential = $Credential; - iOSRestriction = @{ - OSMaximumVersion = "11.0"; - OSMinimumVersion = "9.0"; - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $False; - } - macOSRestriction = @{ - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $True; - } - windowsMobileRestriction = @{ - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $True; - } - WindowsRestriction = @{ - PersonalDeviceEnrollmentBlocked = $True; - PlatformBlocked = $False; + '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration' + PlatformRestriction = @{ + PersonalDeviceEnrollmentBlocked = $False; + PlatformBlocked = $False; + } + platformType = 'ios' } + id = "12345-12345-12345-12345-12345_SinglePlatformRestriction" + DeviceEnrollmentConfigurationType = "singlePlatformRestriction" + Description = ""; + DisplayName = "My DSC Restriction"; } } } - It "Should return Present from the Get method" { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - - It "Should return false from the Test method" { - Test-TargetResource @testParams | Should -Be $false - } - - It "Should update the restriction from the Set method" { - Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgDeviceManagementDeviceEnrollmentConfiguration -Exactly 1 + It "Should return true from the Test method" { + Test-TargetResource @testParams | Should -Be $true } } - Context -Name "When the restriction already exists and IS in the Desired State" -Fixture { + Context -Name "When the restriction already exists and is NOT in the Desired State" -Fixture { BeforeAll { $testParams = @{ - AndroidPersonalDeviceEnrollmentBlocked = $False; - AndroidPlatformBlocked = $False; + Identity = "12345-12345-12345-12345-12345_SinglePlatformRestriction" Description = ""; DisplayName = "My DSC Restriction"; Ensure = "Present" + DeviceEnrollmentConfigurationType = "singlePlatformRestriction" Credential = $Credential; - iOSOSMaximumVersion = "11.0"; - iOSOSMinimumVersion = "9.0"; - iOSPersonalDeviceEnrollmentBlocked = $False; - iOSPlatformBlocked = $False; - MacPersonalDeviceEnrollmentBlocked = $False; - MacPlatformBlocked = $True; - WindowsMobilePersonalDeviceEnrollmentBlocked = $False; - WindowsMobilePlatformBlocked = $True; - WindowsPersonalDeviceEnrollmentBlocked = $True; - WindowsPlatformBlocked = $False; + iOSRestriction = (New-CimInstance -ClassName MSFT_DeviceEnrollmentPlatformRestriction -Property @{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + } -ClientOnly) } Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { return @{ - id = "12345-12345-12345-12345-12345" - Description = ""; - DisplayName = "My DSC Restriction"; AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' - - AndroidRestriction = @{ - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $False; - OSMinimumVersion = "" - OSMaximumVersion = "" - } - iOSRestriction = @{ - OSMaximumVersion = "11.0"; - OSMinimumVersion = "9.0"; - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $False; - } - macOSRestriction = @{ - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $True; - OSMinimumVersion = "" - OSMaximumVersion = "" - } - windowsMobileRestriction = @{ - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $True; - OSMinimumVersion = "" - OSMaximumVersion = "" - } - WindowsRestriction = @{ - PersonalDeviceEnrollmentBlocked = $True; - PlatformBlocked = $False; - OSMinimumVersion = "" - OSMaximumVersion = "" + '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration' + PlatformRestriction = @{ + PersonalDeviceEnrollmentBlocked = $true; #drift + PlatformBlocked = $False; } + platformType = 'ios' } + id = "12345-12345-12345-12345-12345_SinglePlatformRestriction" + DeviceEnrollmentConfigurationType = "singlePlatformRestriction" + Description = ""; + DisplayName = "My DSC Restriction"; } } } - It "Should return true from the Test method" { - Test-TargetResource @testParams | Should -Be $true + It "Should return false from the Test method" { + Test-TargetResource @testParams | Should -Be $false } } Context -Name "When the restriction exists and it SHOULD NOT" -Fixture { BeforeAll { $testParams = @{ - AndroidPersonalDeviceEnrollmentBlocked = $False; - AndroidPlatformBlocked = $False; + Identity = "12345-12345-12345-12345-12345_SinglePlatformRestriction" Description = ""; DisplayName = "My DSC Restriction"; Ensure = "Absent" + DeviceEnrollmentConfigurationType = "singlePlatformRestriction" Credential = $Credential; - iOSOSMaximumVersion = "11.0"; - iOSOSMinimumVersion = "9.0"; - iOSPersonalDeviceEnrollmentBlocked = $False; - iOSPlatformBlocked = $False; - MacPersonalDeviceEnrollmentBlocked = $False; - MacPlatformBlocked = $True; - WindowsMobilePersonalDeviceEnrollmentBlocked = $False; - WindowsMobilePlatformBlocked = $True; - WindowsPersonalDeviceEnrollmentBlocked = $True; - WindowsPlatformBlocked = $False; + iOSRestriction = (New-CimInstance -ClassName MSFT_DeviceEnrollmentPlatformRestriction -Property @{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + } -ClientOnly) } Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { return @{ - id = "12345-12345-12345-12345-12345" - Description = ""; AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' - AndroidRestriction = @{ - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $False; - } - iOSRestriction = @{ - OSMaximumVersion = "11.0"; - OSMinimumVersion = "9.0"; - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $False; - } - macOSRestriction = @{ - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $True; - } - windowsMobileRestriction = @{ + '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration' + PlatformRestriction = @{ PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $True; - } - WindowsRestriction = @{ - PersonalDeviceEnrollmentBlocked = $True; PlatformBlocked = $False; } + platformType = 'ios' } + id = "12345-12345-12345-12345-12345_SinglePlatformRestriction" + DeviceEnrollmentConfigurationType = "singlePlatformRestriction" + Description = ""; + DisplayName = "My DSC Restriction"; } } } @@ -307,36 +220,18 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { return @{ - id = "12345-12345-12345-12345-12345" - Description = ""; - AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' - AndroidRestriction = @{ + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration' + PlatformRestriction = @{ PersonalDeviceEnrollmentBlocked = $False; PlatformBlocked = $False; } - DisplayName = "My DSC Restriction"; - Ensure = "Present" - Credential = $Credential; - iOSRestriction = @{ - OSMaximumVersion = "11.0"; - OSMinimumVersion = "9.0"; - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $False; - } - macOSRestriction = @{ - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $True; - } - windowsMobileRestriction = @{ - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $True; - } - WindowsRestriction = @{ - PersonalDeviceEnrollmentBlocked = $True; - PlatformBlocked = $False; - } + platformType = 'ios' } + id = "12345-12345-12345-12345-12345_SinglePlatformRestriction" + DeviceEnrollmentConfigurationType = "singlePlatformRestriction" + Description = ""; + DisplayName = "My DSC Restriction"; } } } From 34bf1e3f7c9f5e6b8872b899d3abd9b22f7c2b9e Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sun, 12 Mar 2023 13:59:30 +0000 Subject: [PATCH 004/187] temp --- ...tionRulesPolicyWindows10ConfigManager.psm1 | 395 ++++++++++++++++-- ...lesPolicyWindows10ConfigManager.schema.mof | Bin 16102 -> 16108 bytes 2 files changed, 366 insertions(+), 29 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 index bdf0273b97..22fde39fba 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 @@ -8,7 +8,7 @@ function Get-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $True)] [System.String] $DisplayName, @@ -176,26 +176,34 @@ function Get-TargetResource try { #Retrieve policy general settings - $policy = Get-MgDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop + $policy = Get-MgDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop #SilentlyContinue if ($null -eq $policy) { - Write-Verbose -Message "No Endpoint Protection Policy {$Identity} was found" - return $nullResult + Write-Verbose -Message "No Endpoint Protection Policy {id: '$Identity'} was found" + $policy = Get-MgDeviceManagementConfigurationPolicy -Filter "displayName eq '$DisplayName'" -ErrorAction Stop #SilentlyContinue + if ($null -eq $policy) + { + Write-Verbose -Message "No Endpoint Protection Policy {displayName: '$DisplayName'} was found" + return $nullResult + } } + $Identity = $policy.Id + + Write-Verbose -Message "Found Endpoint Protection Policy {$($policy.id):$($policy.Name)}" + #Retrieve policy specific settings [array]$settings = Get-MgDeviceManagementConfigurationPolicySetting ` -DeviceManagementConfigurationPolicyId $Identity ` -ErrorAction Stop - $returnHashtable = @{} $returnHashtable.Add('Identity', $Identity) $returnHashtable.Add('DisplayName', $policy.name) $returnHashtable.Add('Description', $policy.description) - foreach ($setting in $settings.settingInstance) + foreach ($setting in $settings) { $addToParameters = $true $settingName = $setting.settingDefinitionId.Split('_') | Select-Object -Last 1 @@ -205,7 +213,7 @@ function Get-TargetResource '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' { $values = @() - foreach ($value in $setting.AdditionalProperties.simpleSettingCollectionValue) + foreach ($value in $setting.simpleSettingCollectionValue) { $values += Get-DeviceManagementConfigurationSettingInstanceValue -Setting $value } @@ -215,7 +223,7 @@ function Get-TargetResource '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' { $values = @() - foreach ($value in $setting.AdditionalProperties.groupSettingCollectionValue.children) + foreach ($value in $setting.groupSettingCollectionValue.children) { $settingName = $value.settingDefinitionId.split('_') | Select-Object -Last 1 $settingValue = Get-DeviceManagementConfigurationSettingInstanceValue -Setting $value @@ -225,9 +233,10 @@ function Get-TargetResource } Default { - $settingValue = Get-DeviceManagementConfigurationSettingInstanceValue -Setting $setting.AdditionalProperties + $settingValue = Get-DeviceManagementConfigurationSettingInstanceValue -Setting $setting } } + if ($addToParameters) { $returnHashtable.Add($settingName, $settingValue) @@ -271,7 +280,7 @@ function Set-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $True)] [System.String] $DisplayName, @@ -418,7 +427,6 @@ function Set-TargetResource $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` -ProfileName 'beta' - #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -451,7 +459,7 @@ function Set-TargetResource $settings = Format-M365DSCIntuneSettingCatalogPolicySettings ` -DSCParams ([System.Collections.Hashtable]$PSBoundParameters) - $Template = Get-MgDeviceManagementConfigurationPolicyTemplate -DeviceManagementConfigurationPolicyTemplateId $templateReferenceId + $templateReference = Get-MgDeviceManagementConfigurationPolicyTemplate -DeviceManagementConfigurationPolicyTemplateId $templateReferenceId New-MgDeviceManagementConfigurationPolicy ` -Name $DisplayName ` -Description $Description ` @@ -467,23 +475,44 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Present') { Write-Verbose -Message "Updating existing Endpoint Protection Policy {$($currentPolicy.DisplayName)}" - - $settings = Format-M365DSCIntuneSettingCatalogPolicySettings ` - -DSCParams ([System.Collections.Hashtable]$PSBoundParameters) - - $Template = Get-MgDeviceManagementConfigurationPolicyTemplate -DeviceManagementConfigurationPolicyTemplateId $templateReferenceId + #region update policy core settings + $bodyParameter=@{ + Name = $DisplayName + Description = $Description + } Update-MgDeviceManagementConfigurationPolicy ` -DeviceManagementConfigurationPolicyId $Identity ` - -Name $DisplayName ` - -Description $Description ` - -TemplateReference $templateReference ` - -Platforms $platforms ` - -Technologies $technologies ` - -Settings $settings + -BodyParameter $bodyParameter + #endregion + + + #region update policy specific settings + #format settings from PSBoundParameters for update + $settings = Get-IntuneSettingCatalogPolicySetting ` + -DSCParams ([System.Collections.Hashtable]$PSBoundParameters) ` + -TemplateId $templateReferenceId + + + $currentPolicySettings = Get-MgDeviceManagementConfigurationPolicySetting -DeviceManagementConfigurationPolicyId $Identity + foreach ($setting in $currentPolicySettings) + { + #write-verbose ($setting|out-string) + Remove-MgDeviceManagementConfigurationPolicySetting ` + -DeviceManagementConfigurationPolicyId $Identity ` + -DeviceManagementConfigurationSettingId $setting.settingDefinitionId + } + foreach ($setting in $settings) + { + New-MgDeviceManagementConfigurationPolicySetting ` + -DeviceManagementConfigurationPolicyId $Identity ` + -BodyParameter $setting + } + + #region update policy assignments $assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments Update-MgDeviceManagementConfigurationPolicyAssignments -DeviceManagementConfigurationPolicyId $currentPolicy.Identity -Targets $assignmentsHash - + #endregion } elseif ($Ensure -eq 'Absent' -and $currentPolicy.Ensure -eq 'Present') { @@ -502,7 +531,7 @@ function Test-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $True)] [System.String] $DisplayName, @@ -661,8 +690,9 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + #Write-Verbose($CurrentValues|ConvertTo-Json -Depth 20) + #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters $ValuesToCheck.Remove('Credential') | Out-Null @@ -723,7 +753,7 @@ function Test-TargetResource $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys + -ValuesToCheck $ValuesToCheck.Keys -verbose } Write-Verbose -Message "Test-TargetResource returned $TestResult" @@ -808,6 +838,7 @@ function Export-TargetResource $params = @{ Identity = $policy.id + DisplayName = $policy.Name Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -1162,7 +1193,6 @@ function Format-M365DSCIntuneSettingCatalogPolicySettings groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' } ) - #write-verbose -Message ( $DSCParams|out-string) $settings = @() foreach ($settingDefinition in $settingDefinitions) @@ -1226,6 +1256,313 @@ function Format-M365DSCIntuneSettingCatalogPolicySettings } +function Get-IntuneSettingCatalogPolicySetting +{ + [CmdletBinding()] + [OutputType([System.Array])] + param( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $DSCParams, + [Parameter(Mandatory = 'true')] + [System.String] + $TemplateId + ) + + $DSCParams.Remove('Identity') | Out-Null + $DSCParams.Remove('DisplayName') | Out-Null + $DSCParams.Remove('Description') | Out-Null + + #Prepare setting definitions mapping + <# + $settingDefinitions = @( + @{ + settingName = 'AttackSurfaceReductionOnlyExclusions' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductiononlyexclusions' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' + settingInstanceTemplateId = '9b3bc064-2726-4abf-8c70-b9cb440c2422' + settingValueType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + } + @{ + settingName = 'EnableControlledFolderAccess' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_enablecontrolledfolderaccess' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + settingInstanceTemplateId = '88286be0-5a51-4238-bcf9-e8db1c3f0023' + settingValueTemplateId = '93eb92ec-85b7-49fa-87df-09ccc59e390f' + } + @{ + settingName = 'ControlledFolderAccessAllowedApplications' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_controlledfolderaccessallowedapplications' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' + settingInstanceTemplateId = '7b7d300f-40cd-4708-a602-479e41b69647' + settingValueType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + } + @{ + settingName = 'ControlledFolderAccessProtectedFolders' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_controlledfolderaccessprotectedfolders' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' + settingInstanceTemplateId = '081cae44-3f9b-46b1-8eea-f9eb2e1e3031' + settingValueType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + } + @{ + settingName = 'AttackSurfaceReductionRules' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' + settingInstanceTemplateId = 'd770fcd1-62cd-4217-9b20-9ee2a12062ff' + } + @{ + settingName = 'BlockAdobeReaderFromCreatingChildProcesses' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockadobereaderfromcreatingchildprocesses' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'BlockExecutionOfPotentiallyObfuscatedScripts' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'BlockWin32APICallsFromOfficeMacros' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwin32apicallsfromofficemacros' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockcredentialstealingfromwindowslocalsecurityauthoritysubsystem' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'BlockOfficeCommunicationAppFromCreatingChildProcesses' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficecommunicationappfromcreatingchildprocesses' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'BlockAllOfficeApplicationsFromCreatingChildProcesses' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockallofficeapplicationsfromcreatingchildprocesses' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'BlockUntrustedUnsignedProcessesThatRunFromUSB' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockuntrustedunsignedprocessesthatrunfromusb' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'BlockProcessCreationsFromPSExecAndWMICommands' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockprocesscreationsfrompsexecandwmicommands' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'BlockPersistenceThroughWMIEventSubscription' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockpersistencethroughwmieventsubscription' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'BlockOfficeApplicationsFromCreatingExecutableContent' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfromcreatingexecutablecontent' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfrominjectingcodeintootherprocesses' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'UseAdvancedProtectionAgainstRansomware' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'BlockExecutableContentFromEmailClientAndWebmail' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablecontentfromemailclientandwebmail' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + @{ + settingName = 'BlockAbuseOfExploitedVulnerableSignedDrivers' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockabuseofexploitedvulnerablesigneddrivers' + settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + ) + #> + #write-verbose -Message ( $DSCParams|out-string) + $settingDefinitions = Get-MgDeviceManagementConfigurationPolicyTemplateSettingTemplate -DeviceManagementConfigurationPolicyTemplateId $TemplateId + $settingInstances = @() + foreach ($settingDefinition in $settingDefinitions.SettingInstanceTemplate) + { + + $settingInstance = @{} + $settingName = $settingDefinition.SettingDefinitionId.split('_') | Select-Object -Last 1 + $settingType = $settingDefinition.AdditionalProperties.'@odata.type'.replace('InstanceTemplate','Instance') + $settingInstance.Add('settingDefinitionId', $settingDefinition.settingDefinitionId) + $settingInstance.Add('@odata.type', $settingType) + if (-Not [string]::IsNullOrEmpty($settingDefinition.settingInstanceTemplateId)) + { + $settingInstance.Add('settingInstanceTemplateReference',@{'settingInstanceTemplateId'=$settingDefinition.settingInstanceTemplateId}) + } + $settingValueName = $settingType.replace('#microsoft.graph.deviceManagementConfiguration','').replace('Instance','Value') + $settingValueName = $settingValueName.Substring(0,1).ToLower() + $settingValueName.Substring(1,$settingValueName.length -1 ) + $settingValueType = $settingDefinition.AdditionalProperties."$($settingValueName)Template".'@odata.type' + if ($null -ne $settingValueType) + { + $settingValueType = $settingValueType.replace('ValueTemplate','Value') + } + $settingValueTemplateId = $settingDefinition.AdditionalProperties."$($settingValueName)Template".settingValueTemplateId + $settingValue = Get-IntuneSettingCatalogPolicySettingInstanceValue ` + -DSCParams $DSCParams ` + -SettingDefinition $settingDefinition ` + -SettingName $settingName ` + -SettingType $settingType ` + -SettingValueName $settingValueName ` + -SettingValueType $settingValueType ` + -SettingValueTemplateId $settingValueTemplateId + $settingInstance+=($settingValue) + + $settingInstances += @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSetting' + 'settingInstance' = $settingInstance + } + } + + return $settingInstances +} +function Get-IntuneSettingCatalogPolicySettingInstanceValue +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $DSCParams, + + [Parameter()] + $SettingDefinition, + + [Parameter()] + [System.String] + $SettingType, + + [Parameter()] + [System.String] + $SettingName, + + [Parameter()] + [System.String] + $SettingValueName, + + [Parameter()] + [System.String] + $SettingValueType, + + [Parameter()] + [System.String] + $SettingValueTemplateId + ) + + $settingValueReturn = @{} + switch($settingType) + { + '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' + { + $groupSettingCollectionValue = @{} + $groupSettingCollectionValueChildren = @() + + $groupSettingCollectionDefinitionChildren = $SettingDefinition.AdditionalProperties.groupSettingCollectionValueTemplate.children + foreach($childDefinition in $groupSettingCollectionDefinitionChildren) + { + $childSettingName = $childDefinition.settingDefinitionId.split('_') | Select-Object -Last 1 + $childSettingType = $childDefinition.'@odata.type'.replace('InstanceTemplate','Instance') + $childSettingValueName = $childSettingType.replace('#microsoft.graph.deviceManagementConfiguration','').replace('Instance','Value') + $childSettingValueType = "#microsoft.graph.deviceManagementConfiguration$($childSettingValueName)" + $childSettingValueName = $childSettingValueName.Substring(0,1).ToLower() + $childSettingValueName.Substring(1,$childSettingValueName.length -1 ) + $childSettingValueTemplateId = $childDefinition.$childSettingValueName.settingValueTemplateId + $childSettingValue = Get-IntuneSettingCatalogPolicySettingInstanceValue ` + -DSCParams $DSCParams ` + -SettingDefinition $childDefinition ` + -SettingName $childSettingName ` + -SettingType $childDefinition.'@odata.type' ` + -SettingValueName $childSettingValueName ` + -SettingValueType $childSettingValueType ` + -SettingValueTemplateId $childSettingValueTemplateId + + $childSettingValue.add('settingDefinitionId', $childDefinition.settingDefinitionId) + $childSettingValue.add('@odata.type', $childSettingType ) + $groupSettingCollectionValueChildren += $childSettingValue + } + $groupSettingCollectionValue.add('children', $groupSettingCollectionValueChildren) + $settingValueReturn.Add('groupSettingCollectionValue', $groupSettingCollectionValue) + } + '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' + { + $values = @() + foreach( $key in $DSCParams.Keys) + { + if($settingName -eq ($key.tolower())) + { + $values = $DSCParams[$key] + break + } + } + $settingValueCollection = @() + foreach($v in $values) + { + $settingValueCollection += @{ + value = $v + '@odata.type' = $settingValueType + } + } + $settingValueReturn.Add($settingValueName, $settingValueCollection) + } + Default + { + $value = $null + foreach( $key in $DSCParams.Keys) + { + if($settingName -eq ($key.tolower())) + { + $value = "$($SettingDefinition.settingDefinitionId)_$($DSCParams[$key])" + break + } + } + $settingValue = @{} + + if (-Not [string]::IsNullOrEmpty($settingValueType)) + { + $settingValue.add('@odata.type', $settingValueType) + } + if (-Not [string]::IsNullOrEmpty($settingValueTemplateId)) + { + $settingValue.Add('settingValueTemplateReference',@{'settingValueTemplateId'= $settingValueTemplateId}) + } + $settingValue.add('value', $value) + $settingValueReturn.Add($settingValueName, $settingValue) + } + } + return $settingValueReturn +} function New-MgDeviceManagementConfigurationPolicy { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.schema.mof index 9fc90e793b3d8b1747137442c828c0a4ce5a5533..6274ba90d1a17f90c052848d5e50331005dfb64b 100644 GIT binary patch delta 39 ucmaD>`=)lo5gz^^hE#?^hEj%1h9V#b}u5uV9^_%t?u;;}Gf Date: Mon, 13 Mar 2023 16:11:19 +0000 Subject: [PATCH 005/187] Add required properties to SPOTenantSettings Add required properties to SPOTenantSettings --- .../MSFT_SPOTenantSettings.psm1 | 39 +++++++++++++++++++ .../MSFT_SPOTenantSettings.schema.mof | 3 ++ 2 files changed, 42 insertions(+) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 index 2f8b748997..7828deded8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 @@ -96,6 +96,18 @@ function Get-TargetResource [System.Boolean] $IsFluidEnabled, + [Parameter()] + [System.Boolean] + $CommentsOnSitePagesDisabled, + + [Parameter()] + [System.UInt32] + $StorageQuota, + + [Parameter()] + [System.UInt32] + $StorageQuotaAllocated, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -190,6 +202,9 @@ function Get-TargetResource MarkNewFilesSensitiveByDefault = $SPOTenantSettings.MarkNewFilesSensitiveByDefault ConditionalAccessPolicy = $SPOTenantSettings.ConditionalAccessPolicy DisabledWebPartIds = $SPOTenantSettings.DisabledWebPartIds + CommentsOnSitePagesDisabled = $SPOTenantSettings.CommentsOnSitePagesDisabled + StorageQuota = $SPOTenantSettings.StorageQuota + StorageQuotaAllocated = $SPOTenantSettings.StorageQuotaAllocated Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId @@ -311,6 +326,18 @@ function Set-TargetResource [System.Guid[]] $DisabledWebPartIds, + [Parameter()] + [System.Boolean] + $CommentsOnSitePagesDisabled, + + [Parameter()] + [System.UInt32] + $StorageQuota, + + [Parameter()] + [System.UInt32] + $StorageQuotaAllocated, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -483,6 +510,18 @@ function Test-TargetResource [System.Guid[]] $DisabledWebPartIds, + [Parameter()] + [System.Boolean] + $CommentsOnSitePagesDisabled, + + [Parameter()] + [System.UInt32] + $StorageQuota, + + [Parameter()] + [System.UInt32] + $StorageQuotaAllocated, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof index 8db8e1f74b..c1600ac84e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof @@ -22,6 +22,9 @@ class MSFT_SPOTenantSettings : OMI_BaseResource [Write, Description("Allow or block external sharing until at least one Office DLP policy scans the content of the file."), ValueMap{"AllowExternalSharing","BlockExternalSharing"}, Values{"AllowExternalSharing","BlockExternalSharing"}] string MarkNewFilesSensitiveByDefault; [Write, Description("Allow or Block Conditional Access Policy on the SharePoint Tenant"), ValueMap{"AllowFullAccess", "AllowLimitedAccess", "BlockAccess"}, Values{"AllowFullAccess", "AllowLimitedAccess", "BlockAccess"}] string ConditionalAccessPolicy; [Write, Description("Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site")] string DisabledWebPartIds; + [Write, Description("")] Boolean CommentsOnSitePagesDisabled; + [Write, Description("")] UInt32 StorageQuota; + [Write, Description("")] UInt32 StorageQuotaAllocated; [Write, Description("Only accepted value is 'Present'."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the account to authenticate with."), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; From 1b314a6a0a77c3483549f9cf3c292f6a2195bed8 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Mon, 13 Mar 2023 17:07:49 +0000 Subject: [PATCH 006/187] Revert --- .../MSFT_SPOTenantSettings.psm1 | 39 ------------------- .../MSFT_SPOTenantSettings.schema.mof | 3 -- 2 files changed, 42 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 index 7828deded8..2f8b748997 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 @@ -96,18 +96,6 @@ function Get-TargetResource [System.Boolean] $IsFluidEnabled, - [Parameter()] - [System.Boolean] - $CommentsOnSitePagesDisabled, - - [Parameter()] - [System.UInt32] - $StorageQuota, - - [Parameter()] - [System.UInt32] - $StorageQuotaAllocated, - [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -202,9 +190,6 @@ function Get-TargetResource MarkNewFilesSensitiveByDefault = $SPOTenantSettings.MarkNewFilesSensitiveByDefault ConditionalAccessPolicy = $SPOTenantSettings.ConditionalAccessPolicy DisabledWebPartIds = $SPOTenantSettings.DisabledWebPartIds - CommentsOnSitePagesDisabled = $SPOTenantSettings.CommentsOnSitePagesDisabled - StorageQuota = $SPOTenantSettings.StorageQuota - StorageQuotaAllocated = $SPOTenantSettings.StorageQuotaAllocated Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId @@ -326,18 +311,6 @@ function Set-TargetResource [System.Guid[]] $DisabledWebPartIds, - [Parameter()] - [System.Boolean] - $CommentsOnSitePagesDisabled, - - [Parameter()] - [System.UInt32] - $StorageQuota, - - [Parameter()] - [System.UInt32] - $StorageQuotaAllocated, - [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -510,18 +483,6 @@ function Test-TargetResource [System.Guid[]] $DisabledWebPartIds, - [Parameter()] - [System.Boolean] - $CommentsOnSitePagesDisabled, - - [Parameter()] - [System.UInt32] - $StorageQuota, - - [Parameter()] - [System.UInt32] - $StorageQuotaAllocated, - [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof index c1600ac84e..8db8e1f74b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof @@ -22,9 +22,6 @@ class MSFT_SPOTenantSettings : OMI_BaseResource [Write, Description("Allow or block external sharing until at least one Office DLP policy scans the content of the file."), ValueMap{"AllowExternalSharing","BlockExternalSharing"}, Values{"AllowExternalSharing","BlockExternalSharing"}] string MarkNewFilesSensitiveByDefault; [Write, Description("Allow or Block Conditional Access Policy on the SharePoint Tenant"), ValueMap{"AllowFullAccess", "AllowLimitedAccess", "BlockAccess"}, Values{"AllowFullAccess", "AllowLimitedAccess", "BlockAccess"}] string ConditionalAccessPolicy; [Write, Description("Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site")] string DisabledWebPartIds; - [Write, Description("")] Boolean CommentsOnSitePagesDisabled; - [Write, Description("")] UInt32 StorageQuota; - [Write, Description("")] UInt32 StorageQuotaAllocated; [Write, Description("Only accepted value is 'Present'."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the account to authenticate with."), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; From fd6ee4c14636b389ac135ccfc12f1a9ad73410d0 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Tue, 14 Mar 2023 20:26:53 +0000 Subject: [PATCH 007/187] Fix resource --- ...tionRulesPolicyWindows10ConfigManager.psm1 | 699 ++---------------- ...ulesPolicyWindows10ConfigManager.Tests.ps1 | 185 +++-- 2 files changed, 167 insertions(+), 717 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 index 22fde39fba..bd459014bf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 @@ -176,12 +176,12 @@ function Get-TargetResource try { #Retrieve policy general settings - $policy = Get-MgDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop #SilentlyContinue + $policy = Get-MgDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue if ($null -eq $policy) { Write-Verbose -Message "No Endpoint Protection Policy {id: '$Identity'} was found" - $policy = Get-MgDeviceManagementConfigurationPolicy -Filter "displayName eq '$DisplayName'" -ErrorAction Stop #SilentlyContinue + $policy = Get-MgDeviceManagementConfigurationPolicy -Filter "name eq '$DisplayName'" -ErrorAction SilentlyContinue if ($null -eq $policy) { Write-Verbose -Message "No Endpoint Protection Policy {displayName: '$DisplayName'} was found" @@ -203,37 +203,45 @@ function Get-TargetResource $returnHashtable.Add('DisplayName', $policy.name) $returnHashtable.Add('Description', $policy.description) - foreach ($setting in $settings) + foreach ($setting in $settings.settingInstance) { $addToParameters = $true $settingName = $setting.settingDefinitionId.Split('_') | Select-Object -Last 1 - switch ($setting.'@odata.type') + switch ($setting.AdditionalProperties.'@odata.type') { - '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' + + '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' { - $values = @() - foreach ($value in $setting.simpleSettingCollectionValue) - { - $values += Get-DeviceManagementConfigurationSettingInstanceValue -Setting $value - } - $settingValue = $values + $settingValue = $setting.AdditionalProperties.simpleSettingValue.value + } + '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + { + $settingValue = $setting.AdditionalProperties.choiceSettingValue.value.split('_') | Select-Object -Last 1 } - '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' { $values = @() - foreach ($value in $setting.groupSettingCollectionValue.children) + foreach ($value in $setting.AdditionalProperties.groupSettingCollectionValue.children) { $settingName = $value.settingDefinitionId.split('_') | Select-Object -Last 1 - $settingValue = Get-DeviceManagementConfigurationSettingInstanceValue -Setting $value + $settingValue = $value.choiceSettingValue.value.split('_') | Select-Object -Last 1 $returnHashtable.Add($settingName, $settingValue) $addToParameters = $false } } + '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' + { + $values = @() + foreach ($value in $setting.AdditionalProperties.simpleSettingCollectionValue.value) + { + $values += $value + } + $settingValue = $values + } Default { - $settingValue = Get-DeviceManagementConfigurationSettingInstanceValue -Setting $setting + $settingValue = $setting.value } } @@ -244,7 +252,7 @@ function Get-TargetResource } $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementConfigurationPolicyAssignments -DeviceManagementConfigurationPolicyId $Identity + $returnAssignments += Get-DeviceManagementConfigurationPolicyAssignment -DeviceManagementConfigurationPolicyId $Identity $returnHashtable.Add('Assignments', $returnAssignments) Write-Verbose -Message "Found Endpoint Protection Policy {$($policy.name)}" @@ -456,62 +464,50 @@ function Set-TargetResource { Write-Verbose -Message "Creating new Endpoint Protection Policy {$DisplayName}" - $settings = Format-M365DSCIntuneSettingCatalogPolicySettings ` - -DSCParams ([System.Collections.Hashtable]$PSBoundParameters) + $settings = Get-IntuneSettingCatalogPolicySetting ` + -DSCParams ([System.Collections.Hashtable]$PSBoundParameters) ` + -TemplateId $templateReferenceId - $templateReference = Get-MgDeviceManagementConfigurationPolicyTemplate -DeviceManagementConfigurationPolicyTemplateId $templateReferenceId - New-MgDeviceManagementConfigurationPolicy ` - -Name $DisplayName ` - -Description $Description ` - -TemplateReference $templateReference ` - -Platforms $platforms ` - -Technologies $technologies ` - -Settings $settings + $createParameters = @{ + Name = $DisplayName + Description = $Description + TemplateReference = @{templateId = $templateReferenceId} + Platforms = $platforms + Technologies = $technologies + Settings = $settings + } + New-MgDeviceManagementConfigurationPolicy -bodyParameter $createParameters $assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments - Update-MgDeviceManagementConfigurationPolicyAssignments -DeviceManagementConfigurationPolicyId $Identity -Targets $assignmentsHash + Update-DeviceManagementConfigurationPolicyAssignment ` + -DeviceManagementConfigurationPolicyId $Identity ` + -Targets $assignmentsHash } elseif ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Present') { Write-Verbose -Message "Updating existing Endpoint Protection Policy {$($currentPolicy.DisplayName)}" - #region update policy core settings - $bodyParameter=@{ - Name = $DisplayName - Description = $Description - } - Update-MgDeviceManagementConfigurationPolicy ` - -DeviceManagementConfigurationPolicyId $Identity ` - -BodyParameter $bodyParameter - #endregion - - - #region update policy specific settings #format settings from PSBoundParameters for update $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$PSBoundParameters) ` -TemplateId $templateReferenceId - - $currentPolicySettings = Get-MgDeviceManagementConfigurationPolicySetting -DeviceManagementConfigurationPolicyId $Identity - foreach ($setting in $currentPolicySettings) - { - #write-verbose ($setting|out-string) - Remove-MgDeviceManagementConfigurationPolicySetting ` - -DeviceManagementConfigurationPolicyId $Identity ` - -DeviceManagementConfigurationSettingId $setting.settingDefinitionId - } - foreach ($setting in $settings) - { - New-MgDeviceManagementConfigurationPolicySetting ` - -DeviceManagementConfigurationPolicyId $Identity ` - -BodyParameter $setting - } + #Using Rest query as SDK update cmdlet not working for ConfigMgr + Update-DeviceManagementConfigurationPolicy ` + -Identity $Identity ` + -DisplayName $DisplayName ` + -Description $Description ` + -TemplateReferenceId $templateReferenceId ` + -Platforms $platforms ` + -Technologies $technologies ` + -Settings $settings #region update policy assignments $assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments - Update-MgDeviceManagementConfigurationPolicyAssignments -DeviceManagementConfigurationPolicyId $currentPolicy.Identity -Targets $assignmentsHash + Update-DeviceManagementConfigurationPolicyAssignment ` + -DeviceManagementConfigurationPolicyId $currentPolicy.Identity ` + -Targets $assignmentsHash #endregion } elseif ($Ensure -eq 'Absent' -and $currentPolicy.Ensure -eq 'Present') @@ -690,11 +686,11 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters - #Write-Verbose($CurrentValues|ConvertTo-Json -Depth 20) - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + $ValuesToCheck.Remove('Identity') | Out-Null $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null @@ -753,7 +749,7 @@ function Test-TargetResource $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys -verbose + -ValuesToCheck $ValuesToCheck.Keys } Write-Verbose -Message "Test-TargetResource returned $TestResult" @@ -911,351 +907,6 @@ function Export-TargetResource return '' } } - -function Get-DeviceManagementConfigurationSettingInstanceValue -{ - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param( - [Parameter(Mandatory = 'true')] - [System.Collections.Hashtable] - $Setting - ) - - switch ($setting.'@odata.type') - { - '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - { - $settingValue = $setting.choiceSettingValue.value.split('_') | Select-Object -Last 1 - - } - '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' - { - $settingValue = $setting.simpleSettingValue.value - } - Default - { - $settingValue = $setting.value - } - } - return $settingValue -} -function Convert-M365DSCParamsToSettingInstance -{ - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param( - [Parameter(Mandatory = 'true')] - [System.Collections.Hashtable] - $DSCParams, - - [Parameter(Mandatory = 'true')] - [System.String] - $SettingDefinitionId, - - [Parameter(Mandatory = 'true')] - [System.String] - $SettingDefinitionType, - - [Parameter()] - [System.String] - $GroupSettingCollectionDefinitionId, - - [Parameter()] - [System.String] - $SettingInstanceTemplateId, - - [Parameter()] - [System.String] - $SettingValueType, - - [Parameter()] - [System.String] - $SettingValueTemplateId - ) - - $DSCParams.Remove('Verbose') | Out-Null - $results = @() - - foreach ($param in $DSCParams.Keys) - { - $settingDefinitionId = $SettingDefinitionId.ToLower() - - $settingInstance = [ordered]@{} - $settingInstance.add('@odata.type', $SettingDefinitionType) - $settingInstance.add('settingDefinitionId', $settingDefinitionId) - if (-Not [string]::IsNullOrEmpty($settingInstanceTemplateId)) - { - $settingInstance.add('settingInstanceTemplateReference', @{'settingInstanceTemplateId' = $SettingInstanceTemplateId }) - } - switch ($SettingDefinitionType) - { - '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - { - $choiceSettingValue = [ordered]@{} - $choiceSettingValue.add('children', @()) - $choiceSettingValue.add('@odata.type', '#microsoft.graph.deviceManagementConfigurationChoiceSettingValue') - if (-Not [string]::IsNullOrEmpty($settingValueTemplateId)) - { - $choiceSettingValue.add('settingValueTemplateReference', @{'settingValueTemplateId' = $SettingValueTemplateId }) - } - $choiceSettingValue.add('value', "$settingDefinitionId`_$($DSCParams.$param)") - $settingInstance.add('choiceSettingValue', $choiceSettingValue) - $results += $settingInstance - } - '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' - { - $simpleSettingCollectionValues = @() - foreach ($value in $DSCParams.$param) - { - $simpleSettingCollectionValue = @{} - $simpleSettingCollectionValue.add('@odata.type', '#microsoft.graph.deviceManagementConfigurationStringSettingValue') - $simpleSettingCollectionValue.add('value', $value) - $simpleSettingCollectionValues += $simpleSettingCollectionValue - } - $settingInstance.add('simpleSettingCollectionValue', $simpleSettingCollectionValues) - $results += $settingInstance - } - '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' - { - $simpleSettingValue = @{} - if (-Not [string]::IsNullOrEmpty($SettingValueType)) - { - $simpleSettingValue.add('@odata.type', $SettingValueType) - } - $simpleSettingValue.add('value', $DSCParams.$param) - if (-Not [string]::IsNullOrEmpty($settingValueTemplateId)) - { - $simpleSettingValue.add('settingValueTemplateReference', @{'settingValueTemplateId' = $settingValueTemplateId }) - } - - $settingInstance.add('simpleSettingValue', $simpleSettingValue) - $results += $settingInstance - } - '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' - { - $groupSettingCollectionValues = @() - $groupSettingCollectionValues += @{'children' = @() } - $settingInstance.add('groupSettingCollectionValue', $groupSettingCollectionValues) - $results += $settingInstance - } - Default - { - } - } - } - return $results -} -function Format-M365DSCIntuneSettingCatalogPolicySettings -{ - [CmdletBinding()] - [OutputType([System.Array])] - param( - [Parameter(Mandatory = 'true')] - [System.Collections.Hashtable] - $DSCParams - ) - - $DSCParams.Remove('Identity') | Out-Null - $DSCParams.Remove('DisplayName') | Out-Null - $DSCParams.Remove('Description') | Out-Null - - #Prepare setting definitions mapping - $settingDefinitions = @( - @{ - settingName = 'AttackSurfaceReductionOnlyExclusions' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductiononlyexclusions' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' - settingInstanceTemplateId = '9b3bc064-2726-4abf-8c70-b9cb440c2422' - settingValueType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' - } - @{ - settingName = 'EnableControlledFolderAccess' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_enablecontrolledfolderaccess' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - settingInstanceTemplateId = '88286be0-5a51-4238-bcf9-e8db1c3f0023' - settingValueTemplateId = '93eb92ec-85b7-49fa-87df-09ccc59e390f' - } - @{ - settingName = 'ControlledFolderAccessAllowedApplications' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_controlledfolderaccessallowedapplications' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' - settingInstanceTemplateId = '7b7d300f-40cd-4708-a602-479e41b69647' - settingValueType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' - } - @{ - settingName = 'ControlledFolderAccessProtectedFolders' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_controlledfolderaccessprotectedfolders' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' - settingInstanceTemplateId = '081cae44-3f9b-46b1-8eea-f9eb2e1e3031' - settingValueType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' - } - @{ - settingName = 'AttackSurfaceReductionRules' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' - settingInstanceTemplateId = 'd770fcd1-62cd-4217-9b20-9ee2a12062ff' - } - @{ - settingName = 'BlockAdobeReaderFromCreatingChildProcesses' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockadobereaderfromcreatingchildprocesses' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockExecutionOfPotentiallyObfuscatedScripts' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockWin32APICallsFromOfficeMacros' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwin32apicallsfromofficemacros' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockcredentialstealingfromwindowslocalsecurityauthoritysubsystem' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockOfficeCommunicationAppFromCreatingChildProcesses' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficecommunicationappfromcreatingchildprocesses' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockAllOfficeApplicationsFromCreatingChildProcesses' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockallofficeapplicationsfromcreatingchildprocesses' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockUntrustedUnsignedProcessesThatRunFromUSB' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockuntrustedunsignedprocessesthatrunfromusb' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockProcessCreationsFromPSExecAndWMICommands' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockprocesscreationsfrompsexecandwmicommands' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockPersistenceThroughWMIEventSubscription' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockpersistencethroughwmieventsubscription' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockOfficeApplicationsFromCreatingExecutableContent' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfromcreatingexecutablecontent' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfrominjectingcodeintootherprocesses' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'UseAdvancedProtectionAgainstRansomware' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockExecutableContentFromEmailClientAndWebmail' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablecontentfromemailclientandwebmail' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockAbuseOfExploitedVulnerableSignedDrivers' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockabuseofexploitedvulnerablesigneddrivers' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - ) - #write-verbose -Message ( $DSCParams|out-string) - $settings = @() - foreach ($settingDefinition in $settingDefinitions) - { - - $setting = @{} - $value = $DSCParams["$($settingDefinition.settingName)"] - if ($value) - { - if ([string]::IsNullOrEmpty($settingDefinition.groupSettingCollectionDefinitionId)) - { - $setting.add('@odata.type', '#microsoft.graph.deviceManagementConfigurationSetting') - } - $formatParams = @{} - $formatParams.Add('DSCParams', @{$settingDefinition.settingName = $value }) - $formatParams.Add('settingDefinitionId', $settingDefinition.settingDefinitionId) - $formatParams.Add('settingDefinitionType', $settingDefinition.settingDefinitionType) - if (-Not [string]::IsNullOrEmpty($settingDefinition.settingInstanceTemplateId)) - { - $formatParams.Add('settingInstanceTemplateId', $settingDefinition.settingInstanceTemplateId) - } - if (-Not [string]::IsNullOrEmpty($settingDefinition.settingValueTemplateId)) - { - $formatParams.Add('SettingValueTemplateId', $settingDefinition.settingValueTemplateId) - } - if (-Not [string]::IsNullOrEmpty($settingDefinition.settingValueType)) - { - $formatParams.Add('settingValueType', $settingDefinition.settingValueType) - } - $myFormattedSetting = Convert-M365DSCParamsToSettingInstance @formatParams - - if (-Not [string]::IsNullOrEmpty($settingDefinition.groupSettingCollectionDefinitionId)) - { - $mySetting = $settings.settingInstance | Where-Object -FilterScript { $_.settingDefinitionId -eq $settingDefinition.groupSettingCollectionDefinitionId } - if ($null -eq $mySetting) - { - $parentSetting = @{} - $parentSetting.add('@odata.type', '#microsoft.graph.deviceManagementConfigurationSetting') - $mySettingDefinition = $settingDefinitions | Where-Object -FilterScript { $_.settingDefinitionId -eq $settingDefinition.groupSettingCollectionDefinitionId } - $mySettingDefinitionFormatted = Convert-M365DSCParamsToSettingInstance ` - -DSCParams @{$mySettingDefinition.settingName = @{} } ` - -SettingDefinitionId $mySettingDefinition.settingDefinitionId ` - -SettingDefinitionType $mySettingDefinition.settingDefinitionType ` - -SettingInstanceTemplateId $mySettingDefinition.settingInstanceTemplateId - $parentSetting.add('settingInstance', $mySettingDefinitionFormatted) - $settings += $parentSetting - $mySetting = $settings.settingInstance | Where-Object -FilterScript { $_.settingDefinitionId -eq $settingDefinition.groupSettingCollectionDefinitionId } - } - $mySetting.groupSettingCollectionValue[0].children += $myFormattedSetting - } - else - { - $setting.add('settingInstance', $myFormattedSetting) - $settings += $setting - } - - } - } - - return $settings -} - - function Get-IntuneSettingCatalogPolicySetting { [CmdletBinding()] @@ -1274,141 +925,6 @@ function Get-IntuneSettingCatalogPolicySetting $DSCParams.Remove('Description') | Out-Null #Prepare setting definitions mapping - <# - $settingDefinitions = @( - @{ - settingName = 'AttackSurfaceReductionOnlyExclusions' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductiononlyexclusions' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' - settingInstanceTemplateId = '9b3bc064-2726-4abf-8c70-b9cb440c2422' - settingValueType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' - } - @{ - settingName = 'EnableControlledFolderAccess' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_enablecontrolledfolderaccess' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - settingInstanceTemplateId = '88286be0-5a51-4238-bcf9-e8db1c3f0023' - settingValueTemplateId = '93eb92ec-85b7-49fa-87df-09ccc59e390f' - } - @{ - settingName = 'ControlledFolderAccessAllowedApplications' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_controlledfolderaccessallowedapplications' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' - settingInstanceTemplateId = '7b7d300f-40cd-4708-a602-479e41b69647' - settingValueType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' - } - @{ - settingName = 'ControlledFolderAccessProtectedFolders' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_controlledfolderaccessprotectedfolders' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' - settingInstanceTemplateId = '081cae44-3f9b-46b1-8eea-f9eb2e1e3031' - settingValueType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' - } - @{ - settingName = 'AttackSurfaceReductionRules' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' - settingInstanceTemplateId = 'd770fcd1-62cd-4217-9b20-9ee2a12062ff' - } - @{ - settingName = 'BlockAdobeReaderFromCreatingChildProcesses' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockadobereaderfromcreatingchildprocesses' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockExecutionOfPotentiallyObfuscatedScripts' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockWin32APICallsFromOfficeMacros' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwin32apicallsfromofficemacros' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockcredentialstealingfromwindowslocalsecurityauthoritysubsystem' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockOfficeCommunicationAppFromCreatingChildProcesses' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficecommunicationappfromcreatingchildprocesses' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockAllOfficeApplicationsFromCreatingChildProcesses' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockallofficeapplicationsfromcreatingchildprocesses' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockUntrustedUnsignedProcessesThatRunFromUSB' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockuntrustedunsignedprocessesthatrunfromusb' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockProcessCreationsFromPSExecAndWMICommands' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockprocesscreationsfrompsexecandwmicommands' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockPersistenceThroughWMIEventSubscription' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockpersistencethroughwmieventsubscription' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockOfficeApplicationsFromCreatingExecutableContent' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfromcreatingexecutablecontent' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfrominjectingcodeintootherprocesses' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'UseAdvancedProtectionAgainstRansomware' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockExecutableContentFromEmailClientAndWebmail' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablecontentfromemailclientandwebmail' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - @{ - settingName = 'BlockAbuseOfExploitedVulnerableSignedDrivers' - settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockabuseofexploitedvulnerablesigneddrivers' - settingDefinitionType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - groupSettingCollectionDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - } - ) - #> - #write-verbose -Message ( $DSCParams|out-string) $settingDefinitions = Get-MgDeviceManagementConfigurationPolicyTemplateSettingTemplate -DeviceManagementConfigurationPolicyTemplateId $TemplateId $settingInstances = @() foreach ($settingDefinition in $settingDefinitions.SettingInstanceTemplate) @@ -1513,7 +1029,7 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue $groupSettingCollectionValueChildren += $childSettingValue } $groupSettingCollectionValue.add('children', $groupSettingCollectionValueChildren) - $settingValueReturn.Add('groupSettingCollectionValue', $groupSettingCollectionValue) + $settingValueReturn.Add('groupSettingCollectionValue', @($groupSettingCollectionValue)) } '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' { @@ -1564,7 +1080,7 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue return $settingValueReturn } -function New-MgDeviceManagementConfigurationPolicy +function New-DeviceManagementConfigurationPolicy { [CmdletBinding()] param ( @@ -1614,7 +1130,7 @@ function New-MgDeviceManagementConfigurationPolicy -Body ($policy | ConvertTo-Json -Depth 20) } -function Update-MgDeviceManagementConfigurationPolicy +function Update-DeviceManagementConfigurationPolicy { [CmdletBinding()] param ( @@ -1669,7 +1185,7 @@ function Update-MgDeviceManagementConfigurationPolicy -Body ($policy | ConvertTo-Json -Depth 20) } -function Remove-MgDeviceManagementConfigurationPolicy +function Remove-DeviceManagementConfigurationPolicy { [CmdletBinding()] param ( @@ -1682,45 +1198,7 @@ function Remove-MgDeviceManagementConfigurationPolicy Invoke-MgGraphRequest -Method DELETE -Uri $Uri } -function Get-MgDeviceManagementConfigurationPolicySetting -{ - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param ( - [Parameter(Mandatory = 'true')] - [System.String] - $DeviceManagementConfigurationPolicyId - ) - try - { - $configurationPolicySettings = @() - - $Uri = "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies/$DeviceManagementConfigurationPolicyId/settings" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop - $configurationPolicySettings += $results.value.settingInstance - while ($results.'@odata.nextLink') - { - $Uri = $results.'@odata.nextLink' - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop - $configurationPolicySettings += $results.value.settingInstance - } - return $configurationPolicySettings - } - catch - { - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - - return $null - } - - -} - -function Get-MgDeviceManagementConfigurationPolicyAssignments +function Get-DeviceManagementConfigurationPolicyAssignment { [CmdletBinding()] param @@ -1776,7 +1254,7 @@ function Get-MgDeviceManagementConfigurationPolicyAssignments } } -function Update-MgDeviceManagementConfigurationPolicyAssignments +function Update-DeviceManagementConfigurationPolicyAssignment { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] @@ -1835,36 +1313,6 @@ function Update-MgDeviceManagementConfigurationPolicyAssignments } } -function Get-MgDeviceManagementConfigurationSettingDefinition -{ - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param - ( - - [Parameter(Mandatory = $true)] - [System.String] - $Identity - ) - - try - { - $Uri = "https://graph.microsoft.com/beta/deviceManagement/ConfigurationSettings/$($Identity.tolower())" - $configurationPolicySetting = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop - return $configurationPolicySetting - } - catch - { - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - - return $null - } -} - function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] @@ -2165,31 +1613,6 @@ function Get-M365DSCDRGSimpleObjectTypeToString } return $returnValue } - -function Get-M365DSCAdditionalProperties -{ - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param - ( - [Parameter(Mandatory = 'true')] - [System.Collections.Hashtable] - $Properties - ) - - $results = @{'@odata.type' = '#microsoft.graph.agreement' } - foreach ($property in $properties.Keys) - { - if ($property -ne 'Verbose') - { - $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) - $propertyValue = $properties.$property - $results.Add($propertyName, $propertyValue) - } - } - return $results -} - function Compare-M365DSCComplexObject { [CmdletBinding()] diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.Tests.ps1 index 002e80f176..662e5a3bd8 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.Tests.ps1 @@ -32,7 +32,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return 'Credentials' } - Mock -CommandName Update-MgDeviceManagementConfigurationPolicy -MockWith { + Mock -CommandName Update-DeviceManagementConfigurationPolicy -MockWith { } Mock -CommandName New-MgDeviceManagementConfigurationPolicy -MockWith { @@ -50,20 +50,35 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Mock -CommandName Get-MgDeviceManagementConfigurationPolicyAssignment -MockWith { + Mock -CommandName Get-DeviceManagementConfigurationPolicyAssignment -MockWith { + return @(@{ + + dataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + collectionId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + }) + } + + Mock -CommandName Get-MgDeviceManagementConfigurationPolicyTemplateSettingTemplate -MockWith { return @{ Id = '12345-12345-12345-12345-12345' - Source = 'direct' - SourceId = '12345-12345-12345-12345-12345' - Target = @{ - DeviceAndAppManagementAssignmentFilterId = '12345-12345-12345-12345-12345' - DeviceAndAppManagementAssignmentFilterType = 'none' - AdditionalProperties = @( - @{ - '@odata.type' = '#microsoft.graph.exclusionGroupAssignmentTarget' - groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + SettingInstanceTemplate = @{ + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + settingInstanceTemplateId = 'd770fcd1-62cd-4217-9b20-9ee2a12062ff' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstanceTemplate' + groupSettingCollectionValueTemplate = @{ + children =@( + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstanceTemplate' + settingInstanceTemplateId ='999c8d1b-9f4e-49b7-824d-001c5c7d0182' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware' + choiceSettingValueTemplate = @{ + settingValueTemplateId = 'a212472c-c5cc-43dd-898d-d35286a408e5' + } + } + ) } - ) + } } } } @@ -80,10 +95,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Assignments = @( (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' - DeviceAndAppManagementAssignmentFilterType = 'none' - DeviceAndAppManagementAssignmentFilterId = '12345-12345-12345-12345-12345' - GroupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' - CollectionId = '12345-12345-12345-12345-12345' + CollectionId = '26d60dd1-fab6-47bf-8656-358194c1a49d' } -ClientOnly) ) Credential = $Credential @@ -118,10 +130,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Assignments = @( (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' - DeviceAndAppManagementAssignmentFilterType = 'none' - DeviceAndAppManagementAssignmentFilterId = '12345-12345-12345-12345-12345' - GroupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' - CollectionId = '12345-12345-12345-12345-12345' + CollectionId = '26d60dd1-fab6-47bf-8656-358194c1a49d' } -ClientOnly) ) Credential = $Credential @@ -129,11 +138,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = 'My Test' Ensure = 'Present' Identity = '619bd4a4-3b3b-4441-bd6f-3f4c0c444870' + useadvancedprotectionagainstransomware = "audit" } Mock -CommandName Get-MgDeviceManagementConfigurationPolicy -MockWith { return @{ - Identity = '619bd4a4-3b3b-4441-bd6f-3f4c0c444870' + Id = '619bd4a4-3b3b-4441-bd6f-3f4c0c444870' Description = 'My Test Description' Name = 'My Test' } @@ -144,21 +154,24 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Id = 0 SettingDefinitions = $null SettingInstance = @{ - SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowarchivescanning' + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' SettingInstanceTemplateReference = @{ - SettingInstanceTemplateId = '7c5c9cde-f74d-4d11-904f-de4c27f72d89' - AdditionalProperties = $null + SettingInstanceTemplateId = 'd770fcd1-62cd-4217-9b20-9ee2a12062ff' } AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - choiceSettingValue = @{ - value = 'device_vendor_msft_policy_config_defender_allowarchivescanning_0' #drift - settingValueTemplateReference = @{ - settingValueTemplateId = '9ead75d4-6f30-4bc5-8cc5-ab0f999d79f0' - useTemplateDefault = $false - } - children = $null - } + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' + groupSettingCollectionValue = @(@{ + children = @( + @{ + "@odata.type" = "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance" + "settingDefinitionId" = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware" + "choiceSettingValue" = @{ + "@odata.type" = "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue" + "value" = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware_block" + } + } + ) + }) } } @@ -177,23 +190,30 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should update the instance from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgDeviceManagementConfigurationPolicy -Exactly 1 + Should -Invoke -CommandName Update-DeviceManagementConfigurationPolicy -Exactly 1 } } Context -Name 'When the instance already exists and IS in the Desired State' -Fixture { BeforeAll { $testParams = @{ + Assignments = @( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + CollectionId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + } -ClientOnly) + ) Credential = $Credential Description = 'My Test Description' DisplayName = 'My Test' Ensure = 'Present' Identity = '619bd4a4-3b3b-4441-bd6f-3f4c0c444870' + useadvancedprotectionagainstransomware = "block" } Mock -CommandName Get-MgDeviceManagementConfigurationPolicy -MockWith { return @{ - Identity = '619bd4a4-3b3b-4441-bd6f-3f4c0c444870' + Id = '619bd4a4-3b3b-4441-bd6f-3f4c0c444870' Description = 'My Test Description' Name = 'My Test' } @@ -204,21 +224,24 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Id = 0 SettingDefinitions = $null SettingInstance = @{ - SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowarchivescanning' + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' SettingInstanceTemplateReference = @{ - SettingInstanceTemplateId = '7c5c9cde-f74d-4d11-904f-de4c27f72d89' - AdditionalProperties = $null + SettingInstanceTemplateId = 'd770fcd1-62cd-4217-9b20-9ee2a12062ff' } AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - choiceSettingValue = @{ - value = 'device_vendor_msft_policy_config_defender_allowarchivescanning_1' - settingValueTemplateReference = @{ - settingValueTemplateId = '9ead75d4-6f30-4bc5-8cc5-ab0f999d79f0' - useTemplateDefault = $false - } - children = $null - } + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' + groupSettingCollectionValue = @(@{ + children = @( + @{ + "@odata.type" = "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance" + "settingDefinitionId" = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware" + "choiceSettingValue" = @{ + "@odata.type" = "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue" + "value" = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware_block" + } + } + ) + }) } } @@ -238,10 +261,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Assignments = @( (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' - DeviceAndAppManagementAssignmentFilterType = 'none' - DeviceAndAppManagementAssignmentFilterId = '12345-12345-12345-12345-12345' - GroupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' - CollectionId = '12345-12345-12345-12345-12345' + CollectionId = '26d60dd1-fab6-47bf-8656-358194c1a49d' } -ClientOnly) ) Credential = $Credential @@ -253,7 +273,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementConfigurationPolicy -MockWith { return @{ - Identity = '619bd4a4-3b3b-4441-bd6f-3f4c0c444870' + Id = '619bd4a4-3b3b-4441-bd6f-3f4c0c444870' Description = 'My Test Description' Name = 'My Test' } @@ -264,21 +284,24 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Id = 0 SettingDefinitions = $null SettingInstance = @{ - SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowarchivescanning' + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' SettingInstanceTemplateReference = @{ - SettingInstanceTemplateId = '7c5c9cde-f74d-4d11-904f-de4c27f72d89' - AdditionalProperties = $null + SettingInstanceTemplateId = 'd770fcd1-62cd-4217-9b20-9ee2a12062ff' } AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - choiceSettingValue = @{ - value = 'device_vendor_msft_policy_config_defender_allowarchivescanning_1' - settingValueTemplateReference = @{ - settingValueTemplateId = '9ead75d4-6f30-4bc5-8cc5-ab0f999d79f0' - useTemplateDefault = $false - } - children = $null - } + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' + groupSettingCollectionValue = @(@{ + children = @( + @{ + "@odata.type" = "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance" + "settingDefinitionId" = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware" + "choiceSettingValue" = @{ + "@odata.type" = "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue" + "value" = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware_block" + } + } + ) + }) } } @@ -311,9 +334,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementConfigurationPolicy -MockWith { return @{ - Id = '619bd4a4-3b3b-4441-bd6f-3f4c0c444870' - Description = 'My Test Description' - Name = 'My Test' + Id = '619bd4a4-3b3b-4441-bd6f-3f4c0c444870' + Description = 'My Test Description' + Name = 'My Test' TemplateReference = @{ TemplateId = '5dd36540-eb22-4e7e-b19c-2a07772ba627_1' } @@ -325,22 +348,26 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Id = 0 SettingDefinitions = $null SettingInstance = @{ - SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowarchivescanning' + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' SettingInstanceTemplateReference = @{ - SettingInstanceTemplateId = '7c5c9cde-f74d-4d11-904f-de4c27f72d89' - AdditionalProperties = $null + SettingInstanceTemplateId = 'd770fcd1-62cd-4217-9b20-9ee2a12062ff' } AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - choiceSettingValue = @{ - value = 'device_vendor_msft_policy_config_defender_allowarchivescanning_1' - settingValueTemplateReference = @{ - settingValueTemplateId = '9ead75d4-6f30-4bc5-8cc5-ab0f999d79f0' - useTemplateDefault = $false - } - children = $null - } + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' + groupSettingCollectionValue = @(@{ + children = @( + @{ + "@odata.type" = "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance" + "settingDefinitionId" = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware" + "choiceSettingValue" = @{ + "@odata.type" = "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue" + "value" = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware_block" + } + } + ) + }) } + } AdditionalProperties = $null } From a193b444da7fc8e19e866eee8ac94cc260f1a632 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Tue, 14 Mar 2023 20:29:11 +0000 Subject: [PATCH 008/187] changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bfe17d1336..6a7d90b64d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager + * Fix resource * AADEntitlementManagementConnectedOrganization * Initial release * AADConditionalAccessPolicy From 14c9997892b58a6e7c396cd6a5c990991caa48db Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 6 Mar 2023 13:27:10 +0100 Subject: [PATCH 009/187] Added check for Key parameter (breaking change) --- ...AADEntitlementManagementAccessPackage.psm1 | 36 +- ...itlementManagementAccessPackage.schema.mof | 4 +- ...tlementManagementAccessPackageCatalog.psm1 | 24 +- ...tManagementAccessPackageCatalog.schema.mof | 4 +- ...anagementAccessPackageCatalogResource.psm1 | 37 +- ...entAccessPackageCatalogResource.schema.mof | 4 +- .../MSFT_EXOIRMConfiguration.psm1 | 8 +- .../MSFT_EXOIRMConfiguration.schema.mof | 2 +- .../MSFT_EXOPerimeterConfiguration.psm1 | 8 +- .../MSFT_EXOPerimeterConfiguration.schema.mof | 2 +- .../MSFT_EXOResourceConfiguration.psm1 | 8 +- .../MSFT_EXOResourceConfiguration.schema.mof | 2 +- .../MSFT_IntuneAppProtectionPolicyiOS.psm1 | 22 +- ...FT_IntuneAppProtectionPolicyiOS.schema.mof | 6 +- ...ationPolicyAndroidDeviceAdministrator.psm1 | 54 +- ...olicyAndroidDeviceAdministrator.schema.mof | 4 +- ...ConfigurationPolicyAndroidDeviceOwner.psm1 | 1216 ++++++++--------- ...urationPolicyAndroidDeviceOwner.schema.mof | 4 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 59 +- ...nPolicyAndroidOpenSourceProject.schema.mof | 4 +- ..._IntuneDeviceConfigurationPolicyMacOS.psm1 | 38 +- ...eDeviceConfigurationPolicyMacOS.schema.mof | 4 +- ...FT_IntuneDeviceConfigurationPolicyiOS.psm1 | 48 +- ...uneDeviceConfigurationPolicyiOS.schema.mof | 4 +- ...ationPolicyAndroidDeviceAdministrator.psm1 | 56 +- ...olicyAndroidDeviceAdministrator.schema.mof | 4 +- ...ionPolicyAndroidEntrepriseDeviceOwner.psm1 | 69 +- ...icyAndroidEntrepriseDeviceOwner.schema.mof | 4 +- ...ionPolicyAndroidEntrepriseWorkProfile.psm1 | 69 +- ...icyAndroidEntrepriseWorkProfile.schema.mof | 4 +- ...WifiConfigurationPolicyAndroidForWork.psm1 | 69 +- ...nfigurationPolicyAndroidForWork.schema.mof | 4 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 69 +- ...nPolicyAndroidOpenSourceProject.schema.mof | 4 +- ...MSFT_IntuneWifiConfigurationPolicyIOS.psm1 | 68 +- ...ntuneWifiConfigurationPolicyIOS.schema.mof | 4 +- ...FT_IntuneWifiConfigurationPolicyMacOS.psm1 | 69 +- ...uneWifiConfigurationPolicyMacOS.schema.mof | 4 +- ...ntuneWifiConfigurationPolicyWindows10.psm1 | 69 +- ...ifiConfigurationPolicyWindows10.schema.mof | 4 +- ...nProtectionPolicyWindows10MdmEnrolled.psm1 | 597 ++++---- ...ctionPolicyWindows10MdmEnrolled.schema.mof | 4 +- Tests/QA/Microsoft365DSC.Resources.Tests.ps1 | 112 ++ 43 files changed, 1324 insertions(+), 1561 deletions(-) create mode 100644 Tests/QA/Microsoft365DSC.Resources.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 index 66302a4217..e33d5725ce 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -17,7 +17,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -44,13 +44,12 @@ function Get-TargetResource [Parameter()] [System.String[]] $IncompatibleGroups, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -205,7 +204,7 @@ function Set-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -217,7 +216,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -244,13 +243,12 @@ function Set-TargetResource [Parameter()] [System.String[]] $IncompatibleGroups, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -467,7 +465,7 @@ function Set-TargetResource { Remove-MgEntitlementManagementAccessPackageIncompatibleAccessPackageByRef ` -AccessPackageId $currentInstance.Id ` - -AccessPackageId1 $incompatibleAccessPackage + -AccessPackageId1 $incompatibleAccessPackage } #endregion @@ -504,7 +502,7 @@ function Set-TargetResource { Remove-MgEntitlementManagementAccessPackageIncompatibleGroupByRef ` -AccessPackageId $currentInstance.Id ` - -GroupId $incompatibleGroup + -GroupId $incompatibleGroup } #endregion @@ -625,8 +623,6 @@ function Set-TargetResource } } - #write-verbose -message ($params|convertTo-json -depth 20) - Remove-MgEntitlementManagementAccessPackageResourceRoleScope ` -AccessPackageId $currentInstance.Id ` -AccessPackageResourceRoleScopeId $currentRole.Id @@ -656,8 +652,6 @@ function Set-TargetResource -AccessPackageId $currentInstance.Id ` -AccessPackageResourceRoleScopeId $currentRoleScope.Id } - - #endregion #endregion } @@ -668,7 +662,6 @@ function Set-TargetResource #region resource generator code Remove-MgEntitlementManagementAccessPackage -AccessPackageId $currentInstance.Id #endregion - } } @@ -679,7 +672,7 @@ function Test-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -691,7 +684,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -718,13 +711,12 @@ function Test-TargetResource [Parameter()] [System.String[]] $IncompatibleGroups, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.schema.mof index d27b8ba71c..15c64384a4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.schema.mof @@ -9,10 +9,10 @@ class MSFT_AccessPackageResourceRoleScope [ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackage")] class MSFT_AADEntitlementManagementAccessPackage : OMI_BaseResource { - [Write, Description("The Id of the access package.")] String Id; + [Key, Description("The Id of the access package.")] String Id; + [Required, Description("The display name of the access package.")] String DisplayName; [Write, Description("Identifier of the access package catalog referencing this access package.")] String CatalogId; [Write, Description("The description of the access package.")] String Description; - [Write, Description("The display name of the access package.")] String DisplayName; [Write, Description("Whether the access package is hidden from the requestor.")] Boolean IsHidden; [Write, Description("Indicates whether role scopes are visible.")] Boolean IsRoleScopesVisible; [Write, Description("The resources and roles included in the access package."), EmbeddedInstance("MSFT_AccessPackageResourceRoleScope")] String AccessPackageResourceRoleScopes[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 index ab93af2a0c..cad9bb174b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 @@ -4,7 +4,7 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -21,7 +21,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -29,10 +29,10 @@ function Get-TargetResource [System.Boolean] $IsExternallyVisible, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -151,7 +151,7 @@ function Set-TargetResource param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -168,7 +168,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -176,10 +176,10 @@ function Set-TargetResource [System.Boolean] $IsExternallyVisible, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -290,7 +290,7 @@ function Test-TargetResource param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -307,7 +307,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -315,10 +315,10 @@ function Test-TargetResource [System.Boolean] $IsExternallyVisible, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof index ab77f22443..23f6dd298c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof @@ -3,11 +3,11 @@ [ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackageCatalog")] class MSFT_AADEntitlementManagementAccessPackageCatalog : OMI_BaseResource { - [Write, Description("The id of the access package catalog.")] String Id; + [Key, Description("The id of the access package catalog.")] String Id; [Write, Description("Has the value Published if the access packages are available for management.")] String CatalogStatus; [Write, Description("One of UserManaged or ServiceDefault."), ValueMap{"UserManaged","ServiceDefault"}, Values{"UserManaged","ServiceDefault"}] String CatalogType; [Write, Description("The description of the access package catalog.")] String Description; - [Write, Description("The display name of the access package catalog.")] String DisplayName; + [Required, Description("The display name of the access package catalog.")] String DisplayName; [Write, Description("Whether the access packages in this catalog can be requested by users outside of the tenant.")] Boolean IsExternallyVisible; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 index 89fba2c042..6b6f299fd4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -29,7 +29,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -52,13 +52,12 @@ function Get-TargetResource [Parameter()] [System.String] $Url, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -116,7 +115,7 @@ function Get-TargetResource #region resource generator code $getValue = Get-MgEntitlementManagementAccessPackageCatalogAccessPackageResource ` - -AccessPackageCatalogId $CatalogId ` + -AccessPackageCatalogId $CatalogId ` -Filter "Id eq '$Id'" -ErrorAction SilentlyContinue if ($null -eq $getValue) @@ -196,7 +195,7 @@ function Set-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -220,7 +219,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -243,13 +242,12 @@ function Set-TargetResource [Parameter()] [System.String] $Url, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -392,11 +390,8 @@ function Set-TargetResource AccessPackageresource = $resource } #region resource generator code - #write-verbose ($resourceRequest|convertTo-Json -depth 20) New-MgEntitlementManagementAccessPackageResourceRequest @resourceRequest - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -428,16 +423,13 @@ function Set-TargetResource $resource = Rename-M365DSCCimInstanceParameter -Properties $resource ` -Mapping $mapping - #region resource generator code $resourceRequest = @{ CatalogId = $CatalogId RequestType = 'AdminRemove' AccessPackageresource = $resource } - #region resource generator code New-MgEntitlementManagementAccessPackageResourceRequest @resourceRequest - #endregion } } @@ -449,7 +441,7 @@ function Test-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -473,7 +465,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -496,13 +488,12 @@ function Test-TargetResource [Parameter()] [System.String] $Url, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -675,7 +666,7 @@ function Export-TargetResource $catalogId = $catalog.id - [array]$resources = Get-MgEntitlementManagementAccessPackageCatalogAccessPackageResource -AccessPackageCatalogId $catalogId -ErrorAction Stop + [array]$resources = Get-MgEntitlementManagementAccessPackageCatalogAccessPackageResource -AccessPackageCatalogId $catalogId -ErrorAction Stop $j = 1 $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof index 49f6d81abf..ef0fec69e8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof @@ -60,13 +60,13 @@ class MSFT_MicrosoftGraphaccessPackageAnswerChoice [ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackageCatalogResource")] class MSFT_AADEntitlementManagementAccessPackageCatalogResource : OMI_BaseResource { - [Write, Description("Id of the access package catalog resource.")] String Id; + [Key, Description("Id of the access package catalog resource.")] String Id; [Write, Description("The unique ID of the access package catalog.")] String CatalogId; [Write, Description("The name of the user or application that first added this resource. Read-only.")] String AddedBy; [Write, Description("The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.")] String AddedOn; [Write, Description("Contains information about the attributes to be collected from the requestor and sent to the resource application."), EmbeddedInstance("MSFT_MicrosoftGraphaccesspackageresourceattribute")] String Attributes[]; [Write, Description("A description for the resource.")] String Description; - [Write, Description("The display name of the resource, such as the application name, group name or site name.")] String DisplayName; + [Required, Description("The display name of the resource, such as the application name, group name or site name.")] String DisplayName; [Write, Description("True if the resource is not yet available for assignment. Read-only.")] Boolean IsPendingOnboarding; [Write, Description("The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group.")] String OriginId; [Write, Description("The type of the resource in the origin system.")] String OriginSystem; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.psm1 index 83ef2a395d..f15c186de6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.psm1 @@ -4,7 +4,7 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -134,7 +134,7 @@ function Get-TargetResource try { $IRMConfiguration = Get-IRMConfiguration -ErrorAction Stop - + $RMSOnlineKeySharingLocationValue = $null if ($IRMConfiguration.RMSOnlineKeySharingLocation) { @@ -188,7 +188,7 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -329,7 +329,7 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.schema.mof index 97d6748eb4..37634a4815 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("EXOIRMConfiguration")] class MSFT_EXOIRMConfiguration : OMI_BaseResource { - [Write, Description("The Identity parameter specifies the Perimeter Configuration policy that you want to modify.")] String Identity; + [Key, Description("The Identity parameter specifies the Perimeter Configuration policy that you want to modify.")] String Identity; [Write, Description("The AutomaticServiceUpdateEnabled parameter specifies whether to allow the automatic addition of new features within Azure Information Protection for your cloud-based organization.")] Boolean AutomaticServiceUpdateEnabled; [Write, Description("The AzureRMSLicensingEnabled parameter specifies whether the Exchange Online organization can to connect directly to Azure Rights Management.")] Boolean AzureRMSLicensingEnabled; [Write, Description("The DecryptAttachmentForEncryptOnly parameter specifies whether mail recipients have unrestricted rights on the attachment or not for Encrypt-only mails sent using Microsoft Purview Message Encryption.")] Boolean DecryptAttachmentForEncryptOnly; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 index 7cab0e8aad..26bb0a2157 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 @@ -4,7 +4,7 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -117,7 +117,7 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -199,7 +199,7 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -380,7 +380,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.schema.mof index a6c00afd5b..31b7879ac0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("EXOPerimeterConfiguration")] class MSFT_EXOPerimeterConfiguration : OMI_BaseResource { - [Write, Description("The Identity parameter specifies the Perimeter Configuration policy that you want to modify.")] String Identity; + [Key, Description("The Identity parameter specifies the Perimeter Configuration policy that you want to modify.")] String Identity; [Write, Description("Use the GatewayIPAddresses parameter to create or modify a list of gateway server IP addresses to add to IP safelists.")] String GatewayIPAddresses[]; [Write, Description("Specifies if this Outbound connector should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.psm1 index be11663509..3e2a5f7156 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.psm1 @@ -4,7 +4,7 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -117,7 +117,7 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -199,7 +199,7 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -381,7 +381,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.schema.mof index 50f14a5cdb..9f58ca2501 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("EXOResourceConfiguration")] class MSFT_EXOResourceConfiguration : OMI_BaseResource { - [Write, Description("The Identity parameter specifies the Perimeter Configuration policy that you want to modify.")] String Identity; + [Key, Description("The Identity parameter specifies the Perimeter Configuration policy that you want to modify.")] String Identity; [Write, Description("The ResourcePropertySchema parameter specifies the custom resource property that you want to make available to room or equipment mailboxes. This parameter uses the syntax Room/ or Equipment/ where the value doesn't contain spaces. For example, Room/Whiteboard or Equipment/Van.")] String ResourcePropertySchema[]; [Write, Description("Specifies if this Outbound connector should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 index a961655ec7..a606c978a6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 @@ -4,11 +4,11 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -228,10 +228,10 @@ function Get-TargetResource [System.String] $CustomBrowserProtocol, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -434,11 +434,11 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -658,10 +658,10 @@ function Set-TargetResource [System.String] $CustomBrowserProtocol, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -812,11 +812,11 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -1039,7 +1039,7 @@ function Test-TargetResource [Parameter(Mandatory = $true)] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof index 439b1c51ff..17fd97dd4d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof @@ -1,8 +1,8 @@ [ClassVersion("1.0.0.0"), FriendlyName("IntuneAppProtectionPolicyiOS")] class MSFT_IntuneAppProtectionPolicyiOS : OMI_BaseResource { - [Write, Description("Identity of the iOS App Protection Policy.")] String Identity; - [Write, Description("Display name of the iOS App Protection Policy.")] String DisplayName; + [Key, Description("Identity of the iOS App Protection Policy.")] String Identity; + [Required, Description("Display name of the iOS App Protection Policy.")] String DisplayName; [Write, Description("Description of the iOS App Protection Policy.")] String Description; [Write, Description("The period after which access is checked when the device is not connected to the internet.")] String PeriodOfflineBeforeAccessCheck; [Write, Description("The period after which access is checked when the device is connected to the internet.")] String PeriodOnlineBeforeAccessCheck; @@ -16,7 +16,7 @@ class MSFT_IntuneAppProtectionPolicyiOS : OMI_BaseResource [Write, Description("Indicates whether users may use the Save As menu item to save a copy of protected files.")] Boolean SaveAsBlocked; [Write, Description("The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped.")] String PeriodOfflineBeforeWipeIsEnforced; [Write, Description("Indicates whether an app-level pin is required.")] Boolean PinRequired; - [write, description("Indicates whether use of the app pin is required if the device pin is set.")] Boolean DisableAppPinIfDevicePinIsSet; + [Write, description("Indicates whether use of the app pin is required if the device pin is set.")] Boolean DisableAppPinIfDevicePinIsSet; [Write, Description("Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.")] UInt32 MaximumPinRetries; [Write, Description("Block simple PIN and require complex PIN to be set.")] Boolean SimplePinBlocked; [Write, Description("Minimum pin length required for an app-level pin if PinRequired is set to True.")] UInt32 MinimumPinLength; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 index 5cd79ef6ee..502c15914e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -5,15 +5,15 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Id, + $Identity, [Parameter()] [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -225,13 +225,12 @@ function Get-TargetResource [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -398,7 +397,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -420,9 +419,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -430,7 +428,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -642,13 +640,12 @@ function Set-TargetResource [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -743,7 +740,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -758,9 +754,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -796,7 +790,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -808,24 +801,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -835,9 +819,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -845,7 +828,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -1057,13 +1040,12 @@ function Test-TargetResource [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -1140,13 +1122,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -1233,7 +1215,6 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` @@ -1242,7 +1223,6 @@ function Export-TargetResource } #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -2027,7 +2007,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof index a21f8df130..0959b4b07a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof @@ -20,9 +20,9 @@ class MSFT_MicrosoftGraphapplistitem [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator")] class MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Block clipboard sharing between apps (Samsung KNOX Standard 4.0+).")] Boolean AppsBlockClipboardSharing; [Write, Description("Block copy and paste functionality.")] Boolean AppsBlockCopyPaste; [Write, Description("Block YouTube (Samsung KNOX Standard 4.0+).")] Boolean AppsBlockYouTube; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 index 3df9632229..44404997f0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -26,12 +26,12 @@ function Get-TargetResource $AppsAllowInstallFromUnknownSources, [Parameter()] - [ValidateSet('notConfigured','userChoice','never','wiFiOnly','always')] + [ValidateSet('notConfigured', 'userChoice', 'never', 'wiFiOnly', 'always')] [System.String] $AppsAutoUpdatePolicy, [Parameter()] - [ValidateSet('deviceDefault','prompt','autoGrant','autoDeny')] + [ValidateSet('deviceDefault', 'prompt', 'autoGrant', 'autoDeny')] [System.String] $AppsDefaultPermissionPolicy, @@ -68,7 +68,7 @@ function Get-TargetResource $CrossProfilePoliciesAllowCopyPaste, [Parameter()] - [ValidateSet('notConfigured','crossProfileDataSharingBlocked','dataSharingFromWorkToPersonalBlocked','crossProfileDataSharingAllowed','unkownFutureValue')] + [ValidateSet('notConfigured', 'crossProfileDataSharingBlocked', 'dataSharingFromWorkToPersonalBlocked', 'crossProfileDataSharingAllowed', 'unkownFutureValue')] [System.String] $CrossProfilePoliciesAllowDataSharing, @@ -93,7 +93,7 @@ function Get-TargetResource $DeviceOwnerLockScreenMessage, [Parameter()] - [ValidateSet('notConfigured','dedicatedDevice','fullyManaged')] + [ValidateSet('notConfigured', 'dedicatedDevice', 'fullyManaged')] [System.String] $EnrollmentProfile, @@ -122,7 +122,7 @@ function Get-TargetResource $KioskCustomizationPowerButtonActionsBlocked, [Parameter()] - [ValidateSet('notConfigured','notificationsAndSystemInfoEnabled','systemInfoOnly')] + [ValidateSet('notConfigured', 'notificationsAndSystemInfoEnabled', 'systemInfoOnly')] [System.String] $KioskCustomizationStatusBar, @@ -131,7 +131,7 @@ function Get-TargetResource $KioskCustomizationSystemErrorWarnings, [Parameter()] - [ValidateSet('notConfigured','navigationEnabled','homeButtonOnly')] + [ValidateSet('notConfigured', 'navigationEnabled', 'homeButtonOnly')] [System.String] $KioskCustomizationSystemNavigation, @@ -168,7 +168,7 @@ function Get-TargetResource $KioskModeFlashlightConfigurationEnabled, [Parameter()] - [ValidateSet('notConfigured','darkSquare','darkCircle','lightSquare','lightCircle')] + [ValidateSet('notConfigured', 'darkSquare', 'darkCircle', 'lightSquare', 'lightCircle')] [System.String] $KioskModeFolderIcon, @@ -181,7 +181,7 @@ function Get-TargetResource $KioskModeGridWidth, [Parameter()] - [ValidateSet('notConfigured','smallest','small','regular','large','largest')] + [ValidateSet('notConfigured', 'smallest', 'small', 'regular', 'large', 'largest')] [System.String] $KioskModeIconSize, @@ -206,7 +206,7 @@ function Get-TargetResource $KioskModeManagedHomeScreenInactiveSignOutNoticeInSeconds, [Parameter()] - [ValidateSet('notConfigured','simple','complex')] + [ValidateSet('notConfigured', 'simple', 'complex')] [System.String] $KioskModeManagedHomeScreenPinComplexity, @@ -239,7 +239,7 @@ function Get-TargetResource $KioskModeMediaVolumeConfigurationEnabled, [Parameter()] - [ValidateSet('notConfigured','portrait','landscape','autoRotate')] + [ValidateSet('notConfigured', 'portrait', 'landscape', 'autoRotate')] [System.String] $KioskModeScreenOrientation, @@ -272,7 +272,7 @@ function Get-TargetResource $KioskModeShowDeviceInfo, [Parameter()] - [ValidateSet('notConfigured','singleAppMode','multiAppMode')] + [ValidateSet('notConfigured', 'singleAppMode', 'multiAppMode')] [System.String] $KioskModeUseManagedHomeScreenApp, @@ -281,7 +281,7 @@ function Get-TargetResource $KioskModeVirtualHomeButtonEnabled, [Parameter()] - [ValidateSet('notConfigured','swipeUp','floating')] + [ValidateSet('notConfigured', 'swipeUp', 'floating')] [System.String] $KioskModeVirtualHomeButtonType, @@ -322,7 +322,7 @@ function Get-TargetResource $MicrosoftLauncherDockPresenceAllowUserModification, [Parameter()] - [ValidateSet('notConfigured','show','hide','disabled')] + [ValidateSet('notConfigured', 'show', 'hide', 'disabled')] [System.String] $MicrosoftLauncherDockPresenceConfiguration, @@ -335,7 +335,7 @@ function Get-TargetResource $MicrosoftLauncherFeedEnabled, [Parameter()] - [ValidateSet('notConfigured','top','bottom','hide')] + [ValidateSet('notConfigured', 'top', 'bottom', 'hide')] [System.String] $MicrosoftLauncherSearchBarPlacementConfiguration, @@ -352,7 +352,7 @@ function Get-TargetResource $PasswordBlockKeyguard, [Parameter()] - [ValidateSet('notConfigured','camera','notifications','unredactedNotifications','trustAgents','fingerprint','remoteInput','allFeatures','face','iris','biometrics')] + [ValidateSet('notConfigured', 'camera', 'notifications', 'unredactedNotifications', 'trustAgents', 'fingerprint', 'remoteInput', 'allFeatures', 'face', 'iris', 'biometrics')] [System.String[]] $PasswordBlockKeyguardFeatures, @@ -397,12 +397,12 @@ function Get-TargetResource $PasswordPreviousPasswordCountToBlock, [Parameter()] - [ValidateSet('deviceDefault','required','numeric','numericComplex','alphabetic','alphanumeric','alphanumericWithSymbols','lowSecurityBiometric','customPassword')] + [ValidateSet('deviceDefault', 'required', 'numeric', 'numericComplex', 'alphabetic', 'alphanumeric', 'alphanumericWithSymbols', 'lowSecurityBiometric', 'customPassword')] [System.String] $PasswordRequiredType, [Parameter()] - [ValidateSet('deviceDefault','daily','unkownFutureValue')] + [ValidateSet('deviceDefault', 'daily', 'unkownFutureValue')] [System.String] $PasswordRequireUnlock, @@ -423,7 +423,7 @@ function Get-TargetResource $PersonalProfilePersonalApplications, [Parameter()] - [ValidateSet('notConfigured','blockedApps','allowedApps')] + [ValidateSet('notConfigured', 'blockedApps', 'allowedApps')] [System.String] $PersonalProfilePlayStoreMode, @@ -432,7 +432,7 @@ function Get-TargetResource $PersonalProfileScreenCaptureBlocked, [Parameter()] - [ValidateSet('notConfigured','allowList','blockList')] + [ValidateSet('notConfigured', 'allowList', 'blockList')] [System.String] $PlayStoreMode, @@ -461,7 +461,7 @@ function Get-TargetResource $StatusBarBlocked, [Parameter()] - [ValidateSet('notConfigured','ac','usb','wireless')] + [ValidateSet('notConfigured', 'ac', 'usb', 'wireless')] [System.String[]] $StayOnModes, @@ -482,7 +482,7 @@ function Get-TargetResource $SystemUpdateFreezePeriods, [Parameter()] - [ValidateSet('deviceDefault','postpone','windowed','automatic')] + [ValidateSet('deviceDefault', 'postpone', 'windowed', 'automatic')] [System.String] $SystemUpdateInstallType, @@ -563,12 +563,12 @@ function Get-TargetResource $WorkProfilePasswordPreviousPasswordCountToBlock, [Parameter()] - [ValidateSet('deviceDefault','required','numeric','numericComplex','alphabetic','alphanumeric','alphanumericWithSymbols','lowSecurityBiometric','customPassword')] + [ValidateSet('deviceDefault', 'required', 'numeric', 'numericComplex', 'alphabetic', 'alphanumeric', 'alphanumericWithSymbols', 'lowSecurityBiometric', 'customPassword')] [System.String] $WorkProfilePasswordRequiredType, [Parameter()] - [ValidateSet('deviceDefault','daily','unkownFutureValue')] + [ValidateSet('deviceDefault', 'daily', 'unkownFutureValue')] [System.String] $WorkProfilePasswordRequireUnlock, @@ -576,17 +576,15 @@ function Get-TargetResource [System.Int32] $WorkProfilePasswordSignInFailureCountBeforeFactoryReset, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -642,7 +640,7 @@ function Get-TargetResource try { - $getValue=$null + $getValue = $null #region resource generator code $getValue = Get-MgDeviceManagementDeviceConfiguration ` @@ -650,7 +648,7 @@ function Get-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.id -eq $Id ` - } + } if (-not $getValue) { @@ -659,7 +657,7 @@ function Get-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration' -and $_.displayName -eq $($DisplayName) ` - } + } } #endregion @@ -675,13 +673,13 @@ function Get-TargetResource #region resource generator code Id = $getValue.Id Description = $getValue.Description -# DeviceManagementApplicabilityRuleDeviceMode = $getValue.DeviceManagementApplicabilityRuleDeviceMode -# DeviceManagementApplicabilityRuleOsEdition = $getValue.DeviceManagementApplicabilityRuleOsEdition -# DeviceManagementApplicabilityRuleOsVersion = $getValue.DeviceManagementApplicabilityRuleOsVersion + # DeviceManagementApplicabilityRuleDeviceMode = $getValue.DeviceManagementApplicabilityRuleDeviceMode + # DeviceManagementApplicabilityRuleOsEdition = $getValue.DeviceManagementApplicabilityRuleOsEdition + # DeviceManagementApplicabilityRuleOsVersion = $getValue.DeviceManagementApplicabilityRuleOsVersion DisplayName = $getValue.DisplayName -# RoleScopeTagIds = $getValue.RoleScopeTagIds -# SupportsScopeTags = $getValue.SupportsScopeTags -# Version = $getValue.Version + # RoleScopeTagIds = $getValue.RoleScopeTagIds + # SupportsScopeTags = $getValue.SupportsScopeTags + # Version = $getValue.Version AccountsBlockModification = $getValue.AdditionalProperties.accountsBlockModification AppsAllowInstallFromUnknownSources = $getValue.AdditionalProperties.appsAllowInstallFromUnknownSources AppsAutoUpdatePolicy = $getValue.AdditionalProperties.appsAutoUpdatePolicy @@ -816,15 +814,13 @@ function Get-TargetResource WorkProfilePasswordRequiredType = $getValue.AdditionalProperties.workProfilePasswordRequiredType WorkProfilePasswordRequireUnlock = $getValue.AdditionalProperties.workProfilePasswordRequireUnlock WorkProfilePasswordSignInFailureCountBeforeFactoryReset = $getValue.AdditionalProperties.workProfilePasswordSignInFailureCountBeforeFactoryReset -# Assignments = $getValue.AdditionalProperties.assignments -# DeviceSettingStateSummaries = $getValue.AdditionalProperties.deviceSettingStateSummaries -# DeviceStatuses = $getValue.AdditionalProperties.deviceStatuses -# DeviceStatusOverview = $getValue.AdditionalProperties.deviceStatusOverview -# GroupAssignments = $getValue.AdditionalProperties.groupAssignments -# UserStatuses = $getValue.AdditionalProperties.userStatuses -# UserStatusOverview = $getValue.AdditionalProperties.userStatusOverview - - + # Assignments = $getValue.AdditionalProperties.assignments + # DeviceSettingStateSummaries = $getValue.AdditionalProperties.deviceSettingStateSummaries + # DeviceStatuses = $getValue.AdditionalProperties.deviceStatuses + # DeviceStatusOverview = $getValue.AdditionalProperties.deviceStatusOverview + # GroupAssignments = $getValue.AdditionalProperties.groupAssignments + # UserStatuses = $getValue.AdditionalProperties.userStatuses + # UserStatusOverview = $getValue.AdditionalProperties.userStatusOverview Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -834,20 +830,20 @@ function Get-TargetResource Managedidentity = $ManagedIdentity.IsPresent } - $myAssignments=@() - $myAssignments+=Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $getValue.Id + $myAssignments = @() + $myAssignments += Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $getValue.Id $assignmentResult = @() foreach ($assignmentEntry in $myAssignments) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.toString() - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } - $results.Add('Assignments',$assignmentResult) + $results.Add('Assignments', $assignmentResult) return [System.Collections.Hashtable] $results } @@ -868,9 +864,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -878,7 +873,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -891,12 +886,12 @@ function Set-TargetResource $AppsAllowInstallFromUnknownSources, [Parameter()] - [ValidateSet('notConfigured','userChoice','never','wiFiOnly','always')] + [ValidateSet('notConfigured', 'userChoice', 'never', 'wiFiOnly', 'always')] [System.String] $AppsAutoUpdatePolicy, [Parameter()] - [ValidateSet('deviceDefault','prompt','autoGrant','autoDeny')] + [ValidateSet('deviceDefault', 'prompt', 'autoGrant', 'autoDeny')] [System.String] $AppsDefaultPermissionPolicy, @@ -933,7 +928,7 @@ function Set-TargetResource $CrossProfilePoliciesAllowCopyPaste, [Parameter()] - [ValidateSet('notConfigured','crossProfileDataSharingBlocked','dataSharingFromWorkToPersonalBlocked','crossProfileDataSharingAllowed','unkownFutureValue')] + [ValidateSet('notConfigured', 'crossProfileDataSharingBlocked', 'dataSharingFromWorkToPersonalBlocked', 'crossProfileDataSharingAllowed', 'unkownFutureValue')] [System.String] $CrossProfilePoliciesAllowDataSharing, @@ -958,7 +953,7 @@ function Set-TargetResource $DeviceOwnerLockScreenMessage, [Parameter()] - [ValidateSet('notConfigured','dedicatedDevice','fullyManaged')] + [ValidateSet('notConfigured', 'dedicatedDevice', 'fullyManaged')] [System.String] $EnrollmentProfile, @@ -987,7 +982,7 @@ function Set-TargetResource $KioskCustomizationPowerButtonActionsBlocked, [Parameter()] - [ValidateSet('notConfigured','notificationsAndSystemInfoEnabled','systemInfoOnly')] + [ValidateSet('notConfigured', 'notificationsAndSystemInfoEnabled', 'systemInfoOnly')] [System.String] $KioskCustomizationStatusBar, @@ -996,7 +991,7 @@ function Set-TargetResource $KioskCustomizationSystemErrorWarnings, [Parameter()] - [ValidateSet('notConfigured','navigationEnabled','homeButtonOnly')] + [ValidateSet('notConfigured', 'navigationEnabled', 'homeButtonOnly')] [System.String] $KioskCustomizationSystemNavigation, @@ -1033,7 +1028,7 @@ function Set-TargetResource $KioskModeFlashlightConfigurationEnabled, [Parameter()] - [ValidateSet('notConfigured','darkSquare','darkCircle','lightSquare','lightCircle')] + [ValidateSet('notConfigured', 'darkSquare', 'darkCircle', 'lightSquare', 'lightCircle')] [System.String] $KioskModeFolderIcon, @@ -1046,7 +1041,7 @@ function Set-TargetResource $KioskModeGridWidth, [Parameter()] - [ValidateSet('notConfigured','smallest','small','regular','large','largest')] + [ValidateSet('notConfigured', 'smallest', 'small', 'regular', 'large', 'largest')] [System.String] $KioskModeIconSize, @@ -1071,7 +1066,7 @@ function Set-TargetResource $KioskModeManagedHomeScreenInactiveSignOutNoticeInSeconds, [Parameter()] - [ValidateSet('notConfigured','simple','complex')] + [ValidateSet('notConfigured', 'simple', 'complex')] [System.String] $KioskModeManagedHomeScreenPinComplexity, @@ -1104,7 +1099,7 @@ function Set-TargetResource $KioskModeMediaVolumeConfigurationEnabled, [Parameter()] - [ValidateSet('notConfigured','portrait','landscape','autoRotate')] + [ValidateSet('notConfigured', 'portrait', 'landscape', 'autoRotate')] [System.String] $KioskModeScreenOrientation, @@ -1137,7 +1132,7 @@ function Set-TargetResource $KioskModeShowDeviceInfo, [Parameter()] - [ValidateSet('notConfigured','singleAppMode','multiAppMode')] + [ValidateSet('notConfigured', 'singleAppMode', 'multiAppMode')] [System.String] $KioskModeUseManagedHomeScreenApp, @@ -1146,7 +1141,7 @@ function Set-TargetResource $KioskModeVirtualHomeButtonEnabled, [Parameter()] - [ValidateSet('notConfigured','swipeUp','floating')] + [ValidateSet('notConfigured', 'swipeUp', 'floating')] [System.String] $KioskModeVirtualHomeButtonType, @@ -1187,7 +1182,7 @@ function Set-TargetResource $MicrosoftLauncherDockPresenceAllowUserModification, [Parameter()] - [ValidateSet('notConfigured','show','hide','disabled')] + [ValidateSet('notConfigured', 'show', 'hide', 'disabled')] [System.String] $MicrosoftLauncherDockPresenceConfiguration, @@ -1200,7 +1195,7 @@ function Set-TargetResource $MicrosoftLauncherFeedEnabled, [Parameter()] - [ValidateSet('notConfigured','top','bottom','hide')] + [ValidateSet('notConfigured', 'top', 'bottom', 'hide')] [System.String] $MicrosoftLauncherSearchBarPlacementConfiguration, @@ -1217,7 +1212,7 @@ function Set-TargetResource $PasswordBlockKeyguard, [Parameter()] - [ValidateSet('notConfigured','camera','notifications','unredactedNotifications','trustAgents','fingerprint','remoteInput','allFeatures','face','iris','biometrics')] + [ValidateSet('notConfigured', 'camera', 'notifications', 'unredactedNotifications', 'trustAgents', 'fingerprint', 'remoteInput', 'allFeatures', 'face', 'iris', 'biometrics')] [System.String[]] $PasswordBlockKeyguardFeatures, @@ -1262,12 +1257,12 @@ function Set-TargetResource $PasswordPreviousPasswordCountToBlock, [Parameter()] - [ValidateSet('deviceDefault','required','numeric','numericComplex','alphabetic','alphanumeric','alphanumericWithSymbols','lowSecurityBiometric','customPassword')] + [ValidateSet('deviceDefault', 'required', 'numeric', 'numericComplex', 'alphabetic', 'alphanumeric', 'alphanumericWithSymbols', 'lowSecurityBiometric', 'customPassword')] [System.String] $PasswordRequiredType, [Parameter()] - [ValidateSet('deviceDefault','daily','unkownFutureValue')] + [ValidateSet('deviceDefault', 'daily', 'unkownFutureValue')] [System.String] $PasswordRequireUnlock, @@ -1288,7 +1283,7 @@ function Set-TargetResource $PersonalProfilePersonalApplications, [Parameter()] - [ValidateSet('notConfigured','blockedApps','allowedApps')] + [ValidateSet('notConfigured', 'blockedApps', 'allowedApps')] [System.String] $PersonalProfilePlayStoreMode, @@ -1297,7 +1292,7 @@ function Set-TargetResource $PersonalProfileScreenCaptureBlocked, [Parameter()] - [ValidateSet('notConfigured','allowList','blockList')] + [ValidateSet('notConfigured', 'allowList', 'blockList')] [System.String] $PlayStoreMode, @@ -1326,7 +1321,7 @@ function Set-TargetResource $StatusBarBlocked, [Parameter()] - [ValidateSet('notConfigured','ac','usb','wireless')] + [ValidateSet('notConfigured', 'ac', 'usb', 'wireless')] [System.String[]] $StayOnModes, @@ -1347,7 +1342,7 @@ function Set-TargetResource $SystemUpdateFreezePeriods, [Parameter()] - [ValidateSet('deviceDefault','postpone','windowed','automatic')] + [ValidateSet('deviceDefault', 'postpone', 'windowed', 'automatic')] [System.String] $systemUpdateInstallType, @@ -1428,12 +1423,12 @@ function Set-TargetResource $WorkProfilePasswordPreviousPasswordCountToBlock, [Parameter()] - [ValidateSet('deviceDefault','required','numeric','numericComplex','alphabetic','alphanumeric','alphanumericWithSymbols','lowSecurityBiometric','customPassword')] + [ValidateSet('deviceDefault', 'required', 'numeric', 'numericComplex', 'alphabetic', 'alphanumeric', 'alphanumericWithSymbols', 'lowSecurityBiometric', 'customPassword')] [System.String] $WorkProfilePasswordRequiredType, [Parameter()] - [ValidateSet('deviceDefault','daily','unkownFutureValue')] + [ValidateSet('deviceDefault', 'daily', 'unkownFutureValue')] [System.String] $WorkProfilePasswordRequireUnlock, @@ -1441,17 +1436,15 @@ function Set-TargetResource [System.Int32] $WorkProfilePasswordSignInFailureCountBeforeFactoryReset, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -1510,92 +1503,87 @@ function Set-TargetResource $PSBoundParameters.Remove('TenantId') | Out-Null $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() - $CreateParameters=Rename-M365DSCCimInstanceODataParameter -Properties $CreateParameters + $CreateParameters = Rename-M365DSCCimInstanceODataParameter -Properties $CreateParameters - $CreateParameters.Remove("Id") | Out-Null - $CreateParameters.Remove("Verbose") | Out-Null + $CreateParameters.Remove('Id') | Out-Null + $CreateParameters.Remove('Verbose') | Out-Null - foreach($key in ($CreateParameters.clone()).Keys) + foreach ($key in ($CreateParameters.clone()).Keys) { - if($CreateParameters[$key].getType().Fullname -like "*CimInstance*") + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') { - $CreateParameters[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] } - if($key -ne '@odata.type') + if ($key -ne '@odata.type') { - $keyName=$key.substring(0,1).ToLower()+$key.substring(1,$key.length-1) - $keyValue=$CreateParameters.$key - $CreateParameters.remove($key)|out-null - $CreateParameters.add($keyName,$keyValue)|out-null + $keyName = $key.substring(0, 1).ToLower() + $key.substring(1, $key.length - 1) + $keyValue = $CreateParameters.$key + $CreateParameters.remove($key) | Out-Null + $CreateParameters.add($keyName, $keyValue) | Out-Null } } - $CreateParameters.add("@odata.type","#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration") + $CreateParameters.add('@odata.type', '#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration') #region resource generator code - $policy=New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - if($policy.id) + if ($policy.id) { Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() - $UpdateParameters=Rename-M365DSCCimInstanceODataParameter -Properties $UpdateParameters + $UpdateParameters = Rename-M365DSCCimInstanceODataParameter -Properties $UpdateParameters - $UpdateParameters.Remove("Id") | Out-Null - $UpdateParameters.Remove("Verbose") | Out-Null + $UpdateParameters.Remove('Id') | Out-Null + $UpdateParameters.Remove('Verbose') | Out-Null - foreach($key in (($UpdateParameters.clone()).Keys|Sort-Object)) + foreach ($key in (($UpdateParameters.clone()).Keys | Sort-Object)) { - if($UpdateParameters.$key.getType().Fullname -like "*CimInstance*") + if ($UpdateParameters.$key.getType().Fullname -like '*CimInstance*') { - $UpdateParameters.$key=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } - if($key -ne '@odata.type') + if ($key -ne '@odata.type') { - $keyName=$key.substring(0,1).ToLower()+$key.substring(1,$key.length-1) - $keyValue=$UpdateParameters.$key + $keyName = $key.substring(0, 1).ToLower() + $key.substring(1, $key.length - 1) + $keyValue = $UpdateParameters.$key $UpdateParameters.remove($key) - $UpdateParameters.add($keyName,$keyValue) + $UpdateParameters.add($keyName, $keyValue) } } - $UpdateParameters.add("@odata.type","#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration") + $UpdateParameters.add('@odata.type', '#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration') Update-MgDeviceManagementDeviceConfiguration -BodyParameter $UpdateParameters ` -DeviceConfigurationId $currentInstance.Id - $assignmentsHash=@() - foreach($assignment in $Assignments) + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -1604,7 +1592,6 @@ function Set-TargetResource #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -1614,9 +1601,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -1624,7 +1610,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -1637,12 +1623,12 @@ function Test-TargetResource $AppsAllowInstallFromUnknownSources, [Parameter()] - [ValidateSet('notConfigured','userChoice','never','wiFiOnly','always')] + [ValidateSet('notConfigured', 'userChoice', 'never', 'wiFiOnly', 'always')] [System.String] $AppsAutoUpdatePolicy, [Parameter()] - [ValidateSet('deviceDefault','prompt','autoGrant','autoDeny')] + [ValidateSet('deviceDefault', 'prompt', 'autoGrant', 'autoDeny')] [System.String] $AppsDefaultPermissionPolicy, @@ -1679,7 +1665,7 @@ function Test-TargetResource $CrossProfilePoliciesAllowCopyPaste, [Parameter()] - [ValidateSet('notConfigured','crossProfileDataSharingBlocked','dataSharingFromWorkToPersonalBlocked','crossProfileDataSharingAllowed','unkownFutureValue')] + [ValidateSet('notConfigured', 'crossProfileDataSharingBlocked', 'dataSharingFromWorkToPersonalBlocked', 'crossProfileDataSharingAllowed', 'unkownFutureValue')] [System.String] $CrossProfilePoliciesAllowDataSharing, @@ -1704,7 +1690,7 @@ function Test-TargetResource $DeviceOwnerLockScreenMessage, [Parameter()] - [ValidateSet('notConfigured','dedicatedDevice','fullyManaged')] + [ValidateSet('notConfigured', 'dedicatedDevice', 'fullyManaged')] [System.String] $EnrollmentProfile, @@ -1733,7 +1719,7 @@ function Test-TargetResource $KioskCustomizationPowerButtonActionsBlocked, [Parameter()] - [ValidateSet('notConfigured','notificationsAndSystemInfoEnabled','systemInfoOnly')] + [ValidateSet('notConfigured', 'notificationsAndSystemInfoEnabled', 'systemInfoOnly')] [System.String] $KioskCustomizationStatusBar, @@ -1742,7 +1728,7 @@ function Test-TargetResource $KioskCustomizationSystemErrorWarnings, [Parameter()] - [ValidateSet('notConfigured','navigationEnabled','homeButtonOnly')] + [ValidateSet('notConfigured', 'navigationEnabled', 'homeButtonOnly')] [System.String] $KioskCustomizationSystemNavigation, @@ -1779,7 +1765,7 @@ function Test-TargetResource $KioskModeFlashlightConfigurationEnabled, [Parameter()] - [ValidateSet('notConfigured','darkSquare','darkCircle','lightSquare','lightCircle')] + [ValidateSet('notConfigured', 'darkSquare', 'darkCircle', 'lightSquare', 'lightCircle')] [System.String] $KioskModeFolderIcon, @@ -1792,7 +1778,7 @@ function Test-TargetResource $KioskModeGridWidth, [Parameter()] - [ValidateSet('notConfigured','smallest','small','regular','large','largest')] + [ValidateSet('notConfigured', 'smallest', 'small', 'regular', 'large', 'largest')] [System.String] $KioskModeIconSize, @@ -1817,7 +1803,7 @@ function Test-TargetResource $KioskModeManagedHomeScreenInactiveSignOutNoticeInSeconds, [Parameter()] - [ValidateSet('notConfigured','simple','complex')] + [ValidateSet('notConfigured', 'simple', 'complex')] [System.String] $KioskModeManagedHomeScreenPinComplexity, @@ -1850,7 +1836,7 @@ function Test-TargetResource $KioskModeMediaVolumeConfigurationEnabled, [Parameter()] - [ValidateSet('notConfigured','portrait','landscape','autoRotate')] + [ValidateSet('notConfigured', 'portrait', 'landscape', 'autoRotate')] [System.String] $KioskModeScreenOrientation, @@ -1883,7 +1869,7 @@ function Test-TargetResource $KioskModeShowDeviceInfo, [Parameter()] - [ValidateSet('notConfigured','singleAppMode','multiAppMode')] + [ValidateSet('notConfigured', 'singleAppMode', 'multiAppMode')] [System.String] $KioskModeUseManagedHomeScreenApp, @@ -1892,7 +1878,7 @@ function Test-TargetResource $KioskModeVirtualHomeButtonEnabled, [Parameter()] - [ValidateSet('notConfigured','swipeUp','floating')] + [ValidateSet('notConfigured', 'swipeUp', 'floating')] [System.String] $KioskModeVirtualHomeButtonType, @@ -1933,7 +1919,7 @@ function Test-TargetResource $MicrosoftLauncherDockPresenceAllowUserModification, [Parameter()] - [ValidateSet('notConfigured','show','hide','disabled')] + [ValidateSet('notConfigured', 'show', 'hide', 'disabled')] [System.String] $MicrosoftLauncherDockPresenceConfiguration, @@ -1946,7 +1932,7 @@ function Test-TargetResource $MicrosoftLauncherFeedEnabled, [Parameter()] - [ValidateSet('notConfigured','top','bottom','hide')] + [ValidateSet('notConfigured', 'top', 'bottom', 'hide')] [System.String] $MicrosoftLauncherSearchBarPlacementConfiguration, @@ -1963,7 +1949,7 @@ function Test-TargetResource $PasswordBlockKeyguard, [Parameter()] - [ValidateSet('notConfigured','camera','notifications','unredactedNotifications','trustAgents','fingerprint','remoteInput','allFeatures','face','iris','biometrics')] + [ValidateSet('notConfigured', 'camera', 'notifications', 'unredactedNotifications', 'trustAgents', 'fingerprint', 'remoteInput', 'allFeatures', 'face', 'iris', 'biometrics')] [System.String[]] $PasswordBlockKeyguardFeatures, @@ -2008,12 +1994,12 @@ function Test-TargetResource $PasswordPreviousPasswordCountToBlock, [Parameter()] - [ValidateSet('deviceDefault','required','numeric','numericComplex','alphabetic','alphanumeric','alphanumericWithSymbols','lowSecurityBiometric','customPassword')] + [ValidateSet('deviceDefault', 'required', 'numeric', 'numericComplex', 'alphabetic', 'alphanumeric', 'alphanumericWithSymbols', 'lowSecurityBiometric', 'customPassword')] [System.String] $PasswordRequiredType, [Parameter()] - [ValidateSet('deviceDefault','daily','unkownFutureValue')] + [ValidateSet('deviceDefault', 'daily', 'unkownFutureValue')] [System.String] $PasswordRequireUnlock, @@ -2034,7 +2020,7 @@ function Test-TargetResource $PersonalProfilePersonalApplications, [Parameter()] - [ValidateSet('notConfigured','blockedApps','allowedApps')] + [ValidateSet('notConfigured', 'blockedApps', 'allowedApps')] [System.String] $PersonalProfilePlayStoreMode, @@ -2043,7 +2029,7 @@ function Test-TargetResource $PersonalProfileScreenCaptureBlocked, [Parameter()] - [ValidateSet('notConfigured','allowList','blockList')] + [ValidateSet('notConfigured', 'allowList', 'blockList')] [System.String] $PlayStoreMode, @@ -2072,7 +2058,7 @@ function Test-TargetResource $StatusBarBlocked, [Parameter()] - [ValidateSet('notConfigured','ac','usb','wireless')] + [ValidateSet('notConfigured', 'ac', 'usb', 'wireless')] [System.String[]] $StayOnModes, @@ -2093,7 +2079,7 @@ function Test-TargetResource $SystemUpdateFreezePeriods, [Parameter()] - [ValidateSet('deviceDefault','postpone','windowed','automatic')] + [ValidateSet('deviceDefault', 'postpone', 'windowed', 'automatic')] [System.String] $SystemUpdateInstallType, @@ -2174,12 +2160,12 @@ function Test-TargetResource $WorkProfilePasswordPreviousPasswordCountToBlock, [Parameter()] - [ValidateSet('deviceDefault','required','numeric','numericComplex','alphabetic','alphanumeric','alphanumericWithSymbols','lowSecurityBiometric','customPassword')] + [ValidateSet('deviceDefault', 'required', 'numeric', 'numericComplex', 'alphabetic', 'alphanumeric', 'alphanumericWithSymbols', 'lowSecurityBiometric', 'customPassword')] [System.String] $WorkProfilePasswordRequiredType, [Parameter()] - [ValidateSet('deviceDefault','daily','unkownFutureValue')] + [ValidateSet('deviceDefault', 'daily', 'unkownFutureValue')] [System.String] $WorkProfilePasswordRequireUnlock, @@ -2187,17 +2173,15 @@ function Test-TargetResource [System.Int32] $WorkProfilePasswordSignInFailureCountBeforeFactoryReset, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -2241,34 +2225,33 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if($CurrentValues.Ensure -eq "Absent") + if ($CurrentValues.Ensure -eq 'Absent') { Write-Verbose -Message "Test-TargetResource returned $false" return $false } - $testResult=$true + $testResult = $true #Compare Cim instances - foreach($key in $PSBoundParameters.Keys) + foreach ($key in $PSBoundParameters.Keys) { - $source=$PSBoundParameters.$key - $target=$CurrentValues.$key - if($source.getType().Name -like "*CimInstance*") + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') { - $source=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - $testResult=Compare-M365DSCComplexObject ` + $testResult = Compare-M365DSCComplexObject ` -Source ($source) ` -Target ($target) - if(-Not $testResult) + if (-Not $testResult) { - $testResult=$false - break; + $testResult = $false + break } - $ValuesToCheck.Remove($key)|Out-Null - + $ValuesToCheck.Remove($key) | Out-Null } } @@ -2278,21 +2261,21 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $ValuesToCheck.Remove('Id') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) { - if(($null -ne $CurrentValues[$key]) ` - -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) { - $CurrentValues[$key]=$CurrentValues[$key].toString() + $CurrentValues[$key] = $CurrentValues[$key].toString() } } #Compare basic parameters - if($testResult) + if ($testResult) { $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -2392,327 +2375,327 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.AzureAdSharedDeviceDataClearApps) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.AzureAdSharedDeviceDataClearApps -CIMInstanceName MicrosoftGraphapplistitem - if ($complexTypeStringResult) + if ($Results.AzureAdSharedDeviceDataClearApps) { - $Results.AzureAdSharedDeviceDataClearApps = $complexTypeStringResult - } - else - { - $Results.Remove('AzureAdSharedDeviceDataClearApps') | Out-Null - } - } - if ($Results.DetailedHelpText) - { - $complexTypeMapping=@( - @{ - Name='DetailedHelpText' - CimInstanceName='MicrosoftGraphandroiddeviceowneruserfacingmessage' + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.AzureAdSharedDeviceDataClearApps -CIMInstanceName MicrosoftGraphapplistitem + if ($complexTypeStringResult) + { + $Results.AzureAdSharedDeviceDataClearApps = $complexTypeStringResult } - @{ - Name='localizedMessages' - CimInstanceName='MicrosoftGraphkeyvaluepair' + else + { + $Results.Remove('AzureAdSharedDeviceDataClearApps') | Out-Null } - ) - - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.DetailedHelpText ` - -CIMInstanceName MicrosoftGraphandroiddeviceowneruserfacingmessage ` - -ComplexTypeMapping $complexTypeMapping - - if ($complexTypeStringResult) - { - $Results.DetailedHelpText = $complexTypeStringResult } - else + if ($Results.DetailedHelpText) { - $Results.Remove('DetailedHelpText') | Out-Null - } - } - if ($Results.DeviceOwnerLockScreenMessage) - { - $complexTypeMapping=@( - @{ - Name='DeviceOwnerLockScreenMessage' - CimInstanceName='MicrosoftGraphandroiddeviceowneruserfacingmessage' + $complexTypeMapping = @( + @{ + Name = 'DetailedHelpText' + CimInstanceName = 'MicrosoftGraphandroiddeviceowneruserfacingmessage' + } + @{ + Name = 'localizedMessages' + CimInstanceName = 'MicrosoftGraphkeyvaluepair' + } + ) + + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.DetailedHelpText ` + -CIMInstanceName MicrosoftGraphandroiddeviceowneruserfacingmessage ` + -ComplexTypeMapping $complexTypeMapping + + if ($complexTypeStringResult) + { + $Results.DetailedHelpText = $complexTypeStringResult } - @{ - Name='localizedMessages' - CimInstanceName='MicrosoftGraphkeyvaluepair' - isRequired=$true + else + { + $Results.Remove('DetailedHelpText') | Out-Null } - ) - - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.DeviceOwnerLockScreenMessage ` - -CIMInstanceName MicrosoftGraphandroiddeviceowneruserfacingmessage ` - -ComplexTypeMapping $complexTypeMapping - if ($complexTypeStringResult) - { - $Results.DeviceOwnerLockScreenMessage = $complexTypeStringResult } - else + if ($Results.DeviceOwnerLockScreenMessage) { - $Results.Remove('DeviceOwnerLockScreenMessage') | Out-Null - } - } + $complexTypeMapping = @( + @{ + Name = 'DeviceOwnerLockScreenMessage' + CimInstanceName = 'MicrosoftGraphandroiddeviceowneruserfacingmessage' + } + @{ + Name = 'localizedMessages' + CimInstanceName = 'MicrosoftGraphkeyvaluepair' + isRequired = $true + } + ) - if ($Results.GlobalProxy) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.GlobalProxy -CIMInstanceName MicrosoftGraphandroiddeviceownerglobalproxy - if ($complexTypeStringResult) - { - $Results.GlobalProxy = $complexTypeStringResult + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.DeviceOwnerLockScreenMessage ` + -CIMInstanceName MicrosoftGraphandroiddeviceowneruserfacingmessage ` + -ComplexTypeMapping $complexTypeMapping + if ($complexTypeStringResult) + { + $Results.DeviceOwnerLockScreenMessage = $complexTypeStringResult + } + else + { + $Results.Remove('DeviceOwnerLockScreenMessage') | Out-Null + } } - else + + if ($Results.GlobalProxy) { - $Results.Remove('GlobalProxy') | Out-Null - } - } - if ($Results.KioskModeAppPositions) - { - $complexTypeMapping=@( - @{ - Name='kioskModeAppPositions' - CimInstanceName='MicrosoftGraphandroiddeviceownerkioskmodeapppositionitem' + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.GlobalProxy -CIMInstanceName MicrosoftGraphandroiddeviceownerglobalproxy + if ($complexTypeStringResult) + { + $Results.GlobalProxy = $complexTypeStringResult } - @{ - Name='item' - CimInstanceName='MicrosoftGraphandroiddeviceownerkioskmodefolderitem' - isRequired=$true + else + { + $Results.Remove('GlobalProxy') | Out-Null } - ) - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.KioskModeAppPositions ` - -CIMInstanceName MicrosoftGraphandroiddeviceownerkioskmodeapppositionitem ` - -ComplexTypeMapping $complexTypeMapping - if ($complexTypeStringResult) - { - $Results.KioskModeAppPositions = $complexTypeStringResult } - else + if ($Results.KioskModeAppPositions) { - $Results.Remove('KioskModeAppPositions') | Out-Null - } - } - if ($Results.KioskModeApps) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.KioskModeApps -CIMInstanceName MicrosoftGraphapplistitem - if ($complexTypeStringResult) - { - $Results.KioskModeApps = $complexTypeStringResult + $complexTypeMapping = @( + @{ + Name = 'kioskModeAppPositions' + CimInstanceName = 'MicrosoftGraphandroiddeviceownerkioskmodeapppositionitem' + } + @{ + Name = 'item' + CimInstanceName = 'MicrosoftGraphandroiddeviceownerkioskmodefolderitem' + isRequired = $true + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.KioskModeAppPositions ` + -CIMInstanceName MicrosoftGraphandroiddeviceownerkioskmodeapppositionitem ` + -ComplexTypeMapping $complexTypeMapping + if ($complexTypeStringResult) + { + $Results.KioskModeAppPositions = $complexTypeStringResult + } + else + { + $Results.Remove('KioskModeAppPositions') | Out-Null + } } - else + if ($Results.KioskModeApps) { - $Results.Remove('KioskModeApps') | Out-Null + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.KioskModeApps -CIMInstanceName MicrosoftGraphapplistitem + if ($complexTypeStringResult) + { + $Results.KioskModeApps = $complexTypeStringResult + } + else + { + $Results.Remove('KioskModeApps') | Out-Null + } } - } - if ($Results.KioskModeManagedFolders) - { - $complexTypeMapping=@( - @{ - Name='kioskModeManagedFolders' - CimInstanceName='MicrosoftGraphandroiddeviceownerkioskmodemanagedfolder' + if ($Results.KioskModeManagedFolders) + { + $complexTypeMapping = @( + @{ + Name = 'kioskModeManagedFolders' + CimInstanceName = 'MicrosoftGraphandroiddeviceownerkioskmodemanagedfolder' + } + @{ + Name = 'items' + CimInstanceName = 'MicrosoftGraphandroiddeviceownerkioskmodefolderitem' + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.KioskModeManagedFolders ` + -CIMInstanceName MicrosoftGraphandroiddeviceownerkioskmodemanagedfolder ` + -ComplexTypeMapping $complexTypeMapping + + if ($complexTypeStringResult) + { + $Results.KioskModeManagedFolders = $complexTypeStringResult } - @{ - Name='items' - CimInstanceName='MicrosoftGraphandroiddeviceownerkioskmodefolderitem' + else + { + $Results.Remove('KioskModeManagedFolders') | Out-Null } - ) - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.KioskModeManagedFolders ` - -CIMInstanceName MicrosoftGraphandroiddeviceownerkioskmodemanagedfolder ` - -ComplexTypeMapping $complexTypeMapping - if ($complexTypeStringResult) - { - $Results.KioskModeManagedFolders = $complexTypeStringResult - } - else - { - $Results.Remove('KioskModeManagedFolders') | Out-Null } - } - - if ($Results.PersonalProfilePersonalApplications) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.PersonalProfilePersonalApplications -CIMInstanceName MicrosoftGraphapplistitem - if ($complexTypeStringResult) - { - $Results.PersonalProfilePersonalApplications = $complexTypeStringResult - } - else + if ($Results.PersonalProfilePersonalApplications) { - $Results.Remove('PersonalProfilePersonalApplications') | Out-Null - } - } - if ($Results.ShortHelpText) - { - $complexTypeMapping=@( - @{ - Name='ShortHelpText' - CimInstanceName='MicrosoftGraphandroiddeviceowneruserfacingmessage' + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.PersonalProfilePersonalApplications -CIMInstanceName MicrosoftGraphapplistitem + if ($complexTypeStringResult) + { + $Results.PersonalProfilePersonalApplications = $complexTypeStringResult } - @{ - Name='localizedMessages' - CimInstanceName='MicrosoftGraphkeyvaluepair' - isRequired=$true - isArray=$true + else + { + $Results.Remove('PersonalProfilePersonalApplications') | Out-Null } - ) - - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.ShortHelpText ` - -CIMInstanceName MicrosoftGraphandroiddeviceowneruserfacingmessage ` - -ComplexTypeMapping $complexTypeMapping - if ($complexTypeStringResult) - { - $Results.ShortHelpText = $complexTypeStringResult - } - else - { - $Results.Remove('ShortHelpText') | Out-Null } - } - if ($Results.SystemUpdateFreezePeriods) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.SystemUpdateFreezePeriods -CIMInstanceName MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod - if ($complexTypeStringResult) + if ($Results.ShortHelpText) { - $Results.SystemUpdateFreezePeriods = $complexTypeStringResult + $complexTypeMapping = @( + @{ + Name = 'ShortHelpText' + CimInstanceName = 'MicrosoftGraphandroiddeviceowneruserfacingmessage' + } + @{ + Name = 'localizedMessages' + CimInstanceName = 'MicrosoftGraphkeyvaluepair' + isRequired = $true + isArray = $true + } + ) + + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.ShortHelpText ` + -CIMInstanceName MicrosoftGraphandroiddeviceowneruserfacingmessage ` + -ComplexTypeMapping $complexTypeMapping + if ($complexTypeStringResult) + { + $Results.ShortHelpText = $complexTypeStringResult + } + else + { + $Results.Remove('ShortHelpText') | Out-Null + } } - else + if ($Results.SystemUpdateFreezePeriods) { - $Results.Remove('SystemUpdateFreezePeriods') | Out-Null + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.SystemUpdateFreezePeriods -CIMInstanceName MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod + if ($complexTypeStringResult) + { + $Results.SystemUpdateFreezePeriods = $complexTypeStringResult + } + else + { + $Results.Remove('SystemUpdateFreezePeriods') | Out-Null + } } - } - if($Results.Assignments) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments - if ($complexTypeStringResult) + if ($Results.Assignments) { - $Results.Assignments = $complexTypeStringResult - } - else - { - $Results.Remove('Assignments') | Out-Null + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } } - } $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential - if ($Results.AzureAdSharedDeviceDataClearApps) - { - $isCIMArray=$false - if($Results.AzureAdSharedDeviceDataClearApps.getType().Fullname -like "*[[\]]") + if ($Results.AzureAdSharedDeviceDataClearApps) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.AzureAdSharedDeviceDataClearApps.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'AzureAdSharedDeviceDataClearApps' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "AzureAdSharedDeviceDataClearApps" -isCIMArray:$isCIMArray - } - if ($Results.DetailedHelpText) - { - $isCIMArray=$false - if($Results.DetailedHelpText.getType().Fullname -like "*[[\]]") + if ($Results.DetailedHelpText) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.DetailedHelpText.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DetailedHelpText' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DetailedHelpText" -isCIMArray:$isCIMArray - } - if ($Results.DeviceOwnerLockScreenMessage) - { - $isCIMArray=$false - if($Results.DeviceOwnerLockScreenMessage.getType().Fullname -like "*[[\]]") + if ($Results.DeviceOwnerLockScreenMessage) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.DeviceOwnerLockScreenMessage.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DeviceOwnerLockScreenMessage' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DeviceOwnerLockScreenMessage" -isCIMArray:$isCIMArray - } - if ($Results.GlobalProxy) - { - $isCIMArray=$false - if($Results.GlobalProxy.getType().Fullname -like "*[[\]]") + if ($Results.GlobalProxy) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.GlobalProxy.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'GlobalProxy' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "GlobalProxy" -isCIMArray:$isCIMArray - } - if ($Results.KioskModeAppPositions) - { - $isCIMArray=$false - if($Results.KioskModeAppPositions.getType().Fullname -like "*[[\]]") + if ($Results.KioskModeAppPositions) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.KioskModeAppPositions.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'KioskModeAppPositions' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "KioskModeAppPositions" -isCIMArray:$isCIMArray - } - if ($Results.KioskModeApps) - { - $isCIMArray=$false - if($Results.KioskModeApps.getType().Fullname -like "*[[\]]") + if ($Results.KioskModeApps) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.KioskModeApps.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'KioskModeApps' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "KioskModeApps" -isCIMArray:$isCIMArray - } - if ($Results.KioskModeManagedFolders) - { - $isCIMArray=$false - if($Results.KioskModeManagedFolders.getType().Fullname -like "*[[\]]") + if ($Results.KioskModeManagedFolders) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.KioskModeManagedFolders.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'KioskModeManagedFolders' -IsCIMArray:$isCIMArray -Verbose } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "KioskModeManagedFolders" -isCIMArray:$isCIMArray -Verbose - } - if ($Results.PersonalProfilePersonalApplications) - { - $isCIMArray=$false - if($Results.PersonalProfilePersonalApplications.getType().Fullname -like "*[[\]]") + if ($Results.PersonalProfilePersonalApplications) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.PersonalProfilePersonalApplications.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'PersonalProfilePersonalApplications' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "PersonalProfilePersonalApplications" -isCIMArray:$isCIMArray - } - if ($Results.ShortHelpText) - { - $isCIMArray=$false - if($Results.ShortHelpText.getType().Fullname -like "*[[\]]") + if ($Results.ShortHelpText) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.ShortHelpText.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ShortHelpText' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ShortHelpText" -isCIMArray:$isCIMArray - } - if ($Results.SystemUpdateFreezePeriods) - { - $isCIMArray=$false - if($Results.SystemUpdateFreezePeriods.getType().Fullname -like "*[[\]]") + if ($Results.SystemUpdateFreezePeriods) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.SystemUpdateFreezePeriods.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'SystemUpdateFreezePeriods' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "SystemUpdateFreezePeriods" -isCIMArray:$isCIMArray - } - if ($Results.Assignments) - { - $isCIMArray=$false - if($Results.Assignments.getType().Fullname -like "*[[\]]") + if ($Results.Assignments) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$isCIMArray - } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -2753,58 +2736,58 @@ function Export-TargetResource function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { return $ComplexObject } - if($ComplexObject.getType().Fullname -like "*hashtable[[\]]") + if ($ComplexObject.getType().Fullname -like '*hashtable[[\]]') { return [hashtable[]]$ComplexObject } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $results = @{} - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property' -and $_.Name -ne 'AdditionalProperties'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' -and $_.Name -ne 'AdditionalProperties' } foreach ($key in $keys) { - if($ComplexObject.$($key.Name)) + if ($ComplexObject.$($key.Name)) { $keyName = $key.Name[0].ToString().ToLower() + $key.Name.Substring(1, $key.Name.Length - 1) - if($ComplexObject.$($key.Name).gettype().fullname -like "*CimInstance*") + if ($ComplexObject.$($key.Name).gettype().fullname -like '*CimInstance*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$($key.Name) @@ -2838,11 +2821,11 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace="", + $Whitespace = '', [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -2851,19 +2834,19 @@ function Get-M365DSCDRGComplexTypeToString } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() foreach ($item in $ComplexObject) { - $split=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'Whitespace'=" $whitespace" + $split = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'Whitespace' = " $whitespace" } if ($ComplexTypeMapping) { - $split.add('ComplexTypeMapping',$ComplexTypeMapping) + $split.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @split @@ -2873,11 +2856,11 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty="" - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" } @@ -2889,67 +2872,67 @@ function Get-M365DSCDRGComplexTypeToString if ($ComplexObject[$key]) { $keyNotNull++ - if ($ComplexObject[$key].GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject[$key].GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if($key -notin $ComplexTypeMapping.Name) + if ($key -notin $ComplexTypeMapping.Name) { - $Whitespace+=" " + $Whitespace += ' ' } - if(-not $isArray -or ($isArray -and $key -in $ComplexTypeMapping.Name )) + if (-not $isArray -or ($isArray -and $key -in $ComplexTypeMapping.Name )) { - $currentProperty += $whitespace + $key + " = " - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $currentProperty += $whitespace + $key + ' = ' + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $currentProperty += "@(" + $currentProperty += '@(' } } - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $Whitespace="" + $Whitespace = '' } $currentProperty += Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -Whitespace $Whitespace ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -Whitespace $Whitespace ` + -ComplexTypeMapping $ComplexTypeMapping - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $currentProperty += ")" + $currentProperty += ')' } - } + } else { - if(-not $isArray) + if (-not $isArray) { - $Whitespace= " " + $Whitespace = ' ' } - $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($Whitespace+" ") + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($Whitespace + ' ') } } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$Whitespace $key = @()`r`n" } @@ -2979,49 +2962,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } foreach ($item in $Value) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -3031,7 +3014,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -3043,7 +3026,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -3055,80 +3038,81 @@ function Rename-M365DSCCimInstanceODataParameter [Parameter(Mandatory = 'true')] $Properties ) - $clonedProperties=$Properties.clone() - foreach($key in $Properties.keys) + $clonedProperties = $Properties.clone() + foreach ($key in $Properties.keys) + { + if ($Properties.$key) { - if($Properties.$key) - { - switch -Wildcard ($Properties.$key.GetType().Fullname) { - '*CimInstance[[\]]' + switch -Wildcard ($Properties.$key.GetType().Fullname) + { + '*CimInstance[[\]]' + { + if ($properties.$key.count -gt 0) { - if($properties.$key.count -gt 0) + $values = @() + + foreach ($item in $Properties.$key) { - $values=@() - - foreach($item in $Properties.$key) - { - $CIMHash= Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $values+=Rename-M365DSCCimInstanceODataParameter -Properties $CIMHash - } - $clonedProperties.$key=$values + $CIMHash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $values += Rename-M365DSCCimInstanceODataParameter -Properties $CIMHash } - break; + $clonedProperties.$key = $values } - '*hashtable[[\]]' + break + } + '*hashtable[[\]]' + { + if ($properties.$key.count -gt 0) { - if($properties.$key.count -gt 0) + $values = @() + + foreach ($item in $Properties.$key) { - $values=@() - - foreach($item in $Properties.$key) - { - $CIMHash= Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $values+=Rename-M365DSCCimInstanceODataParameter -Properties $CIMHash - } - $clonedProperties.$key=$values + $CIMHash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $values += Rename-M365DSCCimInstanceODataParameter -Properties $CIMHash } - break; + $clonedProperties.$key = $values } - '*CimInstance' - { - $CIMHash= Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Properties.$key - $keys=($CIMHash.clone()).keys + break + } + '*CimInstance' + { + $CIMHash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Properties.$key + $keys = ($CIMHash.clone()).keys - if($keys -contains 'odataType') - { - $CIMHash.add('@odata.type',$CIMHash.odataType) - $CIMHash.remove('odataType') - $clonedProperties.$key=$CIMHash - } - break; + if ($keys -contains 'odataType') + { + $CIMHash.add('@odata.type', $CIMHash.odataType) + $CIMHash.remove('odataType') + $clonedProperties.$key = $CIMHash } - '*Hashtable' + break + } + '*Hashtable' + { + $keys = ($Properties.$key).keys + if ($keys -contains 'odataType') { - $keys=($Properties.$key).keys - if($keys -contains 'odataType') - { - $Properties.$key.add('@odata.type',$Properties.$key.odataType) - $Properties.$key.remove('odataType') - $clonedProperties.$key=$Properties.$key - } - break; + $Properties.$key.add('@odata.type', $Properties.$key.odataType) + $Properties.$key.remove('odataType') + $clonedProperties.$key = $Properties.$key } - Default + break + } + Default + { + if ($key -eq 'odataType') { - if($key -eq 'odataType') - { - $clonedProperties.remove('odataType') - $clonedProperties.add('@odata.type',$properties.$key) - } + $clonedProperties.remove('odataType') + $clonedProperties.add('@odata.type', $properties.$key) } } } } + } - return $clonedProperties + return $clonedProperties } function Compare-M365DSCComplexObject { @@ -3142,51 +3126,51 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - $i=0 - foreach($item in $Source) + $i = 0 + foreach ($item in $Source) { - $compareResult= Compare-M365DSCComplexObject ` - -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source[$i]) ` - -Target $Target[$i] + $compareResult = Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source[$i]) ` + -Target $Target[$i] - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } $i++ @@ -3194,40 +3178,40 @@ function Compare-M365DSCComplexObject return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #write-verbose -message "Comparing key: {$key}" #Matching possible key names between Source and Target - $skey=$key - $tkey=$key - if($key -eq 'odataType') + $skey = $key + $tkey = $key + if ($key -eq 'odataType') { - $skey='@odata.type' + $skey = '@odata.type' } else { - $tmpkey=$Target.keys|Where-Object -FilterScript {$_ -eq "$key"} - if($tkey) + $tmpkey = $Target.keys | Where-Object -FilterScript { $_ -eq "$key" } + if ($tkey) { - $tkey=$tmpkey|Select-Object -First 1 + $tkey = $tmpkey | Select-Object -First 1 } } - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$skey) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$skey) + if ($null -eq $Source.$skey) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -3235,16 +3219,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$skey) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$skey) -and ($null -ne $Target.$tkey)) { - if($Source.$skey.getType().FullName -like "*CimInstance*" -or $Source.$skey.getType().FullName -like "*hashtable*" ) + if ($Source.$skey.getType().FullName -like '*CimInstance*' -or $Source.$skey.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$skey) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" return $false @@ -3253,8 +3237,8 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$skey + $referenceObject = $Target.$tkey + $differenceObject = $Source.$skey $compareResult = Compare-Object ` -ReferenceObject ($referenceObject) ` @@ -3276,47 +3260,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($hashComplexObject) + if ($hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } @@ -3337,32 +3321,32 @@ function Update-DeviceConfigurationPolicyAssignment ) try { - $deviceManagementPolicyAssignments=@() + $deviceManagementPolicyAssignments = @() - $Uri="https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/$DeviceConfigurationPolicyId/assign" + $Uri = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach ($target in $targets) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) + $formattedTarget = @{'@odata.type' = $target.dataType } + if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } - if($target.collectionId) + if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } - if($target.deviceAndAppManagementAssignmentFilterType) + if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } - if($target.deviceAndAppManagementAssignmentFilterId) + if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop @@ -3372,7 +3356,7 @@ function Update-DeviceConfigurationPolicyAssignment try { Write-Verbose -Message $_ - $tenantIdValue = "" + $tenantIdValue = '' $tenantIdValue = $Credential.UserName.Split('@')[1] Add-M365DSCEvent -Message $_ -EntryType 'Error' ` -EventID 1 -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof index cc526ec33f..cf73c6fcac 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof @@ -83,9 +83,9 @@ class MSFT_MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationPolicyAndroidDeviceOwner")] class MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner : OMI_BaseResource { - [Write, Description("The Id of the policy.")] String Id; + [Key, Description("The Id of the policy.")] String Id; [Write, Description("The description of the policy.")] String Description; - [Write, Description("The display name of hte policy.")] String DisplayName; + [Required, Description("The display name of hte policy.")] String DisplayName; [Write, Description("Block modification of accounts. Only supported on Dedicated devices.")] Boolean AccountsBlockModification; [Write, Description("When allowed, users can enable the 'unknown sources' setting to install apps from sources other than the Google Play Store.")] Boolean AppsAllowInstallFromUnknownSources; [Write, Description("Devices check for app updates daily. The default behavior is to let device users decide. They'll be able to set their preferences in the managed Google Play app."), ValueMap{"notConfigured","userChoice","never","wiFiOnly","always"}, Values{"notConfigured","userChoice","never","wiFiOnly","always"}] String AppsAutoUpdatePolicy; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 index ba306015c3..209226ee9b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -74,17 +74,15 @@ function Get-TargetResource [System.Boolean] $WifiBlockEditConfigurations, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -160,7 +158,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -188,8 +185,6 @@ function Get-TargetResource StorageBlockExternalMedia = $getValue.AdditionalProperties.storageBlockExternalMedia StorageBlockUsbFileTransfer = $getValue.AdditionalProperties.storageBlockUsbFileTransfer WifiBlockEditConfigurations = $getValue.AdditionalProperties.wifiBlockEditConfigurations - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -200,7 +195,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -222,9 +217,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -232,7 +226,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -293,17 +287,15 @@ function Set-TargetResource [System.Boolean] $WifiBlockEditConfigurations, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -363,7 +355,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -398,7 +389,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -413,9 +403,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -451,7 +439,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -463,24 +450,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -490,9 +468,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -500,7 +477,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -561,17 +538,15 @@ function Test-TargetResource [System.Boolean] $WifiBlockEditConfigurations, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -626,7 +601,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -666,8 +640,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -741,7 +715,6 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` @@ -1390,7 +1363,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof index 5b69f46c69..a867422190 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationPolicyAndroidOpenSourceProject")] class MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Prevent applications from unknown sources.")] Boolean AppsBlockInstallFromUnknownSources; [Write, Description("Prevent bluetooth configuration.")] Boolean BluetoothBlockConfiguration; [Write, Description("Prevents using Bluetooth on devices.")] Boolean BluetoothBlocked; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index 91a81327d4..e023c8e050 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -256,17 +256,15 @@ function Get-TargetResource [System.Boolean] $WallpaperModificationBlocked, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -342,7 +340,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -431,7 +428,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -454,7 +451,7 @@ function Set-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -462,7 +459,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -710,10 +707,10 @@ function Set-TargetResource $Assignments, #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -858,7 +855,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -871,7 +867,6 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -890,7 +885,7 @@ function Test-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -898,7 +893,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -1146,10 +1141,10 @@ function Test-TargetResource $Assignments, #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -1204,7 +1199,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -1226,13 +1220,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -2076,7 +2070,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof index 0c1b24b70d..675c812cdd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof @@ -58,9 +58,9 @@ class MSFT_MicrosoftGraphmacosappleeventreceiver [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationPolicyMacOS")] class MSFT_IntuneDeviceConfigurationPolicyMacOS : OMI_BaseResource { - [Write, Description("")] String Id; + [Key, Description("")] String Id; [Write, Description("")] String Description; - [Write, Description("")] String DisplayName; + [Required, Description("")] String DisplayName; [Write, Description("")] Boolean AddingGameCenterFriendsBlocked; [Write, Description("")] Boolean AirDropBlocked; [Write, Description("Blocks users from unlocking their Mac with Apple Watch.")] Boolean AppleWatchBlockAutoUnlock; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 index 5a253e34f0..75be35b100 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -771,17 +771,15 @@ function Get-TargetResource [System.Boolean] $WifiPowerOnForced, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -853,10 +851,8 @@ function Get-TargetResource -and $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosGeneralDeviceConfiguration' ` } } - #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -865,7 +861,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -1045,7 +1040,6 @@ function Get-TargetResource WiFiConnectToAllowedNetworksOnlyForced = $getValue.AdditionalProperties.wiFiConnectToAllowedNetworksOnlyForced WifiPowerOnForced = $getValue.AdditionalProperties.wifiPowerOnForced Managedidentity = $ManagedIdentity.IsPresent - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -1068,7 +1062,6 @@ function Get-TargetResource $results.Add('MediaContentRatingUnitedStates', $getValue.additionalProperties.mediaContentRatingUnitedStates) $results.Add('NetworkUsageRules', $getValue.additionalProperties.networkUsageRules) - $returnAssignments = @() $returnAssignments += Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $getValue.Id $assignmentResult = @() @@ -1105,7 +1098,7 @@ function Set-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -1113,7 +1106,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -1871,17 +1864,15 @@ function Set-TargetResource [System.Boolean] $WifiPowerOnForced, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -1940,7 +1931,6 @@ function Set-TargetResource $PSBoundParameters.Remove('TenantId') | Out-Null $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -1984,9 +1974,7 @@ function Set-TargetResource Update-DeviceConfigurationPolicyAssignments -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -2026,9 +2014,7 @@ function Set-TargetResource } Update-DeviceConfigurationPolicyAssignments -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -2047,7 +2033,7 @@ function Test-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -2055,7 +2041,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -2813,17 +2799,15 @@ function Test-TargetResource [System.Boolean] $WifiPowerOnForced, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -2890,11 +2874,10 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null - } } @@ -2903,8 +2886,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -2987,7 +2970,6 @@ function Export-TargetResource } #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof index 8de25813fb..78cce20f3f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof @@ -81,9 +81,9 @@ class MSFT_MicrosoftGraphiosnetworkusagerule [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationPolicyIOS")] class MSFT_IntuneDeviceConfigurationPolicyIOS : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Indicates whether or not to allow account modification when the device is in supervised mode.")] Boolean AccountBlockModification; [Write, Description("Activation Lock makes it harder for a lost or stolen device to be reactivated.")] Boolean ActivationLockAllowWhenSupervised; [Write, Description("Indicates whether or not to allow AirDrop when the device is in supervised mode.")] Boolean AirDropBlocked; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 index fbed815f62..e0ee717fe5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -38,17 +38,15 @@ function Get-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -124,7 +122,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -133,7 +130,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -143,8 +139,6 @@ function Get-TargetResource NetworkName = $getValue.AdditionalProperties.networkName Ssid = $getValue.AdditionalProperties.ssid WiFiSecurityType = $getValue.AdditionalProperties.wiFiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -155,7 +149,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -179,7 +173,7 @@ function Set-TargetResource ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -187,7 +181,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -212,17 +206,15 @@ function Set-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -317,7 +309,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -332,9 +323,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -370,7 +359,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -382,24 +370,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -409,9 +388,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -419,7 +397,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -444,17 +422,15 @@ function Test-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -531,13 +507,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -1264,7 +1240,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof index 2cb7f02a0e..e380df3ac8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyAndroidDeviceAdministrator")] class MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator : OMI_BaseResource { - [Write, Description("Id of the Intune Policy.")] String Id; + [Key, Description("Id of the Intune Policy.")] String Id; [Write, Description("Description of the Intune Policy.")] String Description; - [Write, Description("Display name of the Intune Policy.")] String DisplayName; + [Required, Description("Display name of the Intune Policy.")] String DisplayName; [Write, Description("Connect automatically.")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 index 585d663225..fc217699b5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -67,17 +67,15 @@ function Get-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -153,7 +151,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -162,7 +159,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -179,8 +175,6 @@ function Get-TargetResource ProxySettings = $getValue.AdditionalProperties.proxySettings Ssid = $getValue.AdditionalProperties.ssid WiFiSecurityType = $getValue.AdditionalProperties.wiFiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -191,7 +185,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -213,9 +207,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -223,7 +216,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -277,17 +270,15 @@ function Set-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -347,7 +338,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -382,7 +372,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -397,9 +386,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -435,7 +422,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -447,24 +433,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -474,9 +451,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -484,7 +460,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -538,17 +514,15 @@ function Test-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -603,7 +577,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -625,13 +598,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -643,8 +616,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -718,18 +691,14 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerWiFiConfiguration' ` } - - #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -758,7 +727,6 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments @@ -778,7 +746,6 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.Assignments) { $isCIMArray = $false @@ -1365,7 +1332,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof index 4af3eb60a0..1e48dac488 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner")] class MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner : OMI_BaseResource { - [Write, Description("Id of the Intune policy")] String Id; + [Key, Description("Id of the Intune policy")] String Id; [Write, Description("Description of the Intune policy")] String Description; - [Write, Description("Disaply name of the Intune policy")] String DisplayName; + [Required, Description("Disaply name of the Intune policy")] String DisplayName; [Write, Description("If the network is in range, automatically connect.")] Boolean ConnectAutomatically; [Write, Description("Don't show this Wi-Fi network on an end-user's device in the list of available networks. The SSID will not be broadcasted.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 index 63604f466a..84b89ce8aa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -38,17 +38,15 @@ function Get-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -124,7 +122,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -133,7 +130,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -143,8 +139,6 @@ function Get-TargetResource NetworkName = $getValue.AdditionalProperties.networkName Ssid = $getValue.AdditionalProperties.ssid WiFiSecurityType = $getValue.AdditionalProperties.wiFiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -155,7 +149,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -177,9 +171,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -187,7 +180,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -212,17 +205,15 @@ function Set-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -282,7 +273,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -317,7 +307,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -332,9 +321,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -370,7 +357,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -382,24 +368,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -409,9 +386,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -419,7 +395,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -444,17 +420,15 @@ function Test-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -509,7 +483,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -531,13 +504,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -549,8 +522,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -624,18 +597,14 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileWiFiConfiguration' ` } - - #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -664,7 +633,6 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments @@ -684,7 +652,6 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.Assignments) { $isCIMArray = $false @@ -1265,7 +1232,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof index 02b6e37865..b4d905deb6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile")] class MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Connect automatically.")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 index 52984d859d..77876499d3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -38,17 +38,15 @@ function Get-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -124,7 +122,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -133,7 +130,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -143,8 +139,6 @@ function Get-TargetResource NetworkName = $getValue.AdditionalProperties.networkName Ssid = $getValue.AdditionalProperties.ssid WiFiSecurityType = $getValue.AdditionalProperties.wiFiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -155,7 +149,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -177,9 +171,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -187,7 +180,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -212,17 +205,15 @@ function Set-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -282,7 +273,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -317,7 +307,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -332,9 +321,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -370,7 +357,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -382,24 +368,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -409,9 +386,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -419,7 +395,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -444,17 +420,15 @@ function Test-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -509,7 +483,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -531,13 +504,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -549,8 +522,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -624,18 +597,14 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidForWorkWiFiConfiguration' ` } - - #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -664,7 +633,6 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments @@ -684,7 +652,6 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.Assignments) { $isCIMArray = $false @@ -1266,7 +1233,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof index 6eec78e0da..339532ca23 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyAndroidForWork")] class MSFT_IntuneWifiConfigurationPolicyAndroidForWork : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 index 39c952fdb1..c30fd46d3b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -46,17 +46,15 @@ function Get-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -132,7 +130,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -141,7 +138,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -153,8 +149,6 @@ function Get-TargetResource PreSharedKeyIsSet = $getValue.AdditionalProperties.preSharedKeyIsSet Ssid = $getValue.AdditionalProperties.ssid WiFiSecurityType = $getValue.AdditionalProperties.wiFiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -165,7 +159,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -187,9 +181,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -197,7 +190,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -230,17 +223,15 @@ function Set-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -300,7 +291,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -335,7 +325,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -350,9 +339,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -388,7 +375,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -400,24 +386,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -427,9 +404,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -437,7 +413,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -470,17 +446,15 @@ function Test-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -535,7 +509,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -557,13 +530,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -575,8 +548,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -650,18 +623,14 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.aospDeviceOwnerWiFiConfiguration' ` } - - #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -690,7 +659,6 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments @@ -710,7 +678,6 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.Assignments) { $isCIMArray = $false @@ -1297,7 +1264,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof index 77718f23c1..f6db025c0e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyAndroidOpenSourceProject")] class MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Connect automatically to the network.")] Boolean ConnectAutomatically; [Write, Description("Define if the network should be connected if hidden.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Define the network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 index b7ab5bedd6..c13bd4ee62 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -63,17 +63,15 @@ function Get-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -149,7 +147,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -158,7 +155,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -174,8 +170,6 @@ function Get-TargetResource ProxySettings = $getValue.AdditionalProperties.proxySettings Ssid = $getValue.AdditionalProperties.ssid WiFiSecurityType = $getValue.AdditionalProperties.wiFiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -186,7 +180,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -208,9 +202,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -218,7 +211,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -268,17 +261,15 @@ function Set-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -338,7 +329,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -373,7 +363,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -388,9 +377,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -426,7 +413,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -438,24 +424,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -465,9 +442,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -475,7 +451,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -525,17 +501,15 @@ function Test-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -590,7 +564,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -612,13 +585,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -630,8 +603,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -712,11 +685,8 @@ function Export-TargetResource -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosWiFiConfiguration' ` } - - #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -745,7 +715,6 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments @@ -765,7 +734,6 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.Assignments) { $isCIMArray = $false @@ -1352,7 +1320,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof index 765285eb39..8cd1c94f97 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyIOS")] class MSFT_IntuneWifiConfigurationPolicyIOS : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Disable the MAC address randomization.")] Boolean DisableMacAddressRandomization; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 index 3380eb6d1b..5fe7e7adae 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -59,17 +59,15 @@ function Get-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -145,7 +143,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -154,7 +151,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -169,8 +165,6 @@ function Get-TargetResource ProxySettings = $getValue.AdditionalProperties.proxySettings Ssid = $getValue.AdditionalProperties.ssid WiFiSecurityType = $getValue.AdditionalProperties.wiFiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -181,7 +175,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -203,9 +197,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -213,7 +206,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -259,17 +252,15 @@ function Set-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -329,7 +320,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -364,7 +354,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -379,9 +368,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -417,7 +404,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -429,24 +415,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -456,9 +433,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -466,7 +442,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -512,17 +488,15 @@ function Test-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -577,7 +551,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -599,13 +572,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -617,8 +590,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -692,18 +665,14 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSWiFiConfiguration' ` } - - #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -732,7 +701,6 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments @@ -752,7 +720,6 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.Assignments) { $isCIMArray = $false @@ -1338,7 +1305,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof index 60c265d2a4..05caa16920 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyMacOS")] class MSFT_IntuneWifiConfigurationPolicyMacOS : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 index d25122d17f..6ac20a5928 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -72,17 +72,15 @@ function Get-TargetResource [System.String] $WifiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -158,7 +156,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -167,7 +164,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -185,8 +181,6 @@ function Get-TargetResource ProxySetting = $getValue.AdditionalProperties.proxySetting Ssid = $getValue.AdditionalProperties.ssid WifiSecurityType = $getValue.AdditionalProperties.wifiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -197,7 +191,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -219,9 +213,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -229,7 +222,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -288,17 +281,15 @@ function Set-TargetResource [System.String] $WifiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -358,7 +349,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -393,7 +383,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -408,9 +397,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -446,7 +433,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -458,24 +444,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -485,9 +462,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -495,7 +471,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -554,17 +530,15 @@ function Test-TargetResource [System.String] $WifiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -619,7 +593,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -641,13 +614,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -659,8 +632,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -734,18 +707,14 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsWifiConfiguration' ` } - - #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -774,7 +743,6 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments @@ -794,7 +762,6 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.Assignments) { $isCIMArray = $false @@ -1382,7 +1349,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof index c3a54635ce..7501e91c5d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyWindows10")] class MSFT_IntuneWifiConfigurationPolicyWindows10 : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect to preferred network")] Boolean ConnectToPreferredNetwork; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 index 88ed11883c..5071d9e1b0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 @@ -5,6 +5,14 @@ function Get-TargetResource param ( #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.Boolean] $AzureRightsManagementServicesAllowed, @@ -14,7 +22,7 @@ function Get-TargetResource $DataRecoveryCertificate, [Parameter()] - [ValidateSet('noProtection','encryptAndAuditOnly','encryptAuditAndPrompt','encryptAuditAndBlock')] + [ValidateSet('noProtection', 'encryptAndAuditOnly', 'encryptAuditAndPrompt', 'encryptAuditAndBlock')] [System.String] $EnforcementLevel, @@ -93,21 +101,12 @@ function Get-TargetResource [Parameter()] [System.String] $Description, - - [Parameter()] - [System.String] - $DisplayName, - - [Parameter()] - [System.String] - $Id, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -157,13 +156,13 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceAppMgtMdmWindowInformationProtectionPolicy -MdmWindowsInformationProtectionPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceAppMgtMdmWindowInformationProtectionPolicy -MdmWindowsInformationProtectionPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Windows Information Protection Policy for Windows10 Mdm Enrolled with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDeviceAppMgtMdmWindowInformationProtectionPolicy ` -Filter "DisplayName eq '$DisplayName'" ` @@ -171,6 +170,7 @@ function Get-TargetResource } } #endregion + if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Windows Information Protection Policy for Windows10 Mdm Enrolled with DisplayName {$DisplayName}" @@ -183,35 +183,35 @@ function Get-TargetResource $complexDataRecoveryCertificate = @{} $complexDataRecoveryCertificate.Add('Certificate', $getValue.DataRecoveryCertificate.certificate) $complexDataRecoveryCertificate.Add('Description', $getValue.DataRecoveryCertificate.description) - if($null -ne $getValue.DataRecoveryCertificate.expirationDateTime) + if ($null -ne $getValue.DataRecoveryCertificate.expirationDateTime) { $complexDataRecoveryCertificate.Add('ExpirationDateTime', ([DateTimeOffset]$getValue.DataRecoveryCertificate.expirationDateTime).ToString('o')) } $complexDataRecoveryCertificate.Add('SubjectName', $getValue.DataRecoveryCertificate.subjectName) - if($complexDataRecoveryCertificate.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexDataRecoveryCertificate.values.Where({ $null -ne $_ }).count -eq 0) { $complexDataRecoveryCertificate = $null } $complexEnterpriseInternalProxyServers = @() - foreach($currentEnterpriseInternalProxyServers in $getValue.enterpriseInternalProxyServers) + foreach ($currentEnterpriseInternalProxyServers in $getValue.enterpriseInternalProxyServers) { $myEnterpriseInternalProxyServers = @{} $myEnterpriseInternalProxyServers.Add('DisplayName', $currentEnterpriseInternalProxyServers.displayName) $myEnterpriseInternalProxyServers.Add('Resources', $currentEnterpriseInternalProxyServers.resources) - if($myEnterpriseInternalProxyServers.values.Where({ $null -ne $_ }).count -gt 0) + if ($myEnterpriseInternalProxyServers.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseInternalProxyServers += $myEnterpriseInternalProxyServers } } $complexEnterpriseIPRanges = @() - foreach($currentEnterpriseIPRanges in $getValue.enterpriseIPRanges) + foreach ($currentEnterpriseIPRanges in $getValue.enterpriseIPRanges) { $myEnterpriseIPRanges = @{} $myEnterpriseIPRanges.Add('DisplayName', $currentEnterpriseIPRanges.displayName) $complexRanges = @() - foreach($currentRanges in $currentEnterpriseIPRanges.ranges) + foreach ($currentRanges in $currentEnterpriseIPRanges.ranges) { $myRanges = @{} $myRanges.Add('CidrAddress', $currentRanges.AdditionalProperties.cidrAddress) @@ -221,79 +221,79 @@ function Get-TargetResource { $myRanges.Add('odataType', $currentRanges.AdditionalProperties.'@odata.type'.toString()) } - if($myRanges.values.Where({ $null -ne $_ }).count -gt 0) + if ($myRanges.values.Where({ $null -ne $_ }).count -gt 0) { $complexRanges += $myRanges } } - $myEnterpriseIPRanges.Add('Ranges',$complexRanges) - if($myEnterpriseIPRanges.values.Where({ $null -ne $_ }).count -gt 0) + $myEnterpriseIPRanges.Add('Ranges', $complexRanges) + if ($myEnterpriseIPRanges.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseIPRanges += $myEnterpriseIPRanges } } $complexEnterpriseNetworkDomainNames = @() - foreach($currentEnterpriseNetworkDomainNames in $getValue.enterpriseNetworkDomainNames) + foreach ($currentEnterpriseNetworkDomainNames in $getValue.enterpriseNetworkDomainNames) { $myEnterpriseNetworkDomainNames = @{} $myEnterpriseNetworkDomainNames.Add('DisplayName', $currentEnterpriseNetworkDomainNames.displayName) $myEnterpriseNetworkDomainNames.Add('Resources', $currentEnterpriseNetworkDomainNames.resources) - if($myEnterpriseNetworkDomainNames.values.Where({ $null -ne $_ }).count -gt 0) + if ($myEnterpriseNetworkDomainNames.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseNetworkDomainNames += $myEnterpriseNetworkDomainNames } } $complexEnterpriseProtectedDomainNames = @() - foreach($currentEnterpriseProtectedDomainNames in $getValue.enterpriseProtectedDomainNames) + foreach ($currentEnterpriseProtectedDomainNames in $getValue.enterpriseProtectedDomainNames) { $myEnterpriseProtectedDomainNames = @{} $myEnterpriseProtectedDomainNames.Add('DisplayName', $currentEnterpriseProtectedDomainNames.displayName) $myEnterpriseProtectedDomainNames.Add('Resources', $currentEnterpriseProtectedDomainNames.resources) - if($myEnterpriseProtectedDomainNames.values.Where({ $null -ne $_ }).count -gt 0) + if ($myEnterpriseProtectedDomainNames.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseProtectedDomainNames += $myEnterpriseProtectedDomainNames } } $complexEnterpriseProxiedDomains = @() - foreach($currentEnterpriseProxiedDomains in $getValue.enterpriseProxiedDomains) + foreach ($currentEnterpriseProxiedDomains in $getValue.enterpriseProxiedDomains) { $myEnterpriseProxiedDomains = @{} $myEnterpriseProxiedDomains.Add('DisplayName', $currentEnterpriseProxiedDomains.displayName) $complexProxiedDomains = @() - foreach($currentProxiedDomains in $currentEnterpriseProxiedDomains.proxiedDomains) + foreach ($currentProxiedDomains in $currentEnterpriseProxiedDomains.proxiedDomains) { $myProxiedDomains = @{} $myProxiedDomains.Add('IpAddressOrFQDN', $currentProxiedDomains.ipAddressOrFQDN) $myProxiedDomains.Add('Proxy', $currentProxiedDomains.proxy) - if($myProxiedDomains.values.Where({ $null -ne $_ }).count -gt 0) + if ($myProxiedDomains.values.Where({ $null -ne $_ }).count -gt 0) { $complexProxiedDomains += $myProxiedDomains } } - $myEnterpriseProxiedDomains.Add('ProxiedDomains',$complexProxiedDomains) - if($myEnterpriseProxiedDomains.values.Where({ $null -ne $_ }).count -gt 0) + $myEnterpriseProxiedDomains.Add('ProxiedDomains', $complexProxiedDomains) + if ($myEnterpriseProxiedDomains.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseProxiedDomains += $myEnterpriseProxiedDomains } } $complexEnterpriseProxyServers = @() - foreach($currentEnterpriseProxyServers in $getValue.enterpriseProxyServers) + foreach ($currentEnterpriseProxyServers in $getValue.enterpriseProxyServers) { $myEnterpriseProxyServers = @{} $myEnterpriseProxyServers.Add('DisplayName', $currentEnterpriseProxyServers.displayName) $myEnterpriseProxyServers.Add('Resources', $currentEnterpriseProxyServers.resources) - if($myEnterpriseProxyServers.values.Where({ $null -ne $_ }).count -gt 0) + if ($myEnterpriseProxyServers.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseProxyServers += $myEnterpriseProxyServers } } $complexExemptApps = @() - foreach($currentExemptApps in $getValue.exemptApps) + foreach ($currentExemptApps in $getValue.exemptApps) { $myExemptApps = @{} $myExemptApps.Add('Denied', $currentExemptApps.denied) @@ -308,26 +308,26 @@ function Get-TargetResource { $myExemptApps.Add('odataType', $currentExemptApps.AdditionalProperties.'@odata.type'.toString()) } - if($myExemptApps.values.Where({ $null -ne $_ }).count -gt 0) + if ($myExemptApps.values.Where({ $null -ne $_ }).count -gt 0) { $complexExemptApps += $myExemptApps } } $complexNeutralDomainResources = @() - foreach($currentNeutralDomainResources in $getValue.neutralDomainResources) + foreach ($currentNeutralDomainResources in $getValue.neutralDomainResources) { $myNeutralDomainResources = @{} $myNeutralDomainResources.Add('DisplayName', $currentNeutralDomainResources.displayName) $myNeutralDomainResources.Add('Resources', $currentNeutralDomainResources.resources) - if($myNeutralDomainResources.values.Where({ $null -ne $_ }).count -gt 0) + if ($myNeutralDomainResources.values.Where({ $null -ne $_ }).count -gt 0) { $complexNeutralDomainResources += $myNeutralDomainResources } } $complexProtectedApps = @() - foreach($currentProtectedApps in $getValue.protectedApps) + foreach ($currentProtectedApps in $getValue.protectedApps) { $myProtectedApps = @{} $myProtectedApps.Add('Denied', $currentProtectedApps.denied) @@ -342,24 +342,23 @@ function Get-TargetResource { $myProtectedApps.Add('odataType', $currentProtectedApps.AdditionalProperties.'@odata.type'.toString()) } - if($myProtectedApps.values.Where({ $null -ne $_ }).count -gt 0) + if ($myProtectedApps.values.Where({ $null -ne $_ }).count -gt 0) { $complexProtectedApps += $myProtectedApps } } $complexSmbAutoEncryptedFileExtensions = @() - foreach($currentSmbAutoEncryptedFileExtensions in $getValue.smbAutoEncryptedFileExtensions) + foreach ($currentSmbAutoEncryptedFileExtensions in $getValue.smbAutoEncryptedFileExtensions) { $mySmbAutoEncryptedFileExtensions = @{} $mySmbAutoEncryptedFileExtensions.Add('DisplayName', $currentSmbAutoEncryptedFileExtensions.displayName) $mySmbAutoEncryptedFileExtensions.Add('Resources', $currentSmbAutoEncryptedFileExtensions.resources) - if($mySmbAutoEncryptedFileExtensions.values.Where({ $null -ne $_ }).count -gt 0) + if ($mySmbAutoEncryptedFileExtensions.values.Where({ $null -ne $_ }).count -gt 0) { $complexSmbAutoEncryptedFileExtensions += $mySmbAutoEncryptedFileExtensions } } - #endregion #region resource generator code @@ -368,7 +367,6 @@ function Get-TargetResource { $enumEnforcementLevel = $getValue.EnforcementLevel.ToString() } - #endregion $results = @{ @@ -427,6 +425,14 @@ function Set-TargetResource param ( #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.Boolean] $AzureRightsManagementServicesAllowed, @@ -436,7 +442,7 @@ function Set-TargetResource $DataRecoveryCertificate, [Parameter()] - [ValidateSet('noProtection','encryptAndAuditOnly','encryptAuditAndPrompt','encryptAuditAndBlock')] + [ValidateSet('noProtection', 'encryptAndAuditOnly', 'encryptAuditAndPrompt', 'encryptAuditAndBlock')] [System.String] $EnforcementLevel, @@ -515,20 +521,12 @@ function Set-TargetResource [Parameter()] [System.String] $Description, - - [Parameter()] - [System.String] - $DisplayName, - - [Parameter()] - [System.String] - $Id, - #endregion - [Parameter(Mandatory = $true)] + + [Parameter(Mandatory)] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -586,16 +584,17 @@ function Set-TargetResource $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } + #region resource generator code - $policy=New-MgDeviceAppMgtMdmWindowInformationProtectionPolicy -BodyParameter $CreateParameters + $policy = New-MgDeviceAppMgtMdmWindowInformationProtectionPolicy -BodyParameter $CreateParameters #endregion } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') @@ -607,16 +606,17 @@ function Set-TargetResource $UpdateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } + #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.MdmWindowsInformationProtectionPolicy") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.MdmWindowsInformationProtectionPolicy') Update-MgDeviceAppMgtMdmWindowInformationProtectionPolicy ` -MdmWindowsInformationProtectionPolicyId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -624,7 +624,8 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Intune Windows Information Protection Policy for Windows10 Mdm Enrolled with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Removing the Intune Windows Information Protection Policy for Windows10 Mdm Enrolled with Id {$($currentInstance.Id)}" + #region resource generator code Remove-MgDeviceAppMgtMdmWindowInformationProtectionPolicy -MdmWindowsInformationProtectionPolicyId $currentInstance.Id #endregion @@ -638,6 +639,14 @@ function Test-TargetResource param ( #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.Boolean] $AzureRightsManagementServicesAllowed, @@ -647,7 +656,7 @@ function Test-TargetResource $DataRecoveryCertificate, [Parameter()] - [ValidateSet('noProtection','encryptAndAuditOnly','encryptAuditAndPrompt','encryptAuditAndBlock')] + [ValidateSet('noProtection', 'encryptAndAuditOnly', 'encryptAuditAndPrompt', 'encryptAuditAndBlock')] [System.String] $EnforcementLevel, @@ -726,21 +735,12 @@ function Test-TargetResource [Parameter()] [System.String] $Description, - - [Parameter()] - [System.String] - $DisplayName, - - [Parameter()] - [System.String] - $Id, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -807,7 +807,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -923,12 +923,13 @@ function Export-TargetResource $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results + if ( $null -ne $Results.DataRecoveryCertificate) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.DataRecoveryCertificate ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionDataRecoveryCertificate' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.DataRecoveryCertificate = $complexTypeStringResult } @@ -942,7 +943,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.EnterpriseInternalProxyServers ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionResourceCollection' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.EnterpriseInternalProxyServers = $complexTypeStringResult } @@ -955,14 +956,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'EnterpriseIPRanges' + Name = 'EnterpriseIPRanges' CimInstanceName = 'MicrosoftGraphWindowsInformationProtectionIPRangeCollection' - IsRequired = $False + IsRequired = $False } @{ - Name = 'Ranges' + Name = 'Ranges' CimInstanceName = 'MicrosoftGraphIpRange' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -970,7 +971,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionIPRangeCollection' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.EnterpriseIPRanges = $complexTypeStringResult } @@ -984,7 +985,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.EnterpriseNetworkDomainNames ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionResourceCollection' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.EnterpriseNetworkDomainNames = $complexTypeStringResult } @@ -998,7 +999,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.EnterpriseProtectedDomainNames ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionResourceCollection' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.EnterpriseProtectedDomainNames = $complexTypeStringResult } @@ -1011,14 +1012,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'EnterpriseProxiedDomains' + Name = 'EnterpriseProxiedDomains' CimInstanceName = 'MicrosoftGraphWindowsInformationProtectionProxiedDomainCollection' - IsRequired = $False + IsRequired = $False } @{ - Name = 'ProxiedDomains' + Name = 'ProxiedDomains' CimInstanceName = 'MicrosoftGraphProxiedDomain' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -1026,7 +1027,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionProxiedDomainCollection' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.EnterpriseProxiedDomains = $complexTypeStringResult } @@ -1040,7 +1041,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.EnterpriseProxyServers ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionResourceCollection' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.EnterpriseProxyServers = $complexTypeStringResult } @@ -1054,7 +1055,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.ExemptApps ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionApp' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.ExemptApps = $complexTypeStringResult } @@ -1068,7 +1069,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.NeutralDomainResources ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionResourceCollection' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.NeutralDomainResources = $complexTypeStringResult } @@ -1082,7 +1083,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.ProtectedApps ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionApp' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.ProtectedApps = $complexTypeStringResult } @@ -1096,7 +1097,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.SmbAutoEncryptedFileExtensions ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionResourceCollection' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.SmbAutoEncryptedFileExtensions = $complexTypeStringResult } @@ -1113,51 +1114,51 @@ function Export-TargetResource -Credential $Credential if ($Results.DataRecoveryCertificate) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DataRecoveryCertificate" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DataRecoveryCertificate' -IsCIMArray:$False } if ($Results.EnterpriseInternalProxyServers) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnterpriseInternalProxyServers" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnterpriseInternalProxyServers' -IsCIMArray:$True } if ($Results.EnterpriseIPRanges) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnterpriseIPRanges" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnterpriseIPRanges' -IsCIMArray:$True } if ($Results.EnterpriseNetworkDomainNames) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnterpriseNetworkDomainNames" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnterpriseNetworkDomainNames' -IsCIMArray:$True } if ($Results.EnterpriseProtectedDomainNames) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnterpriseProtectedDomainNames" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnterpriseProtectedDomainNames' -IsCIMArray:$True } if ($Results.EnterpriseProxiedDomains) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnterpriseProxiedDomains" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnterpriseProxiedDomains' -IsCIMArray:$True } if ($Results.EnterpriseProxyServers) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnterpriseProxyServers" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnterpriseProxyServers' -IsCIMArray:$True } if ($Results.ExemptApps) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ExemptApps" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ExemptApps' -IsCIMArray:$True } if ($Results.NeutralDomainResources) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "NeutralDomainResources" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'NeutralDomainResources' -IsCIMArray:$True } if ($Results.ProtectedApps) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ProtectedApps" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ProtectedApps' -IsCIMArray:$True } if ($Results.SmbAutoEncryptedFileExtensions) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "SmbAutoEncryptedFileExtensions" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'SmbAutoEncryptedFileExtensions' -IsCIMArray:$True } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable - $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) - $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( " ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -1179,22 +1180,24 @@ function Export-TargetResource return '' } } + function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] - param( + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] + param + ( [Parameter(Mandatory = 'true')] $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" + $keyToRename = @{ + 'odataType' = '@odata.type' } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -1204,34 +1207,34 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values - return ,$result + return , $result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like '*Hashtable') { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -1240,54 +1243,56 @@ function Rename-M365DSCCimInstanceParameter return $result #endregion } + function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] - param( + [OutputType([hashtable], [hashtable[]])] + param + ( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -1304,27 +1309,27 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' ) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -1368,7 +1373,8 @@ function Get-M365DSCDRGComplexTypeToHashtable function Get-M365DSCDRGComplexTypeToString { [CmdletBinding()] - param( + param + ( [Parameter()] $ComplexObject, @@ -1382,15 +1388,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -1398,26 +1404,26 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -1426,23 +1432,23 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -1456,37 +1462,37 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1495,17 +1501,17 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -1516,26 +1522,26 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1544,11 +1550,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1559,42 +1565,43 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } return $currentProperty } -Function Get-M365DSCDRGSimpleObjectTypeToString +function Get-M365DSCDRGSimpleObjectTypeToString { [CmdletBinding()] [OutputType([System.String])] - param( + param + ( [Parameter(Mandatory = 'true')] [System.String] $Key, @@ -1604,49 +1611,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1656,7 +1663,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1668,7 +1675,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1678,7 +1685,8 @@ function Compare-M365DSCComplexObject { [CmdletBinding()] [OutputType([System.Boolean])] - param( + param + ( [Parameter()] $Source, [Parameter()] @@ -1686,47 +1694,47 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -1736,36 +1744,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1773,16 +1781,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -1792,18 +1800,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1824,50 +1832,51 @@ function Compare-M365DSCComplexObject return $true } + function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] - param( + [OutputType([hashtable], [hashtable[]])] + param + ( [Parameter(Mandatory = 'true')] $ComplexObject ) - - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof index 92c43a6975..b597994499 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof @@ -55,6 +55,8 @@ class MSFT_MicrosoftGraphWindowsInformationProtectionApp [ClassVersion("1.0.0.0"), FriendlyName("IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled")] class MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled : OMI_BaseResource { + [Key, Description("The unique identifier for an entity. Read-only.")] String Id; + [Required, Description("Policy display name.")] String DisplayName; [Write, Description("Specifies whether to allow Azure RMS encryption for WIP")] Boolean AzureRightsManagementServicesAllowed; [Write, Description("Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent(DRA) certificate for encrypting file system(EFS)"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionDataRecoveryCertificate")] String DataRecoveryCertificate; [Write, Description("WIP enforcement level.See the Enum definition for supported values. Possible values are: noProtection, encryptAndAuditOnly, encryptAuditAndPrompt, encryptAuditAndBlock."), ValueMap{"noProtection","encryptAndAuditOnly","encryptAuditAndPrompt","encryptAuditAndBlock"}, Values{"noProtection","encryptAndAuditOnly","encryptAuditAndPrompt","encryptAuditAndBlock"}] String EnforcementLevel; @@ -77,8 +79,6 @@ class MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled : OMI_Ba [Write, Description("TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access")] String RightsManagementServicesTemplateId; [Write, Description("Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection")] String SmbAutoEncryptedFileExtensions[]; [Write, Description("The policy's description.")] String Description; - [Write, Description("Policy display name.")] String DisplayName; - [Write, Description("The unique identifier for an entity. Read-only.")] String Id; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Tests/QA/Microsoft365DSC.Resources.Tests.ps1 b/Tests/QA/Microsoft365DSC.Resources.Tests.ps1 new file mode 100644 index 0000000000..445ae5a0bf --- /dev/null +++ b/Tests/QA/Microsoft365DSC.Resources.Tests.ps1 @@ -0,0 +1,112 @@ +BeforeDiscovery { + $resourcesPath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\Modules\Microsoft365DSC\DSCResources' + $schemaFiles = Get-ChildItem -Path $resourcesPath -Filter '*.schema.mof' -Recurse | ForEach-Object { + @{ + ResourceName = $_.Directory.Name + FullName = $_.FullName + } + } +} + +Describe -Name "Check schema for resource ''" -ForEach $schemaFiles{ + BeforeAll { + function Get-MofSchemaObject + { + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $FileName + ) + + $temporaryPath = (Get-Item -Path env:TEMP).Value + + #region Workaround for OMI_BaseResource inheritance not resolving. + + $filePath = (Resolve-Path -Path $FileName).Path + $tempFilePath = Join-Path -Path $temporaryPath -ChildPath "DscMofHelper_$((New-Guid).Guid).tmp" + $rawContent = (Get-Content -Path $filePath -Raw) -replace '\s*:\s*OMI_BaseResource' + + Set-Content -LiteralPath $tempFilePath -Value $rawContent -ErrorAction 'Stop' + + # .NET methods don't like PowerShell drives + $tempFilePath = Convert-Path -Path $tempFilePath + + #endregion + + try + { + $exceptionCollection = [System.Collections.ObjectModel.Collection[System.Exception]]::new() + $moduleInfo = [System.Tuple]::Create('Module', [System.Version] '1.0.0') + + $class = [Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::ImportClasses( + $tempFilePath, $moduleInfo, $exceptionCollection + ) + } + catch + { + throw "Failed to import classes from file $FileName. Error $_" + } + finally + { + Remove-Item -LiteralPath $tempFilePath -Force + } + + foreach ($currentCimClass in $class) + { + $attributes = foreach ($property in $currentCimClass.CimClassProperties) + { + $state = switch ($property.flags) + { + { $_ -band [Microsoft.Management.Infrastructure.CimFlags]::Key } + { + 'Key' + } + { $_ -band [Microsoft.Management.Infrastructure.CimFlags]::Required } + { + 'Required' + } + { $_ -band [Microsoft.Management.Infrastructure.CimFlags]::ReadOnly } + { + 'Read' + } + default + { + 'Write' + } + } + + @{ + Name = $property.Name + State = $state + DataType = $property.CimType + ValueMap = $property.Qualifiers.Where( { $_.Name -eq 'ValueMap' }).Value + IsArray = $property.CimType -gt 16 + Description = $property.Qualifiers.Where( { $_.Name -eq 'Description' }).Value + EmbeddedInstance = $property.Qualifiers.Where( { $_.Name -eq 'EmbeddedInstance' }).Value + } + } + + @{ + ClassName = $currentCimClass.CimClassName + Attributes = $attributes + ClassVersion = $currentCimClass.CimClassQualifiers.Where( { $_.Name -eq 'ClassVersion' }).Value + FriendlyName = $currentCimClass.CimClassQualifiers.Where( { $_.Name -eq 'FriendlyName' }).Value + } + } + } + } + + It 'Schema should be read successfully' { + { Get-MofSchemaObject -FileName $FullName } | Should -Not -Throw + } + + It 'Schema should have a Key parameter' { + $schema = Get-MofSchemaObject -FileName $FullName + $attributes = ($schema | Where-Object { [String]::IsNullOrEmpty($_.FriendlyName) -eq $false }).Attributes + $keyCount = ($attributes | Where-Object { $_.State -eq 'Key' }).Count + $keyCount | Should -BeGreaterThan 1 + } +} From 7dc32b645f603903fee5259fea179bf2a2463d38 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 6 Mar 2023 14:13:28 +0100 Subject: [PATCH 010/187] Corrected incorrect examples --- .../1-New iOS App Protection Policy.ps1 | 1 + .../1-NewIntuneDeviceConfigurationPolicyiOS.ps1 | 1 + 2 files changed, 2 insertions(+) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 index ede1cf7c67..6f9f0bfcf1 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 @@ -15,6 +15,7 @@ Configuration Example { IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' { + Id = '1352a41f-bd32-4ee3-b227-2f11b17b8614' DisplayName = 'My DSC iOS App Protection Policy' AllowedDataStorageLocations = @('sharePoint') AllowedInboundDataTransferSources = 'managedApps' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/1-NewIntuneDeviceConfigurationPolicyiOS.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/1-NewIntuneDeviceConfigurationPolicyiOS.ps1 index ad828c4486..30fd46b675 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/1-NewIntuneDeviceConfigurationPolicyiOS.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/1-NewIntuneDeviceConfigurationPolicyiOS.ps1 @@ -15,6 +15,7 @@ Configuration Example { IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' { + Id = '901c99e3-6429-4f02-851f-54b49a53f103' DisplayName = 'iOS DSC Policy' AccountBlockModification = $False ActivationLockAllowWhenSupervised = $False From a3487fd66d903ff0d751bb0e96e38c07c44312f7 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 6 Mar 2023 14:38:53 +0100 Subject: [PATCH 011/187] Corrected wrong Id parameter --- .../1-New iOS App Protection Policy.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 index 6f9f0bfcf1..2be60d404c 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 @@ -15,7 +15,7 @@ Configuration Example { IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' { - Id = '1352a41f-bd32-4ee3-b227-2f11b17b8614' + Identity = '1352a41f-bd32-4ee3-b227-2f11b17b8614' DisplayName = 'My DSC iOS App Protection Policy' AllowedDataStorageLocations = @('sharePoint') AllowedInboundDataTransferSources = 'managedApps' From 2e06e861041801a0028be2f7a6a66b5efc42276c Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 6 Mar 2023 16:04:24 +0100 Subject: [PATCH 012/187] Fixed unit tests after schema updates --- .../MSFT_AADAdministrativeUnit.psm1 | 486 +++++++++--------- ...AADEntitlementManagementAccessPackage.psm1 | 3 +- ...tlementManagementAccessPackageCatalog.psm1 | 3 +- ...anagementAccessPackageCatalogResource.psm1 | 3 +- .../MSFT_IntuneAppProtectionPolicyiOS.psm1 | 1 + ...ationPolicyAndroidDeviceAdministrator.psm1 | 3 +- ...ConfigurationPolicyAndroidDeviceOwner.psm1 | 3 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 3 +- ..._IntuneDeviceConfigurationPolicyMacOS.psm1 | 3 +- ...FT_IntuneDeviceConfigurationPolicyiOS.psm1 | 3 +- ...ationPolicyAndroidDeviceAdministrator.psm1 | 3 +- ...ionPolicyAndroidEntrepriseDeviceOwner.psm1 | 3 +- ...ionPolicyAndroidEntrepriseWorkProfile.psm1 | 3 +- ...WifiConfigurationPolicyAndroidForWork.psm1 | 3 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 3 +- ...MSFT_IntuneWifiConfigurationPolicyIOS.psm1 | 3 +- ...FT_IntuneWifiConfigurationPolicyMacOS.psm1 | 3 +- ...ntuneWifiConfigurationPolicyWindows10.psm1 | 3 +- ...nProtectionPolicyWindows10MdmEnrolled.psm1 | 1 + ...soft365DSC.AADAdministrativeUnit.Tests.ps1 | 126 ++--- ...DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 | 1 + 21 files changed, 342 insertions(+), 321 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 8d9b13c4fd..3e4e9b54ba 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -9,7 +9,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter(Mandatory=$true)] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -108,7 +108,7 @@ function Get-TargetResource { Write-Verbose -Message "Could not find an Azure AD Administrative Unit with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDirectoryAdministrativeUnit -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop } @@ -150,14 +150,14 @@ function Get-TargetResource $results.Add('MembershipRuleProcessingState', $getValue.AdditionalProperties.MembershipRuleProcessingState) } - write-verbose "AU {$DisplayName} MembershipType {$($results.MembershipType)}" + Write-Verbose -Message "AU {$DisplayName} MembershipType {$($results.MembershipType)}" if ($results.MembershipType -ne 'Dynamic') { - write-verbose "AU {$DisplayName} get Members" + Write-Verbose -Message "AU {$DisplayName} get Members" [array]$auMembers = Get-MgDirectoryAdministrativeUnitMember -AdministrativeUnitId $getValue.Id -All if ($auMembers.Count -gt 0) { - write-verbose "AU {$DisplayName} process $($auMembers.Count) members" + Write-Verbose -Message "AU {$DisplayName} process $($auMembers.Count) members" $memberSpec = @() foreach ($auMember in $auMembers) { @@ -178,61 +178,61 @@ function Get-TargetResource $member.Add('Identity', $memberObject.DisplayName) $member.Add('Type', 'Device') } - write-verbose "AU {$DisplayName} member found: Type '$($member.Type)' identity '$($member.Identity)'" + Write-Verbose -Message "AU {$DisplayName} member found: Type '$($member.Type)' identity '$($member.Identity)'" $memberSpec += $member } - write-verbose "AU {$DisplayName} add Members to results" + Write-Verbose -Message "AU {$DisplayName} add Members to results" $results.Add('Members', $memberSpec) } } - write-verbose "AU {$DisplayName} get Scoped Role Members" - $ErrorActionPreference = "Stop" + Write-Verbose -Message "AU {$DisplayName} get Scoped Role Members" + $ErrorActionPreference = 'Stop' [array]$auScopedRoleMembers = Get-MgDirectoryAdministrativeUnitScopedRoleMember -AdministrativeUnitId $getValue.Id -All if ($auScopedRoleMembers.Count -gt 0) { - write-verbose "AU {$DisplayName} process $($auScopedRoleMembers.Count) scoped role members" + Write-Verbose -Message "AU {$DisplayName} process $($auScopedRoleMembers.Count) scoped role members" $scopedRoleMemberSpec = @() foreach ($auScopedRoleMember in $auScopedRoleMembers) { - write-verbose "AU {$DisplayName} verify RoleId {$($auScopedRoleMember.RoleId)}" + Write-Verbose -Message "AU {$DisplayName} verify RoleId {$($auScopedRoleMember.RoleId)}" $roleObject = Get-MgDirectoryRole -DirectoryRoleId $auScopedRoleMember.RoleId -ErrorAction Stop - write-verbose "Found DirectoryRole '$($roleObject.DisplayName)' with id $($roleObject.Id)" + Write-Verbose -Message "Found DirectoryRole '$($roleObject.DisplayName)' with id $($roleObject.Id)" $scopedRoleMember = [ordered]@{ - RoleName = $roleObject.DisplayName - RoleMemberInfo = @{ - Type = $null - Identity = $null - } - } - write-verbose "AU {$DisplayName} verify RoleMemberInfo.Id {$($auScopedRoleMember.RoleMemberInfo.Id)}" + RoleName = $roleObject.DisplayName + RoleMemberInfo = @{ + Type = $null + Identity = $null + } + } + Write-Verbose -Message "AU {$DisplayName} verify RoleMemberInfo.Id {$($auScopedRoleMember.RoleMemberInfo.Id)}" $memberObject = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)" - write-verbose "AU {$DisplayName} @odata.Type={$($memberObject.'@odata.type')}" + Write-Verbose -Message "AU {$DisplayName} @odata.Type={$($memberObject.'@odata.type')}" if (($memberObject.'@odata.type') -match 'user') { - write-verbose "AU {$DisplayName} UPN = {$($memberObject.UserPrincipalName)}" + Write-Verbose -Message "AU {$DisplayName} UPN = {$($memberObject.UserPrincipalName)}" $scopedRoleMember.RoleMemberInfo.Identity = $memberObject.UserPrincipalName - $scopedRoleMember.RoleMemberInfo.Type = 'User' + $scopedRoleMember.RoleMemberInfo.Type = 'User' } elseif (($memberObject.'@odata.type') -match 'group') { - write-verbose "AU {$DisplayName} Group = {$($memberObject.DisplayName)}" + Write-Verbose -Message "AU {$DisplayName} Group = {$($memberObject.DisplayName)}" $scopedRoleMember.RoleMemberInfo.Identity = $memberObject.DisplayName - $scopedRoleMember.RoleMemberInfo.Type = 'Group' + $scopedRoleMember.RoleMemberInfo.Type = 'Group' } else { - write-verbose "AU {$DisplayName} SPN = {$($memberObject.DisplayName)}" + Write-Verbose -Message "AU {$DisplayName} SPN = {$($memberObject.DisplayName)}" $scopedRoleMember.RoleMemberInfo.Identity = $memberObject.DisplayName - $scopedRoleMember.RoleMemberInfo.Type = 'ServicePrincipal' + $scopedRoleMember.RoleMemberInfo.Type = 'ServicePrincipal' } - write-verbose "AU {$DisplayName} scoped role member: RoleName '$($scopedRoleMember.RoleName)' Type '$($scopedRoleMember.RoleMemberInfo.Type)' Identity '$($scopedRoleMember.RoleMemberInfo.Identity)'" + Write-Verbose -Message "AU {$DisplayName} scoped role member: RoleName '$($scopedRoleMember.RoleName)' Type '$($scopedRoleMember.RoleMemberInfo.Type)' Identity '$($scopedRoleMember.RoleMemberInfo.Identity)'" $scopedRoleMemberSpec += $scopedRoleMember } - write-verbose "AU {$DisplayName} add $($scopedRoleMemberSpec.Count) ScopedRoleMembers to results" + Write-Verbose -Message "AU {$DisplayName} add $($scopedRoleMemberSpec.Count) ScopedRoleMembers to results" $results.Add('ScopedRoleMembers', $scopedRoleMemberSpec) } - write-verbose "AU {$DisplayName} return results" + Write-Verbose -Message "AU {$DisplayName} return results" return [System.Collections.Hashtable] $results } catch @@ -257,7 +257,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter(Mandatory=$true)] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -359,28 +359,28 @@ function Set-TargetResource $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } $memberSpecification = $null if ($CreateParameters.MembershipType -ne 'Dynamic' -and $CreateParameters.Members.Count -gt 0) { $memberSpecification = @() - write-verbose "AU {$DisplayName} process $($CreateParameters.Members.Count) Members" + Write-Verbose -Message "AU {$DisplayName} process $($CreateParameters.Members.Count) Members" foreach ($member in $CreateParameters.Members) { - write-verbose "AU {$DisplayName} member Type '$($member.Type)' Identity '$($member.Identity)'" + Write-Verbose -Message "AU {$DisplayName} member Type '$($member.Type)' Identity '$($member.Identity)'" if ($member.Type -eq 'User') { $memberIdentity = Get-MgUser -Filter "UserPrincipalName eq '$($member.Identity)'" -ErrorAction Stop if ($memberIdentity) { - $memberSpecification += [pscustomobject]@{Type="$($member.Type)s";Id = $memberIdentity.Id } + $memberSpecification += [pscustomobject]@{Type = "$($member.Type)s"; Id = $memberIdentity.Id } } else { @@ -396,7 +396,7 @@ function Set-TargetResource { throw "AU {$($DisplayName)}: Group displayname {$($member.Identity)} is not unique" } - $memberSpecification += [pscustomobject]@{Type="$($member.Type)s";Id = $memberIdentity.Id } + $memberSpecification += [pscustomobject]@{Type = "$($member.Type)s"; Id = $memberIdentity.Id } } else { @@ -412,7 +412,7 @@ function Set-TargetResource { throw "AU {$($DisplayName)}: Device displayname {$($member.Identity)} is not unique" } - $memberSpecification += [pscustomobject]@{Type="$($member.Type)s";Id = $memberIdentity.Id } + $memberSpecification += [pscustomobject]@{Type = "$($member.Type)s"; Id = $memberIdentity.Id } } else { @@ -431,21 +431,23 @@ function Set-TargetResource # Resolve ScopedRoleMembers Type/Identity to user, group or service principal if ($CreateParameters.ScopedRoleMembers) { - write-verbose "AU {$DisplayName} process $($CreateParameters.ScopedRoleMembers.Count) ScopedRoleMembers" + Write-Verbose -Message "AU {$DisplayName} process $($CreateParameters.ScopedRoleMembers.Count) ScopedRoleMembers" $scopedRoleMemberSpecification = @() foreach ($roleMember in $CreateParameters.ScopedRoleMembers) { - write-verbose "AU {$DisplayName} member: role '$($roleMember.RoleName)' type '$($roleMember.Type)' identity $($roleMember.Identity)" - try { + Write-Verbose -Message "AU {$DisplayName} member: role '$($roleMember.RoleName)' type '$($roleMember.Type)' identity $($roleMember.Identity)" + try + { $roleObject = Get-MgDirectoryRole -Filter "DisplayName eq '$($roleMember.RoleName)'" -ErrorAction stop - write-verbose "AU {$DisplayName} role is enabled" + Write-Verbose -Message "AU {$DisplayName} role is enabled" } - catch { - write-verbose -Message "Azure AD role {$($rolemember.RoleName)} is not enabled" - $roleTemplate = Get-MgdirectoryRoleTemplate -Filter "DisplayName eq '$($roleMember.RoleName)'" -ErrorAction Stop + catch + { + Write-Verbose -Message "Azure AD role {$($rolemember.RoleName)} is not enabled" + $roleTemplate = Get-MgDirectoryRoleTemplate -Filter "DisplayName eq '$($roleMember.RoleName)'" -ErrorAction Stop if ($null -ne $roleTemplate) { - write-verbose -Message "Enable Azure AD role {$($rolemember.RoleName)} with id {$($roleTemplate.Id)}" + Write-Verbose -Message "Enable Azure AD role {$($rolemember.RoleName)} with id {$($roleTemplate.Id)}" $roleObject = New-MgDirectoryRole -RoleTemplateId $roleTemplate.Id -ErrorAction Stop } } @@ -503,7 +505,7 @@ function Set-TargetResource Write-Verbose -Message "Creating an Azure AD Administrative Unit with DisplayName {$DisplayName}" #region resource generator code - $policy=New-MgDirectoryAdministrativeUnit -BodyParameter $CreateParameters + $policy = New-MgDirectoryAdministrativeUnit -BodyParameter $CreateParameters if ($MembershipType -ne 'Dynamic') { @@ -534,10 +536,10 @@ function Set-TargetResource $UpdateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } @@ -559,12 +561,12 @@ function Set-TargetResource $currentMembers = @() foreach ($member in $backCurrentMembers) { - $currentMembers += [pscustomobject]@{Type=$member.Type; Identity = $member.Identity} + $currentMembers += [pscustomobject]@{Type = $member.Type; Identity = $member.Identity } } $desiredMembers = @() foreach ($member in $requestedMembers) { - $desiredMembers += [pscustomobject]@{Type=$member.Type; Identity = $member.Identity} + $desiredMembers += [pscustomobject]@{Type = $member.Type; Identity = $member.Identity } } $membersDiff = Compare-Object -ReferenceObject $currentMembers -DifferenceObject $desiredMembers -Property Identity, Type foreach ($diff in $membersDiff) @@ -599,7 +601,7 @@ function Set-TargetResource } if ($diff.SideIndicator -eq '=>') { - Write-Verbose "AdministrativeUnit {$DisplayName} Adding member {$($diff.Identity)}, type {$($diff.Type)}" + Write-Verbose -Message "AdministrativeUnit {$DisplayName} Adding member {$($diff.Identity)}, type {$($diff.Type)}" $memberBodyParam = @{ '@odata.id' = "https://graph.microsoft.com/v1.0/$memberType/$($memberObject.Id)" @@ -608,7 +610,7 @@ function Set-TargetResource } else { - Write-Verbose "Administrative Unit {$DisplayName} Removing member {$($diff.Identity)}, type {$($diff.Type)}" + Write-Verbose -Message "Administrative Unit {$DisplayName} Removing member {$($diff.Identity)}, type {$($diff.Type)}" Remove-MgDirectoryAdministrativeUnitMemberByRef -AdministrativeUnitId ($currentInstance.Id) -DirectoryObjectId ($memberObject.Id) | Out-Null } } @@ -650,11 +652,11 @@ function Set-TargetResource Type = $roleMember.RoleMemberInfo.Type } } - write-verbose "AU {$DisplayName} Update ScopedRoleMembers: Current members: $($compareCurrentScopedRoleMembersValue.Identity -join ', ')" - write-verbose " Desired members: $($compareDesiredScopedRoleMembersValue.Identity -join ', ')" + Write-Verbose -Message "AU {$DisplayName} Update ScopedRoleMembers: Current members: $($compareCurrentScopedRoleMembersValue.Identity -join ', ')" + Write-Verbose -Message " Desired members: $($compareDesiredScopedRoleMembersValue.Identity -join ', ')" $scopedRoleMembersDiff = Compare-Object -ReferenceObject $compareCurrentScopedRoleMembersValue -DifferenceObject $compareDesiredScopedRoleMembersValue -Property RoleName, Identity, Type - # $scopedRoleMembersDiff = Compare-Object -ReferenceObject $CurrentScopedRoleMembersValue -DifferenceObject $DesiredScopedRoleMembersValue -Property RoleName, Identity, Type - write-verbose " # compare results : $($scopedRoleMembersDiff.Count -gt 0)" + # $scopedRoleMembersDiff = Compare-Object -ReferenceObject $CurrentScopedRoleMembersValue -DifferenceObject $DesiredScopedRoleMembersValue -Property RoleName, Identity, Type + Write-Verbose -Message " # compare results : $($scopedRoleMembersDiff.Count -gt 0)" foreach ($diff in $scopedRoleMembersDiff) { @@ -681,7 +683,7 @@ function Set-TargetResource } else { - write-verbose "Compare ScopedRoleMembers - skip processing blank RoleName" + Write-Verbose -Message 'Compare ScopedRoleMembers - skip processing blank RoleName' continue # don't process, } } @@ -746,7 +748,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter(Mandatory=$true)] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] @@ -853,7 +855,7 @@ function Test-TargetResource { Write-Verbose -Message "Difference found for $key" $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -980,13 +982,13 @@ function Export-TargetResource if ($null -ne $Results.ScopedRoleMembers) { $complexMapping = @( - @{ - Name = 'RoleMemberInfo' - CimInstanceName = 'MicrosoftGraphIdentity' - } + @{ + Name = 'RoleMemberInfo' + CimInstanceName = 'MicrosoftGraphIdentity' + } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.ScopedRoleMembers) ` - -CIMInstanceName MicrosoftGraphScopedRoleMembership -ComplexTypeMapping $complexMapping + -CIMInstanceName MicrosoftGraphScopedRoleMembership -ComplexTypeMapping $complexMapping $Results.ScopedRoleMembers = $complexTypeStringResult @@ -998,7 +1000,7 @@ function Export-TargetResource if ($null -ne $Results.Members) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.Members) ` - -CIMInstanceName MicrosoftGraphIdentity + -CIMInstanceName MicrosoftGraphIdentity $Results.Members = $complexTypeStringResult if ([String]::IsNullOrEmpty($complexTypeStringResult)) @@ -1018,11 +1020,11 @@ function Export-TargetResource if ($null -ne $Results.ScopedRoleMembers) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ScopedRoleMembers" -isCIMArray $true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ScopedRoleMembers' -IsCIMArray $true } if ($null -ne $Results.Members) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Members" -isCIMArray $true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Members' -IsCIMArray $true } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -1034,7 +1036,7 @@ function Export-TargetResource } catch { - write-verbose "Exception: $($_.Exception.Message)" + Write-Verbose -Message "Exception: $($_.Exception.Message)" Write-Host $Global:M365DSCEmojiRedX @@ -1050,19 +1052,19 @@ function Export-TargetResource function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" + $keyToRename = @{ + 'odataType' = '@odata.type' } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -1072,34 +1074,34 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values - return ,$result + return , $result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like '*Hashtable') { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -1111,51 +1113,51 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -1172,27 +1174,27 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' ) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -1250,15 +1252,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -1266,55 +1268,55 @@ function Get-M365DSCDRGComplexTypeToString return $null } - write-verbose "Get-M365DSCDRGComplexTypeToString $CIMInstanceName isArray=$isArray" + Write-Verbose -Message "Get-M365DSCDRGComplexTypeToString $CIMInstanceName isArray=$isArray" - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat } - write-verbose "return array currentProperty on next line:`r`n $($currentProperty -join "`r`n")" + Write-Verbose -Message "return array currentProperty on next line:`r`n $($currentProperty -join "`r`n")" # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -1325,42 +1327,42 @@ function Get-M365DSCDRGComplexTypeToString foreach ($key in $ComplexObject.Keys) { - write-verbose "ComplexObject key=$key" + Write-Verbose -Message "ComplexObject key=$key" if ($null -ne $ComplexObject.$key) { - write-verbose "`tnot null" + Write-Verbose -Message "`tnot null" $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1369,9 +1371,9 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $currentProperty += Get-M365DSCDRGComplexTypeToString ` -ComplexObject $item ` @@ -1385,21 +1387,21 @@ function Get-M365DSCDRGComplexTypeToString else { $currentProperty += Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1408,11 +1410,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1423,28 +1425,28 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - write-verbose "return item currentProperty on next line:`r`n$currentProperty" + Write-Verbose -Message "return item currentProperty on next line:`r`n$currentProperty" return $currentProperty } @@ -1462,50 +1464,50 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - write-verbose "Get-M365DSCDRGSimpleObjectTypeToString key='$Key', value='$Value'. Type=$($value.gettype().fullname)" - $returnValue="" + Write-Verbose -Message "Get-M365DSCDRGSimpleObjectTypeToString key='$Key', value='$Value'. Type=$($value.gettype().fullname)" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } foreach ($item in $Value) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1515,7 +1517,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1527,10 +1529,10 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } - write-verbose "return '$returnValue'" + Write-Verbose -Message "return '$returnValue'" return $returnValue } @@ -1546,87 +1548,87 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem if ($compareResult) { - write-verbose "Compare-M365DSCComplexObject: Diff found" + Write-Verbose -Message 'Compare-M365DSCComplexObject: Diff found' break } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1634,16 +1636,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -1653,18 +1655,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1688,47 +1690,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 index e33d5725ce..fba64fda86 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 @@ -897,7 +897,8 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 index cad9bb174b..765ef5c2a8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 @@ -464,7 +464,8 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 index 6b6f299fd4..f56aff76b8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 @@ -685,7 +685,8 @@ function Export-TargetResource Write-Host " |---[$j/$($resources.Count)] $($resource.DisplayName)" -NoNewline $params = @{ - id = $resource.id + Id = $resource.id + DisplayName = $resource.displayName CatalogId = $catalogId Ensure = 'Present' Credential = $Credential diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 index a606c978a6..149dbff210 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 @@ -1163,6 +1163,7 @@ function Export-TargetResource Write-Host " |---[$i/$($policies.Count)] $($policy.displayName)" -NoNewline $params = @{ Identity = $policy.id + DisplayName = $policy.DisplayName Ensure = 'Present' Credential = $Credential ApplicationID = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 index 502c15914e..8bd5000c45 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -1237,7 +1237,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 index 44404997f0..154f2d0b8f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 @@ -2361,7 +2361,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.displayName)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 index 209226ee9b..2ae8ed21ff 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -737,7 +737,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index e023c8e050..b2207e4c51 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -1335,7 +1335,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 index 75be35b100..83d2ba5fad 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 @@ -2984,7 +2984,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.displayName)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 index e0ee717fe5..7143dd488a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -626,7 +626,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 index fc217699b5..71e7a84345 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 @@ -713,7 +713,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 index 84b89ce8aa..747392f233 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 @@ -619,7 +619,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 index 77876499d3..c9c830ec39 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 @@ -619,7 +619,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 index c30fd46d3b..2b64a5ec29 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -645,7 +645,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 index c13bd4ee62..52f4776961 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 @@ -701,7 +701,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 index 5fe7e7adae..1bf5416850 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 @@ -687,7 +687,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 index 6ac20a5928..8bfa808b8e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 @@ -729,7 +729,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 index 5071d9e1b0..3e58a03d1f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 @@ -911,6 +911,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 index 3700d9ed30..a1e94681f2 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 @@ -84,7 +84,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Id = 'FakeStringValue1' Members = @( (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ - Type = 'User' + Type = 'User' Identity = 'john.smith@contoso.com' } -ClientOnly) ) @@ -129,7 +129,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Id = 'FakeStringValue2' Members = @( (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ - Type = 'User' + Type = 'User' Identity = 'john.smith@contoso.com' } -ClientOnly) ) @@ -168,10 +168,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'The AU Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = 'DSCAU' - DisplayName = 'DSCAU' - Id = 'DSCAU' - Members = @( + Description = 'DSCAU' + DisplayName = 'DSCAU' + Id = 'DSCAU' + Members = @( (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ Identity = 'John.Doe@mytenant.com' Type = 'User' @@ -179,7 +179,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) ScopedRoleMembers = @( (New-CimInstance -ClassName MSFT_MicrosoftGraphScopedRoleMembership -Property @{ - RoleName = 'User Administrator' + RoleName = 'User Administrator' RoleMemberInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ Identity = 'John.Doe@mytenant.com' Type = 'User' @@ -188,10 +188,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { #Type = 'User' } -ClientOnly) ) - Visibility = 'Public' - MembershipType = 'Assigned' + Visibility = 'Public' + MembershipType = 'Assigned' # MembershipRule and -ProcessingState params are only used when MembershipType is Dynamic - MembershipRule = 'Canada' + MembershipRule = 'Canada' MembershipRuleProcessingState = 'On' Ensure = 'Present' Credential = $Credential @@ -201,10 +201,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDirectoryAdministrativeUnit -MockWith { return @{ - Description = 'DSCAU' - DisplayName = 'DSCAU' - Id = 'DSCAU' - Visibility = 'Public' + Description = 'DSCAU' + DisplayName = 'DSCAU' + Id = 'DSCAU' + Visibility = 'Public' AdditionalProperties = @{ membershipType = 'Assigned' membershipRule = 'Canada' @@ -224,18 +224,18 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDirectoryAdministrativeUnitMember -MockWith { return @(@{ - Id = '1234567890' - }) + Id = '1234567890' + }) } Mock -CommandName Get-MgDirectoryAdministrativeUnitScopedRoleMember -MockWith { return @(@{ - RoleId = '12345-67890' - RoleMemberInfo = @{ - DisplayName = 'John Doe' - Id = '1234567890' - } - }) + RoleId = '12345-67890' + RoleMemberInfo = @{ + DisplayName = 'John Doe' + Id = '1234567890' + } + }) } Mock -CommandName Get-MgDirectoryRole -MockWith { @@ -272,9 +272,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { (New-CimInstance -ClassName MSFT_MicrosoftGraphScopedRoleMembership -Property @{ RoleName = 'User Administrator' RoleMemberInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ - Identity = 'John.Doe@mytenant.com' - Type = 'User' - } -ClientOnly) + Identity = 'John.Doe@mytenant.com' + Type = 'User' + } -ClientOnly) #Identity = 'John.Doe@mytenant.com' #Type = 'User' } -ClientOnly) @@ -287,10 +287,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDirectoryAdministrativeUnit -MockWith { return [pscustomobject]@{ - Description = 'DSCAU2' - DisplayName = 'DSCAU2' - Id = 'DSCAU2' - Visibility = 'Public' + Description = 'DSCAU2' + DisplayName = 'DSCAU2' + Id = 'DSCAU2' + Visibility = 'Public' } } @@ -363,9 +363,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { (New-CimInstance -ClassName MSFT_MicrosoftGraphScopedRoleMembership -Property @{ RoleName = 'User Administrator' RoleMemberInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ - Identity = 'John.Doe@mytenant.com' - Type = 'User' - } -ClientOnly) + Identity = 'John.Doe@mytenant.com' + Type = 'User' + } -ClientOnly) #Identity = 'John.Doe@mytenant.com' #Type = 'User' } -ClientOnly) @@ -377,10 +377,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDirectoryAdministrativeUnit -MockWith { return [pscustomobject]@{ - Description = 'DSCAU' - DisplayName = 'DSCAU' - Id = 'DSCAU' - Visibility = 'Public' + Description = 'DSCAU' + DisplayName = 'DSCAU' + Id = 'DSCAU' + Visibility = 'Public' } } @@ -441,10 +441,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDirectoryAdministrativeUnit -MockWith { return @{ - Description = 'ExportDSCAU' - DisplayName = 'ExportDSCAU' - Id = 'ExportDSCAU' - Visibility = 'Public' + Description = 'ExportDSCAU' + DisplayName = 'ExportDSCAU' + Id = 'ExportDSCAU' + Visibility = 'Public' } } @@ -464,22 +464,22 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDirectoryAdministrativeUnitScopedRoleMember -MockWith { return @([pscustomobject]@{ - RoleId = '12345-67890' - RoleMemberInfo = @{ - DisplayName = 'John Doe' - Id = '1234567890' - } - }, - [pscustomobject]@{ - RoleId = '09876-54321' - RoleMemberInfo = @{ - DisplayName = 'FakeRoleGroup' - Id = '0987654321' - } - }) - } - - Mock -CommandName Invoke-MgGraphRequest -ParameterFilter {$Uri -match '1234567890$'} -MockWith { + RoleId = '12345-67890' + RoleMemberInfo = @{ + DisplayName = 'John Doe' + Id = '1234567890' + } + }, + [pscustomobject]@{ + RoleId = '09876-54321' + RoleMemberInfo = @{ + DisplayName = 'FakeRoleGroup' + Id = '0987654321' + } + }) + } + + Mock -CommandName Invoke-MgGraphRequest -ParameterFilter { $Uri -match '1234567890$' } -MockWith { return [pscustomobject]@{ '@odata.type' = '#microsoft.graph.user' DisplayName = 'John Doe' @@ -488,22 +488,22 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Mock -CommandName Invoke-MgGraphRequest -ParameterFilter {$Uri -match '0987654321$'} -MockWith { + Mock -CommandName Invoke-MgGraphRequest -ParameterFilter { $Uri -match '0987654321$' } -MockWith { return [pscustomobject]@{ - '@odata.type' = '#microsoft.graph.group' - DisplayName = 'FakeRoleGroup' - Id = '0987654321' + '@odata.type' = '#microsoft.graph.group' + DisplayName = 'FakeRoleGroup' + Id = '0987654321' } } - Mock -CommandName Get-MgDirectoryRole -ParameterFilter {$DirectoryRoleId -eq '12345-67890'} -MockWith { + Mock -CommandName Get-MgDirectoryRole -ParameterFilter { $DirectoryRoleId -eq '12345-67890' } -MockWith { return [pscustomobject]@{ Id = '12345-67890' DisplayName = 'DSC User Administrator' } } - Mock -CommandName Get-MgDirectoryRole -ParameterFilter {$DirectoryRoleId -eq '09876-54321'} -MockWith { + Mock -CommandName Get-MgDirectoryRole -ParameterFilter { $DirectoryRoleId -eq '09876-54321' } -MockWith { return [pscustomobject]@{ Id = '09876-54321' DisplayName = 'DSC Groups Administrator' @@ -511,7 +511,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } It 'Should Reverse Engineer resource from the Export method' { - $result = Export-TargetResource @testParams -Verbose + $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 index 924dc63ba3..0f7f672c1b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 @@ -96,6 +96,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { PrintBlocked = $False SaveAsBlocked = $True SimplePinBlocked = $False + Identity = '12345-12345-12345-12345-12345' } Mock -CommandName Get-MgDeviceAppManagementiosManagedAppProtection -MockWith { return $null From 1bde1c4460d62cdb534d85f7b7f87d62f88ef61a Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 6 Mar 2023 16:49:42 +0100 Subject: [PATCH 013/187] Updated changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e0be784671..3b17ae5151 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ FIXES [#2977](https://github.com/microsoft/Microsoft365DSC/issues/2977) * MISC * Added QA test that checks for existence of an example for each resource. + * Added a QA check to test for the presence of a Key parameter and fixes + resources where this was not the case. + FIXES [#2925](https://github.com/microsoft/Microsoft365DSC/issues/2925) * DRG * Various fixes: Remove invalid character from description in schema.mof From a5128ba7bf661a46d42f2ef68667188cbe2e09f6 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Fri, 17 Mar 2023 20:39:23 +0100 Subject: [PATCH 014/187] Updating more resources --- ...nagementAccessPackageAssignmentPolicy.psm1 | 6 +- ...ntAccessPackageAssignmentPolicy.schema.mof | 2 +- ...lementManagementConnectedOrganization.psm1 | 502 +++++++++--------- ...ManagementConnectedOrganization.schema.mof | 2 +- .../MSFT_AADRoleSetting.psm1 | 6 +- .../MSFT_AADRoleSetting.schema.mof | 2 +- .../MSFT_IntuneASRRulesPolicyWindows10.psm1 | 6 +- ...T_IntuneASRRulesPolicyWindows10.schema.mof | Bin 16440 -> 16446 bytes ...ntivirusPolicyWindows10SettingCatalog.psm1 | 6 +- ...usPolicyWindows10SettingCatalog.schema.mof | Bin 32594 -> 32600 bytes ...tionRulesPolicyWindows10ConfigManager.psm1 | 6 +- ...lesPolicyWindows10ConfigManager.schema.mof | Bin 16102 -> 16108 bytes ...otectionPolicyWindows10SettingCatalog.psm1 | 6 +- ...onPolicyWindows10SettingCatalog.schema.mof | Bin 6736 -> 6850 bytes ...SettingCatalogASRRulesPolicyWindows10.psm1 | 6 +- ...gCatalogASRRulesPolicyWindows10.schema.mof | Bin 15922 -> 16144 bytes ...ForBusinessRingUpdateProfileWindows10.psm1 | 6 +- ...inessRingUpdateProfileWindows10.schema.mof | 4 +- ...BusinessFeatureUpdateProfileWindows10.psm1 | 6 +- ...ssFeatureUpdateProfileWindows10.schema.mof | 4 +- 20 files changed, 285 insertions(+), 285 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 index 73efcbbf18..1cb0179505 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 @@ -24,7 +24,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -331,7 +331,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -500,7 +500,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof index 8941a2ad16..e4aecf5d08 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof @@ -124,7 +124,7 @@ class MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy : OMI_BaseResou [Write, Description("Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews are not required."), EmbeddedInstance("MSFT_MicrosoftGraphassignmentreviewsettings")] String AccessReviewSettings; [Write, Description("Indicates whether a user can extend the access package assignment duration after approval.")] Boolean CanExtend; [Write, Description("The description of the policy.")] String Description; - [Write, Description("The display name of the policy.")] String DisplayName; + [Required, Description("The display name of the policy.")] String DisplayName; [Write, Description("The number of days in which assignments from this policy last until they are expired.")] UInt32 DurationInDays; [Write, Description("The expiration date for assignments created in this policy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z")] String ExpirationDateTime; [Write, Description("Questions that are posed to the requestor."), EmbeddedInstance("MSFT_MicrosoftGraphaccesspackagequestion")] String Questions[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 index 1a57243f01..6abfe87c47 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 @@ -12,7 +12,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -21,7 +21,7 @@ function Get-TargetResource $IdentitySources, [Parameter()] - [ValidateSet('configured','proposed','unknownFutureValue')] + [ValidateSet('configured', 'proposed', 'unknownFutureValue')] [System.String] $State, @@ -94,7 +94,7 @@ function Get-TargetResource { Write-Verbose -Message "Entitlement Management Connected Organization with id {$id} was not found." - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgEntitlementManagementConnectedOrganization ` -Filter "displayName eq '$DisplayName'" ` @@ -109,67 +109,67 @@ function Get-TargetResource } Write-Verbose -Message "Entitlement Management Connected Organization with id {$($getValue.id)} and displayName {$($getValue.DisplayName)} was found." - [Array]$getExternalSponsors=Get-MgEntitlementManagementConnectedOrganizationExternalSponsor -ConnectedOrganizationId $getValue.id + [Array]$getExternalSponsors = Get-MgEntitlementManagementConnectedOrganizationExternalSponsor -ConnectedOrganizationId $getValue.id if ($null -ne $getExternalSponsors -and $getExternalSponsors.count -gt 0) { - $sponsors=@() - foreach($sponsor in $getExternalSponsors) + $sponsors = @() + foreach ($sponsor in $getExternalSponsors) { - $sponsors+= $sponsor.id + $sponsors += $sponsor.id } - $getExternalSponsors=$sponsors + $getExternalSponsors = $sponsors } - [Array]$getInternalSponsors=Get-MgEntitlementManagementConnectedOrganizationInternalSponsor -ConnectedOrganizationId $getValue.id + [Array]$getInternalSponsors = Get-MgEntitlementManagementConnectedOrganizationInternalSponsor -ConnectedOrganizationId $getValue.id if ($null -ne $getInternalSponsors -and $getInternalSponsors.count -gt 0) { - $sponsors=@() - foreach($sponsor in $getInternalSponsors) + $sponsors = @() + foreach ($sponsor in $getInternalSponsors) { - $sponsors+= $sponsor.id + $sponsors += $sponsor.id } - $getInternalSponsors=$sponsors + $getInternalSponsors = $sponsors } - $getIdentitySources=$null + $getIdentitySources = $null if ($null -ne $getValue.IdentitySources) { - $sources=@() + $sources = @() foreach ($source in $getValue.IdentitySources) { - $formattedSource=@{ - odataType = $source.AdditionalProperties."@odata.type" + $formattedSource = @{ + odataType = $source.AdditionalProperties.'@odata.type' } - if(-not [String]::IsNullOrEmpty($source.AdditionalProperties.displayName)) + if (-not [String]::IsNullOrEmpty($source.AdditionalProperties.displayName)) { - $formattedSource.Add('DisplayName',$source.AdditionalProperties.displayName) + $formattedSource.Add('DisplayName', $source.AdditionalProperties.displayName) } - if(-not [String]::IsNullOrEmpty($source.AdditionalProperties.tenantId)) + if (-not [String]::IsNullOrEmpty($source.AdditionalProperties.tenantId)) { - $formattedSource.Add('ExternalTenantId',$source.AdditionalProperties.tenantId) + $formattedSource.Add('ExternalTenantId', $source.AdditionalProperties.tenantId) } - if(-not [String]::IsNullOrEmpty($source.AdditionalProperties.cloudInstance)) + if (-not [String]::IsNullOrEmpty($source.AdditionalProperties.cloudInstance)) { - $formattedSource.Add('CloudInstance',$source.AdditionalProperties.cloudInstance) + $formattedSource.Add('CloudInstance', $source.AdditionalProperties.cloudInstance) } - if(-not [String]::IsNullOrEmpty($source.AdditionalProperties.domainName)) + if (-not [String]::IsNullOrEmpty($source.AdditionalProperties.domainName)) { - $formattedSource.Add('DomainName',$source.AdditionalProperties.domainName) + $formattedSource.Add('DomainName', $source.AdditionalProperties.domainName) } - if(-not [String]::IsNullOrEmpty($source.AdditionalProperties.issuerUri)) + if (-not [String]::IsNullOrEmpty($source.AdditionalProperties.issuerUri)) { - $formattedSource.Add('IssuerUri',$source.AdditionalProperties.issuerUri) + $formattedSource.Add('IssuerUri', $source.AdditionalProperties.issuerUri) } - $sources+=$formattedSource + $sources += $formattedSource } - $getIdentitySources=$sources + $getIdentitySources = $sources } @@ -217,7 +217,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -226,7 +226,7 @@ function Set-TargetResource $IdentitySources, [Parameter()] - [ValidateSet('configured','proposed','unknownFutureValue')] + [ValidateSet('configured', 'proposed', 'unknownFutureValue')] [System.String] $State, @@ -304,24 +304,24 @@ function Set-TargetResource $CreateParameters.Remove('InternalSponsors') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } - $newConnectedOrganization=New-MgEntitlementManagementConnectedOrganization -BodyParameter $CreateParameters + $newConnectedOrganization = New-MgEntitlementManagementConnectedOrganization -BodyParameter $CreateParameters foreach ($sponsor in $ExternalSponsors) { - $directoryObject=Get-MgDirectoryObject -DirectoryObjectId $sponsor - $directoryObjectType=$directoryObject.AdditionalProperties."@odata.type" - $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1 - $directoryObjectRef=@{ - "@odata.id" = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" + $directoryObject = Get-MgDirectoryObject -DirectoryObjectId $sponsor + $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' + $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 + $directoryObjectRef = @{ + '@odata.id' = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" } New-MgEntitlementManagementConnectedOrganizationExternalSponsorByRef ` @@ -331,10 +331,10 @@ function Set-TargetResource foreach ($sponsor in $InternalSponsors) { - $directoryObject=Get-MgDirectoryObject -DirectoryObjectId $sponsor - $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1 - $directoryObjectRef=@{ - "@odata.id" = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" + $directoryObject = Get-MgDirectoryObject -DirectoryObjectId $sponsor + $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 + $directoryObjectRef = @{ + '@odata.id' = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" } New-MgEntitlementManagementConnectedOrganizationInternalSponsorByRef ` @@ -355,12 +355,12 @@ function Set-TargetResource $UpdateParameters.Remove('InternalSponsors') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } @@ -368,16 +368,16 @@ function Set-TargetResource -ConnectedOrganizationId $currentInstance.Id #region External Sponsors - $sponsorsDifferences=compare-object -ReferenceObject @($ExternalSponsors|select-object) -DifferenceObject @($currentInstance.ExternalSponsors|select-object) - $sponsorsToAdd=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '<='}).InputObject - $sponsorsToRemove=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '=>'}).InputObject + $sponsorsDifferences = Compare-Object -ReferenceObject @($ExternalSponsors | Select-Object) -DifferenceObject @($currentInstance.ExternalSponsors | Select-Object) + $sponsorsToAdd = ($sponsorsDifferences | Where-Object -FilterScript { $_.SideIndicator -eq '<=' }).InputObject + $sponsorsToRemove = ($sponsorsDifferences | Where-Object -FilterScript { $_.SideIndicator -eq '=>' }).InputObject foreach ($sponsor in $sponsorsToAdd) { - $directoryObject=Get-MgDirectoryObject -DirectoryObjectId $sponsor - $directoryObjectType=$directoryObject.AdditionalProperties."@odata.type" - $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1 - $directoryObjectRef=@{ - "@odata.id" = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" + $directoryObject = Get-MgDirectoryObject -DirectoryObjectId $sponsor + $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' + $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 + $directoryObjectRef = @{ + '@odata.id' = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" } New-MgEntitlementManagementConnectedOrganizationExternalSponsorByRef ` @@ -393,16 +393,16 @@ function Set-TargetResource #endregion #region Internal Sponsors - $sponsorsDifferences=compare-object -ReferenceObject @($InternalSponsors|select-object) -DifferenceObject @($currentInstance.InternalSponsors|select-object) - $sponsorsToAdd=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '<='}).InputObject - $sponsorsToRemove=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '=>'}).InputObject + $sponsorsDifferences = Compare-Object -ReferenceObject @($InternalSponsors | Select-Object) -DifferenceObject @($currentInstance.InternalSponsors | Select-Object) + $sponsorsToAdd = ($sponsorsDifferences | Where-Object -FilterScript { $_.SideIndicator -eq '<=' }).InputObject + $sponsorsToRemove = ($sponsorsDifferences | Where-Object -FilterScript { $_.SideIndicator -eq '=>' }).InputObject foreach ($sponsor in $sponsorsToAdd) { - $directoryObject=Get-MgDirectoryObject -DirectoryObjectId $sponsor - $directoryObjectType=$directoryObject.AdditionalProperties."@odata.type" - $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1 - $directoryObjectRef=@{ - "@odata.id" = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" + $directoryObject = Get-MgDirectoryObject -DirectoryObjectId $sponsor + $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' + $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 + $directoryObjectRef = @{ + '@odata.id' = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" } New-MgEntitlementManagementConnectedOrganizationInternalSponsorByRef ` @@ -441,7 +441,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -450,7 +450,7 @@ function Test-TargetResource $IdentitySources, [Parameter()] - [ValidateSet('configured','proposed','unknownFutureValue')] + [ValidateSet('configured', 'proposed', 'unknownFutureValue')] [System.String] $State, @@ -509,34 +509,34 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false } - $testResult=$true + $testResult = $true #Compare Cim instances - foreach($key in $PSBoundParameters.Keys) + foreach ($key in $PSBoundParameters.Keys) { - $source=$PSBoundParameters.$key - $target=$CurrentValues.$key - if($source.getType().Name -like "*CimInstance*") + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') { - $source=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - $testResult=Compare-M365DSCComplexObject ` + $testResult = Compare-M365DSCComplexObject ` -Source ($source) ` -Target ($target) - if(-Not $testResult) + if (-Not $testResult) { - $testResult=$false - break; + $testResult = $false + break } - $ValuesToCheck.Remove($key)|Out-Null + $ValuesToCheck.Remove($key) | Out-Null } } @@ -632,10 +632,10 @@ function Export-TargetResource } foreach ($config in $getValue) { - $displayedKey=$config.id - if(-not [String]::IsNullOrEmpty($config.displayName)) + $displayedKey = $config.id + if (-not [String]::IsNullOrEmpty($config.displayName)) { - $displayedKey=$config.displayName + $displayedKey = $config.displayName } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ @@ -667,14 +667,14 @@ function Export-TargetResource } $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential if ($Results.IdentitySources) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "IdentitySources" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'IdentitySources' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -700,20 +700,20 @@ function Export-TargetResource function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" - "ExternalTenantId"="tenantId" + $keyToRename = @{ + 'odataType' = '@odata.type' + 'ExternalTenantId' = 'tenantId' } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -723,34 +723,34 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values - return ,$result + return , $result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like '*Hashtable') { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -762,51 +762,51 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -823,27 +823,27 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' ) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -876,15 +876,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -892,26 +892,26 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -920,23 +920,23 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -950,37 +950,37 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -989,9 +989,9 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $currentProperty += Get-M365DSCDRGComplexTypeToString ` -ComplexObject $item ` @@ -1005,21 +1005,21 @@ function Get-M365DSCDRGComplexTypeToString else { $currentProperty += Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1028,11 +1028,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1043,24 +1043,24 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } @@ -1081,49 +1081,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } foreach ($item in $Value) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1133,7 +1133,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1145,7 +1145,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1163,47 +1163,47 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -1213,36 +1213,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1250,16 +1250,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -1269,18 +1269,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1304,47 +1304,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof index d89234e33b..58f8fe2a5c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof @@ -15,7 +15,7 @@ class MSFT_AADEntitlementManagementConnectedOrganization : OMI_BaseResource { [Key, Description("The Id of the Connected organization object.")] String Id; [Write, Description("The description of the connected organization.")] String Description; - [Write, Description("The display name of the connected organization.")] String DisplayName; + [Required, Description("The display name of the connected organization.")] String DisplayName; [Write, Description("The identity sources in this connected organization."), EmbeddedInstance("MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource")] String IdentitySources[]; [Write, Description("The state of a connected organization defines whether assignment policies with requestor scope type AllConfiguredConnectedOrganizationSubjects are applicable or not."), ValueMap{"configured","proposed","unknownFutureValue"}, Values{"configured","proposed","unknownFutureValue"}] String State; [Write, Description("Collection of objectID of extenal sponsors. the sponsor can be a user or a group.")] String ExternalSponsors[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 index 947cd8aed4..bf3e4b0f12 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 @@ -8,7 +8,7 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Displayname, @@ -376,7 +376,7 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Displayname, @@ -1078,7 +1078,7 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Displayname, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof index f85181c596..252c918f3d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof @@ -2,7 +2,7 @@ class MSFT_AADRoleSetting : OMI_BaseResource { [Key, Description("Specifies the RoleId.")] String Id; - [Write, Description("RuleDefinition Displayname")] String Displayname; + [Required, Description("RuleDefinition Displayname")] String Displayname; [Write, Description("Activation maximum duration (hours).")] String ActivationMaxDuration; [Write, Description("Require justification on activation (True/False)")] Boolean ActivationReqJustification; [Write, Description("Require ticket information on activation (True/False)")] Boolean ActivationReqTicket; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 index 0695f443ef..ce056587a0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 @@ -8,7 +8,7 @@ function Get-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -249,7 +249,7 @@ function Set-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -496,7 +496,7 @@ function Test-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.schema.mof index 8d006b6b63feb295968d4703feb4989140e3e3af..6c282667ce2a61b70578afab09ad82c2d0845d0f 100644 GIT binary patch delta 33 ncmdndz__o0af1sFe-J||Lm@*cLncEJkd-p=p#0_>o-@V(t|kg( delta 18 Zcmdnjz__DPx# delta 18 acmccdkMYt!#tjZUllMqyY|i6(RRjQ9D+s*+ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 index 3e509e64d6..2e47bdd4cc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 @@ -8,7 +8,7 @@ function Get-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -271,7 +271,7 @@ function Set-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -502,7 +502,7 @@ function Test-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.schema.mof index 9fc90e793b3d8b1747137442c828c0a4ce5a5533..56c7efda12b67d82ca9fee144081a19822ad1289 100644 GIT binary patch delta 31 mcmaD>`=)lo5gz^^hE#?^hEj%1h9V#b}u5uV9^_%t?u;`wC=08$|c?f?J) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 index 7c3693ba15..ad04565067 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 @@ -8,7 +8,7 @@ function Get-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -195,7 +195,7 @@ function Set-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -362,7 +362,7 @@ function Test-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.schema.mof index 503ab02b50fd7f8e3e06163d5f7d3f15036987e0..ce99615926aa11d06ec90749ad4097d04ff43782 100644 GIT binary patch delta 250 zcmca$a>#VTHf99|g~_%&x*H!%V}Y?ZFJOJf2;)rNzK&U7ea6fB;**`Audvw I+%I_$0FvxJ&j0`b delta 139 zcmX?PdckDEw#idCj5faOV*$|<-wA9!!g`Jo#GZVL{RoiWwK;?{fobwC?o~jJ*5p|{ zlfZNgZ`0-{yc|p*&Sn{bBOonWn+1do&W#< diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 index bc636051b6..440e48f88a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 @@ -8,7 +8,7 @@ function Get-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -282,7 +282,7 @@ function Set-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -535,7 +535,7 @@ function Test-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.schema.mof index f96ea724a5ac9928e964b45c0ffc0d428865540d..fd2e9967c3fa9548020e13985b7cb935d5046980 100644 GIT binary patch delta 586 zcmdl~Gofz6Hf99|g~=0nbvHhk#sXt+UcmZ{5yqLkf&C1OJ@Em@o6gunxs zv6BtNMJ6v$658w`I0K;oCTJksfhssbl5aDMC==KrAfIeD5Lbe8KxS>8AQ^)qFd3x9 zLdFY4aPtAVK2(E2PMD`~1VwQ30;L8NZD6xpy= zP5H@txE}!}v?gES`2eQB@V*1ln}zr#KsvQ1M+rOt(t49Gs4H!rAUFdg2;tNTcR)A~ zB;__oh%zyOWgbWhY@R312j*;kAejSUG{|Hiq;=%`5T*zy9)WRGHtQ%u)K3N(`AT&Y zSZ47Bb%MH+E(1~d$zm5+)g8+{VETj=I8-*juoeQFyIIdxijk3XawDtu Date: Fri, 17 Mar 2023 20:47:24 +0100 Subject: [PATCH 015/187] Updated export code --- ...titlementManagementAccessPackageAssignmentPolicy.psm1 | 1 + ...FT_AADEntitlementManagementConnectedOrganization.psm1 | 1 + .../MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 | 1 + .../MSFT_IntuneASRRulesPolicyWindows10.psm1 | 7 ++++--- ...SFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 | 9 +++++---- ...urfaceReductionRulesPolicyWindows10ConfigManager.psm1 | 1 + ...neExploitProtectionPolicyWindows10SettingCatalog.psm1 | 9 +++++---- ...MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 | 9 +++++---- ...indowUpdateForBusinessRingUpdateProfileWindows10.psm1 | 1 + ...wsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 | 1 + 10 files changed, 25 insertions(+), 15 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 index 1cb0179505..b795a5d69f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 @@ -701,6 +701,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ id = $config.id + DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 index 6abfe87c47..ebfcf07762 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 @@ -640,6 +640,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ id = $config.id + DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 index bf3e4b0f12..b33f198bcd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 @@ -1373,6 +1373,7 @@ function Export-TargetResource Write-Host " |---[$i/$($roles.Count)] $($role.DisplayName)" -NoNewline $Params = @{ Id = $role.Id + DisplayName = $role.DisplayName ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 index ce056587a0..3eb855efa4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 @@ -684,7 +684,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -697,7 +697,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -706,7 +706,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } @@ -804,6 +804,7 @@ function Export-TargetResource $params = @{ Identity = $policy.Id + DisplayName = $policy.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 index 6be393b359..9c7978b149 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 @@ -1277,7 +1277,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -1290,7 +1290,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -1299,7 +1299,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } @@ -1407,6 +1407,7 @@ function Export-TargetResource $params = @{ Identity = $policy.id + DisplayName = $policy.Name TemplateId = $policy.templateReference.templateId Ensure = 'Present' Credential = $Credential @@ -1471,7 +1472,7 @@ function Export-TargetResource Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 index 2e47bdd4cc..98bb2d1feb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 @@ -808,6 +808,7 @@ function Export-TargetResource $params = @{ Identity = $policy.id + DisplayName = $policy.Name Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 index ad04565067..181face5ba 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 @@ -90,7 +90,7 @@ function Get-TargetResource if ($null -eq $policy) { Write-Verbose -Message "No Endpoint Protection Attack Surface Protection rules Policy {$Identity} was found" - $policy = Get-MgDeviceManagementConfigurationPolicy | Where-Object -FilterScript { $_.Name -eq "$DisplayName" -and $_.templateReference.TemplateId -eq "$templateReferenceId" } -ErrorAction silentlyContinue + $policy = Get-MgDeviceManagementConfigurationPolicy | Where-Object -FilterScript { $_.Name -eq "$DisplayName" -and $_.templateReference.TemplateId -eq "$templateReferenceId" } -ErrorAction silentlyContinue } if ($null -eq $policy) @@ -460,7 +460,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -473,7 +473,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -482,7 +482,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } @@ -578,6 +578,7 @@ function Export-TargetResource $params = @{ Identity = $policy.id + DisplayName = $policy.Name Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 index 440e48f88a..5b5b273b3d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 @@ -183,7 +183,7 @@ function Get-TargetResource if ($null -eq $policy) { Write-Verbose -Message "No Endpoint Protection Attack Surface Protection rules Policy {$Identity} was found" - $policy = Get-MgDeviceManagementConfigurationPolicy | Where-Object -FilterScript { $_.Name -eq "$DisplayName" -and $_.templateReference.TemplateId -eq "$templateReferenceId" } -ErrorAction silentlyContinue + $policy = Get-MgDeviceManagementConfigurationPolicy | Where-Object -FilterScript { $_.Name -eq "$DisplayName" -and $_.templateReference.TemplateId -eq "$templateReferenceId" } -ErrorAction silentlyContinue } if ($null -eq $policy) @@ -733,7 +733,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -746,7 +746,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -755,7 +755,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } } @@ -853,6 +853,7 @@ function Export-TargetResource $params = @{ Identity = $policy.id + DisplayName = $policy.Name Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 index e3334fc603..a7a14891e0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 @@ -1085,6 +1085,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id + DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 index 19fb14f335..d179490b2f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 @@ -538,6 +538,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id + DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId From 3c11192f1537bd5b4e5f52cc90a091df93ddba14 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Fri, 17 Mar 2023 22:40:23 +0100 Subject: [PATCH 016/187] Removing deprecated parameters --- CHANGELOG.md | 35 +++++ .../MSFT_AADApplication.psm1 | 31 +--- .../MSFT_AADApplication.schema.mof | 1 - .../MSFT_AADConditionalAccessPolicy.psm1 | 55 ------- ...MSFT_AADConditionalAccessPolicy.schema.mof | 2 - .../MSFT_AADUser/MSFT_AADUser.psm1 | 18 --- .../MSFT_AADUser/MSFT_AADUser.schema.mof | 1 - .../MSFT_EXOAntiPhishPolicy.psm1 | 45 ------ .../MSFT_EXOAntiPhishPolicy.schema.mof | 2 - .../MSFT_EXOHostedContentFilterPolicy.psm1 | 40 ----- ...FT_EXOHostedContentFilterPolicy.schema.mof | 2 - .../MSFT_EXOMalwareFilterPolicy.psm1 | 138 +----------------- .../MSFT_EXOMalwareFilterPolicy.schema.mof | 4 - .../MSFT_EXOOrganizationConfig.psm1 | 24 --- .../MSFT_EXOOrganizationConfig.schema.mof | 1 - .../MSFT_EXOSafeLinksPolicy.psm1 | 74 ---------- .../MSFT_EXOSafeLinksPolicy.schema.mof | 3 - .../MSFT_EXOSharedMailbox.psm1 | 45 ------ .../MSFT_EXOSharedMailbox.schema.mof | 1 - .../MSFT_EXOTransportRule.psm1 | 73 --------- .../MSFT_EXOTransportRule.schema.mof | 3 - .../MSFT_SCSensitivityLabel.psm1 | 85 ----------- .../MSFT_SCSensitivityLabel.schema.mof | 4 - .../MSFT_SPOTenantSettings.psm1 | 31 +--- .../MSFT_SPOTenantSettings.schema.mof | 1 - .../MSFT_TeamsMeetingPolicy.psm1 | 46 ------ .../MSFT_TeamsMeetingPolicy.schema.mof | Bin 31248 -> 30946 bytes 27 files changed, 38 insertions(+), 727 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8845afcc19..d4435a96e0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,40 @@ # Change log for Microsoft365DSC +# APRIL BREAKING CHANGES + +* AADApplication + * [BREAKING CHANGE] Remove deprecated parameter Oauth2RequirePostResponse +* AADConditionalAccessPolicy + * [BREAKING CHANGE] Remove deprecated parameters IncludeDevices and ExcludeDevices +* AADUser + * [BREAKING CHANGE] Remove deprecated parameter PreferredDataLocation +* EXOAntiPhishPolicy + * [BREAKING CHANGE] Remove deprecated parameters EnableAntispoofEnforcement and + TargetedDomainProtectionAction +* EXOHostedContentFilterPolicy + * [BREAKING CHANGE] Remove deprecated parameters EndUserSpamNotificationCustomFromAddress + and EndUserSpamNotificationCustomFromName +* EXOMalwareFilterPolicy + * [BREAKING CHANGE] Remove deprecated parameters Action, CustomAlertText, + EnableExternalSenderNotifications and EnableInternalSenderNotifications +* EXOOrganizationConfig + * [BREAKING CHANGE] Remove deprecated parameters AllowPlusAddressInRecipients +* EXOSaveLinksPolicy + * [BREAKING CHANGE] Remove deprecated parameters DoNotAllowClickThrough, + DoNotTrackUserClicks and IsEnabled +* EXOSharedMailbox + * [BREAKING CHANGE] Remove deprecated parameter Aliases +* EXOTransportRule + * [BREAKING CHANGE] Remove deprecated parameter ExceptIfMessageContainsAllDataClassifications, + IncidentReportOriginalMail and MessageContainsAllDataClassifications +* SCSensitivityLabel + * [BREAKING CHANGE] Remove deprecated parameters Disabled, ApplyContentMarkingFooterFontName, + ApplyContentMarkingHeaderFontName, ApplyWaterMarkingFontName and EncryptionAipTemplateScopes +* SPOTenantSettings + * [BREAKING CHANGE] Remove deprecated parameter RequireAcceptingAccountMatchInvitedAccount +* TeamsMeetingPolicy + * [BREAKING CHANGE] Remove deprecated parameter RecordingStorageMode + # UNRELEASED * EXORoleAssignmentPolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 index 3a8d07b4b0..ccbe457f2d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 @@ -40,10 +40,6 @@ function Get-TargetResource [System.String[]] $KnownClientApplications, - [Parameter()] - [System.Boolean] - $Oauth2RequirePostResponse, - [Parameter()] [System.Boolean] $PublicClient = $false, @@ -150,14 +146,9 @@ function Get-TargetResource { $AvailableToOtherTenantsValue = $true } - $currentOauth2RequirePostResponseValue = $AADApp.Oauth2RequirePostResponse - if ([System.String]::IsNullOrEmpty($currentOauth2RequirePostResponseValue)) - { - $currentOauth2RequirePostResponseValue = $false - } [Array]$Owners = Get-MgApplicationOwner -ApplicationId $AADApp.Id -All:$true | ` - Where-Object { !$_.DeletedDateTime } + Where-Object { !$_.DeletedDateTime } $OwnersValues = @() foreach ($Owner in $Owners) { @@ -179,8 +170,6 @@ function Get-TargetResource IdentifierUris = $AADApp.IdentifierUris KnownClientApplications = $AADApp.Api.KnownClientApplications LogoutURL = $AADApp.web.LogoutURL - #DEPRECATED - #Oauth2RequirePostResponse = $currentOauth2RequirePostResponseValue PublicClient = $isPublicClient ReplyURLs = $AADApp.web.RedirectUris Owners = $OwnersValues @@ -252,10 +241,6 @@ function Set-TargetResource [System.String] $LogoutURL, - [Parameter()] - [System.Boolean] - $Oauth2RequirePostResponse, - [Parameter()] [System.Boolean] $PublicClient = $false, @@ -341,15 +326,6 @@ function Set-TargetResource $backCurrentOwners = $currentAADApp.Owners $currentParameters.Remove('Owners') | Out-Null - if ($PSBoundParameters.ContainsKey('Oauth2RequirePostResponse')) - { - Write-Warning -Message 'The Oauth2RequirePostResponse parameter has been deprecated. Please remove it from your configuration.' - - # Passing in the Oauth2RequirePostResponse parameter returns an error when calling update-mgapplication. - # Removing it temporarly for the update scenario. - $currentParameters.Remove('Oauth2RequirePostResponse') | Out-Null - } - if ($KnownClientApplications) { Write-Verbose -Message 'Checking if the known client applications already exist.' @@ -623,10 +599,6 @@ function Test-TargetResource [System.String] $LogoutURL, - [Parameter()] - [System.Boolean] - $Oauth2RequirePostResponse, - [Parameter()] [System.Boolean] $PublicClient = $false, @@ -735,7 +707,6 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - $ValuesToCheck.Remove('Oauth2RequirePostResponse') | Out-Null # DEPRECATED $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof index beb75a4a46..9a14672759 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof @@ -19,7 +19,6 @@ class MSFT_AADApplication : OMI_BaseResource [Write, Description("User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain.")] string IdentifierUris[]; [Write, Description("Client applications that are tied to this resource application.")] string KnownClientApplications[]; [Write, Description("The logout url for this application.")] string LogoutURL; - [Write, Description("Set this to true if an Oauth2 post response is required.")] Boolean Oauth2RequirePostResponse; [Write, Description("Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.")] Boolean PublicClient; [Write, Description("Specifies the URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.")] String ReplyURLs[]; [Write, Description("UPN or ObjectID values of the app's owners.")] String Owners[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index ba92ae59d5..c7a5458567 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -101,17 +101,6 @@ function Get-TargetResource [System.String[]] $ExcludeLocations, - #ConditionalAccessDevicesCondition - #DEPRECATED - [Parameter()] - [System.String[]] - $IncludeDevices, - - #DEPRECATED - [Parameter()] - [System.String[]] - $ExcludeDevices, - [Parameter()] [ValidateSet('include', 'exclude')] [System.String] @@ -596,9 +585,6 @@ function Get-TargetResource IncludeLocations = $IncludeLocations ExcludeLocations = $ExcludeLocations - IncludeDevices = [System.String[]](@() + $Policy.Conditions.Devices.IncludeDevices) - ExcludeDevices = [System.String[]](@() + $Policy.Conditions.Devices.ExcludeDevices) - #no translation needed, return empty string array if undefined DeviceFilterMode = [System.String]$Policy.Conditions.Devices.DeviceFilter.Mode #no translation or conversion needed @@ -748,17 +734,6 @@ function Set-TargetResource [System.String[]] $ExcludeLocations, - #ConditionalAccessDevicesCondition - #DEPRECATED - [Parameter()] - [System.String[]] - $IncludeDevices, - - #DEPRECATED - [Parameter()] - [System.String[]] - $ExcludeDevices, - [Parameter()] [ValidateSet('include', 'exclude')] [System.String] @@ -1304,12 +1279,6 @@ function Set-TargetResource } } - #DEPRECATED - if ($IncludeDevices -or $ExcludeDevices) - { - Write-Verbose -Message 'IncludeDevices and ExcludeDevices parameters are deprecated. These settings will not be applied. Instead, use the DeviceFilterMode and DeviceFilterRule parameters.' - } - Write-Verbose -Message 'Set-Targetresource: process device filter' if ($DeviceFilterMode -and $DeviceFilterRule) { @@ -1616,17 +1585,6 @@ function Test-TargetResource [System.String[]] $ExcludeLocations, - #ConditionalAccessDevicesCondition - #DEPRECATED - [Parameter()] - [System.String[]] - $IncludeDevices, - - #DEPRECATED - [Parameter()] - [System.String[]] - $ExcludeDevices, - [Parameter()] [ValidateSet('include', 'exclude')] [System.String] @@ -1835,19 +1793,6 @@ function Export-TargetResource } $Results = Get-TargetResource @Params - #DEPRECATED - if ($Results.IncludeDevices) - { - Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The Include Devices parameter is deprecated. Instead use the Device Filter Mode and Device Filter Rule parameters in the portal." - $Results.Remove('IncludeDevices') | Out-Null - } - #DEPRECATED - if ($Results.ExcludeDevices) - { - Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The Exclude Devices parameter is deprecated. Instead use the Device Filter Mode and Device Filter Rule parameters in the portal." - $Results.Remove('ExcludeDevices') | Out-Null - } - if ([System.String]::IsNullOrEmpty($Results.DeviceFilterMode)) { $Results.Remove('DeviceFilterMode') | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof index e2877f13e3..a769b74d71 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof @@ -23,8 +23,6 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource [Write, Description("Client Device Platforms out of scope of the Policy.")] String ExcludePlatforms[]; [Write, Description("AAD Named Locations in scope of the Policy.")] String IncludeLocations[]; [Write, Description("AAD Named Locations out of scope of the Policy.")] String ExcludeLocations[]; - [Write, Description("Client Device Compliance states in scope of the Policy.")] String IncludeDevices[]; - [Write, Description("Client Device Compliance states out of scope of the Policy.")] String ExcludeDevices[]; [Write, Description("Client Device Filter mode of the Policy."), ValueMap{"include","exclude"}, Values{"include","exclude"}] String DeviceFilterMode; [Write, Description("Client Device Filter rule of the Policy.")] String DeviceFilterRule; [Write, Description("AAD Identity Protection User Risk Levels in scope of the Policy.")] String UserRiskLevels[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 index 52f62631fd..5c9c2d5426 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 @@ -72,10 +72,6 @@ function Get-TargetResource [System.String] $PostalCode, - [Parameter()] - [System.String] - $PreferredDataLocation, - [Parameter()] [System.String] $PreferredLanguage, @@ -314,10 +310,6 @@ function Set-TargetResource [System.String] $PostalCode, - [Parameter()] - [System.String] - $PreferredDataLocation, - [Parameter()] [System.String] $PreferredLanguage, @@ -373,12 +365,6 @@ function Set-TargetResource $ManagedIdentity ) - # PreferredDataLocation is no longer an accepted value; - if (![System.String]::IsNullOrEmpty($PreferredDataLocation)) - { - Write-Warning '[DEPRECATED] Property PreferredDataLocation is no longer supported by resource AADUser' - } - Write-Verbose -Message "Setting configuration of Office 365 User $UserPrincipalName" #Ensure the proper dependencies are installed in the current environment. @@ -667,10 +653,6 @@ function Test-TargetResource [System.String] $PostalCode, - [Parameter()] - [System.String] - $PreferredDataLocation, - [Parameter()] [System.String] $PreferredLanguage, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof index 9dbb1e9cb1..5b4c2ad1c7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof @@ -19,7 +19,6 @@ class MSFT_AADUser : OMI_BaseResource [Write, Description("Specifies password policies for the user.")] String PasswordPolicies; [Write, Description("The Phone Number of the user")] String PhoneNumber; [Write, Description("The Postal Code of the user")] String PostalCode; - [Write, Description("The Prefered location to store data of the user")] String PreferredDataLocation; [Write, Description("The Prefered Language of the user")] String PreferredLanguage; [Write, Description("Specifies the state or province where the user is located")] String State; [Write, Description("Specifies the street address of the user")] String StreetAddress; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 index f2e33882ec..301eddb73f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 @@ -21,11 +21,6 @@ function Get-TargetResource [System.Boolean] $Enabled = $true, - # Deprecated - [Parameter()] - [System.Boolean] - $EnableAntispoofEnforcement = $true, - [Parameter()] [System.Boolean] $EnableFirstContactSafetyTips = $true, @@ -122,12 +117,6 @@ function Get-TargetResource [System.String[]] $TargetedDomainActionRecipients = @(), - # Deprecated - [Parameter()] - [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')] - [System.String] - $TargetedDomainProtectionAction = 'NoAction', - [Parameter()] [System.String[]] $TargetedDomainsToProtect = @(), @@ -316,11 +305,6 @@ function Set-TargetResource [System.Boolean] $Enabled = $true, - # Deprecated - [Parameter()] - [System.Boolean] - $EnableAntispoofEnforcement = $true, - [Parameter()] [System.Boolean] $EnableFirstContactSafetyTips = $true, @@ -417,12 +401,6 @@ function Set-TargetResource [System.String[]] $TargetedDomainActionRecipients = @(), - # Deprecated - [Parameter()] - [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')] - [System.String] - $TargetedDomainProtectionAction = 'NoAction', - [Parameter()] [System.String[]] $TargetedDomainsToProtect = @(), @@ -477,18 +455,6 @@ function Set-TargetResource $ManagedIdentity ) - if ($EnableAntispoofEnforcement) - { - Write-Verbose -Message ('The EnableAntispoofEnforcement parameter is now deprecated. ' + ` - 'It will be removed in the next major release. Please update your configuraton.') - } - - if ($TargetedDomainProtectionAction) - { - Write-Verbose -Message ('The TargetedDomainProtectionAction parameter is now deprecated. ' + ` - 'It will be removed in the next major release. Please update your configuraton.') - } - Write-Verbose -Message "Setting configuration of AntiPhishPolicy for $Identity" #Ensure the proper dependencies are installed in the current environment. @@ -562,11 +528,6 @@ function Test-TargetResource [System.Boolean] $Enabled = $true, - # Deprecated - [Parameter()] - [System.Boolean] - $EnableAntispoofEnforcement = $true, - [Parameter()] [System.Boolean] $EnableFirstContactSafetyTips = $true, @@ -663,12 +624,6 @@ function Test-TargetResource [System.String[]] $TargetedDomainActionRecipients = @(), - # Deprecated - [Parameter()] - [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')] - [System.String] - $TargetedDomainProtectionAction = 'NoAction', - [Parameter()] [System.String[]] $TargetedDomainsToProtect = @(), diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof index 01f4004749..5da587ef4e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof @@ -6,11 +6,9 @@ class MSFT_EXOAntiPhishPolicy : OMI_BaseResource [Write, Description("The AdminDisplayName parameter specifies a description for the policy.")] String AdminDisplayName; [Write, Description("The PhishThresholdLevel parameter specifies the tolerance level that's used by machine learning in the handling of phishing messages."), ValueMap{"1","2","3","4"}, Values{"1","2","3","4"}] String PhishThresholdLevel; [Write, Description("The AuthenticationFailAction parameter specifies the action to take when the message fails composite authentication."), ValueMap{"MoveToJmf","Quarantine"}, Values{"MoveToJmf","Quarantine"}] String AuthenticationFailAction; - [Write, Description("The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages for the domains specified by the TargetedDomainsToProtect parameter."), ValueMap{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}, Values{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}] String TargetedDomainProtectionAction; [Write, Description("The TargetedUserProtectionAction parameter specifies the action to take on detected user impersonation messages for the users specified by the TargetedUsersToProtect parameter."), ValueMap{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}, Values{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}] String TargetedUserProtectionAction; [Write, Description("Specify if this policy should be enabled. Default is $true.")] Boolean Enabled; [Write, Description("The EnableFirstContactSafetyTips parameter specifies whether to enable or disable the safety tip that's shown when recipients first receive an email from a sender or do not often receive email from a sender.")] Boolean EnableFirstContactSafetyTips; - [Write, Description("DEPRECATED.")] Boolean EnableAntispoofEnforcement; [Write, Description("The EnableMailboxIntelligence parameter specifies whether to enable or disable mailbox intelligence (the first contact graph) in domain and user impersonation protection.")] Boolean EnableMailboxIntelligence; [Write, Description("The EnableMailboxIntelligenceProtection specifies whether to enable or disable enhanced impersonation results based on each user's individual sender map. This intelligence allows Microsoft 365 to customize user impersonation detection and better handle false positives.")] Boolean EnableMailboxIntelligenceProtection; [Write, Description("The EnableOrganizationDomainsProtection parameter specifies whether to enable domain impersonation protection for all registered domains in the Office 365 organization.")] Boolean EnableOrganizationDomainsProtection; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 index 91946cb32e..b8f446d38f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 @@ -62,15 +62,6 @@ function Get-TargetResource [System.Boolean] $EnableRegionBlockList = $false, - [Parameter()] - [ValidatePattern("^$|^[a-zA-Z0-9.!£#$%&'^_`{}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$")] - [System.String] - $EndUserSpamNotificationCustomFromAddress, - - [Parameter()] - [System.String] - $EndUserSpamNotificationCustomFromName, - [Parameter()] [System.String] $EndUserSpamNotificationCustomSubject, @@ -471,15 +462,6 @@ function Set-TargetResource [System.Boolean] $EnableRegionBlockList = $false, - [Parameter()] - [ValidatePattern("^$|^[a-zA-Z0-9.!£#$%&'^_`{}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$")] - [System.String] - $EndUserSpamNotificationCustomFromAddress, - - [Parameter()] - [System.String] - $EndUserSpamNotificationCustomFromName, - [Parameter()] [System.String] $EndUserSpamNotificationCustomSubject, @@ -722,17 +704,6 @@ function Set-TargetResource $HostedContentFilterPolicyParams.Remove('CertificatePassword') | Out-Null $HostedContentFilterPolicyParams.Remove('ManagedIdentity') | Out-Null - if ($HostedContentFilterPolicyParams.Contains('EndUserSpamNotificationCustomFromAddress')) - { - $HostedContentFilterPolicyParams.Remove('EndUserSpamNotificationCustomFromAddress') | Out-Null - Write-Verbose -Message 'The EndUserSpamNotificationCustomFromAddress parameter is no longer available and will be deprecated.' - } - if ($HostedContentFilterPolicyParams.Contains('EndUserSpamNotificationCustomFromName')) - { - $HostedContentFilterPolicyParams.Remove('EndUserSpamNotificationCustomFromName') | Out-Null - Write-Verbose -Message 'The EndUserSpamNotificationCustomFromName parameter is no longer available and will be deprecated.' - } - if (('Present' -eq $Ensure ) -and ($null -eq $HostedContentFilterPolicy)) { $HostedContentFilterPolicyParams += @{ @@ -831,15 +802,6 @@ function Test-TargetResource [System.Boolean] $EnableRegionBlockList = $false, - [Parameter()] - [ValidatePattern("^$|^[a-zA-Z0-9.!£#$%&'^_`{}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$")] - [System.String] - $EndUserSpamNotificationCustomFromAddress, - - [Parameter()] - [System.String] - $EndUserSpamNotificationCustomFromName, - [Parameter()] [System.String] $EndUserSpamNotificationCustomSubject, @@ -1070,8 +1032,6 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('EndUserSpamNotificationCustomFromAddress') | Out-Null - $ValuesToCheck.Remove('EndUserSpamNotificationCustomFromName') | Out-Null $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.schema.mof index c8802c8719..6bf606d1ac 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.schema.mof @@ -15,8 +15,6 @@ class MSFT_EXOHostedContentFilterPolicy : OMI_BaseResource [Write, Description("The EnableEndUserSpamNotification parameter enables for disables sending end-user spam quarantine notification messages. Valid input for this parameter is $true or $false. The default value is $false.")] Boolean EnableEndUserSpamNotifications; [Write, Description("The EnableLanguageBlockList parameter enables or disables blocking email messages that are written in specific languages, regardless of the message contents. Valid input for this parameter is $true or $false. The default value is $false.")] Boolean EnableLanguageBlockList; [Write, Description("The EnableRegionBlockList parameter enables or disables blocking email messages that are sent from specific countries or regions, regardless of the message contents. Valid input for this parameter is $true or $false. The default value is $false.")] Boolean EnableRegionBlockList; - [Write, Description("This parameter has been deprecated and is no longer used. The EndUserSpamNotificationCustomFromAddress parameter specifies a custom From address for end-user spam notification messages. Valid input for this parameter is an SMTP email address or an empty string.")] String EndUserSpamNotificationCustomFromAddress; - [Write, Description("This parameter has been deprecated and is no longer used. The EndUserSpamNotificationCustomFromName parameter specifies a custom display name in the From field for end-user spam notification messages. ")] String EndUserSpamNotificationCustomFromName; [Write, Description("The EndUserSpamNotificationCustomSubject parameter specifies a custom subject for end-user spam notification messages.")] String EndUserSpamNotificationCustomSubject; [Write, Description("The EndUserSpamNotificationFrequency parameter specifies the repeat interval in days that end-user spam notification messages are sent. Valid input for this parameter is an integer between 1 and 15. The default value is 3.")] UInt32 EndUserSpamNotificationFrequency; [Write, Description("The EndUserSpamNotificationLanguage parameter specifies the language of end-user spam notification messages. The default value is Default. This means the default language of end-user spam notification messages is the default language of the cloud-based organization."), ValueMap{"Default","English","French","German","Italian","Japanese","Spanish","Korean","Portuguese","Russian","ChineseSimplified","ChineseTraditional","Amharic","Arabic","Bulgarian","BengaliIndia","Catalan","Czech","Cyrillic","Danish","Greek","Estonian","Basque","Farsi","Finnish","Filipino","Galician","Gujarati","Hebrew","Hindi","Croatian","Hungarian","Indonesian","Icelandic","Kazakh","Kannada","Lithuanian","Latvian","Malayalam","Marathi","Malay","Dutch","NorwegianNynorsk","Norwegian","Oriya","Polish","PortuguesePortugal","Romanian","Slovak","Slovenian","SerbianCyrillic","Serbian","Swedish","Swahili","Tamil","Telugu","Thai","Turkish","Ukrainian","Urdu","Vietnamese"}, Values{"Default","English","French","German","Italian","Japanese","Spanish","Korean","Portuguese","Russian","ChineseSimplified","ChineseTraditional","Amharic","Arabic","Bulgarian","BengaliIndia","Catalan","Czech","Cyrillic","Danish","Greek","Estonian","Basque","Farsi","Finnish","Filipino","Galician","Gujarati","Hebrew","Hindi","Croatian","Hungarian","Indonesian","Icelandic","Kazakh","Kannada","Lithuanian","Latvian","Malayalam","Marathi","Malay","Dutch","NorwegianNynorsk","Norwegian","Oriya","Polish","PortuguesePortugal","Romanian","Slovak","Slovenian","SerbianCyrillic","Serbian","Swedish","Swahili","Tamil","Telugu","Thai","Turkish","Ukrainian","Urdu","Vietnamese"}] String EndUserSpamNotificationLanguage; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMalwareFilterPolicy/MSFT_EXOMalwareFilterPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMalwareFilterPolicy/MSFT_EXOMalwareFilterPolicy.psm1 index bb33ff8fb2..8d5181d8bb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMalwareFilterPolicy/MSFT_EXOMalwareFilterPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMalwareFilterPolicy/MSFT_EXOMalwareFilterPolicy.psm1 @@ -8,21 +8,10 @@ function Get-TargetResource [System.String] $Identity, - # DEPRECATED - [Parameter()] - [ValidateSet('DeleteMessage', 'DeleteAttachmentAndUseDefaultAlert', 'DeleteAttachmentAndUseCustomAlert')] - [System.String] - $Action, - [Parameter()] [System.String] $AdminDisplayName, - #DEPRECATED - [Parameter()] - [System.String] - $CustomAlertText, - [Parameter()] [System.String] $CustomExternalBody, @@ -55,11 +44,6 @@ function Get-TargetResource [System.Boolean] $EnableExternalSenderAdminNotifications, - # DEPRECATED - [Parameter()] - [System.Boolean] - $EnableExternalSenderNotifications, - [Parameter()] [System.Boolean] $EnableFileFilter, @@ -68,11 +52,6 @@ function Get-TargetResource [System.Boolean] $EnableInternalSenderAdminNotifications, - # DEPRECATED - [Parameter()] - [System.Boolean] - $EnableInternalSenderNotifications, - [Parameter()] [System.String] $ExternalSenderAdminAddress, @@ -161,24 +140,6 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - # Warning for deprecated parameters - if ($PSBoundParameters.ContainsKey('Action')) - { - Write-Warning 'Action is deprecated. Please remove this parameter from your configuration.' - } - if ($PSBoundParameters.ContainsKey('EnableExternalSenderNotifications')) - { - Write-Warning 'EnableExternalSenderNotifications is deprecated. Please remove this parameter from your configuration.' - } - if ($PSBoundParameters.ContainsKey('EnableInternalSenderNotifications')) - { - Write-Warning 'EnableInternalSenderNotifications is deprecated. Please remove this parameter from your configuration.' - } - if ($PSBoundParameters.ContainsKey('CustomAlertText')) - { - Write-Warning 'CustomAlertText is deprecated. Please remove this parameter from your configuration.' - } - $nullReturn = $PSBoundParameters $nullReturn.Ensure = 'Absent' @@ -197,8 +158,6 @@ function Get-TargetResource $result = @{ Identity = $Identity AdminDisplayName = $MalwareFilterPolicy.AdminDisplayName - #DEPRECATED - #CustomAlertText = $MalwareFilterPolicy.CustomAlertText CustomExternalBody = $MalwareFilterPolicy.CustomExternalBody CustomExternalSubject = $MalwareFilterPolicy.CustomExternalSubject CustomFromAddress = $MalwareFilterPolicy.CustomFromAddress @@ -252,21 +211,10 @@ function Set-TargetResource [System.String] $Identity, - # DEPRECATED - [Parameter()] - [ValidateSet('DeleteMessage', 'DeleteAttachmentAndUseDefaultAlert', 'DeleteAttachmentAndUseCustomAlert')] - [System.String] - $Action, - [Parameter()] [System.String] $AdminDisplayName, - #DEPRECATED - [Parameter()] - [System.String] - $CustomAlertText, - [Parameter()] [System.String] $CustomExternalBody, @@ -299,11 +247,6 @@ function Set-TargetResource [System.Boolean] $EnableExternalSenderAdminNotifications, - # DEPRECATED - [Parameter()] - [System.Boolean] - $EnableExternalSenderNotifications, - [Parameter()] [System.Boolean] $EnableFileFilter, @@ -312,11 +255,6 @@ function Set-TargetResource [System.Boolean] $EnableInternalSenderAdminNotifications, - # DEPRECATED - [Parameter()] - [System.Boolean] - $EnableInternalSenderNotifications, - [Parameter()] [System.String] $ExternalSenderAdminAddress, @@ -395,24 +333,6 @@ function Set-TargetResource $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters - # Warning for deprecated parameters - if ($PSBoundParameters.ContainsKey('Action')) - { - Write-Warning 'Action is deprecated. Please remove this parameter from your configuration.' - } - if ($PSBoundParameters.ContainsKey('EnableExternalSenderNotifications')) - { - Write-Warning 'EnableExternalSenderNotifications is deprecated. Please remove this parameter from your configuration.' - } - if ($PSBoundParameters.ContainsKey('EnableInternalSenderNotifications')) - { - Write-Warning 'EnableInternalSenderNotifications is deprecated. Please remove this parameter from your configuration.' - } - if ($PSBoundParameters.ContainsKey('CustomAlertText')) - { - Write-Warning 'CustomAlertText is deprecated. Please remove this parameter from your configuration.' - } - $MalwareFilterPolicys = Get-MalwareFilterPolicy $MalwareFilterPolicy = $MalwareFilterPolicys | Where-Object -FilterScript { $_.Identity -eq $Identity } $MalwareFilterPolicyParams = [System.Collections.Hashtable]($PSBoundParameters) @@ -424,15 +344,6 @@ function Set-TargetResource $MalwareFilterPolicyParams.Remove('CertificatePath') | Out-Null $MalwareFilterPolicyParams.Remove('CertificatePassword') | Out-Null $MalwareFilterPolicyParams.Remove('ManagedIdentity') | Out-Null - # Remove deprecated parameters - #DEPRECATED - $MalwareFilterPolicyParams.Remove('Action') | Out-Null - #DEPRECATED - $MalwareFilterPolicyParams.Remove('EnableExternalSenderNotifications') | Out-Null - #DEPRECATED - $MalwareFilterPolicyParams.Remove('EnableInternalSenderNotifications') | Out-Null - #DEPRECATED - $MalwareFilterPolicyParams.Remove('CustomAlertText') | Out-Null if (('Present' -eq $Ensure ) -and ($null -eq $MalwareFilterPolicy)) { @@ -469,20 +380,10 @@ function Test-TargetResource [System.String] $Identity, - # DEPRECATED - [Parameter()] - [ValidateSet('DeleteMessage', 'DeleteAttachmentAndUseDefaultAlert', 'DeleteAttachmentAndUseCustomAlert')] - [System.String] - $Action, - [Parameter()] [System.String] $AdminDisplayName, - [Parameter()] - [System.String] - $CustomAlertText, - [Parameter()] [System.String] $CustomExternalBody, @@ -515,11 +416,6 @@ function Test-TargetResource [System.Boolean] $EnableExternalSenderAdminNotifications, - # DEPRECATED - [Parameter()] - [System.Boolean] - $EnableExternalSenderNotifications, - [Parameter()] [System.Boolean] $EnableFileFilter, @@ -528,11 +424,6 @@ function Test-TargetResource [System.Boolean] $EnableInternalSenderAdminNotifications, - # DEPRECATED - [Parameter()] - [System.Boolean] - $EnableInternalSenderNotifications, - [Parameter()] [System.String] $ExternalSenderAdminAddress, @@ -607,24 +498,6 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - # Warning for deprecated parameters - if ($PSBoundParameters.ContainsKey('Action')) - { - Write-Warning 'Action is deprecated. Please remove this parameter from your configuration.' - } - if ($PSBoundParameters.ContainsKey('EnableExternalSenderNotifications')) - { - Write-Warning 'EnableExternalSenderNotifications is deprecated. Please remove this parameter from your configuration.' - } - if ($PSBoundParameters.ContainsKey('EnableInternalSenderNotifications')) - { - Write-Warning 'EnableInternalSenderNotifications is deprecated. Please remove this parameter from your configuration.' - } - if ($PSBoundParameters.ContainsKey('CustomAlertText')) - { - Write-Warning 'CustomAlertText is deprecated. Please remove this parameter from your configuration.' - } - Write-Verbose -Message "Testing configuration of MalwareFilterPolicy for $($Identity)" $CurrentValues = Get-TargetResource @PSBoundParameters @@ -640,15 +513,6 @@ function Test-TargetResource $ValuesToCheck.Remove('CertificatePath') | Out-Null $ValuesToCheck.Remove('CertificatePassword') | Out-Null $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - # Remove deprecated parameters - #DEPRECATED - $ValuesToCheck.Remove('Action') | Out-Null - #DEPRECATED - $ValuesToCheck.Remove('EnableExternalSenderNotifications') | Out-Null - #DEPRECATED - $ValuesToCheck.Remove('EnableInternalSenderNotifications') | Out-Null - #DEPRECATED - $ValuesToCheck.Remove('CustomAlertText') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -771,7 +635,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMalwareFilterPolicy/MSFT_EXOMalwareFilterPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMalwareFilterPolicy/MSFT_EXOMalwareFilterPolicy.schema.mof index 061b4831a4..6cf021dd1a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMalwareFilterPolicy/MSFT_EXOMalwareFilterPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMalwareFilterPolicy/MSFT_EXOMalwareFilterPolicy.schema.mof @@ -3,9 +3,7 @@ class MSFT_EXOMalwareFilterPolicy : OMI_BaseResource { [Key, Description("The Identity parameter specifies the MalwareFilterPolicy you want to modify.")] String Identity; - [Write, Description("DEPRECATED"), ValueMap{"DeleteMessage","DeleteAttachmentAndUseDefaultAlert","DeleteAttachmentAndUseCustomAlert"}, Values{"DeleteMessage","DeleteAttachmentAndUseDefaultAlert","DeleteAttachmentAndUseCustomAlert"}] String Action; [Write, Description("The AdminDisplayName parameter specifies a description for the policy. If the value contains spaces, enclose the value in quotation marks.")] String AdminDisplayName; - [Write, Description("The CustomAlertText parameter specifies the custom text to use in the replacement attachment named Malware Alert Text.txt. If the value contains spaces, enclose the value in quotation marks.")] String CustomAlertText; [Write, Description("The CustomExternalBody parameter specifies the body of the custom notification message for malware detections in messages from external senders. If the value contains spaces, enclose the value in quotation marks.")] String CustomExternalBody; [Write, Description("The CustomExternalSubject parameter specifies the subject of the custom notification message for malware detections in messages from external senders. If the value contains spaces, enclose the value in quotation marks.")] String CustomExternalSubject; [Write, Description("The CustomFromAddress parameter specifies the From address of the custom notification message for malware detections in messages from internal or external senders.")] String CustomFromAddress; @@ -14,10 +12,8 @@ class MSFT_EXOMalwareFilterPolicy : OMI_BaseResource [Write, Description("The CustomInternalSubject parameter specifies the subject of the custom notification message for malware detections in messages from internal senders. If the value contains spaces, enclose the value in quotation marks.")] String CustomInternalSubject; [Write, Description("The CustomNotifications parameter enables or disables custom notification messages for malware detections in messages from internal or external senders. Valid values are: $true, $false.")] Boolean CustomNotifications; [Write, Description("The EnableExternalSenderAdminNotifications parameter enables or disables sending malware detection notification messages to an administrator for messages from external senders. Valid values are: $true, $false.")] Boolean EnableExternalSenderAdminNotifications; - [Write, Description("DEPRECATED")] Boolean EnableExternalSenderNotifications; [Write, Description("The EnableFileFilter parameter enables or disables common attachment blocking - also known as the Common Attachment Types Filter.Valid values are: $true, $false.")] Boolean EnableFileFilter; [Write, Description("The EnableInternalSenderAdminNotifications parameter enables or disables sending malware detection notification messages to an administrator for messages from internal senders. Valid values are: $true, $false.")] Boolean EnableInternalSenderAdminNotifications; - [Write, Description("DEPRECATED")] Boolean EnableInternalSenderNotifications; [Write, Description("The ExternalSenderAdminAddress parameter specifies the email address of the administrator who will receive notification messages for malware detections in messages from external senders.")] String ExternalSenderAdminAddress; [Write, Description("The FileTypeAction parameter specifies what's done to messages that contain one or more attachments where the file extension is included in the FileTypes parameter (common attachment blocking). Valid values are Quarantine and Reject. The default value is Reject."), ValueMap{"Quarantine","Reject"}, Values{"Quarantine","Reject"}] String FileTypeAction; [Write, Description("The FileTypes parameter specifies the file types that are automatically blocked by common attachment blocking (also known as the Common Attachment Types Filter), regardless of content.")] String FileTypes[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationConfig/MSFT_EXOOrganizationConfig.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationConfig/MSFT_EXOOrganizationConfig.psm1 index 63d5aeff8b..23b3243ed2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationConfig/MSFT_EXOOrganizationConfig.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationConfig/MSFT_EXOOrganizationConfig.psm1 @@ -26,11 +26,6 @@ function Get-TargetResource [System.Boolean] $AppsForOfficeEnabled, - # DEPRECATED - [Parameter()] - [System.Boolean] - $AllowPlusAddressInRecipients, - [Parameter()] [System.Boolean] $AsyncSendEnabled, @@ -691,11 +686,6 @@ function Set-TargetResource [System.Boolean] $AppsForOfficeEnabled, - # DEPRECATED - [Parameter()] - [System.Boolean] - $AllowPlusAddressInRecipients, - [Parameter()] [System.Boolean] $AsyncSendEnabled, @@ -1152,12 +1142,6 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - # Warning for deprecated parameters - if ($PSBoundParameters.ContainsKey('AllowPlusAddressInRecipients')) - { - Write-Warning 'AllowPlusAddressInRecipients is deprecated. Please remove this parameter from your configuration. Use DisablePlusAddressInRecipients instead.' - } - if ($null -ne $EwsAllowList -and $null -ne $EwsBlockList) { throw "You can't specify both EWSAllowList and EWSBlockList properties." @@ -1180,9 +1164,6 @@ function Set-TargetResource $SetValues.Remove('CertificatePassword') | Out-Null $SetValues.Remove('ManagedIdentity') | Out-Null - # Remove deprecated parameters - $SetValues.Remove('AllowPlusAddressInRecipients') | Out-Null - $isAutoExpandingArchiveEnabled = Get-OrganizationConfig | Select-Object -Property AutoExpandingArchiveEnabled if ($isAutoExpandingArchiveEnabled.AutoExpandingArchiveEnabled -eq $True) @@ -1221,11 +1202,6 @@ function Test-TargetResource [System.Boolean] $AppsForOfficeEnabled, - # DEPRECATED - [Parameter()] - [System.Boolean] - $AllowPlusAddressInRecipients, - [Parameter()] [System.Boolean] $AsyncSendEnabled, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationConfig/MSFT_EXOOrganizationConfig.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationConfig/MSFT_EXOOrganizationConfig.schema.mof index 5237001430..af2a0da06d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationConfig/MSFT_EXOOrganizationConfig.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationConfig/MSFT_EXOOrganizationConfig.schema.mof @@ -6,7 +6,6 @@ class MSFT_EXOOrganizationConfig : OMI_BaseResource [Write, Description("The ActivityBasedAuthenticationTimeoutInterval parameter specifies the time span for logoff. You enter this value as a time span: hh:mm:ss where hh = hours, mm = minutes and ss = seconds. Valid values for this parameter are from 00:05:00 to 08:00:00 (5 minutes to 8 hours). The default value is 06:00:00 (6 hours).")] String ActivityBasedAuthenticationTimeoutInterval; [Write, Description("The ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled parameter specifies whether to keep single sign-on enabled. The default value is $true.")] Boolean ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled; [Write, Description("The AppsForOfficeEnabled parameter specifies whether to enable apps for Outlook features. By default, the parameter is set to $true. If the flag is set to $false, no new apps can be activated for any user in the organization.")] Boolean AppsForOfficeEnabled; - [Write, Description("DEPRECATED")] Boolean AllowPlusAddressInRecipients; [Write, Description("The AsyncSendEnabled parameter specifies whether to enable or disable async send in Outlook on the web.")] Boolean AsyncSendEnabled; [Write, Description("The AuditDisabled parameter specifies whether to disable or enable mailbox auditing for the organization.")] Boolean AuditDisabled; [Write, Description("Setting this parameter to $true will cause unknown users to be redirected to the on-premises endpoint and will allow on-premises users to discover their mailbox automatically.")] Boolean AutodiscoverPartialDirSync; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeLinksPolicy/MSFT_EXOSafeLinksPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeLinksPolicy/MSFT_EXOSafeLinksPolicy.psm1 index fa159fbf8e..892843da04 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeLinksPolicy/MSFT_EXOSafeLinksPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeLinksPolicy/MSFT_EXOSafeLinksPolicy.psm1 @@ -24,20 +24,10 @@ function Get-TargetResource [Boolean] $DeliverMessageAfterScan = $false, - #DEPRECATED - [Parameter()] - [Boolean] - $DoNotAllowClickThrough = $true, - [Parameter()] [System.String[]] $DoNotRewriteUrls = @(), - #DEPRECATED - [Parameter()] - [Boolean] - $DoNotTrackUserClicks = $true, - [Parameter()] [Boolean] $EnableForInternalSenders, @@ -62,11 +52,6 @@ function Get-TargetResource [Boolean] $DisableUrlRewrite = $false, - #DEPRECATED - [Parameter()] - [Boolean] - $IsEnabled, - [Parameter()] [Boolean] $ScanUrls = $false, @@ -171,19 +156,13 @@ function Get-TargetResource AllowClickThrough = $SafeLinksPolicy.AllowClickThrough CustomNotificationText = $SafeLinksPolicy.CustomNotificationText DeliverMessageAfterScan = $SafeLinksPolicy.DeliverMessageAfterScan - #Deprecated - #DoNotAllowClickThrough = $SafeLinksPolicy.DoNotAllowClickThrough DoNotRewriteUrls = $SafeLinksPolicy.DoNotRewriteUrls - #Deprecated - #DoNotTrackUserClicks = $SafeLinksPolicy.DoNotTrackUserClicks EnableForInternalSenders = $SafeLinksPolicy.EnableForInternalSenders EnableOrganizationBranding = $SafeLinksPolicy.EnableOrganizationBranding EnableSafeLinksForTeams = $SafeLinksPolicy.EnableSafeLinksForTeams EnableSafeLinksForEmail = $SafeLinksPolicy.EnableSafeLinksForEmail EnableSafeLinksForOffice = $SafeLinksPolicy.EnableSafeLinksForOffice DisableUrlRewrite = $SafeLinksPolicy.DisableUrlRewrite - #Deprecated - #IsEnabled = $SafeLinksPolicy.IsEnabled ScanUrls = $SafeLinksPolicy.ScanUrls TrackClicks = $SafeLinksPolicy.TrackClicks UseTranslatedNotificationText = $SafeLinksPolicy.UseTranslatedNotificationText @@ -239,20 +218,10 @@ function Set-TargetResource [Boolean] $DeliverMessageAfterScan = $false, - #DEPRECATED - [Parameter()] - [Boolean] - $DoNotAllowClickThrough = $true, - [Parameter()] [System.String[]] $DoNotRewriteUrls = @(), - #DEPRECATED - [Parameter()] - [Boolean] - $DoNotTrackUserClicks = $true, - [Parameter()] [Boolean] $EnableForInternalSenders, @@ -277,11 +246,6 @@ function Set-TargetResource [Boolean] $DisableUrlRewrite = $false, - #DEPRECATED - [Parameter()] - [Boolean] - $IsEnabled, - [Parameter()] [Boolean] $ScanUrls = $false, @@ -365,30 +329,12 @@ function Set-TargetResource $SafeLinksPolicyParams.Remove('Identity') | Out-Null Write-Verbose -Message "Creating SafeLinksPolicy $($Identity)" - Write-Verbose -Message 'Property DoNotTrackUserClicks is deprecated and will be ignored.' - $SafeLinksPolicyParams.Remove('DoNotTrackUserClicks') | Out-Null - - Write-Verbose -Message 'Property DoNotAllowClickThrough is deprecated and will be ignored.' - $SafeLinksPolicyParams.Remove('DoNotAllowClickThrough') | Out-Null - - Write-Verbose -Message 'Property IsEnabled is deprecated and will be ignored.' - $SafeLinksPolicyParams.Remove('IsEnabled') | Out-Null - New-SafeLinksPolicy @SafeLinksPolicyParams } elseif (('Present' -eq $Ensure ) -and ($null -ne $SafeLinksPolicy)) { Write-Verbose -Message "Setting SafeLinksPolicy $($Identity) with values: $(Convert-M365DscHashtableToString -Hashtable $SafeLinksPolicyParams)" - Write-Verbose -Message 'Property DoNotTrackUserClicks is deprecated and will be ignored.' - $SafeLinksPolicyParams.Remove('DoNotTrackUserClicks') | Out-Null - - Write-Verbose -Message 'Property DoNotAllowClickThrough is deprecated and will be ignored.' - $SafeLinksPolicyParams.Remove('DoNotAllowClickThrough') | Out-Null - - Write-Verbose -Message 'Property IsEnabled is deprecated and will be ignored.' - $SafeLinksPolicyParams.Remove('IsEnabled') | Out-Null - Set-SafeLinksPolicy @SafeLinksPolicyParams -Confirm:$false } elseif (('Absent' -eq $Ensure ) -and ($null -ne $SafeLinksPolicy)) @@ -424,20 +370,10 @@ function Test-TargetResource [Boolean] $DeliverMessageAfterScan = $false, - #DEPRECATED - [Parameter()] - [Boolean] - $DoNotAllowClickThrough = $true, - [Parameter()] [System.String[]] $DoNotRewriteUrls = @(), - #DEPRECATED - [Parameter()] - [Boolean] - $DoNotTrackUserClicks = $true, - [Parameter()] [Boolean] $EnableForInternalSenders, @@ -462,11 +398,6 @@ function Test-TargetResource [Boolean] $DisableUrlRewrite = $false, - #DEPRECATED - [Parameter()] - [Boolean] - $IsEnabled, - [Parameter()] [Boolean] $ScanUrls = $false, @@ -542,11 +473,6 @@ function Test-TargetResource $ValuesToCheck.Remove('CertificatePassword') | Out-Null $ValuesToCheck.Remove('ManagedIdentity') | Out-Null - #DEPRECATED - $ValuesToCheck.Remove('DoNotAllowClickThrough') | Out-Null - $ValuesToCheck.Remove('DoNotTrackUserClicks') | Out-Null - $ValuesToCheck.Remove('IsEnabled') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeLinksPolicy/MSFT_EXOSafeLinksPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeLinksPolicy/MSFT_EXOSafeLinksPolicy.schema.mof index 601c221457..f6a25d9615 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeLinksPolicy/MSFT_EXOSafeLinksPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSafeLinksPolicy/MSFT_EXOSafeLinksPolicy.schema.mof @@ -7,16 +7,13 @@ class MSFT_EXOSafeLinksPolicy : OMI_BaseResource [Write, Description("The AllowClickThrough parameter specifies whether to allow users to click through to the original URL on warning pages.")] Boolean AllowClickThrough; [Write, Description("The custom notification text specifies the customized notification text to show to users.")] String CustomNotificationText; [Write, Description("The DeliverMessageAfterScan parameter specifies whether to deliver email messages only after Safe Links scanning is complete. Valid values are: $true: Wait until Safe Links scanning is complete before delivering the message. $false: If Safe Links scanning can't complete, deliver the message anyway. This is the default value.")] Boolean DeliverMessageAfterScan; - [Write, Description("DEPRECATED")] Boolean DoNotAllowClickThrough; [Write, Description("The DoNotRewriteUrls parameter specifies a URL that's skipped by Safe Links scanning. You can specify multiple values separated by commas.")] String DoNotRewriteUrls[]; - [Write, Description("DEPRECATED")] Boolean DoNotTrackUserClicks; [Write, Description("The EnableForInternalSenders parameter specifies whether the Safe Links policy is applied to messages sent between internal senders and internal recipients within the same Exchange Online organization.")] Boolean EnableForInternalSenders; [Write, Description("The EnableOrganizationBranding parameter specifies whether your organization's logo is displayed on Safe Links warning and notification pages.")] Boolean EnableOrganizationBranding; [Write, Description("The EnableSafeLinksForOffice parameter specifies whether to enable Safe Links protection for supported Office desktop, mobile, or web apps.")] Boolean EnableSafeLinksForOffice; [Write, Description("The EnableSafeLinksForTeams parameter specifies whether Safe Links is enabled for Microsoft Teams. Valid values are: $true: Safe Links is enabled for Teams. If a protected user clicks a malicious link in a Teams conversation, group chat, or from channels, a warning page will appear in the default web browser. $false: Safe Links isn't enabled for Teams. This is the default value.")] Boolean EnableSafeLinksForTeams; [Write, Description("The EnableSafeLinksForEmail parameter specifies whether to enable Safe Links protection for email messages. Valid values are: $true: Safe Links is enabled for email. When a user clicks a link in an email, the link is checked by Safe Links. If the link is found to be malicious, a warning page appears in the default web browser. $false: Safe Links isn't enabled for email. This is the default value.")] Boolean EnableSafeLinksForEmail; [Write, Description("The DisableUrlRewrite parameter specifies whether to rewrite (wrap) URLs in email messages. Valid values are: $true: URLs in messages are not rewritten, but messages are still scanned by Safe Links prior to delivery. Time of click checks on links are done using the Safe Links API in supported Outlook clients (currently, Outlook for Windows and Outlook for Mac). Typically, we don't recommend using this value. $false: URLs in messages are rewritten. API checks still occur on unwrapped URLs in supported clients if the user is in a valid Safe Links policy. This is the default value.")] Boolean DisableUrlRewrite; - [Write, Description("DEPRECATED")] Boolean IsEnabled; [Write, Description("The ScanUrls parameter specifies whether to enable or disable the scanning of links in email messages. Valid values are: $true: Scanning links in email messages is enabled. $false: Scanning links in email messages is disabled. This is the default value.")] Boolean ScanUrls; [Write, Description("The TrackClicks parameter specifies whether to track user clicks related to Safe Links protection of links.")] Boolean TrackClicks; [Write, Description("The UseTranslatedNotificationText specifies whether to use Microsoft Translator to automatically localize the custom notification text that you specified with the CustomNotificationText parameter.")] Boolean UseTranslatedNotificationText; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.psm1 index b3092622a1..7e4b3712cc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.psm1 @@ -16,11 +16,6 @@ function Get-TargetResource [System.String] $Alias, - # DEPRECATED - [Parameter()] - [System.String[]] - $Aliases, - [Parameter()] [System.String[]] $EmailAddresses, @@ -84,16 +79,6 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - # Warning for deprecated parameter - if ($PSBoundParameters.ContainsKey('Aliases')) - { - Write-Warning 'Aliases is deprecated. Please use EmailAddresses instead and remove Aliases from your configuration.' - if ($null -eq $EmailAddresses) - { - $EmailAddresses = $Aliases - } - } - $nullReturn = $PSBoundParameters $nullReturn.Ensure = 'Absent' @@ -170,11 +155,6 @@ function Set-TargetResource [System.String] $Alias, - # DEPRECATED - [Parameter()] - [System.String[]] - $Aliases = @(), - [Parameter()] [System.String[]] $EmailAddresses = @(), @@ -242,16 +222,6 @@ function Set-TargetResource $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters - # Warning for deprecated parameter - if ($PSBoundParameters.ContainsKey('Aliases')) - { - Write-Warning 'Aliases is deprecated. Please use EmailAddresses instead and remove Aliases from your configuration.' - if ($null -eq $EmailAddresses) - { - $EmailAddresses = $Aliases - } - } - # CASE: Mailbox doesn't exist but should; if ($Ensure -eq 'Present' -and $currentMailbox.Ensure -eq 'Absent') { @@ -354,11 +324,6 @@ function Test-TargetResource [System.String] $Alias, - # DEPRECATED - [Parameter()] - [System.String[]] - $Aliases, - [Parameter()] [System.String[]] $EmailAddresses, @@ -408,16 +373,6 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - # Warning for deprecated parameter - if ($PSBoundParameters.ContainsKey('Aliases')) - { - Write-Warning 'Aliases is deprecated. Please use EmailAddresses instead and remove Aliases from your configuration.' - if ($null -eq $EmailAddresses) - { - $EmailAddresses = $Aliases - } - } - Write-Verbose -Message "Testing configuration of Office 365 Shared Mailbox $DisplayName" $CurrentValues = Get-TargetResource @PSBoundParameters diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.schema.mof index 905c519909..d9681da471 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.schema.mof @@ -4,7 +4,6 @@ class MSFT_EXOSharedMailbox : OMI_BaseResource [Key, Description("The display name of the Shared Mailbox")] string DisplayName; [Write, Description("The primary email address of the Shared Mailbox")] string PrimarySMTPAddress; [Write, Description("The alias of the Shared Mailbox")] string Alias; - [Write, Description("DEPRECATED")] string Aliases[]; [Write, Description("The EmailAddresses parameter specifies all the email addresses (proxy addresses) for the Shared Mailbox")] string EmailAddresses[]; [Write, Description("Present ensures the group exists, absent ensures it is removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 index a016e6cef0..6dd6a7d7ae 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 @@ -325,11 +325,6 @@ function Get-TargetResource [System.String] $ExceptIfMessageTypeMatches, - #DEPRECATED - [Parameter()] - [System.String[]] - $ExceptIfMessageContainsAllDataClassifications = @(), - [Parameter()] [System.String[]] $ExceptIfMessageContainsDataClassifications = @(), @@ -490,11 +485,6 @@ function Get-TargetResource [System.String[]] $IncidentReportContent = @(), - #DEPRECATED - [Parameter()] - [System.String[]] - $IncidentReportOriginalMail, - [Parameter()] [System.String[]] $ManagerAddresses = @(), @@ -504,11 +494,6 @@ function Get-TargetResource [System.String] $ManagerForEvaluatedUser, - #DEPRECATED - [Parameter()] - [System.String[]] - $MessageContainsAllDataClassifications, - [Parameter()] [System.String[]] $MessageContainsDataClassifications, @@ -874,8 +859,6 @@ function Get-TargetResource ExceptIfManagerAddresses = $TransportRule.ExceptIfManagerAddresses ExceptIfManagerForEvaluatedUser = $TransportRule.ExceptIfManagerForEvaluatedUser ExceptIfMessageTypeMatches = $TransportRule.ExceptIfMessageTypeMatches - #DEPRECATED - #ExceptIfMessageContainsAllDataClassifications = $TransportRule.ExceptIfMessageContainsAllDataClassifications ExceptIfMessageContainsDataClassifications = $TransportRule.ExceptIfMessageContainsDataClassifications ExceptIfMessageSizeOver = $TransportRule.ExceptIfMessageSizeOver ExceptIfRecipientADAttributeContainsWords = $TransportRule.ExceptIfRecipientADAttributeContainsWords @@ -915,12 +898,8 @@ function Get-TargetResource HeaderMatchesMessageHeader = $TransportRule.HeaderMatchesMessageHeader HeaderMatchesPatterns = $TransportRule.HeaderMatchesPatterns IncidentReportContent = $TransportRule.IncidentReportContent - #DEPRECATED - #IncidentReportOriginalMail = $TransportRule.IncidentReportOriginalMail ManagerAddresses = $TransportRule.ManagerAddresses ManagerForEvaluatedUser = $TransportRule.ManagerForEvaluatedUser - #DEPRECATED - #MessageContainsAllDataClassifications = $TransportRule.MessageContainsAllDataClassifications MessageContainsDataClassifications = $MessageContainsDataClassificationsValue MessageSizeOver = $TransportRule.MessageSizeOver MessageTypeMatches = $TransportRule.MessageTypeMatches @@ -1321,11 +1300,6 @@ function Set-TargetResource [System.String] $ExceptIfMessageTypeMatches, - #DEPRECATED - [Parameter()] - [System.String[]] - $ExceptIfMessageContainsAllDataClassifications = @(), - [Parameter()] [System.String[]] $ExceptIfMessageContainsDataClassifications = @(), @@ -1486,11 +1460,6 @@ function Set-TargetResource [System.String[]] $IncidentReportContent = @(), - #DEPRECATED - [Parameter()] - [System.String[]] - $IncidentReportOriginalMail, - [Parameter()] [System.String[]] $ManagerAddresses = @(), @@ -1500,11 +1469,6 @@ function Set-TargetResource [System.String] $ManagerForEvaluatedUser, - #DEPRECATED - [Parameter()] - [System.String[]] - $MessageContainsAllDataClassifications, - [Parameter()] [System.String[]] $MessageContainsDataClassifications, @@ -1762,20 +1726,6 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - # Warning for deprecated parameters - if ($PSBoundParameters.ContainsKey('ExceptIfMessageContainsAllDataClassifications')) - { - Write-Warning 'ExceptIfMessageContainsAllDataClassifications is deprecated. Please remove this parameter from your configuration.' - } - if ($PSBoundParameters.ContainsKey('IncidentReportOriginalMail')) - { - Write-Warning 'IncidentReportOriginalMail is deprecated. Please remove this parameter from your configuration.' - } - if ($PSBoundParameters.ContainsKey('MessageContainsAllDataClassifications')) - { - Write-Warning 'MessageContainsAllDataClassifications is deprecated. Please remove this parameter from your configuration.' - } - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' -InboundParameters $PSBoundParameters $NewTransportRuleParams = [System.Collections.Hashtable]($PSBoundParameters) @@ -1789,14 +1739,6 @@ function Set-TargetResource $NewTransportRuleParams.Remove('CertificatePassword') | Out-Null $NewTransportRuleParams.Remove('ManagedIdentity') | Out-Null - # Remove deprecated parameters - #DEPRECATED - $NewTransportRuleParams.Remove('ExceptIfMessageContainsAllDataClassifications') | Out-Null - #DEPRECATED - $NewTransportRuleParams.Remove('IncidentReportOriginalMail') | Out-Null - #DEPRECATED - $NewTransportRuleParams.Remove('MessageContainsAllDataClassifications') | Out-Null - $SetTransportRuleParams = $NewTransportRuleParams.Clone() $SetTransportRuleParams.Add('Identity', $Name) $SetTransportRuleParams.Remove('Enabled') | Out-Null @@ -2151,11 +2093,6 @@ function Test-TargetResource [System.String] $ExceptIfMessageTypeMatches, - #DEPRECATED - [Parameter()] - [System.String[]] - $ExceptIfMessageContainsAllDataClassifications = @(), - [Parameter()] [System.String[]] $ExceptIfMessageContainsDataClassifications = @(), @@ -2316,11 +2253,6 @@ function Test-TargetResource [System.String[]] $IncidentReportContent = @(), - #DEPRECATED - [Parameter()] - [System.String[]] - $IncidentReportOriginalMail, - [Parameter()] [System.String[]] $ManagerAddresses = @(), @@ -2330,11 +2262,6 @@ function Test-TargetResource [System.String] $ManagerForEvaluatedUser, - #DEPRECATED - [Parameter()] - [System.String[]] - $MessageContainsAllDataClassifications, - [Parameter()] [System.String[]] $MessageContainsDataClassifications, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof index 5ba6afa6ee..719d45221a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof @@ -79,7 +79,6 @@ class MSFT_EXOTransportRule : OMI_BaseResource [Write, Description("The ExceptIfManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter.")] String ExceptIfManagerAddresses[]; [Write, Description("The ExceptIfManagerForEvaluatedUser parameter specifies an exception that looks for users in the Manager attribute of senders or recipients.")] String ExceptIfManagerForEvaluatedUser; [Write, Description("The ExceptIfMessageTypeMatches parameter specifies an exception that looks for messages of the specified type."), ValueMap{"OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"}, Values{"OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"}] String ExceptIfMessageTypeMatches; - [Write, Description("DEPRECATED")] String ExceptIfMessageContainsAllDataClassifications[]; [Write, Description("The ExceptIfMessageContainsDataClassifications parameter specifies an exception that looks for sensitive information types in the body of messages, and in any attachments.")] String ExceptIfMessageContainsDataClassifications[]; [Write, Description("The ExceptIfMessageSizeOver parameter specifies an exception that looks for messages larger than the specified size. ")] String ExceptIfMessageSizeOver; [Write, Description("The ExceptIfRecipientADAttributeContainsWords parameter specifies an exception that looks for words in the Active Directory attributes of recipients.")] String ExceptIfRecipientADAttributeContainsWords[]; @@ -119,10 +118,8 @@ class MSFT_EXOTransportRule : OMI_BaseResource [Write, Description("The HeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the HeaderMatchesPatterns parameter.")] String HeaderMatchesMessageHeader; [Write, Description("The HeaderMatchesPatterns parameter specifies a condition that looks for text patterns in a header field by using regular expressions. ")] String HeaderMatchesPatterns[]; [Write, Description("The IncidentReportContent parameter specifies the message properties that are included in the incident report that's generated when a message violates a DLP policy. ")] String IncidentReportContent[]; - [Write, Description("DEPRECATED")] String IncidentReportOriginalMail; [Write, Description("The ManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter.")] String ManagerAddresses[]; [Write, Description("The ManagerForEvaluatedUser parameter specifies a condition that looks for users in the Manager attribute of senders or recipients."), ValueMap{"Recipient","Sender"}, Values{"Recipient","Sender"}] String ManagerForEvaluatedUser; - [Write, Description("DEPRECATED")] String MessageContainsAllDataClassifications[]; [Write, Description("The MessageContainsDataClassifications parameter specifies a condition that looks for sensitive information types in the body of messages, and in any attachments.")] String MessageContainsDataClassifications[]; [Write, Description("The MessageSizeOver parameter specifies a condition that looks for messages larger than the specified size. The size includes the message and all attachments.")] String MessageSizeOver; [Write, Description("The MessageTypeMatches parameter specifies a condition that looks for messages of the specified type."), ValueMap{"OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"}, Values{"OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"}] String MessageTypeMatches; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 index 57733833d7..a20618b474 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 @@ -36,10 +36,6 @@ function Get-TargetResource [System.String] $Tooltip, - [Parameter()] - [System.Boolean] - $Disabled, - [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -58,10 +54,6 @@ function Get-TargetResource [System.String] $ApplyContentMarkingFooterFontColor, - [Parameter()] - [System.String] - $ApplyContentMarkingFooterFontName, - [Parameter()] [System.Int32] $ApplyContentMarkingFooterFontSize, @@ -87,10 +79,6 @@ function Get-TargetResource [System.String] $ApplyContentMarkingHeaderFontColor, - [Parameter()] - [System.String] - $ApplyContentMarkingHeaderFontName, - [Parameter()] [System.Int32] $ApplyContentMarkingHeaderFontSize, @@ -111,10 +99,6 @@ function Get-TargetResource [System.String] $ApplyWaterMarkingFontColor, - [Parameter()] - [System.String] - $ApplyWaterMarkingFontName, - [Parameter()] [System.Int32] $ApplyWaterMarkingFontSize, @@ -133,10 +117,6 @@ function Get-TargetResource [System.String[]] $ContentType, - [Parameter()] - [System.String] - $EncryptionAipTemplateScopes, - [Parameter()] [System.String] $EncryptionContentExpiredOnDateInDaysOrNever, @@ -454,7 +434,6 @@ function Get-TargetResource LocaleSettings = $localeSettingsValue Priority = $label.Priority Tooltip = $label.Tooltip - Disabled = $label.Disabled Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId @@ -465,26 +444,22 @@ function Get-TargetResource ApplyContentMarkingFooterAlignment = ($footer | Where-Object { $_.Key -eq 'alignment' }).Value ApplyContentMarkingFooterEnabled = $footerEnabledValue ApplyContentMarkingFooterFontColor = ($footer | Where-Object { $_.Key -eq 'fontcolor' }).Value - #ApplyContentMarkingFooterFontName = 'N/A' ApplyContentMarkingFooterFontSize = ($footer | Where-Object { $_.Key -eq 'fontsize' }).Value ApplyContentMarkingFooterMargin = ($footer | Where-Object { $_.Key -eq 'margin' }).Value ApplyContentMarkingFooterText = $ApplyContentMarkingFooterTextValue ApplyContentMarkingHeaderAlignment = ($header | Where-Object { $_.Key -eq 'alignment' }).Value ApplyContentMarkingHeaderEnabled = $headerEnabledValue ApplyContentMarkingHeaderFontColor = ($header | Where-Object { $_.Key -eq 'fontcolor' }).Value - #ApplyContentMarkingHeaderFontName = 'N/A' ApplyContentMarkingHeaderFontSize = ($header | Where-Object { $_.Key -eq 'fontsize' }).Value ApplyContentMarkingHeaderMargin = ($header | Where-Object { $_.Key -eq 'margin' }).Value #TODO ADD HEADER PLACEMENT? ApplyContentMarkingHeaderText = $ApplyContentMarkingHeaderTextValue ApplyWaterMarkingEnabled = $watermarkEnabledValue ApplyWaterMarkingFontColor = ($watermark | Where-Object { $_.Key -eq 'fontcolor' }).Value - #ApplyWaterMarkingFontName = 'N/A' ApplyWaterMarkingFontSize = ($watermark | Where-Object { $_.Key -eq 'fontsize' }).Value ApplyWaterMarkingLayout = ($watermark | Where-Object { $_.Key -eq 'layout' }).Value ApplyWaterMarkingText = $ApplyWaterMarkingTextValue ContentType = $currentContentType - #EncryptionAipTemplateScopes = $label.EncryptionAipTemplateScopes EncryptionContentExpiredOnDateInDaysOrNever = $contentExpiredOnDateValue EncryptionDoNotForward = ($encryption | Where-Object { $_.Key -eq 'donotforward' }).Value EncryptionEncryptOnly = ($encryption | Where-Object { $_.Key -eq 'encryptonly' }).Value @@ -557,10 +532,6 @@ function Set-TargetResource [System.String] $Tooltip, - [Parameter()] - [System.Boolean] - $Disabled, - [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -579,10 +550,6 @@ function Set-TargetResource [System.String] $ApplyContentMarkingFooterFontColor, - [Parameter()] - [System.String] - $ApplyContentMarkingFooterFontName, - [Parameter()] [System.Int32] $ApplyContentMarkingFooterFontSize, @@ -608,10 +575,6 @@ function Set-TargetResource [System.String] $ApplyContentMarkingHeaderFontColor, - [Parameter()] - [System.String] - $ApplyContentMarkingHeaderFontName, - [Parameter()] [System.Int32] $ApplyContentMarkingHeaderFontSize, @@ -632,10 +595,6 @@ function Set-TargetResource [System.String] $ApplyWaterMarkingFontColor, - [Parameter()] - [System.String] - $ApplyWaterMarkingFontName, - [Parameter()] [System.Int32] $ApplyWaterMarkingFontSize, @@ -654,10 +613,6 @@ function Set-TargetResource [System.String[]] $ContentType, - [Parameter()] - [System.String] - $EncryptionAipTemplateScopes, - [Parameter()] [System.String] $EncryptionContentExpiredOnDateInDaysOrNever, @@ -772,14 +727,6 @@ function Set-TargetResource $label = Get-TargetResource @PSBoundParameters - foreach ($param in @('Disabled', 'ApplyContentMarkingFooterFontName', 'ApplyContentMarkingHeaderFontName', 'ApplyWaterMarkingFontName', 'EncryptionAipTemplateScopes')) - { - if ($PSBoundParameters.ContainsKey($param)) - { - Write-Verbose -Message "The $param parameter is deprecated and will not be used." - } - } - if (($SiteAndGroupProtectionAllowFullAccess -and $SiteAndGroupProtectionAllowLimitedAccess) -or ` ($SiteAndGroupProtectionAllowFullAccess -and $SiteAndGroupProtectionBlockAccess) -or ` ($SiteAndGroupProtectionBlockAccess -and $SiteAndGroupProtectionAllowLimitedAccess)) @@ -822,7 +769,6 @@ function Set-TargetResource $CreationParams.Remove('Credential') | Out-Null $CreationParams.Remove('Ensure') | Out-Null $CreationParams.Remove('Priority') | Out-Null - $CreationParams.Remove('Disabled') | Out-Null try { @@ -863,7 +809,6 @@ function Set-TargetResource $SetParams.Remove('Credential') | Out-Null $SetParams.Remove('Ensure') | Out-Null $SetParams.Remove('Name') | Out-Null - $SetParams.Remove('Disabled') | Out-Null try { @@ -929,10 +874,6 @@ function Test-TargetResource [System.String] $Tooltip, - [Parameter()] - [System.Boolean] - $Disabled, - [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -951,10 +892,6 @@ function Test-TargetResource [System.String] $ApplyContentMarkingFooterFontColor, - [Parameter()] - [System.String] - $ApplyContentMarkingFooterFontName, - [Parameter()] [System.Int32] $ApplyContentMarkingFooterFontSize, @@ -980,10 +917,6 @@ function Test-TargetResource [System.String] $ApplyContentMarkingHeaderFontColor, - [Parameter()] - [System.String] - $ApplyContentMarkingHeaderFontName, - [Parameter()] [System.Int32] $ApplyContentMarkingHeaderFontSize, @@ -1004,10 +937,6 @@ function Test-TargetResource [System.String] $ApplyWaterMarkingFontColor, - [Parameter()] - [System.String] - $ApplyWaterMarkingFontName, - [Parameter()] [System.Int32] $ApplyWaterMarkingFontSize, @@ -1026,10 +955,6 @@ function Test-TargetResource [System.String[]] $ContentType, - [Parameter()] - [System.String] - $EncryptionAipTemplateScopes, - [Parameter()] [System.String] $EncryptionContentExpiredOnDateInDaysOrNever, @@ -1138,14 +1063,6 @@ function Test-TargetResource Write-Verbose -Message "Testing configuration of Sensitivity label for $Name" - foreach ($param in @('Disabled', 'ApplyContentMarkingFooterFontName', 'ApplyContentMarkingHeaderFontName', 'ApplyWaterMarkingFontName', 'EncryptionAipTemplateScopes')) - { - if ($PSBoundParameters.ContainsKey($param)) - { - Write-Verbose -Message "The $param parameter is deprecated and will not be used." - } - } - $CurrentValues = Get-TargetResource @PSBoundParameters Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" @@ -1154,8 +1071,6 @@ function Test-TargetResource $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('AdvancedSettings') | Out-Null $ValuesToCheck.Remove('LocaleSettings') | Out-Null - $ValuesToCheck.Remove('Disabled') | Out-Null - $ValuesToCheck.Remove('EncryptionAipTemplateScopes') | Out-Null if ($null -ne $AdvancedSettings -and $null -ne $CurrentValues.AdvancedSettings) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.schema.mof index 86dbb713ef..82646fd689 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.schema.mof @@ -26,25 +26,21 @@ class MSFT_SCSensitivityLabel : OMI_BaseResource [Write, Description("The ApplyContentMarkingFooterAlignment parameter specifies the footer alignment."), ValueMap{"Left","Center","Right"}, Values{"Left","Center","Right"}] String ApplyContentMarkingFooterAlignment; [Write, Description("The ApplyContentMarkingFooterEnabled parameter specifies whether to enable or disable the sensitivity label.")] Boolean ApplyContentMarkingFooterEnabled; [Write, Description("The ApplyContentMarkingFooterFontColor parameter specifies the color of the footer text. This parameter accepts a hexadecimal color code value in the format #xxxxxx. The default value is #000000.")] String ApplyContentMarkingFooterFontColor; - [Write, Description("DEPRECATED")] String ApplyContentMarkingFooterFontName; [Write, Description("The ApplyContentMarkingFooterFontSize parameter specifies the font size (in points) of the footer text.")] SInt32 ApplyContentMarkingFooterFontSize; [Write, Description("The ApplyContentMarkingFooterMargin parameter specifies the size (in points) of the footer margin.")] SInt32 ApplyContentMarkingFooterMargin; [Write, Description("The ApplyContentMarkingFooterText parameter specifies the footer text. If the value contains spaces, enclose the value in quotation marks.")] String ApplyContentMarkingFooterText; [Write, Description("The ApplyContentMarkingHeaderAlignment parameter specifies the header alignment."), ValueMap{"Left","Center","Right"}, Values{"Left","Center","Right"}] String ApplyContentMarkingHeaderAlignment; [Write, Description("The ApplyContentMarkingHeaderEnabled parameter enables or disables the Apply Content Marking Header action for the label.")] Boolean ApplyContentMarkingHeaderEnabled; [Write, Description("The ApplyContentMarkingHeaderFontColor parameter specifies the color of the header text. This parameter accepts a hexadecimal color code value in the format #xxxxxx. The default value is #000000.")] String ApplyContentMarkingHeaderFontColor; - [Write, Description("DEPRECATED")] String ApplyContentMarkingHeaderFontName; [Write, Description("The ApplyContentMarkingHeaderFontSize parameter specifies the font size (in points) of the header text.")] SInt32 ApplyContentMarkingHeaderFontSize; [Write, Description("The ApplyContentMarkingHeaderMargin parameter specifies the size (in points) of the header margin.")] SInt32 ApplyContentMarkingHeaderMargin; [Write, Description("The ApplyContentMarkingHeaderText parameter specifies the header text. If the value contains spaces, enclose the value in quotation marks.")] String ApplyContentMarkingHeaderText; [Write, Description("The ApplyWaterMarkingEnabled parameter enables or disables the Apply Watermarking Header action for the label.")] Boolean ApplyWaterMarkingEnabled; [Write, Description("The ApplyWaterMarkingFontColor parameter specifies the color of the watermark text. This parameter accepts a hexadecimal color code value in the format #xxxxxx.")] String ApplyWaterMarkingFontColor; - [Write, Description("DEPRECATED")] String ApplyWaterMarkingFontName; [Write, Description("The ApplyWaterMarkingFontSize parameter specifies the font size (in points) of the watermark text.")] SInt32 ApplyWaterMarkingFontSize; [Write, Description("The ApplyWaterMarkingAlignment parameter specifies the watermark alignment."), ValueMap{"Horizontal","Diagonal"}, Values{"Horizontal","Diagonal"}] String ApplyWaterMarkingLayout; [Write, Description("The ApplyWaterMarkingText parameter specifies the watermark text. If the value contains spaces, enclose the value in quotation marks.")] String ApplyWaterMarkingText; [Write, Description("The ContentType parameter specifies where the sensitivity label can be applied."), ValueMap{"File, Email","Site, UnifiedGroup","PurviewAssets","Teamwork","SchematizedData"}, Values{"File, Email","Site, UnifiedGroup","PurviewAssets","Teamwork","SchematizedData"}] String ContentType[]; - [Write, Description("DEPRECATED")] String EncryptionAipTemplateScopes; [Write, Description("The EncryptionContentExpiredOnDateInDaysOrNever parameter specifies when the encrypted content expires. Valid values are integer or never.")] String EncryptionContentExpiredOnDateInDaysOrNever; [Write, Description("The EncryptionDoNotForward parameter specifies whether the Do Not Forward template is applied.")] Boolean EncryptionDoNotForward; [Write, Description("The EncryptionEncryptOnly parameter specifies whether the encrypt-only template is applied.")] Boolean EncryptionEncryptOnly; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 index af3a4ba0c5..dff98567b7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 @@ -29,11 +29,6 @@ function Get-TargetResource [System.Boolean] $LegacyAuthProtocolsEnabled, - # DEPRECATED - [Parameter()] - [System.Boolean] - $RequireAcceptingAccountMatchInvitedAccount, - [Parameter()] [System.String] $SignInAccelerationDomain, @@ -153,10 +148,6 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - if ($PSBoundParameters.ContainsKey('RequireAcceptingAccountMatchInvitedAccount')) - { - Write-Warning 'RequireAcceptingAccountMatchInvitedAccount is deprecated. Please remove this parameter from your configuration.' - } $nullReturn = $PSBoundParameters $nullReturn.Ensure = 'Absent' @@ -253,11 +244,6 @@ function Set-TargetResource [System.Boolean] $LegacyAuthProtocolsEnabled, - # DEPRECATED - [Parameter()] - [System.Boolean] - $RequireAcceptingAccountMatchInvitedAccount, - [Parameter()] [System.String] $SignInAccelerationDomain, @@ -374,11 +360,6 @@ function Set-TargetResource $ConnectionMode = New-M365DSCConnection -Workload 'PNP' -InboundParameters $PSBoundParameters - if ($PSBoundParameters.ContainsKey('RequireAcceptingAccountMatchInvitedAccount')) - { - Write-Warning 'RequireAcceptingAccountMatchInvitedAccount is deprecated. Please remove this parameter from your configuration.' - } - $CurrentParameters = $PSBoundParameters $CurrentParameters.Remove('Credential') | Out-Null $CurrentParameters.Remove('IsSingleInstance') | Out-Null @@ -430,10 +411,6 @@ function Test-TargetResource [System.Boolean] $LegacyAuthProtocolsEnabled, - [Parameter()] - [System.Boolean] - $RequireAcceptingAccountMatchInvitedAccount, - [Parameter()] [System.String] $SignInAccelerationDomain, @@ -545,11 +522,6 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - if ($PSBoundParameters.ContainsKey('RequireAcceptingAccountMatchInvitedAccount')) - { - Write-Warning 'RequireAcceptingAccountMatchInvitedAccount is deprecated. Please remove this parameter from your configuration.' - } - Write-Verbose -Message 'Testing configuration for SPO Tenant' $CurrentValues = Get-TargetResource @PSBoundParameters @@ -564,7 +536,6 @@ function Test-TargetResource 'SearchResolveExactEmailOrUPN', ` 'OfficeClientADALDisabled', ` 'LegacyAuthProtocolsEnabled', ` - 'RequireAcceptingAccountMatchInvitedAccount', ` 'SignInAccelerationDomain', ` 'UsePersistentCookiesForExplorerView', ` 'UserVoiceForFeedbackEnabled', ` @@ -680,7 +651,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof index 4d2cdc5739..d00ad8209e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.schema.mof @@ -7,7 +7,6 @@ class MSFT_SPOTenantSettings : OMI_BaseResource [Write, Description("Removes the search capability from People Picker. Note, recently resolved names will still appear in the list until browser cache is cleared or expired.")] boolean SearchResolveExactEmailOrUPN; [Write, Description("When set to true this will disable the ability to use Modern Authentication that leverages ADAL across the tenant.")] boolean OfficeClientADALDisabled; [Write, Description("Setting this parameter prevents Office clients using non-modern authentication protocols from accessing SharePoint Online resources.")] boolean LegacyAuthProtocolsEnabled; - [Write, Description("DEPRECATED")] boolean RequireAcceptingAccountMatchInvitedAccount; [Write, Description("Specifies the home realm discovery value to be sent to Azure Active Directory (AAD) during the user sign-in process.")] String SignInAccelerationDomain; [Write, Description("Lets SharePoint issue a special cookie that will allow this feature to work even when Keep Me Signed In is not selected.")] boolean UsePersistentCookiesForExplorerView; [Write, Description("Allow feedback via UserVoice.")] boolean UserVoiceForFeedbackEnabled; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 index 71cc26f519..37f30daa0c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 @@ -237,12 +237,6 @@ function Get-TargetResource [System.String] $QnAEngagementMode, - #DEPRECATED - [Parameter()] - [System.String] - [ValidateSet('Stream', 'OneDriveForBusiness')] - $RecordingStorageMode, - [Parameter()] [ValidateSet('Off', 'Distinguish', 'Attribute')] [System.String] @@ -321,12 +315,6 @@ function Get-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - # Warning for deprecated parameters - if ($PSBoundParameters.ContainsKey('RecordingStorageMode')) - { - Write-Warning 'RecordingStorageMode is deprecated. Please remove this parameter from your configuration.' - } - $nullReturn = $PSBoundParameters $nullReturn.Ensure = 'Absent' try @@ -396,8 +384,6 @@ function Get-TargetResource NewMeetingRecordingExpirationDays = $policy.NewMeetingRecordingExpirationDays PreferredMeetingProviderForIslandsMode = $policy.PreferredMeetingProviderForIslandsMode QnAEngagementMode = $policy.QnAEngagementMode - #DEPRECATED - #RecordingStorageMode = $policy.RecordingStorageMode RoomPeopleNameUserOverride = $policy.RoomPeopleNameUserOverride ScreenSharingMode = $policy.ScreenSharingMode SpeakerAttributionMode = $policy.SpeakerAttributionMode @@ -662,12 +648,6 @@ function Set-TargetResource [System.String] $QnAEngagementMode, - #DEPRECATED - [Parameter()] - [System.String] - [ValidateSet('Stream', 'OneDriveForBusiness')] - $RecordingStorageMode, - [Parameter()] [ValidateSet('Off', 'Distinguish', 'Attribute')] [System.String] @@ -746,12 +726,6 @@ function Set-TargetResource $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters - # Warning for deprecated parameters - if ($PSBoundParameters.ContainsKey('RecordingStorageMode')) - { - Write-Warning 'RecordingStorageMode is deprecated. Please remove this parameter from your configuration.' - } - $CurrentValues = Get-TargetResource @PSBoundParameters $SetParameters = $PSBoundParameters @@ -762,10 +736,6 @@ function Set-TargetResource $SetParameters.Remove('CertificateThumbprint') | Out-Null $SetParameters.Remove('Verbose') | Out-Null # Needs to be implicitly removed for the cmdlet to work - # Remove deprecated parameters - #DEPRECATED - $SetParameters.Remove('RecordingStorageMode') | Out-Null - if ($Ensure -eq 'Present' -and $CurrentValues.Ensure -eq 'Absent') { Write-Verbose -Message "Creating a new Teams Meeting Policy {$Identity}" @@ -1046,12 +1016,6 @@ function Test-TargetResource [System.String] $QnAEngagementMode, - #DEPRECATED - [Parameter()] - [System.String] - [ValidateSet('Stream', 'OneDriveForBusiness')] - $RecordingStorageMode, - [Parameter()] [ValidateSet('Off', 'Distinguish', 'Attribute')] [System.String] @@ -1124,12 +1088,6 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - # Warning for deprecated parameters - if ($PSBoundParameters.ContainsKey('RecordingStorageMode')) - { - Write-Warning 'RecordingStorageMode is deprecated. Please remove this parameter from your configuration.' - } - Write-Verbose -Message "Testing configuration of Team Meeting Policy {$Identity}" $CurrentValues = Get-TargetResource @PSBoundParameters @@ -1146,10 +1104,6 @@ function Test-TargetResource # The AllowIPVideo is temporarly not working, therefore we won't check the value. $ValuesToCheck.Remove('AllowIPVideo') | Out-Null - # Remove deprecated parameters - #DEPRECATED - $ValuesToCheck.Remove('RecordingStorageMode') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.schema.mof index 0519cae8719809b04615ae2088bf02d4736abceb..ecf42b7dc9e517d9a2fa88ba8382094003a1122c 100644 GIT binary patch delta 26 icmbR6h4Ilx#tjC#lLL%YCi5kTP2RvHw0V_Ynl}KK>IzB# delta 176 zcmaF#k#WKo#tjC#g02h!3_%R849*OW3?V?;Wiq3%ta&g)2}2P>DnlYeE`t(-4iNh@ ziW!P0ALN!KTd!cE_~b*eLX#sj`6fRSPMiE7 PPHgf9CZWwWx@q13UTZ19 From 75f2858730404d5f659f035c38bee378f9041365 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Tue, 7 Mar 2023 08:31:06 +0100 Subject: [PATCH 017/187] Fixing issue 2969 --- CHANGELOG.md | 6 +++ .../MSFT_EXOIRMConfiguration.psm1 | 36 ++++++---------- .../MSFT_EXOIRMConfiguration.schema.mof | 2 +- .../MSFT_EXOResourceConfiguration.psm1 | 41 ++++++++----------- .../MSFT_EXOResourceConfiguration.schema.mof | 2 +- .../1-ConfigureIRMConfiguration.ps1 | 6 +-- .../1-ConfigureResourceConfiguration.ps1 | 2 +- ...rosoft365DSC.EXOIRMConfiguration.Tests.ps1 | 10 ++--- ...t365DSC.EXOResourceConfiguration.Tests.ps1 | 4 +- 9 files changed, 48 insertions(+), 61 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8845afcc19..9ee7eb79c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ # UNRELEASED +* EXOIRMConfiguration + * Renamed unused Identity parameter to IsSingleInstance + FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) * EXORoleAssignmentPolicy * Fix issue with IsDefault parameter FIXES [#2977](https://github.com/microsoft/Microsoft365DSC/issues/2977) @@ -81,6 +84,9 @@ * EXOManagementRoleAssignment * Added delays before disconnecting from EXO to ensure new permissions are applied. FIXES [#2523](https://github.com/microsoft/Microsoft365DSC/issues/2523) +* EXOResourceConfiguration + * Renamed unused Identity parameter to IsSingleInstance + FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) * O365AdminAuditLogConfig * Added support for ManagedIdentity. * Fixed the Get-TargetResource method to return all authentication parameters. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.psm1 index 83ef2a395d..0a174790cd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.psm1 @@ -4,9 +4,10 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Identity, + [ValidateSet('Yes')] + $IsSingleInstance, [Parameter()] [System.Boolean] @@ -134,14 +135,14 @@ function Get-TargetResource try { $IRMConfiguration = Get-IRMConfiguration -ErrorAction Stop - + $RMSOnlineKeySharingLocationValue = $null if ($IRMConfiguration.RMSOnlineKeySharingLocation) { $RMSOnlineKeySharingLocationValue = $IRMConfiguration.RMSOnlineKeySharingLocation.ToString() } $result = @{ - Identity = $IRMConfiguration.Identity + IsSingleInstance = 'Yes' AutomaticServiceUpdateEnabled = $IRMConfiguration.AutomaticServiceUpdateEnabled AzureRMSLicensingEnabled = $IRMConfiguration.AzureRMSLicensingEnabled DecryptAttachmentForEncryptOnly = $IRMConfiguration.DecryptAttachmentForEncryptOnly @@ -188,9 +189,10 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Identity, + [ValidateSet('Yes')] + $IsSingleInstance, [Parameter()] [System.Boolean] @@ -312,7 +314,7 @@ function Set-TargetResource $IRMConfigurationParams.Remove('CertificatePath') | Out-Null $IRMConfigurationParams.Remove('CertificatePassword') | Out-Null $IRMConfigurationParams.Remove('ManagedIdentity') | Out-Null - $IRMConfigurationParams.Remove('Identity') | Out-Null + $IRMConfigurationParams.Remove('IsSingleInstance') | Out-Null if (('Present' -eq $Ensure ) -and ($Null -ne $IRMConfigurationParams)) { @@ -329,9 +331,10 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Identity, + [ValidateSet('Yes')] + $IsSingleInstance, [Parameter()] [System.Boolean] @@ -465,19 +468,6 @@ function Export-TargetResource [OutputType([System.String])] param ( - [Parameter()] - [System.String] - $Identity, - - [Parameter()] - [System.String[]] - $ResourcePropertySchema, - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -529,7 +519,7 @@ function Export-TargetResource Write-Host " |---[1/1] $($IRMConfiguration.Identity)" -NoNewline $Params = @{ - Identity = $IRMConfiguration.Identity + IsSingleInstance = 'Yes' Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.schema.mof index 97d6748eb4..7f60fee37d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOIRMConfiguration/MSFT_EXOIRMConfiguration.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("EXOIRMConfiguration")] class MSFT_EXOIRMConfiguration : OMI_BaseResource { - [Write, Description("The Identity parameter specifies the Perimeter Configuration policy that you want to modify.")] String Identity; + [Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; [Write, Description("The AutomaticServiceUpdateEnabled parameter specifies whether to allow the automatic addition of new features within Azure Information Protection for your cloud-based organization.")] Boolean AutomaticServiceUpdateEnabled; [Write, Description("The AzureRMSLicensingEnabled parameter specifies whether the Exchange Online organization can to connect directly to Azure Rights Management.")] Boolean AzureRMSLicensingEnabled; [Write, Description("The DecryptAttachmentForEncryptOnly parameter specifies whether mail recipients have unrestricted rights on the attachment or not for Encrypt-only mails sent using Microsoft Purview Message Encryption.")] Boolean DecryptAttachmentForEncryptOnly; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.psm1 index be11663509..24ceeae410 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.psm1 @@ -4,9 +4,10 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Identity, + [ValidateSet('Yes')] + $IsSingleInstance, [Parameter()] [System.String[]] @@ -78,13 +79,13 @@ function Get-TargetResource { #Get-Resourceconfig do NOT accept ErrorAction parameter $ResourceConfiguration = Get-ResourceConfig 2>&1 - if ($null -ne ($ResourceConfiguration | Where-Object { $_.gettype().Name -like '*ErrorRecord*' })) + if ($null -ne ($ResourceConfiguration | Where-Object { $_.GetType().Name -like '*ErrorRecord*' })) { throw $ResourceConfiguration } $result = @{ - Identity = $ResourceConfiguration.Identity + IsSingleInstance = 'Yes' ResourcePropertySchema = $ResourceConfiguration.ResourcePropertySchema Credential = $Credential Ensure = 'Present' @@ -117,9 +118,10 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Identity, + [ValidateSet('Yes')] + $IsSingleInstance, [Parameter()] [System.String[]] @@ -184,7 +186,7 @@ function Set-TargetResource $ResourceConfigurationParams.Remove('CertificatePath') | Out-Null $ResourceConfigurationParams.Remove('CertificatePassword') | Out-Null $ResourceConfigurationParams.Remove('ManagedIdentity') | Out-Null - $ResourceConfigurationParams.Remove('Identity') | Out-Null + $ResourceConfigurationParams.Remove('IsSingleInstance') | Out-Null if (('Present' -eq $Ensure ) -and ($Null -ne $ResourceConfigurationParams)) { @@ -199,9 +201,10 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Identity, + [ValidateSet('Yes')] + $IsSingleInstance, [Parameter()] [System.String[]] @@ -284,19 +287,6 @@ function Export-TargetResource [OutputType([System.String])] param ( - [Parameter()] - [System.String] - $Identity, - - [Parameter()] - [System.String[]] - $ResourcePropertySchema, - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -325,6 +315,7 @@ function Export-TargetResource [Switch] $ManagedIdentity ) + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' -InboundParameters $PSBoundParameters -SkipModuleReload $true #Ensure the proper dependencies are installed in the current environment. @@ -342,7 +333,7 @@ function Export-TargetResource try { $ResourceConfiguration = Get-ResourceConfig 2>&1 - if ($null -ne ($ResourceConfiguration | Where-Object { $_.gettype().Name -like '*ErrorRecord*' })) + if ($null -ne ($ResourceConfiguration | Where-Object { $_.GetType().Name -like '*ErrorRecord*' })) { throw $ResourceConfiguration } @@ -353,7 +344,7 @@ function Export-TargetResource Write-Host " |---[1/1] $($ResourceConfiguration.Identity)" -NoNewline $Params = @{ - Identity = $ResourceConfiguration.Identity + IsSingleInstance = 'Yes' Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId @@ -381,7 +372,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.schema.mof index 50f14a5cdb..af2ae9f26b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOResourceConfiguration/MSFT_EXOResourceConfiguration.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("EXOResourceConfiguration")] class MSFT_EXOResourceConfiguration : OMI_BaseResource { - [Write, Description("The Identity parameter specifies the Perimeter Configuration policy that you want to modify.")] String Identity; + [Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; [Write, Description("The ResourcePropertySchema parameter specifies the custom resource property that you want to make available to room or equipment mailboxes. This parameter uses the syntax Room/ or Equipment/ where the value doesn't contain spaces. For example, Room/Whiteboard or Equipment/Van.")] String ResourcePropertySchema[]; [Write, Description("Specifies if this Outbound connector should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOIRMConfiguration/1-ConfigureIRMConfiguration.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOIRMConfiguration/1-ConfigureIRMConfiguration.ps1 index 4970758de0..ba573b550b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOIRMConfiguration/1-ConfigureIRMConfiguration.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOIRMConfiguration/1-ConfigureIRMConfiguration.ps1 @@ -17,7 +17,7 @@ Configuration Example { EXOIRMConfiguration 'ConfigureIRMConfiguration' { - Identity = "Global" + IsSingleInstance = 'Yes' AutomaticServiceUpdateEnabled = $True AzureRMSLicensingEnabled = $True DecryptAttachmentForEncryptOnly = $True @@ -30,8 +30,8 @@ Configuration Example SimplifiedClientAccessDoNotForwardDisabled = $True SimplifiedClientAccessEnabled = $True SimplifiedClientAccessEncryptOnlyDisabled = $True - TransportDecryptionSetting = "Mandatory" - Ensure = "Present" + TransportDecryptionSetting = 'Mandatory' + Ensure = 'Present' Credential = $credsGlobalAdmin } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOResourceConfiguration/1-ConfigureResourceConfiguration.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOResourceConfiguration/1-ConfigureResourceConfiguration.ps1 index 278b13c1b5..ad2829ac3d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOResourceConfiguration/1-ConfigureResourceConfiguration.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOResourceConfiguration/1-ConfigureResourceConfiguration.ps1 @@ -18,7 +18,7 @@ Configuration Example { EXOResourceConfiguration 'ConfigureResourceConfiguration' { - Identity = 'Global' + IsSingleInstance = 'Yes' ResourcePropertySchema = @('Room/TV', 'Equipment/Laptop') Ensure = 'Present' Credential = $credsGlobalAdmin diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOIRMConfiguration.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOIRMConfiguration.Tests.ps1 index 3497a190d2..d2fc6bd06f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOIRMConfiguration.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOIRMConfiguration.Tests.ps1 @@ -48,6 +48,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'Configuration needs updating' -Fixture { BeforeAll { $testParams = @{ + IsSingleInstance = 'Yes' AutomaticServiceUpdateEnabled = $True AzureRMSLicensingEnabled = $True Credential = $Credential @@ -55,7 +56,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { EDiscoverySuperUserEnabled = $True EnablePdfEncryption = $False Ensure = 'Present' - Identity = 'Test Config' InternalLicensingEnabled = $True JournalReportDecryptionEnabled = $True LicensingLocation = @('https://contoso.com/_wmcs/licensing') @@ -67,7 +67,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { TransportDecryptionSetting = 'Optional' } - Mock -CommandName Get-IRMConfiguration -MockWith { + Mock -CommandName Get-IRMConfiguration -MockWith { return @{ AutomaticServiceUpdateEnabled = $True AzureRMSLicensingEnabled = $True @@ -101,6 +101,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'Update not required.' -Fixture { BeforeAll { $testParams = @{ + IsSingleInstance = 'Yes' AutomaticServiceUpdateEnabled = $True AzureRMSLicensingEnabled = $True Credential = $Credential @@ -108,7 +109,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { EDiscoverySuperUserEnabled = $True EnablePdfEncryption = $False Ensure = 'Present' - Identity = 'Test Config' InternalLicensingEnabled = $True JournalReportDecryptionEnabled = $True LicensingLocation = @('https://contoso.com/_wmcs/licensing') @@ -120,7 +120,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { TransportDecryptionSetting = 'Optional' } - Mock -CommandName Get-IRMConfiguration -MockWith { + Mock -CommandName Get-IRMConfiguration -MockWith { return @{ AutomaticServiceUpdateEnabled = $True AzureRMSLicensingEnabled = $True @@ -154,7 +154,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential } - Mock -CommandName Get-IRMConfiguration -MockWith { + Mock -CommandName Get-IRMConfiguration -MockWith { return @{ AutomaticServiceUpdateEnabled = $True AzureRMSLicensingEnabled = $True diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOResourceConfiguration.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOResourceConfiguration.Tests.ps1 index 73560bb642..839aa20a54 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOResourceConfiguration.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOResourceConfiguration.Tests.ps1 @@ -48,9 +48,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'Config is not in the desired state' -Fixture { BeforeAll { $testParams = @{ + IsSingleInstance = 'Yes' Credential = $Credential Ensure = 'Present' - Identity = 'Resource Schema' ResourcePropertySchema = @('Room/TV', 'Equipment/Laptop') } @@ -76,9 +76,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'Config is already in the desired state' -Fixture { BeforeAll { $testParams = @{ + IsSingleInstance = 'Yes' Credential = $Credential Ensure = 'Present' - Identity = 'Resource Schema' ResourcePropertySchema = @('Room/TV', 'Equipment/Laptop') } From a53c40e984bc6ceb53970172e5898c3bfced5901 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Fri, 17 Mar 2023 22:48:00 +0100 Subject: [PATCH 018/187] Updated changelog --- CHANGELOG.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9ee7eb79c5..949a5d60e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,10 @@ # UNRELEASED * EXOIRMConfiguration - * Renamed unused Identity parameter to IsSingleInstance + * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance + FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) +* EXOResourceConfiguration + * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) * EXORoleAssignmentPolicy * Fix issue with IsDefault parameter @@ -84,9 +87,6 @@ * EXOManagementRoleAssignment * Added delays before disconnecting from EXO to ensure new permissions are applied. FIXES [#2523](https://github.com/microsoft/Microsoft365DSC/issues/2523) -* EXOResourceConfiguration - * Renamed unused Identity parameter to IsSingleInstance - FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) * O365AdminAuditLogConfig * Added support for ManagedIdentity. * Fixed the Get-TargetResource method to return all authentication parameters. From 538284888c6b1a6316eac10ac61a3235cb006ee2 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Fri, 17 Mar 2023 22:52:29 +0100 Subject: [PATCH 019/187] Corrected examples --- .../1-ConfigureAADConditionalAccessPolicy.ps1 | 72 +++++++++---------- .../1-ConfigureSafeLinksPolicy.ps1 | 11 ++- .../1-AddingNewSensitivityLabel.ps1 | 65 ++++++++--------- 3 files changed, 70 insertions(+), 78 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 index c6d0512b0e..2b5bc7f8b9 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 @@ -16,43 +16,41 @@ Configuration Example { AADConditionalAccessPolicy 'Allin-example' { - BuiltInControls = @("Mfa", "CompliantDevice", "DomainJoinedDevice", "ApprovedApplication", "CompliantApplication") - ClientAppTypes = @("ExchangeActiveSync", "Browser", "MobileAppsAndDesktopClients", "Other") - CloudAppSecurityIsEnabled = $True - CloudAppSecurityType = "MonitorOnly" - DisplayName = "Allin-example" - ExcludeApplications = @("803ee9ca-3f7f-4824-bd6e-0b99d720c35c", "00000012-0000-0000-c000-000000000000", "00000007-0000-0000-c000-000000000000", "Office365") - ExcludeDevices = @("Compliant", "DomainJoined") - ExcludeGroups = @() - ExcludeLocations = @("Blocked Countries") - ExcludePlatforms = @("Windows", "WindowsPhone", "MacOS") - ExcludeRoles = @("Company Administrator", "Application Administrator", "Application Developer", "Cloud Application Administrator", "Cloud Device Administrator") - ExcludeUsers = @("admin@contoso.com", "AAdmin@contoso.com", "CAAdmin@contoso.com", "AllanD@contoso.com", "AlexW@contoso.com", "GuestsOrExternalUsers") - ExcludeExternalTenantsMembers = @(); - ExcludeExternalTenantsMembershipKind = "all"; - ExcludeGuestOrExternalUserTypes = @("internalGuest","b2bCollaborationMember"); - GrantControlOperator = "OR" - IncludeApplications = @("All") - IncludeDevices = @("All") - IncludeGroups = @() - IncludeLocations = @("AllTrusted") - IncludePlatforms = @("Android", "IOS") - IncludeRoles = @("Compliance Administrator") - IncludeUserActions = @() - IncludeUsers = @("Alexw@contoso.com") - IncludeExternalTenantsMembers = @("11111111-1111-1111-1111-111111111111"); - IncludeExternalTenantsMembershipKind = "enumerated"; - IncludeGuestOrExternalUserTypes = @("b2bCollaborationGuest"); - PersistentBrowserIsEnabled = $false - PersistentBrowserMode = "" - SignInFrequencyIsEnabled = $True - SignInFrequencyType = "Hours" - SignInFrequencyValue = 5 - SignInRiskLevels = @("High", "Medium") - State = "disabled" - UserRiskLevels = @("High", "Medium") - Ensure = "Present" - Credential = $credsGlobalAdmin + BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') + ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') + CloudAppSecurityIsEnabled = $True + CloudAppSecurityType = 'MonitorOnly' + DisplayName = 'Allin-example' + ExcludeApplications = @('803ee9ca-3f7f-4824-bd6e-0b99d720c35c', '00000012-0000-0000-c000-000000000000', '00000007-0000-0000-c000-000000000000', 'Office365') + ExcludeGroups = @() + ExcludeLocations = @('Blocked Countries') + ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') + ExcludeRoles = @('Company Administrator', 'Application Administrator', 'Application Developer', 'Cloud Application Administrator', 'Cloud Device Administrator') + ExcludeUsers = @('admin@contoso.com', 'AAdmin@contoso.com', 'CAAdmin@contoso.com', 'AllanD@contoso.com', 'AlexW@contoso.com', 'GuestsOrExternalUsers') + ExcludeExternalTenantsMembers = @() + ExcludeExternalTenantsMembershipKind = 'all' + ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') + GrantControlOperator = 'OR' + IncludeApplications = @('All') + IncludeGroups = @() + IncludeLocations = @('AllTrusted') + IncludePlatforms = @('Android', 'IOS') + IncludeRoles = @('Compliance Administrator') + IncludeUserActions = @() + IncludeUsers = @('Alexw@contoso.com') + IncludeExternalTenantsMembers = @('11111111-1111-1111-1111-111111111111') + IncludeExternalTenantsMembershipKind = 'enumerated' + IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest') + PersistentBrowserIsEnabled = $false + PersistentBrowserMode = '' + SignInFrequencyIsEnabled = $True + SignInFrequencyType = 'Hours' + SignInFrequencyValue = 5 + SignInRiskLevels = @('High', 'Medium') + State = 'disabled' + UserRiskLevels = @('High', 'Medium') + Ensure = 'Present' + Credential = $credsGlobalAdmin } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOSafeLinksPolicy/1-ConfigureSafeLinksPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOSafeLinksPolicy/1-ConfigureSafeLinksPolicy.ps1 index b0409f3c5a..9dd60a3cdd 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOSafeLinksPolicy/1-ConfigureSafeLinksPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOSafeLinksPolicy/1-ConfigureSafeLinksPolicy.ps1 @@ -17,18 +17,15 @@ Configuration Example { EXOSafeLinksPolicy 'ConfigureSafeLinksPolicy' { - Identity = "Marketing Block URL" - AdminDisplayName = "Marketing Block URL" - CustomNotificationText = "Blocked URLs for Marketing" + Identity = 'Marketing Block URL' + AdminDisplayName = 'Marketing Block URL' + CustomNotificationText = 'Blocked URLs for Marketing' DeliverMessageAfterScan = $True - DoNotAllowClickThrough = $True - DoNotTrackUserClicks = $True EnableOrganizationBranding = $True EnableSafeLinksForTeams = $True - IsEnabled = $True ScanUrls = $True UseTranslatedNotificationText = $True - Ensure = "Present" + Ensure = 'Present' Credential = $credsGlobalAdmin } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/SCSensitivityLabel/1-AddingNewSensitivityLabel.ps1 b/Modules/Microsoft365DSC/Examples/Resources/SCSensitivityLabel/1-AddingNewSensitivityLabel.ps1 index f3f3b46da6..f122bdd529 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/SCSensitivityLabel/1-AddingNewSensitivityLabel.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/SCSensitivityLabel/1-AddingNewSensitivityLabel.ps1 @@ -16,67 +16,64 @@ Configuration Example { SCSensitivityLabel 'ConfigureSensitivityLabel' { - Name = "DemoLabel" - Comment = "Demo Label comment" - ToolTip = "Demo tool tip" - DisplayName = "Demo Label" - ApplyContentMarkingFooterAlignment = "Center" + Name = 'DemoLabel' + Comment = 'Demo Label comment' + ToolTip = 'Demo tool tip' + DisplayName = 'Demo Label' + ApplyContentMarkingFooterAlignment = 'Center' ApplyContentMarkingFooterEnabled = $true - ApplyContentMarkingFooterFontColor = "#FF0000" - ApplyContentMarkingFooterFontName = "calibri" + ApplyContentMarkingFooterFontColor = '#FF0000' ApplyContentMarkingFooterFontSize = 10 ApplyContentMarkingFooterMargin = 5 - ApplyContentMarkingFooterText = "Demo footer text" - ApplyContentMarkingHeaderAlignment = "Center" + ApplyContentMarkingFooterText = 'Demo footer text' + ApplyContentMarkingHeaderAlignment = 'Center' ApplyContentMarkingHeaderEnabled = $true - ApplyContentMarkingHeaderFontColor = "#FF0000" - ApplyContentMarkingHeaderFontName = "calibri" + ApplyContentMarkingHeaderFontColor = '#FF0000' ApplyContentMarkingHeaderFontSize = 10 ApplyContentMarkingHeaderMargin = 5 - ApplyContentMarkingHeaderText = "demo header text" + ApplyContentMarkingHeaderText = 'demo header text' ApplyWaterMarkingEnabled = $true - ApplyWaterMarkingFontColor = "#FF0000" - ApplyWaterMarkingFontName = "calibri" + ApplyWaterMarkingFontColor = '#FF0000' ApplyWaterMarkingFontSize = 10 - ApplyWaterMarkingLayout = "Diagonal" - ApplyWaterMarkingText = "demo watermark" + ApplyWaterMarkingLayout = 'Diagonal' + ApplyWaterMarkingText = 'demo watermark' SiteAndGroupProtectionAllowAccessToGuestUsers = $true SiteAndGroupProtectionAllowEmailFromGuestUsers = $true SiteAndGroupProtectionAllowFullAccess = $true SiteAndGroupProtectionAllowLimitedAccess = $true SiteAndGroupProtectionBlockAccess = $true SiteAndGroupProtectionEnabled = $true - SiteAndGroupProtectionPrivacy = "Private" + SiteAndGroupProtectionPrivacy = 'Private' LocaleSettings = @( MSFT_SCLabelLocaleSettings { - LocaleKey = "DisplayName" - LabelSettings = @( + LocaleKey = 'DisplayName' + LabelSettings = @( MSFT_SCLabelSetting { - Key = "en-us" - Value = "English Display Names" + Key = 'en-us' + Value = 'English Display Names' } MSFT_SCLabelSetting { - Key = "fr-fr" + Key = 'fr-fr' Value = "Nom da'ffichage francais" } ) } MSFT_SCLabelLocaleSettings { - LocaleKey = "StopColor" - LabelSettings = @( + LocaleKey = 'StopColor' + LabelSettings = @( MSFT_SCLabelSetting { - Key = "en-us" - Value = "RedGreen" + Key = 'en-us' + Value = 'RedGreen' } MSFT_SCLabelSetting { - Key = "fr-fr" - Value = "Rouge" + Key = 'fr-fr' + Value = 'Rouge' } ) } @@ -84,17 +81,17 @@ Configuration Example AdvancedSettings = @( MSFT_SCLabelSetting { - Key = "AllowedLevel" - Value = @("Sensitive", "Classified") + Key = 'AllowedLevel' + Value = @('Sensitive', 'Classified') } MSFT_SCLabelSetting { - Key = "LabelStatus" - Value = "Enabled" + Key = 'LabelStatus' + Value = 'Enabled' } ) - ParentId = "Personal" - Ensure = "Present" + ParentId = 'Personal' + Ensure = 'Present' Credential = $credsGlobalAdmin } } From 9b78f8335cb1caf573d116ea4f93c1cd987b2934 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 18 Mar 2023 12:24:16 +0000 Subject: [PATCH 020/187] Initial release --- CHANGELOG.md | 3 + ...onitoringConfigurationPolicyWindows10.psm1 | 1382 +++++++++++++++++ ...ingConfigurationPolicyWindows10.schema.mof | 29 + .../readme.md | 6 + .../settings.json | 33 + ...ngConfigurationPolicyWindows10-Example.ps1 | 34 + ...ringConfigurationPolicyWindows10.Tests.ps1 | 240 +++ 7 files changed, 1727 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/1-IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10-Example.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 1a29ba5168..94a135757e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ # UNRELEASED +* IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 + * Initial Release + FIXES [#2830](https://github.com/microsoft/Microsoft365DSC/issues/2830) * EXORoleAssignmentPolicy * Fix issue with IsDefault parameter FIXES [#2977](https://github.com/microsoft/Microsoft365DSC/issues/2977) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 new file mode 100644 index 0000000000..0467e11a3a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 @@ -0,0 +1,1382 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $AllowDeviceHealthMonitoring, + + [Parameter()] + [System.String] + $ConfigDeviceHealthMonitoringCustomScope, + + [Parameter()] + [System.String] + $ConfigDeviceHealthMonitoringScope, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with Id {$Id}" + + if(-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgDeviceManagementDeviceConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." + + #region resource generator code + $enumAllowDeviceHealthMonitoring = $null + if ($null -ne $getValue.AdditionalProperties.allowDeviceHealthMonitoring) + { + $enumAllowDeviceHealthMonitoring = $getValue.AdditionalProperties.allowDeviceHealthMonitoring.ToString() + } + + $enumConfigDeviceHealthMonitoringScope = $null + if ($null -ne $getValue.AdditionalProperties.configDeviceHealthMonitoringScope) + { + $enumConfigDeviceHealthMonitoringScope = $getValue.AdditionalProperties.configDeviceHealthMonitoringScope.ToString() + } + + #endregion + + $results = @{ + #region resource generator code + AllowDeviceHealthMonitoring = $enumAllowDeviceHealthMonitoring + ConfigDeviceHealthMonitoringCustomScope = $getValue.AdditionalProperties.configDeviceHealthMonitoringCustomScope + ConfigDeviceHealthMonitoringScope = $enumConfigDeviceHealthMonitoringScope + Description = $getValue.Description + DisplayName = $getValue.DisplayName + SupportsScopeTags = $getValue.SupportsScopeTags + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + $assignmentsValues = Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $AllowDeviceHealthMonitoring, + + [Parameter()] + [System.String] + $ConfigDeviceHealthMonitoringCustomScope, + + [Parameter()] + [System.String] + $ConfigDeviceHealthMonitoringScope, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('Credential') | Out-Null + $PSBoundParameters.Remove('ApplicationId') | Out-Null + $PSBoundParameters.Remove('ApplicationSecret') | Out-Null + $PSBoundParameters.Remove('TenantId') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('Verbose') | Out-Null + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with DisplayName {$DisplayName}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $CreateParameters.Remove('Id') | Out-Null + + $keys=(([Hashtable]$CreateParameters).clone()).Keys + foreach($key in $keys) + { + if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + { + $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + } + } + #region resource generator code + $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsHealthMonitoringConfiguration") + $policy=New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash=@() + foreach($assignment in $Assignments) + { + $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + + if($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + + $keys=(([Hashtable]$UpdateParameters).clone()).Keys + foreach($key in $keys) + { + if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + { + $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + } + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsHealthMonitoringConfiguration") + Update-MgDeviceManagementDeviceConfiguration ` + -DeviceConfigurationId $currentInstance.Id ` + -BodyParameter $UpdateParameters + $assignmentsHash=@() + foreach($assignment in $Assignments) + { + $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $AllowDeviceHealthMonitoring, + + [Parameter()] + [System.String] + $ConfigDeviceHealthMonitoringCustomScope, + + [Parameter()] + [System.String] + $ConfigDeviceHealthMonitoringScope, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + $testResult = $false + break; + } + + $ValuesToCheck.Remove($key) | Out-Null + + } + } + + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsHealthMonitoringConfiguration' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + if($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function Update-DeviceConfigurationPolicyAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $Targets, + + [Parameter()] + [System.String] + $Repository='deviceManagement/configurationPolicies', + + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion='beta' + ) + try + { + $deviceManagementPolicyAssignments=@() + $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + + foreach($target in $targets) + { + $formattedTarget=@{"@odata.type"=$target.dataType} + if($target.groupId) + { + $formattedTarget.Add('groupId',$target.groupId) + } + if($target.collectionId) + { + $formattedTarget.Add('collectionId',$target.collectionId) + } + if($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + } + if($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + } + $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $null + } +} + +function Rename-M365DSCCimInstanceParameter +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $Properties + ) + + $keyToRename=@{ + "odataType"="@odata.type" + } + + $result=$Properties + + $type=$Properties.getType().FullName + + #region Array + if ($type -like '*[[\]]') + { + $values = @() + foreach ($item in $Properties) + { + $values += Rename-M365DSCCimInstanceParameter $item + } + $result=$values + + return ,$result + } + #endregion + + #region Single + if($type -like "*Hashtable") + { + $result=([Hashtable]$Properties).clone() + } + if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + { + $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result + $keys=($hashProperties.clone()).keys + foreach($key in $keys) + { + $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + if ($key -in $keyToRename.Keys) + { + $keyName=$keyToRename.$key + } + + $property=$hashProperties.$key + if($null -ne $property) + { + $hashProperties.Remove($key) + $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + } + } + $result = $hashProperties + } + + return $result + #endregion +} + +function Get-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter()] + $ComplexObject + ) + + if($null -eq $ComplexObject) + { + return $null + } + + if($ComplexObject.gettype().fullname -like "*[[\]]") + { + $results=@() + + foreach($item in $ComplexObject) + { + if($item) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results+=$hash + } + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + + if($ComplexObject.getType().fullname -like '*Dictionary*') + { + $results = @{} + + $ComplexObject=[hashtable]::new($ComplexObject) + $keys=$ComplexObject.Keys + foreach ($key in $keys) + { + if($null -ne $ComplexObject.$key) + { + $keyName = $key + + $keyType=$ComplexObject.$key.gettype().fullname + + if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$key) + } + } + } + return [hashtable]$results + } + + $results = @{} + + if($ComplexObject.getType().Fullname -like "*hashtable") + { + $keys = $ComplexObject.keys + } + else + { + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + } + + foreach ($key in $keys) + { + $keyName=$key + if($ComplexObject.getType().Fullname -notlike "*hashtable") + { + $keyName=$key.Name + } + + if($null -ne $ComplexObject.$keyName) + { + $keyType=$ComplexObject.$keyName.gettype().fullname + if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$keyName) + } + } + } + + return [hashtable]$results +} + +<# + Use ComplexTypeMapping to overwrite the type of nested CIM + Example + $complexMapping=@( + @{ + Name="ApprovalStages" + CimInstanceName="MSFT_MicrosoftGraphapprovalstage1" + IsRequired=$false + } + @{ + Name="PrimaryApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + @{ + Name="EscalationApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + ) + With + Name: the name of the parameter to be overwritten + CimInstanceName: The type of the CIM instance (can include or not the prefix MSFT_) + IsRequired: If isRequired equals true, an empty hashtable or array will be returned. Some of the Graph parameters are required even though they are empty +#> +function Get-M365DSCDRGComplexTypeToString +{ + [CmdletBinding()] + param( + [Parameter()] + $ComplexObject, + + [Parameter(Mandatory = $true)] + [System.String] + $CIMInstanceName, + + [Parameter()] + [Array] + $ComplexTypeMapping, + + [Parameter()] + [System.String] + $Whitespace='', + + [Parameter()] + [System.uint32] + $IndentLevel=3, + + [Parameter()] + [switch] + $isArray=$false + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + $indent='' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent+=' ' + } + #If ComplexObject is an Array + if ($ComplexObject.GetType().FullName -like "*[[\]]") + { + $currentProperty=@() + $IndentLevel++ + foreach ($item in $ComplexObject) + { + $splat=@{ + 'ComplexObject'=$item + 'CIMInstanceName'=$CIMInstanceName + 'IndentLevel'=$IndentLevel + } + if ($ComplexTypeMapping) + { + $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + } + + $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,$currentProperty + } + + $currentProperty='' + if($isArray) + { + $currentProperty += "`r`n" + $currentProperty += $indent + } + + $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $currentProperty += "MSFT_$CIMInstanceName{`r`n" + $IndentLevel++ + $indent='' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent+=' ' + } + $keyNotNull = 0 + + if ($ComplexObject.Keys.count -eq 0) + { + return $null + } + + foreach ($key in $ComplexObject.Keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyNotNull++ + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + { + $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + + $isArray=$false + if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + { + $isArray=$true + } + #overwrite type if object defined in mapping complextypemapping + if($key -in $ComplexTypeMapping.Name) + { + $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashProperty=$ComplexObject[$key] + } + else + { + $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + } + + if(-not $isArray) + { + $currentProperty += $indent + $key + ' = ' + } + + if($isArray -and $key -in $ComplexTypeMapping.Name ) + { + if($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $key + ' = ' + $currentProperty += "@(" + } + } + + if ($isArray) + { + $IndentLevel++ + foreach ($item in $ComplexObject[$key]) + { + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + { + $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "@()`r`n" + } + $currentProperty += $nestedPropertyString + } + $IndentLevel-- + } + else + { + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "`$null`r`n" + } + $currentProperty += $nestedPropertyString + } + if($isArray) + { + if($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $currentProperty += ')' + $currentProperty += "`r`n" + } + } + $isArray=$PSBoundParameters.IsArray + } + else + { + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($indent) + } + } + else + { + $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + + if($mappedKey -and $mappedKey.isRequired) + { + if($mappedKey.isArray) + { + $currentProperty += "$indent$key = @()`r`n" + } + else + { + $currentProperty += "$indent$key = `$null`r`n" + } + } + } + } + $indent='' + for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + { + $indent+=' ' + } + $currentProperty += "$indent}" + if($isArray -or $IndentLevel -gt 4) + { + $currentProperty += "`r`n" + } + + #Indenting last parenthese when the cim instance is an array + if($IndentLevel -eq 5) + { + $indent='' + for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + { + $indent+=' ' + } + $currentProperty += $indent + } + + $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") + if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + { + $currentProperty=$null + } + + return $currentProperty +} + +Function Get-M365DSCDRGSimpleObjectTypeToString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory = 'true')] + [System.String] + $Key, + + [Parameter(Mandatory = 'true')] + $Value, + + [Parameter()] + [System.String] + $Space=" " + + ) + + $returnValue="" + switch -Wildcard ($Value.GetType().Fullname ) + { + "*.Boolean" + { + $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + } + "*.String" + { + if($key -eq '@odata.type') + { + $key='odataType' + } + $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + } + "*.DateTime" + { + $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + } + "*[[\]]" + { + $returnValue= $Space + $key + " = @(" + $whitespace="" + $newline="" + if($Value.count -gt 1) + { + $returnValue += "`r`n" + $whitespace=$Space+" " + $newline="`r`n" + } + foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + { + switch -Wildcard ($item.GetType().Fullname ) + { + "*.String" + { + $returnValue += "$whitespace'$item'$newline" + } + "*.DateTime" + { + $returnValue += "$whitespace'$item'$newline" + } + Default + { + $returnValue += "$whitespace$item$newline" + } + } + } + if($Value.count -gt 1) + { + $returnValue += "$Space)`r`n" + } + else + { + $returnValue += ")`r`n" + + } + } + Default + { + $returnValue= $Space + $Key + " = " + $Value + "`r`n" + } + } + return $returnValue +} + +function Compare-M365DSCComplexObject +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param( + [Parameter()] + $Source, + [Parameter()] + $Target + ) + + #Comparing full objects + if($null -eq $Source -and $null -eq $Target) + { + return $true + } + + $sourceValue="" + $targetValue="" + if (($null -eq $Source) -xor ($null -eq $Target)) + { + if($null -eq $Source) + { + $sourceValue="Source is null" + } + + if($null -eq $Target) + { + $targetValue="Target is null" + } + Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" + return $false + } + + if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + { + if($source.count -ne $target.count) + { + Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" + return $false + } + if($source.count -eq 0) + { + return $true + } + + foreach($item in $Source) + { + + $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach($targetItem in $Target) + { + $compareResult= Compare-M365DSCComplexObject ` + -Source $hashSource ` + -Target $targetItem + + if ($compareResult) + { + break + } + } + + if(-not $compareResult) + { + Write-Verbose -Message "Configuration drift - The complex array items are not identical" + return $false + } + } + return $true + } + + $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + foreach ($key in $keys) + { + #Matching possible key names between Source and Target + $skey=$key + $tkey=$key + + $sourceValue=$Source.$key + $targetValue=$Target.$tkey + #One of the item is null and not the other + if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) + { + + if($null -eq $Source.$key) + { + $sourceValue="null" + } + + if($null -eq $Target.$tkey) + { + $targetValue="null" + } + + #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + + #Both keys aren't null or empty + if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + { + if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + { + #Recursive call for complex object + $compareResult= Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` + -Target $Target.$tkey + + if(-not $compareResult) + { + + #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + else + { + #Simple object comparison + $referenceObject=$Target.$tkey + $differenceObject=$Source.$key + + #Identifying date from the current values + $targetType=($Target.$tkey.getType()).Name + if($targetType -like "*Date*") + { + $compareResult=$true + $sourceDate= [DateTime]$Source.$key + if($sourceDate -ne $targetType) + { + $compareResult=$null + } + } + else + { + $compareResult = Compare-Object ` + -ReferenceObject ($referenceObject) ` + -DifferenceObject ($differenceObject) + } + + if ($null -ne $compareResult) + { + #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + } + } + + return $true +} +function Convert-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $ComplexObject + ) + + + if($ComplexObject.getType().Fullname -like "*[[\]]") + { + $results=@() + foreach($item in $ComplexObject) + { + $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results+=$hash + } + + #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject + + if($null -ne $hashComplexObject) + { + + $results=$hashComplexObject.clone() + $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + foreach ($key in $keys) + { + if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + { + $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + } + else + { + $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) + $propertyValue=$results[$key] + $results.remove($key)|out-null + $results.add($propertyName,$propertyValue) + } + } + } + return [hashtable]$results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.schema.mof new file mode 100644 index 0000000000..623045b233 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.schema.mof @@ -0,0 +1,29 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10")] +class MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 : OMI_BaseResource +{ + [Write, Description("Enables device health monitoring on the device. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String AllowDeviceHealthMonitoring; + [Write, Description("Specifies custom set of events collected from the device where health monitoring is enabled")] String ConfigDeviceHealthMonitoringCustomScope; + [Write, Description("Specifies set of events collected from the device where health monitoring is enabled. Possible values are: undefined, healthMonitoring, bootPerformance, windowsUpdates, privilegeManagement.")] String ConfigDeviceHealthMonitoringScope; + [Write, Description("Admin provided description of the Device Configuration.")] String Description; + [Required, Description("Admin provided name of the device configuration.")] String DisplayName; + [Write, Description("Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.")] Boolean SupportsScopeTags; + [Key, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/readme.md new file mode 100644 index 0000000000..3be5fa5026 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/readme.md @@ -0,0 +1,6 @@ + +# IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 + +## Description + +Intune Device Configuration Health Monitoring Configuration Policy for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/settings.json new file mode 100644 index 0000000000..a3c25ab232 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10", + "description": "This resource configures an Intune Device Configuration Health Monitoring Configuration Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } +} + +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/1-IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/1-IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10-Example.ps1 new file mode 100644 index 0000000000..8f5b9a754d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/1-IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10-Example.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 'Example' + { + AllowDeviceHealthMonitoring = "enabled"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ConfigDeviceHealthMonitoringScope = "bootPerformance,windowsUpdates"; + Credential = $Credscredential; + DisplayName = "Health Monitoring Configuration"; + Ensure = "Present"; + Id = "ea1bbbf2-1593-4156-9995-62b93a474e01"; + SupportsScopeTags = $True; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 new file mode 100644 index 0000000000..f9cec3fd10 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 @@ -0,0 +1,240 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath "..\..\Unit" ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\Stubs\Microsoft365.psm1" ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\Stubs\Generic.psm1" ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\UnitTestHelper.psm1" ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { + } + + } + # Test contexts + Context -Name "The IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + AllowDeviceHealthMonitoring = "notConfigured" + ConfigDeviceHealthMonitoringCustomScope = "FakeStringValue" + ConfigDeviceHealthMonitoringScope = "undefined" + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name "The IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + AllowDeviceHealthMonitoring = "notConfigured" + ConfigDeviceHealthMonitoringCustomScope = "FakeStringValue" + ConfigDeviceHealthMonitoringScope = "undefined" + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + Ensure = "Absent" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.windowsHealthMonitoringConfiguration" + configDeviceHealthMonitoringCustomScope = "FakeStringValue" + allowDeviceHealthMonitoring = "notConfigured" + configDeviceHealthMonitoringScope = "undefined" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + + } + } + } + + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + Context -Name "The IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AllowDeviceHealthMonitoring = "notConfigured" + ConfigDeviceHealthMonitoringCustomScope = "FakeStringValue" + ConfigDeviceHealthMonitoringScope = "undefined" + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.windowsHealthMonitoringConfiguration" + configDeviceHealthMonitoringCustomScope = "FakeStringValue" + allowDeviceHealthMonitoring = "notConfigured" + configDeviceHealthMonitoringScope = "undefined" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AllowDeviceHealthMonitoring = "notConfigured" + ConfigDeviceHealthMonitoringCustomScope = "FakeStringValue" + ConfigDeviceHealthMonitoringScope = "undefined" + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.windowsHealthMonitoringConfiguration" + configDeviceHealthMonitoringCustomScope = "FakeStringValue" + allowDeviceHealthMonitoring = "notConfigured" + configDeviceHealthMonitoringScope = "undefined" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + } + } + } + + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It "Should call the Set method" { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name "ReverseDSC Tests" -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.windowsHealthMonitoringConfiguration" + configDeviceHealthMonitoringCustomScope = "FakeStringValue" + allowDeviceHealthMonitoring = "notConfigured" + configDeviceHealthMonitoringScope = "undefined" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + + } + } + } + It "Should Reverse Engineer resource from the Export method" { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From 7f9b53ba63533afa8fa2a67a06bfaf8531a4bf25 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Sat, 18 Mar 2023 15:24:33 +0100 Subject: [PATCH 021/187] Corrected unit tests that used the parameters --- ...65DSC.AADConditionalAccessPolicy.Tests.ps1 | 128 +++-- ...DSC.EXOHostedContentFilterPolicy.Tests.ps1 | 505 +++++++++--------- ...oft365DSC.EXOMalwareFilterPolicy.Tests.ps1 | 6 - 3 files changed, 310 insertions(+), 329 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1 index 467bded54d..12218aa684 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1 @@ -51,46 +51,44 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name "When Conditional Access Policy doesn't exist but should" -Fixture { BeforeAll { $testParams = @{ - BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') - ClientAppTypes = @('Browser', 'MobileAppsAndDesktopClients') - CloudAppSecurityIsEnabled = $True - CloudAppSecurityType = 'MonitorOnly' - DisplayName = 'Allin' - Ensure = 'Present' - ExcludeApplications = @('00000012-0000-0000-c000-000000000000', 'Office365') - ExcludeDevices = @('Compliant', 'DomainJoined') - ExcludeGroups = @('Group 01') - ExcludeLocations = 'Contoso LAN' - ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') - ExcludeRoles = @('Compliance Administrator') - ExcludeUsers = 'alexw@contoso.com' - ExcludeExternalTenantsMembers = @(); - ExcludeExternalTenantsMembershipKind = "all"; - ExcludeGuestOrExternalUserTypes = @("internalGuest","b2bCollaborationMember"); - Credential = $Credsglobaladmin - GrantControlOperator = 'AND' - Id = 'bcc0cf19-ee89-46f0-8e12-4b89123ee6f9' - IncludeApplications = @('All') - IncludeDevices = @('All') - IncludeGroups = @('Group 01') - IncludeLocations = 'AllTrusted' - IncludePlatforms = @('Android', 'IOS') - IncludeRoles = @('Compliance Administrator') - IncludeUserActions = @('urn:user:registersecurityinfo') - IncludeUsers = 'All' - IncludeExternalTenantsMembers = @("11111111-1111-1111-1111-111111111111"); - IncludeExternalTenantsMembershipKind = "enumerated"; - IncludeGuestOrExternalUserTypes = @("b2bCollaborationGuest"); - PersistentBrowserIsEnabled = $True - PersistentBrowserMode = 'Always' - SignInFrequencyIsEnabled = $True - SignInFrequencyType = 'Days' - SignInFrequencyValue = 5 - SignInRiskLevels = @('High') - State = 'disabled' - UserRiskLevels = @('High') - DeviceFilterMode = 'exclude' - DeviceFilterRule = 'device.isCompliant -eq True -or device.trustType -eq "ServerAD"' + BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') + ClientAppTypes = @('Browser', 'MobileAppsAndDesktopClients') + CloudAppSecurityIsEnabled = $True + CloudAppSecurityType = 'MonitorOnly' + DisplayName = 'Allin' + Ensure = 'Present' + ExcludeApplications = @('00000012-0000-0000-c000-000000000000', 'Office365') + ExcludeGroups = @('Group 01') + ExcludeLocations = 'Contoso LAN' + ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') + ExcludeRoles = @('Compliance Administrator') + ExcludeUsers = 'alexw@contoso.com' + ExcludeExternalTenantsMembers = @() + ExcludeExternalTenantsMembershipKind = 'all' + ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') + Credential = $Credsglobaladmin + GrantControlOperator = 'AND' + Id = 'bcc0cf19-ee89-46f0-8e12-4b89123ee6f9' + IncludeApplications = @('All') + IncludeGroups = @('Group 01') + IncludeLocations = 'AllTrusted' + IncludePlatforms = @('Android', 'IOS') + IncludeRoles = @('Compliance Administrator') + IncludeUserActions = @('urn:user:registersecurityinfo') + IncludeUsers = 'All' + IncludeExternalTenantsMembers = @('11111111-1111-1111-1111-111111111111') + IncludeExternalTenantsMembershipKind = 'enumerated' + IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest') + PersistentBrowserIsEnabled = $True + PersistentBrowserMode = 'Always' + SignInFrequencyIsEnabled = $True + SignInFrequencyType = 'Days' + SignInFrequencyValue = 5 + SignInRiskLevels = @('High') + State = 'disabled' + UserRiskLevels = @('High') + DeviceFilterMode = 'exclude' + DeviceFilterRule = 'device.isCompliant -eq True -or device.trustType -eq "ServerAD"' } Mock -CommandName Get-MGIdentityConditionalAccessPolicy -MockWith { @@ -147,29 +145,27 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = 'Allin' Ensure = 'Present' ExcludeApplications = @('00000012-0000-0000-c000-000000000000', 'Office365') - ExcludeDevices = @('Compliant', 'DomainJoined') ExcludeGroups = @('Group 01') ExcludeLocations = 'Contoso LAN' ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') ExcludeRoles = @('Compliance Administrator') ExcludeUsers = 'alexw@contoso.com' - ExcludeExternalTenantsMembers = @(); - ExcludeExternalTenantsMembershipKind = "all"; - ExcludeGuestOrExternalUserTypes = @("internalGuest","b2bCollaborationMember"); + ExcludeExternalTenantsMembers = @() + ExcludeExternalTenantsMembershipKind = 'all' + ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') Credential = $Credsglobaladmin GrantControlOperator = 'AND' Id = 'bcc0cf19-ee89-46f0-8e12-4b89123ee6f9' IncludeApplications = @('All') - IncludeDevices = @('All') IncludeGroups = @('Group 01') IncludeLocations = 'AllTrusted' IncludePlatforms = @('Android', 'IOS') IncludeRoles = @('Compliance Administrator') IncludeUserActions = @('urn:user:registersecurityinfo') IncludeUsers = 'All' - IncludeExternalTenantsMembers = @("11111111-1111-1111-1111-111111111111"); - IncludeExternalTenantsMembershipKind = "enumerated"; - IncludeGuestOrExternalUserTypes = @("b2bCollaborationGuest"); + IncludeExternalTenantsMembers = @('11111111-1111-1111-1111-111111111111') + IncludeExternalTenantsMembershipKind = 'enumerated' + IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest') PersistentBrowserIsEnabled = $True PersistentBrowserMode = 'Always' SignInFrequencyIsEnabled = $True @@ -292,29 +288,27 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = 'Allin' Ensure = 'Present' ExcludeApplications = @('00000012-0000-0000-c000-000000000000', 'Office365') - ExcludeDevices = @('Compliant', 'DomainJoined') ExcludeGroups = @('Group 01') ExcludeLocations = 'Contoso LAN' ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') ExcludeRoles = @('Compliance Administrator') ExcludeUsers = 'alexw@contoso.com' - ExcludeExternalTenantsMembers = @(); - ExcludeExternalTenantsMembershipKind = "all"; - ExcludeGuestOrExternalUserTypes = @("internalGuest","b2bCollaborationMember"); + ExcludeExternalTenantsMembers = @() + ExcludeExternalTenantsMembershipKind = 'all' + ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') Credential = $Credsglobaladmin GrantControlOperator = 'AND' Id = 'bcc0cf19-ee89-46f0-8e12-4b89123ee6f9' IncludeApplications = @('All') - IncludeDevices = @('All') IncludeGroups = @('Group 01') IncludeLocations = 'AllTrusted' IncludePlatforms = @('Android', 'IOS') IncludeRoles = @('Compliance Administrator') IncludeUserActions = @('urn:user:registersecurityinfo') IncludeUsers = 'All' - IncludeExternalTenantsMembers = @("11111111-1111-1111-1111-111111111111"); - IncludeExternalTenantsMembershipKind = "enumerated"; - IncludeGuestOrExternalUserTypes = @("b2bCollaborationGuest"); + IncludeExternalTenantsMembers = @('11111111-1111-1111-1111-111111111111') + IncludeExternalTenantsMembershipKind = 'enumerated' + IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest') PersistentBrowserIsEnabled = $True PersistentBrowserMode = 'Always' SignInFrequencyIsEnabled = $True @@ -339,16 +333,16 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { IncludeUserActions = @('urn:user:registersecurityinfo') } Users = @{ - IncludeUsers = 'All' - ExcludeUsers = '76d3c3f6-8269-462b-9385-37435cb33f1e' - IncludeGroups = @('f1eb1a09-c0c2-4df4-9e69-fee01f00db31') - ExcludeGroups = @('f1eb1a09-c0c2-4df4-9e69-fee01f00db31') - IncludeRoles = @('17315797-102d-40b4-93e0-432062caca18') - ExcludeRoles = @('17315797-102d-40b4-93e0-432062caca18') + IncludeUsers = 'All' + ExcludeUsers = '76d3c3f6-8269-462b-9385-37435cb33f1e' + IncludeGroups = @('f1eb1a09-c0c2-4df4-9e69-fee01f00db31') + ExcludeGroups = @('f1eb1a09-c0c2-4df4-9e69-fee01f00db31') + IncludeRoles = @('17315797-102d-40b4-93e0-432062caca18') + ExcludeRoles = @('17315797-102d-40b4-93e0-432062caca18') includeGuestsOrExternalUsers = @{ guestOrExternalUserTypes = 'b2bCollaborationGuest' - externalTenants = @{ - membershipKind = 'enumerated' + externalTenants = @{ + membershipKind = 'enumerated' AdditionalProperties = @{ members = @('11111111-1111-1111-1111-111111111111') } @@ -356,8 +350,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } excludeGuestsOrExternalUsers = @{ guestOrExternalUserTypes = 'internalGuest,b2bCollaborationMember' - externalTenants = @{ - membershipKind = 'all' + externalTenants = @{ + membershipKind = 'all' AdditionalProperties = @{ } @@ -454,7 +448,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = 'Allin' Ensure = 'Absent' ExcludeApplications = @('00000012-0000-0000-c000-000000000000', 'Office365') - ExcludeDevices = @('Compliant', 'DomainJoined') ExcludeGroups = @('Group 01') ExcludeLocations = 'Contoso LAN' ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') @@ -464,7 +457,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { GrantControlOperator = 'AND' Id = 'bcc0cf19-ee89-46f0-8e12-4b89123ee6f9' IncludeApplications = @('All') - IncludeDevices = @('All') IncludeGroups = @('Group 01') IncludeLocations = 'AllTrusted' IncludePlatforms = @('Android', 'IOS') diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOHostedContentFilterPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOHostedContentFilterPolicy.Tests.ps1 index 48b0cf576e..6bf6958a9d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOHostedContentFilterPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOHostedContentFilterPolicy.Tests.ps1 @@ -54,57 +54,56 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'HostedContentFilterPolicy creation.' -Fixture { BeforeAll { $testParams = @{ - Ensure = 'Present' - Identity = 'TestPolicy' - Credential = $Credential - AdminDisplayName = 'This ContentFilter policiy is a test' - AddXHeaderValue = 'MyCustomSpamHeader' - ModifySubjectValue = 'SPAM!' - RedirectToRecipients = @() - TestModeBccToRecipients = @() - QuarantineRetentionPeriod = 15 - EndUserSpamNotificationFrequency = 1 - TestModeAction = 'AddXHeader' - IncreaseScoreWithImageLinks = 'Off' - IncreaseScoreWithNumericIps = 'On' - IncreaseScoreWithRedirectToOtherPort = 'On' - IncreaseScoreWithBizOrInfoUrls = 'On' - MarkAsSpamEmptyMessages = 'On' - MarkAsSpamJavaScriptInHtml = 'On' - MarkAsSpamFramesInHtml = 'On' - MarkAsSpamObjectTagsInHtml = 'On' - MarkAsSpamEmbedTagsInHtml = 'Off' - MarkAsSpamFormTagsInHtml = 'Off' - MarkAsSpamWebBugsInHtml = 'On' - MarkAsSpamSensitiveWordList = 'Test' - MarkAsSpamSpfRecordHardFail = 'On' - MarkAsSpamFromAddressAuthFail = 'On' - MarkAsSpamBulkMail = 'On' - MarkAsSpamNdrBackscatter = 'On' - LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') - RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') - HighConfidencePhishAction = 'Quarantine' - HighConfidenceSpamAction = 'Quarantine' - SpamAction = 'MoveToJmf' - EnableEndUserSpamNotifications = $true - DownloadLink = $false - EnableRegionBlockList = $true - EnableLanguageBlockList = $true - EndUserSpamNotificationCustomFromAddress = 'Spam@contoso.com' - EndUserSpamNotificationCustomFromName = 'Spam Notification' - EndUserSpamNotificationCustomSubject = 'This is SPAM' - EndUserSpamNotificationLanguage = 'Default' - BulkThreshold = 5 - AllowedSenders = @('test@contoso.com', 'test@fabrikam.com') - AllowedSenderDomains = @('contoso.com', 'fabrikam.com') - BlockedSenders = @('me@privacy.net', 'thedude@contoso.com') - BlockedSenderDomains = @('privacy.net', 'facebook.com') - PhishZapEnabled = $true - SpamZapEnabled = $true - InlineSafetyTipsEnabled = $true - BulkSpamAction = 'MoveToJmf' - PhishSpamAction = 'Quarantine' - MakeDefault = $false + Ensure = 'Present' + Identity = 'TestPolicy' + Credential = $Credential + AdminDisplayName = 'This ContentFilter policiy is a test' + AddXHeaderValue = 'MyCustomSpamHeader' + ModifySubjectValue = 'SPAM!' + RedirectToRecipients = @() + TestModeBccToRecipients = @() + QuarantineRetentionPeriod = 15 + EndUserSpamNotificationFrequency = 1 + TestModeAction = 'AddXHeader' + IncreaseScoreWithImageLinks = 'Off' + IncreaseScoreWithNumericIps = 'On' + IncreaseScoreWithRedirectToOtherPort = 'On' + IncreaseScoreWithBizOrInfoUrls = 'On' + MarkAsSpamEmptyMessages = 'On' + MarkAsSpamJavaScriptInHtml = 'On' + MarkAsSpamFramesInHtml = 'On' + MarkAsSpamObjectTagsInHtml = 'On' + MarkAsSpamEmbedTagsInHtml = 'Off' + MarkAsSpamFormTagsInHtml = 'Off' + MarkAsSpamWebBugsInHtml = 'On' + MarkAsSpamSensitiveWordList = 'Test' + MarkAsSpamSpfRecordHardFail = 'On' + MarkAsSpamFromAddressAuthFail = 'On' + MarkAsSpamBulkMail = 'On' + MarkAsSpamNdrBackscatter = 'On' + LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') + RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') + HighConfidencePhishAction = 'Quarantine' + HighConfidenceSpamAction = 'Quarantine' + SpamAction = 'MoveToJmf' + EnableEndUserSpamNotifications = $true + DownloadLink = $false + EnableRegionBlockList = $true + EnableLanguageBlockList = $true + EndUserSpamNotificationCustomFromName = 'Spam Notification' + EndUserSpamNotificationCustomSubject = 'This is SPAM' + EndUserSpamNotificationLanguage = 'Default' + BulkThreshold = 5 + AllowedSenders = @('test@contoso.com', 'test@fabrikam.com') + AllowedSenderDomains = @('contoso.com', 'fabrikam.com') + BlockedSenders = @('me@privacy.net', 'thedude@contoso.com') + BlockedSenderDomains = @('privacy.net', 'facebook.com') + PhishZapEnabled = $true + SpamZapEnabled = $true + InlineSafetyTipsEnabled = $true + BulkSpamAction = 'MoveToJmf' + PhishSpamAction = 'Quarantine' + MakeDefault = $false } Mock -CommandName Get-HostedContentFilterPolicy -MockWith { @@ -126,128 +125,126 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'HostedContentFilterPolicy update not required.' -Fixture { BeforeAll { $testParams = @{ - Ensure = 'Present' - Identity = 'TestPolicy' - Credential = $Credential - AdminDisplayName = 'This ContentFilter policiy is a test' - AddXHeaderValue = 'MyCustomSpamHeader' - ModifySubjectValue = 'SPAM!' - RedirectToRecipients = @() - TestModeBccToRecipients = @() - QuarantineRetentionPeriod = 15 - EndUserSpamNotificationFrequency = 1 - TestModeAction = 'AddXHeader' - IncreaseScoreWithImageLinks = 'Off' - IncreaseScoreWithNumericIps = 'On' - IncreaseScoreWithRedirectToOtherPort = 'On' - IncreaseScoreWithBizOrInfoUrls = 'On' - MarkAsSpamEmptyMessages = 'On' - MarkAsSpamJavaScriptInHtml = 'On' - MarkAsSpamFramesInHtml = 'On' - MarkAsSpamObjectTagsInHtml = 'On' - MarkAsSpamEmbedTagsInHtml = 'Off' - MarkAsSpamFormTagsInHtml = 'Off' - MarkAsSpamWebBugsInHtml = 'On' - MarkAsSpamSensitiveWordList = 'Test' - MarkAsSpamSpfRecordHardFail = 'On' - MarkAsSpamFromAddressAuthFail = 'On' - MarkAsSpamBulkMail = 'On' - MarkAsSpamNdrBackscatter = 'On' - LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') - RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') - HighConfidencePhishAction = 'Quarantine' - HighConfidenceSpamAction = 'Quarantine' - SpamAction = 'MoveToJmf' - EnableEndUserSpamNotifications = $true - DownloadLink = $false - EnableRegionBlockList = $true - EnableLanguageBlockList = $true - EndUserSpamNotificationCustomFromAddress = 'Spam@contoso.com' - EndUserSpamNotificationCustomFromName = 'Spam Notification' - EndUserSpamNotificationCustomSubject = 'This is SPAM' - EndUserSpamNotificationLanguage = 'Default' - BulkThreshold = 5 - AllowedSenders = @('test@contoso.com', 'test@fabrikam.com') - AllowedSenderDomains = @('contoso.com', 'fabrikam.com') - BlockedSenders = @('me@privacy.net', 'thedude@contoso.com') - BlockedSenderDomains = @('privacy.net', 'facebook.com') - PhishZapEnabled = $true - SpamZapEnabled = $true - InlineSafetyTipsEnabled = $true - BulkSpamAction = 'MoveToJmf' - PhishSpamAction = 'Quarantine' - MakeDefault = $false + Ensure = 'Present' + Identity = 'TestPolicy' + Credential = $Credential + AdminDisplayName = 'This ContentFilter policiy is a test' + AddXHeaderValue = 'MyCustomSpamHeader' + ModifySubjectValue = 'SPAM!' + RedirectToRecipients = @() + TestModeBccToRecipients = @() + QuarantineRetentionPeriod = 15 + EndUserSpamNotificationFrequency = 1 + TestModeAction = 'AddXHeader' + IncreaseScoreWithImageLinks = 'Off' + IncreaseScoreWithNumericIps = 'On' + IncreaseScoreWithRedirectToOtherPort = 'On' + IncreaseScoreWithBizOrInfoUrls = 'On' + MarkAsSpamEmptyMessages = 'On' + MarkAsSpamJavaScriptInHtml = 'On' + MarkAsSpamFramesInHtml = 'On' + MarkAsSpamObjectTagsInHtml = 'On' + MarkAsSpamEmbedTagsInHtml = 'Off' + MarkAsSpamFormTagsInHtml = 'Off' + MarkAsSpamWebBugsInHtml = 'On' + MarkAsSpamSensitiveWordList = 'Test' + MarkAsSpamSpfRecordHardFail = 'On' + MarkAsSpamFromAddressAuthFail = 'On' + MarkAsSpamBulkMail = 'On' + MarkAsSpamNdrBackscatter = 'On' + LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') + RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') + HighConfidencePhishAction = 'Quarantine' + HighConfidenceSpamAction = 'Quarantine' + SpamAction = 'MoveToJmf' + EnableEndUserSpamNotifications = $true + DownloadLink = $false + EnableRegionBlockList = $true + EnableLanguageBlockList = $true + EndUserSpamNotificationCustomFromName = 'Spam Notification' + EndUserSpamNotificationCustomSubject = 'This is SPAM' + EndUserSpamNotificationLanguage = 'Default' + BulkThreshold = 5 + AllowedSenders = @('test@contoso.com', 'test@fabrikam.com') + AllowedSenderDomains = @('contoso.com', 'fabrikam.com') + BlockedSenders = @('me@privacy.net', 'thedude@contoso.com') + BlockedSenderDomains = @('privacy.net', 'facebook.com') + PhishZapEnabled = $true + SpamZapEnabled = $true + InlineSafetyTipsEnabled = $true + BulkSpamAction = 'MoveToJmf' + PhishSpamAction = 'Quarantine' + MakeDefault = $false } Mock -CommandName Get-HostedContentFilterPolicy -MockWith { return @{ - Ensure = 'Present' - Identity = 'TestPolicy' - Credential = $Credential - AdminDisplayName = 'This ContentFilter policiy is a test' - AddXHeaderValue = 'MyCustomSpamHeader' - ModifySubjectValue = 'SPAM!' - RedirectToRecipients = @() - TestModeBccToRecipients = @() - QuarantineRetentionPeriod = 15 - EndUserSpamNotificationFrequency = 1 - TestModeAction = 'AddXHeader' - IncreaseScoreWithImageLinks = 'Off' - IncreaseScoreWithNumericIps = 'On' - IncreaseScoreWithRedirectToOtherPort = 'On' - IncreaseScoreWithBizOrInfoUrls = 'On' - MarkAsSpamEmptyMessages = 'On' - MarkAsSpamJavaScriptInHtml = 'On' - MarkAsSpamFramesInHtml = 'On' - MarkAsSpamObjectTagsInHtml = 'On' - MarkAsSpamEmbedTagsInHtml = 'Off' - MarkAsSpamFormTagsInHtml = 'Off' - MarkAsSpamWebBugsInHtml = 'On' - MarkAsSpamSensitiveWordList = 'Test' - MarkAsSpamSpfRecordHardFail = 'On' - MarkAsSpamFromAddressAuthFail = 'On' - MarkAsSpamBulkMail = 'On' - MarkAsSpamNdrBackscatter = 'On' - LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') - RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') - HighConfidencePhishAction = 'Quarantine' - HighConfidenceSpamAction = 'Quarantine' - SpamAction = 'MoveToJmf' - EnableEndUserSpamNotifications = $true - DownloadLink = $false - EnableRegionBlockList = $true - EnableLanguageBlockList = $true - EndUserSpamNotificationCustomFromAddress = 'Spam@contoso.com' - EndUserSpamNotificationCustomFromName = 'Spam Notification' - EndUserSpamNotificationCustomSubject = 'This is SPAM' - EndUserSpamNotificationLanguage = 'Default' - BulkThreshold = 5 - AllowedSenders = @{ + Ensure = 'Present' + Identity = 'TestPolicy' + Credential = $Credential + AdminDisplayName = 'This ContentFilter policiy is a test' + AddXHeaderValue = 'MyCustomSpamHeader' + ModifySubjectValue = 'SPAM!' + RedirectToRecipients = @() + TestModeBccToRecipients = @() + QuarantineRetentionPeriod = 15 + EndUserSpamNotificationFrequency = 1 + TestModeAction = 'AddXHeader' + IncreaseScoreWithImageLinks = 'Off' + IncreaseScoreWithNumericIps = 'On' + IncreaseScoreWithRedirectToOtherPort = 'On' + IncreaseScoreWithBizOrInfoUrls = 'On' + MarkAsSpamEmptyMessages = 'On' + MarkAsSpamJavaScriptInHtml = 'On' + MarkAsSpamFramesInHtml = 'On' + MarkAsSpamObjectTagsInHtml = 'On' + MarkAsSpamEmbedTagsInHtml = 'Off' + MarkAsSpamFormTagsInHtml = 'Off' + MarkAsSpamWebBugsInHtml = 'On' + MarkAsSpamSensitiveWordList = 'Test' + MarkAsSpamSpfRecordHardFail = 'On' + MarkAsSpamFromAddressAuthFail = 'On' + MarkAsSpamBulkMail = 'On' + MarkAsSpamNdrBackscatter = 'On' + LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') + RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') + HighConfidencePhishAction = 'Quarantine' + HighConfidenceSpamAction = 'Quarantine' + SpamAction = 'MoveToJmf' + EnableEndUserSpamNotifications = $true + DownloadLink = $false + EnableRegionBlockList = $true + EnableLanguageBlockList = $true + EndUserSpamNotificationCustomFromName = 'Spam Notification' + EndUserSpamNotificationCustomSubject = 'This is SPAM' + EndUserSpamNotificationLanguage = 'Default' + BulkThreshold = 5 + AllowedSenders = @{ Sender = @( [PSCustomObject]@{Address = 'test@contoso.com' }, [PSCustomObject]@{Address = 'test@fabrikam.com' } ) } - AllowedSenderDomains = @( + AllowedSenderDomains = @( [PSCustomObject]@{Domain = 'contoso.com' }, [PSCustomObject]@{Domain = 'fabrikam.com' } ) - BlockedSenders = @{ + BlockedSenders = @{ Sender = @( [PSCustomObject]@{Address = 'me@privacy.net' }, [PSCustomObject]@{Address = 'thedude@contoso.com' } ) } - BlockedSenderDomains = @( + BlockedSenderDomains = @( [PSCustomObject]@{Domain = 'privacy.net' }, [PSCustomObject]@{Domain = 'facebook.com' } ) - PhishZapEnabled = $true - SpamZapEnabled = $true - InlineSafetyTipsEnabled = $true - BulkSpamAction = 'MoveToJmf' - PhishSpamAction = 'Quarantine' - IsDefault = $false + PhishZapEnabled = $true + SpamZapEnabled = $true + InlineSafetyTipsEnabled = $true + BulkSpamAction = 'MoveToJmf' + PhishSpamAction = 'Quarantine' + IsDefault = $false } } } @@ -260,128 +257,126 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'HostedContentFilterPolicy update needed.' -Fixture { BeforeAll { $testParams = @{ - Ensure = 'Present' - Identity = 'TestPolicy' - Credential = $Credential - AdminDisplayName = 'This ContentFilter policiy is a test' - AddXHeaderValue = 'MyCustomSpamHeader' - ModifySubjectValue = 'SPAM!' - RedirectToRecipients = @() - TestModeBccToRecipients = @() - QuarantineRetentionPeriod = 15 - EndUserSpamNotificationFrequency = 1 - TestModeAction = 'AddXHeader' - IncreaseScoreWithImageLinks = 'Off' - IncreaseScoreWithNumericIps = 'On' - IncreaseScoreWithRedirectToOtherPort = 'On' - IncreaseScoreWithBizOrInfoUrls = 'On' - MarkAsSpamEmptyMessages = 'On' - MarkAsSpamJavaScriptInHtml = 'On' - MarkAsSpamFramesInHtml = 'On' - MarkAsSpamObjectTagsInHtml = 'On' - MarkAsSpamEmbedTagsInHtml = 'Off' - MarkAsSpamFormTagsInHtml = 'Off' - MarkAsSpamWebBugsInHtml = 'On' - MarkAsSpamSensitiveWordList = 'Test' - MarkAsSpamSpfRecordHardFail = 'On' - MarkAsSpamFromAddressAuthFail = 'On' - MarkAsSpamBulkMail = 'On' - MarkAsSpamNdrBackscatter = 'On' - LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') - RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') - HighConfidencePhishAction = 'Quarantine' - HighConfidenceSpamAction = 'Quarantine' - SpamAction = 'MoveToJmf' - EnableEndUserSpamNotifications = $true - DownloadLink = $false - EnableRegionBlockList = $true - EnableLanguageBlockList = $true - EndUserSpamNotificationCustomFromAddress = 'Spam@contoso.com' - EndUserSpamNotificationCustomFromName = 'Spam Notification' - EndUserSpamNotificationCustomSubject = 'This is SPAM' - EndUserSpamNotificationLanguage = 'Default' - BulkThreshold = 5 - AllowedSenders = @('test@contoso.com', 'test@fabrikam.com') - AllowedSenderDomains = @('contoso.com', 'fabrikam.com') - BlockedSenders = @('me@privacy.net', 'thedude@contoso.com') - BlockedSenderDomains = @('privacy.net', 'facebook.com') - PhishZapEnabled = $true - SpamZapEnabled = $true - InlineSafetyTipsEnabled = $true - BulkSpamAction = 'MoveToJmf' - PhishSpamAction = 'Quarantine' - MakeDefault = $false + Ensure = 'Present' + Identity = 'TestPolicy' + Credential = $Credential + AdminDisplayName = 'This ContentFilter policiy is a test' + AddXHeaderValue = 'MyCustomSpamHeader' + ModifySubjectValue = 'SPAM!' + RedirectToRecipients = @() + TestModeBccToRecipients = @() + QuarantineRetentionPeriod = 15 + EndUserSpamNotificationFrequency = 1 + TestModeAction = 'AddXHeader' + IncreaseScoreWithImageLinks = 'Off' + IncreaseScoreWithNumericIps = 'On' + IncreaseScoreWithRedirectToOtherPort = 'On' + IncreaseScoreWithBizOrInfoUrls = 'On' + MarkAsSpamEmptyMessages = 'On' + MarkAsSpamJavaScriptInHtml = 'On' + MarkAsSpamFramesInHtml = 'On' + MarkAsSpamObjectTagsInHtml = 'On' + MarkAsSpamEmbedTagsInHtml = 'Off' + MarkAsSpamFormTagsInHtml = 'Off' + MarkAsSpamWebBugsInHtml = 'On' + MarkAsSpamSensitiveWordList = 'Test' + MarkAsSpamSpfRecordHardFail = 'On' + MarkAsSpamFromAddressAuthFail = 'On' + MarkAsSpamBulkMail = 'On' + MarkAsSpamNdrBackscatter = 'On' + LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') + RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') + HighConfidencePhishAction = 'Quarantine' + HighConfidenceSpamAction = 'Quarantine' + SpamAction = 'MoveToJmf' + EnableEndUserSpamNotifications = $true + DownloadLink = $false + EnableRegionBlockList = $true + EnableLanguageBlockList = $true + EndUserSpamNotificationCustomFromName = 'Spam Notification' + EndUserSpamNotificationCustomSubject = 'This is SPAM' + EndUserSpamNotificationLanguage = 'Default' + BulkThreshold = 5 + AllowedSenders = @('test@contoso.com', 'test@fabrikam.com') + AllowedSenderDomains = @('contoso.com', 'fabrikam.com') + BlockedSenders = @('me@privacy.net', 'thedude@contoso.com') + BlockedSenderDomains = @('privacy.net', 'facebook.com') + PhishZapEnabled = $true + SpamZapEnabled = $true + InlineSafetyTipsEnabled = $true + BulkSpamAction = 'MoveToJmf' + PhishSpamAction = 'Quarantine' + MakeDefault = $false } Mock -CommandName Get-HostedContentFilterPolicy -MockWith { return @{ - Ensure = 'Present' - Identity = 'TestPolicy' - Credential = $Credential - AdminDisplayName = 'This ContentFilter policiy is a test' - AddXHeaderValue = 'MyCustomSpamHeader' - ModifySubjectValue = 'SPAM!' - RedirectToRecipients = @() - TestModeBccToRecipients = @() - QuarantineRetentionPeriod = 15 - EndUserSpamNotificationFrequency = 1 - TestModeAction = 'AddXHeader' - IncreaseScoreWithImageLinks = 'Off' - IncreaseScoreWithNumericIps = 'On' - IncreaseScoreWithRedirectToOtherPort = 'On' - IncreaseScoreWithBizOrInfoUrls = 'On' - MarkAsSpamEmptyMessages = 'On' - MarkAsSpamJavaScriptInHtml = 'On' - MarkAsSpamFramesInHtml = 'On' - MarkAsSpamObjectTagsInHtml = 'On' - MarkAsSpamEmbedTagsInHtml = 'Off' - MarkAsSpamFormTagsInHtml = 'Off' - MarkAsSpamWebBugsInHtml = 'On' - MarkAsSpamSensitiveWordList = 'Test' - MarkAsSpamSpfRecordHardFail = 'On' - MarkAsSpamFromAddressAuthFail = 'On' - MarkAsSpamBulkMail = 'On' - MarkAsSpamNdrBackscatter = 'On' - LanguageBlockList = @() - RegionBlockList = @() - HighConfidencePhishAction = 'Quarantine' - HighConfidenceSpamAction = 'Quarantine' - SpamAction = 'MoveToJmf' - EnableEndUserSpamNotifications = $true - DownloadLink = $false - EnableRegionBlockList = $true - EnableLanguageBlockList = $true - EndUserSpamNotificationCustomFromAddress = 'Spam@contoso.com' - EndUserSpamNotificationCustomFromName = 'Spam Notification' - EndUserSpamNotificationCustomSubject = 'This is SPAM' - EndUserSpamNotificationLanguage = 'Default' - BulkThreshold = 5 - AllowedSenders = @{ + Ensure = 'Present' + Identity = 'TestPolicy' + Credential = $Credential + AdminDisplayName = 'This ContentFilter policiy is a test' + AddXHeaderValue = 'MyCustomSpamHeader' + ModifySubjectValue = 'SPAM!' + RedirectToRecipients = @() + TestModeBccToRecipients = @() + QuarantineRetentionPeriod = 15 + EndUserSpamNotificationFrequency = 1 + TestModeAction = 'AddXHeader' + IncreaseScoreWithImageLinks = 'Off' + IncreaseScoreWithNumericIps = 'On' + IncreaseScoreWithRedirectToOtherPort = 'On' + IncreaseScoreWithBizOrInfoUrls = 'On' + MarkAsSpamEmptyMessages = 'On' + MarkAsSpamJavaScriptInHtml = 'On' + MarkAsSpamFramesInHtml = 'On' + MarkAsSpamObjectTagsInHtml = 'On' + MarkAsSpamEmbedTagsInHtml = 'Off' + MarkAsSpamFormTagsInHtml = 'Off' + MarkAsSpamWebBugsInHtml = 'On' + MarkAsSpamSensitiveWordList = 'Test' + MarkAsSpamSpfRecordHardFail = 'On' + MarkAsSpamFromAddressAuthFail = 'On' + MarkAsSpamBulkMail = 'On' + MarkAsSpamNdrBackscatter = 'On' + LanguageBlockList = @() + RegionBlockList = @() + HighConfidencePhishAction = 'Quarantine' + HighConfidenceSpamAction = 'Quarantine' + SpamAction = 'MoveToJmf' + EnableEndUserSpamNotifications = $true + DownloadLink = $false + EnableRegionBlockList = $true + EnableLanguageBlockList = $true + EndUserSpamNotificationCustomFromName = 'Spam Notification' + EndUserSpamNotificationCustomSubject = 'This is SPAM' + EndUserSpamNotificationLanguage = 'Default' + BulkThreshold = 5 + AllowedSenders = @{ Sender = @( [PSCustomObject]@{Address = 'test@contoso.com' }, [PSCustomObject]@{Address = 'test@fabrikam.com' } ) } - AllowedSenderDomains = @( + AllowedSenderDomains = @( [PSCustomObject]@{Domain = 'contoso.com' }, [PSCustomObject]@{Domain = 'fabrikam.com' } ) - BlockedSenders = @{ + BlockedSenders = @{ Sender = @( [PSCustomObject]@{Address = 'me@privacy.net' }, [PSCustomObject]@{Address = 'thedude@contoso.com' } ) } - BlockedSenderDomains = @( + BlockedSenderDomains = @( [PSCustomObject]@{Domain = 'privacy.net' }, [PSCustomObject]@{Domain = 'facebook.com' } ) - PhishZapEnabled = $true - SpamZapEnabled = $true - InlineSafetyTipsEnabled = $true - BulkSpamAction = 'MoveToJmf' - PhishSpamAction = 'MoveToJmf' - MakeDefault = $false + PhishZapEnabled = $true + SpamZapEnabled = $true + InlineSafetyTipsEnabled = $true + BulkSpamAction = 'MoveToJmf' + PhishSpamAction = 'MoveToJmf' + MakeDefault = $false } } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMalwareFilterPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMalwareFilterPolicy.Tests.ps1 index 9095c1c0e9..73abf19d10 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMalwareFilterPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMalwareFilterPolicy.Tests.ps1 @@ -62,7 +62,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential Identity = 'TestMalwareFilterPolicy' AdminDisplayName = 'TestPolicy' - CustomAlertText = 'This is a custom alert text' CustomExternalBody = 'This is a custom external body' CustomExternalSubject = 'This is a custom external subject' CustomFromAddress = 'customnotification@contoso.org' @@ -109,7 +108,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential Identity = 'TestMalwareFilterPolicy' AdminDisplayName = 'TestPolicy' - CustomAlertText = 'This is a custom alert text' CustomExternalBody = 'This is a custom external body' CustomExternalSubject = 'This is a custom external subject' CustomFromAddress = 'customnotification@contoso.org' @@ -133,7 +131,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential Identity = 'TestMalwareFilterPolicy' AdminDisplayName = 'TestPolicy' - CustomAlertText = 'This is a custom alert text' CustomExternalBody = 'This is a custom external body' CustomExternalSubject = 'This is a custom external subject' CustomFromAddress = 'customnotification@contoso.org' @@ -165,7 +162,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential Identity = 'TestMalwareFilterPolicy' AdminDisplayName = 'TestPolicy' - CustomAlertText = 'This is a custom alert text' CustomExternalBody = 'This is a custom external body' CustomExternalSubject = 'This is a custom external subject' CustomFromAddress = 'customnotification@contoso.org' @@ -189,7 +185,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential Identity = 'TestMalwareFilterPolicy' AdminDisplayName = 'TestPolicy' - CustomAlertText = 'This is a custom alert text' CustomExternalBody = 'This is a custom external body' CustomExternalSubject = 'This is a custom external subject' CustomFromAddress = 'customnotification@contoso.org' @@ -266,7 +261,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return @{ Identity = 'TestMalwareFilterPolicy' AdminDisplayName = 'TestPolicy' - CustomAlertText = 'This is a custom alert text' CustomExternalBody = 'This is a custom external body' CustomExternalSubject = 'This is a custom external subject' CustomFromAddress = 'customnotification@contoso.org' From 41dbf369616d6c4dedee73e812be929aa6845538 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 18 Mar 2023 14:39:55 +0000 Subject: [PATCH 022/187] Initital release --- CHANGELOG.md | 6 + ...tDeploymentProfileAzureADHybridJoined.psm1 | 1513 +++++++++++++++++ ...ymentProfileAzureADHybridJoined.schema.mof | 55 + .../readme.md | 6 + .../settings.json | 33 + ...topilotDeploymentProfileAzureADJoined.psm1 | 1500 ++++++++++++++++ ...tDeploymentProfileAzureADJoined.schema.mof | 54 + .../readme.md | 6 + .../settings.json | 33 + ...mentProfileAzureADHybridJoined-Example.ps1 | 41 + ...DeploymentProfileAzureADJoined-Example.ps1 | 45 + .../M365DSCResourceGenerator.psm1 | 12 +- ...oymentProfileAzureADHybridJoined.Tests.ps1 | 386 +++++ ...otDeploymentProfileAzureADJoined.Tests.ps1 | 379 +++++ 14 files changed, 4064 insertions(+), 5 deletions(-) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined-Example.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADJoined-Example.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index b57cd50570..072467bec7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ # UNRELEASED +* IntuneWindowsAutopilotDeploymentProfileAzureADJoined + * Initial release + FIXES [#2605](https://github.com/microsoft/Microsoft365DSC/issues/2605) +* IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined + * Initial release + FIXES [#2605](https://github.com/microsoft/Microsoft365DSC/issues/2605) * EXORoleAssignmentPolicy * Fix issue with IsDefault parameter FIXES [#2977](https://github.com/microsoft/Microsoft365DSC/issues/2977) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 new file mode 100644 index 0000000000..fa048f98ba --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 @@ -0,0 +1,1513 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.Boolean] + $HybridAzureADJoinSkipConnectivityCheck, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DeviceNameTemplate, + + [Parameter()] + [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [System.String] + $DeviceType, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $EnableWhiteGlove, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnrollmentStatusScreenSettings, + + [Parameter()] + [System.Boolean] + $ExtractHardwareHash, + + [Parameter()] + [System.String] + $Language, + + [Parameter()] + [System.String] + $ManagementServiceAppId, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OutOfBoxExperienceSettings, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined with Id {$Id}" + + if(-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined with Id {$Id} and DisplayName {$DisplayName} was found." + + #region resource generator code + $complexEnrollmentStatusScreenSettings = @{} + $complexEnrollmentStatusScreenSettings.Add('AllowDeviceUseBeforeProfileAndAppInstallComplete', $getValue.EnrollmentStatusScreenSettings.allowDeviceUseBeforeProfileAndAppInstallComplete) + $complexEnrollmentStatusScreenSettings.Add('AllowDeviceUseOnInstallFailure', $getValue.EnrollmentStatusScreenSettings.allowDeviceUseOnInstallFailure) + $complexEnrollmentStatusScreenSettings.Add('AllowLogCollectionOnInstallFailure', $getValue.EnrollmentStatusScreenSettings.allowLogCollectionOnInstallFailure) + $complexEnrollmentStatusScreenSettings.Add('BlockDeviceSetupRetryByUser', $getValue.EnrollmentStatusScreenSettings.blockDeviceSetupRetryByUser) + $complexEnrollmentStatusScreenSettings.Add('CustomErrorMessage', $getValue.EnrollmentStatusScreenSettings.customErrorMessage) + $complexEnrollmentStatusScreenSettings.Add('HideInstallationProgress', $getValue.EnrollmentStatusScreenSettings.hideInstallationProgress) + $complexEnrollmentStatusScreenSettings.Add('InstallProgressTimeoutInMinutes', $getValue.EnrollmentStatusScreenSettings.installProgressTimeoutInMinutes) + if($complexEnrollmentStatusScreenSettings.values.Where({ $null -ne $_ }).count -eq 0) + { + $complexEnrollmentStatusScreenSettings = $null + } + + $complexOutOfBoxExperienceSettings = @{} + if ($null -ne $getValue.OutOfBoxExperienceSettings.deviceUsageType) + { + $complexOutOfBoxExperienceSettings.Add('DeviceUsageType', $getValue.OutOfBoxExperienceSettings.deviceUsageType.toString()) + } + $complexOutOfBoxExperienceSettings.Add('HideEscapeLink', $getValue.OutOfBoxExperienceSettings.hideEscapeLink) + $complexOutOfBoxExperienceSettings.Add('HideEULA', $getValue.OutOfBoxExperienceSettings.hideEULA) + $complexOutOfBoxExperienceSettings.Add('HidePrivacySettings', $getValue.OutOfBoxExperienceSettings.hidePrivacySettings) + $complexOutOfBoxExperienceSettings.Add('SkipKeyboardSelectionPage', $getValue.OutOfBoxExperienceSettings.skipKeyboardSelectionPage) + if ($null -ne $getValue.OutOfBoxExperienceSettings.userType) + { + $complexOutOfBoxExperienceSettings.Add('UserType', $getValue.OutOfBoxExperienceSettings.userType.toString()) + } + if($complexOutOfBoxExperienceSettings.values.Where({ $null -ne $_ }).count -eq 0) + { + $complexOutOfBoxExperienceSettings = $null + } + + #endregion + + #region resource generator code + $enumDeviceType = $null + if ($null -ne $getValue.DeviceType) + { + $enumDeviceType = $getValue.DeviceType.ToString() + } + + #endregion + + $results = @{ + #region resource generator code + HybridAzureADJoinSkipConnectivityCheck = $getValue.AdditionalProperties.hybridAzureADJoinSkipConnectivityCheck + Description = $getValue.Description + DeviceNameTemplate = $getValue.DeviceNameTemplate + DeviceType = $enumDeviceType + DisplayName = $getValue.DisplayName + EnableWhiteGlove = $getValue.EnableWhiteGlove + EnrollmentStatusScreenSettings = $complexEnrollmentStatusScreenSettings + ExtractHardwareHash = $getValue.ExtractHardwareHash + Language = $getValue.Language + ManagementServiceAppId = $getValue.ManagementServiceAppId + OutOfBoxExperienceSettings = $complexOutOfBoxExperienceSettings + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + $assignmentsValues = Get-MgDeviceManagementWindowAutopilotDeploymentProfileAssignment -WindowsAutopilotDeploymentProfileId $Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.Boolean] + $HybridAzureADJoinSkipConnectivityCheck, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DeviceNameTemplate, + + [Parameter()] + [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [System.String] + $DeviceType, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $EnableWhiteGlove, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnrollmentStatusScreenSettings, + + [Parameter()] + [System.Boolean] + $ExtractHardwareHash, + + [Parameter()] + [System.String] + $Language, + + [Parameter()] + [System.String] + $ManagementServiceAppId, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OutOfBoxExperienceSettings, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('Credential') | Out-Null + $PSBoundParameters.Remove('ApplicationId') | Out-Null + $PSBoundParameters.Remove('ApplicationSecret') | Out-Null + $PSBoundParameters.Remove('TenantId') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('Verbose') | Out-Null + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined with DisplayName {$DisplayName}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $CreateParameters.Remove('Id') | Out-Null + + $keys=(([Hashtable]$CreateParameters).clone()).Keys + foreach($key in $keys) + { + if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + { + $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + } + } + #region resource generator code + $CreateParameters.Add("@odata.type", "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile") + $policy=New-MgDeviceManagementWindowAutopilotDeploymentProfile -BodyParameter $CreateParameters + $assignmentsHash=@() + foreach($assignment in $Assignments) + { + $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + + if($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/windowsAutopilotDeploymentProfiles' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined with Id {$($currentInstance.Id)}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + + $keys=(([Hashtable]$UpdateParameters).clone()).Keys + foreach($key in $keys) + { + if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + { + $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + } + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile") + Update-MgDeviceManagementWindowAutopilotDeploymentProfile ` + -WindowsAutopilotDeploymentProfileId $currentInstance.Id ` + -BodyParameter $UpdateParameters + $assignmentsHash=@() + foreach($assignment in $Assignments) + { + $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/windowsAutopilotDeploymentProfiles' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.Boolean] + $HybridAzureADJoinSkipConnectivityCheck, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DeviceNameTemplate, + + [Parameter()] + [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [System.String] + $DeviceType, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $EnableWhiteGlove, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnrollmentStatusScreenSettings, + + [Parameter()] + [System.Boolean] + $ExtractHardwareHash, + + [Parameter()] + [System.String] + $Language, + + [Parameter()] + [System.String] + $ManagementServiceAppId, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OutOfBoxExperienceSettings, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + $testResult = $false + break; + } + + $ValuesToCheck.Remove($key) | Out-Null + + } + } + + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + if ( $null -ne $Results.EnrollmentStatusScreenSettings) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.EnrollmentStatusScreenSettings ` + -CIMInstanceName 'MicrosoftGraphwindowsEnrollmentStatusScreenSettings' + if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.EnrollmentStatusScreenSettings = $complexTypeStringResult + } + else + { + $Results.Remove('EnrollmentStatusScreenSettings') | Out-Null + } + } + if ( $null -ne $Results.OutOfBoxExperienceSettings) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.OutOfBoxExperienceSettings ` + -CIMInstanceName 'MicrosoftGraphoutOfBoxExperienceSettings' + if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.OutOfBoxExperienceSettings = $complexTypeStringResult + } + else + { + $Results.Remove('OutOfBoxExperienceSettings') | Out-Null + } + } + if($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.EnrollmentStatusScreenSettings) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnrollmentStatusScreenSettings" -isCIMArray:$False + } + if ($Results.OutOfBoxExperienceSettings) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "OutOfBoxExperienceSettings" -isCIMArray:$False + } + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + } + #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable + $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) + $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function Update-DeviceConfigurationPolicyAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $Targets, + + [Parameter()] + [System.String] + $Repository='deviceManagement/configurationPolicies', + + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion='beta' + ) + try + { + $deviceManagementPolicyAssignments=@() + $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + + foreach($target in $targets) + { + $formattedTarget=@{"@odata.type"=$target.dataType} + if($target.groupId) + { + $formattedTarget.Add('groupId',$target.groupId) + } + if($target.collectionId) + { + $formattedTarget.Add('collectionId',$target.collectionId) + } + if($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + } + if($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + } + $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $null + } +} + +function Rename-M365DSCCimInstanceParameter +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $Properties + ) + + $keyToRename=@{ + "odataType"="@odata.type" + } + + $result=$Properties + + $type=$Properties.getType().FullName + + #region Array + if ($type -like '*[[\]]') + { + $values = @() + foreach ($item in $Properties) + { + $values += Rename-M365DSCCimInstanceParameter $item + } + $result=$values + + return ,$result + } + #endregion + + #region Single + if($type -like "*Hashtable") + { + $result=([Hashtable]$Properties).clone() + } + if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + { + $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result + $keys=($hashProperties.clone()).keys + foreach($key in $keys) + { + $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + if ($key -in $keyToRename.Keys) + { + $keyName=$keyToRename.$key + } + + $property=$hashProperties.$key + if($null -ne $property) + { + $hashProperties.Remove($key) + $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + } + } + $result = $hashProperties + } + + return $result + #endregion +} + +function Get-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter()] + $ComplexObject + ) + + if($null -eq $ComplexObject) + { + return $null + } + + if($ComplexObject.gettype().fullname -like "*[[\]]") + { + $results=@() + + foreach($item in $ComplexObject) + { + if($item) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results+=$hash + } + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + + if($ComplexObject.getType().fullname -like '*Dictionary*') + { + $results = @{} + + $ComplexObject=[hashtable]::new($ComplexObject) + $keys=$ComplexObject.Keys + foreach ($key in $keys) + { + if($null -ne $ComplexObject.$key) + { + $keyName = $key + + $keyType=$ComplexObject.$key.gettype().fullname + + if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$key) + } + } + } + return [hashtable]$results + } + + $results = @{} + + if($ComplexObject.getType().Fullname -like "*hashtable") + { + $keys = $ComplexObject.keys + } + else + { + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + } + + foreach ($key in $keys) + { + $keyName=$key + if($ComplexObject.getType().Fullname -notlike "*hashtable") + { + $keyName=$key.Name + } + + if($null -ne $ComplexObject.$keyName) + { + $keyType=$ComplexObject.$keyName.gettype().fullname + if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$keyName) + } + } + } + + return [hashtable]$results +} + +<# + Use ComplexTypeMapping to overwrite the type of nested CIM + Example + $complexMapping=@( + @{ + Name="ApprovalStages" + CimInstanceName="MSFT_MicrosoftGraphapprovalstage1" + IsRequired=$false + } + @{ + Name="PrimaryApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + @{ + Name="EscalationApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + ) + With + Name: the name of the parameter to be overwritten + CimInstanceName: The type of the CIM instance (can include or not the prefix MSFT_) + IsRequired: If isRequired equals true, an empty hashtable or array will be returned. Some of the Graph parameters are required even though they are empty +#> +function Get-M365DSCDRGComplexTypeToString +{ + [CmdletBinding()] + param( + [Parameter()] + $ComplexObject, + + [Parameter(Mandatory = $true)] + [System.String] + $CIMInstanceName, + + [Parameter()] + [Array] + $ComplexTypeMapping, + + [Parameter()] + [System.String] + $Whitespace='', + + [Parameter()] + [System.uint32] + $IndentLevel=3, + + [Parameter()] + [switch] + $isArray=$false + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + $indent='' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent+=' ' + } + #If ComplexObject is an Array + if ($ComplexObject.GetType().FullName -like "*[[\]]") + { + $currentProperty=@() + $IndentLevel++ + foreach ($item in $ComplexObject) + { + $splat=@{ + 'ComplexObject'=$item + 'CIMInstanceName'=$CIMInstanceName + 'IndentLevel'=$IndentLevel + } + if ($ComplexTypeMapping) + { + $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + } + + $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,$currentProperty + } + + $currentProperty='' + if($isArray) + { + $currentProperty += "`r`n" + $currentProperty += $indent + } + + $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $currentProperty += "MSFT_$CIMInstanceName{`r`n" + $IndentLevel++ + $indent='' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent+=' ' + } + $keyNotNull = 0 + + if ($ComplexObject.Keys.count -eq 0) + { + return $null + } + + foreach ($key in $ComplexObject.Keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyNotNull++ + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + { + $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + + $isArray=$false + if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + { + $isArray=$true + } + #overwrite type if object defined in mapping complextypemapping + if($key -in $ComplexTypeMapping.Name) + { + $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashProperty=$ComplexObject[$key] + } + else + { + $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + } + + if(-not $isArray) + { + $currentProperty += $indent + $key + ' = ' + } + + if($isArray -and $key -in $ComplexTypeMapping.Name ) + { + if($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $key + ' = ' + $currentProperty += "@(" + } + } + + if ($isArray) + { + $IndentLevel++ + foreach ($item in $ComplexObject[$key]) + { + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + { + $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "@()`r`n" + } + $currentProperty += $nestedPropertyString + } + $IndentLevel-- + } + else + { + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "`$null`r`n" + } + $currentProperty += $nestedPropertyString + } + if($isArray) + { + if($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $currentProperty += ')' + $currentProperty += "`r`n" + } + } + $isArray=$PSBoundParameters.IsArray + } + else + { + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($indent) + } + } + else + { + $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + + if($mappedKey -and $mappedKey.isRequired) + { + if($mappedKey.isArray) + { + $currentProperty += "$indent$key = @()`r`n" + } + else + { + $currentProperty += "$indent$key = `$null`r`n" + } + } + } + } + $indent='' + for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + { + $indent+=' ' + } + $currentProperty += "$indent}" + if($isArray -or $IndentLevel -gt 4) + { + $currentProperty += "`r`n" + } + + #Indenting last parenthese when the cim instance is an array + if($IndentLevel -eq 5) + { + $indent='' + for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + { + $indent+=' ' + } + $currentProperty += $indent + } + + $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") + if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + { + $currentProperty=$null + } + + return $currentProperty +} + +Function Get-M365DSCDRGSimpleObjectTypeToString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory = 'true')] + [System.String] + $Key, + + [Parameter(Mandatory = 'true')] + $Value, + + [Parameter()] + [System.String] + $Space=" " + + ) + + $returnValue="" + switch -Wildcard ($Value.GetType().Fullname ) + { + "*.Boolean" + { + $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + } + "*.String" + { + if($key -eq '@odata.type') + { + $key='odataType' + } + $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + } + "*.DateTime" + { + $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + } + "*[[\]]" + { + $returnValue= $Space + $key + " = @(" + $whitespace="" + $newline="" + if($Value.count -gt 1) + { + $returnValue += "`r`n" + $whitespace=$Space+" " + $newline="`r`n" + } + foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + { + switch -Wildcard ($item.GetType().Fullname ) + { + "*.String" + { + $returnValue += "$whitespace'$item'$newline" + } + "*.DateTime" + { + $returnValue += "$whitespace'$item'$newline" + } + Default + { + $returnValue += "$whitespace$item$newline" + } + } + } + if($Value.count -gt 1) + { + $returnValue += "$Space)`r`n" + } + else + { + $returnValue += ")`r`n" + + } + } + Default + { + $returnValue= $Space + $Key + " = " + $Value + "`r`n" + } + } + return $returnValue +} + +function Compare-M365DSCComplexObject +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param( + [Parameter()] + $Source, + [Parameter()] + $Target + ) + + #Comparing full objects + if($null -eq $Source -and $null -eq $Target) + { + return $true + } + + $sourceValue="" + $targetValue="" + if (($null -eq $Source) -xor ($null -eq $Target)) + { + if($null -eq $Source) + { + $sourceValue="Source is null" + } + + if($null -eq $Target) + { + $targetValue="Target is null" + } + Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" + return $false + } + + if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + { + if($source.count -ne $target.count) + { + Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" + return $false + } + if($source.count -eq 0) + { + return $true + } + + foreach($item in $Source) + { + + $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach($targetItem in $Target) + { + $compareResult= Compare-M365DSCComplexObject ` + -Source $hashSource ` + -Target $targetItem + + if ($compareResult) + { + break + } + } + + if(-not $compareResult) + { + Write-Verbose -Message "Configuration drift - The complex array items are not identical" + return $false + } + } + return $true + } + + $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + foreach ($key in $keys) + { + #Matching possible key names between Source and Target + $skey=$key + $tkey=$key + + $sourceValue=$Source.$key + $targetValue=$Target.$tkey + #One of the item is null and not the other + if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) + { + + if($null -eq $Source.$key) + { + $sourceValue="null" + } + + if($null -eq $Target.$tkey) + { + $targetValue="null" + } + + #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + + #Both keys aren't null or empty + if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + { + if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + { + #Recursive call for complex object + $compareResult= Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` + -Target $Target.$tkey + + if(-not $compareResult) + { + + #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + else + { + #Simple object comparison + $referenceObject=$Target.$tkey + $differenceObject=$Source.$key + + #Identifying date from the current values + $targetType=($Target.$tkey.getType()).Name + if($targetType -like "*Date*") + { + $compareResult=$true + $sourceDate= [DateTime]$Source.$key + if($sourceDate -ne $targetType) + { + $compareResult=$null + } + } + else + { + $compareResult = Compare-Object ` + -ReferenceObject ($referenceObject) ` + -DifferenceObject ($differenceObject) + } + + if ($null -ne $compareResult) + { + #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + } + } + + return $true +} +function Convert-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $ComplexObject + ) + + + if($ComplexObject.getType().Fullname -like "*[[\]]") + { + $results=@() + foreach($item in $ComplexObject) + { + $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results+=$hash + } + + #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject + + if($null -ne $hashComplexObject) + { + + $results=$hashComplexObject.clone() + $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + foreach ($key in $keys) + { + if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + { + $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + } + else + { + $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) + $propertyValue=$results[$key] + $results.remove($key)|out-null + $results.add($propertyName,$propertyValue) + } + } + } + return [hashtable]$results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.schema.mof new file mode 100644 index 0000000000..a014d9ce6d --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.schema.mof @@ -0,0 +1,55 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings +{ + [Write, Description("Allow or block user to use device before profile and app installation complete")] Boolean AllowDeviceUseBeforeProfileAndAppInstallComplete; + [Write, Description("Allow the user to continue using the device on installation failure")] Boolean AllowDeviceUseOnInstallFailure; + [Write, Description("Allow or block log collection on installation failure")] Boolean AllowLogCollectionOnInstallFailure; + [Write, Description("Allow the user to retry the setup on installation failure")] Boolean BlockDeviceSetupRetryByUser; + [Write, Description("Set custom error message to show upon installation failure")] String CustomErrorMessage; + [Write, Description("Show or hide installation progress to user")] Boolean HideInstallationProgress; + [Write, Description("Set installation progress timeout in minutes")] UInt32 InstallProgressTimeoutInMinutes; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphOutOfBoxExperienceSettings +{ + [Write, Description("AAD join authentication type. Possible values are: singleUser, shared."), ValueMap{"singleUser","shared"}, Values{"singleUser","shared"}] String DeviceUsageType; + [Write, Description("If set to true, then the user can't start over with different account, on company sign-in")] Boolean HideEscapeLink; + [Write, Description("Show or hide EULA to user")] Boolean HideEULA; + [Write, Description("Show or hide privacy settings to user")] Boolean HidePrivacySettings; + [Write, Description("If set, then skip the keyboard selection page if Language and Region are set")] Boolean SkipKeyboardSelectionPage; + [Write, Description("Type of user. Possible values are: administrator, standard."), ValueMap{"administrator","standard"}, Values{"administrator","standard"}] String UserType; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined")] +class MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined : OMI_BaseResource +{ + [Write, Description("The Autopilot Hybrid Azure AD join flow will continue even if it does not establish domain controller connectivity during OOBE.")] Boolean HybridAzureADJoinSkipConnectivityCheck; + [Write, Description("Description of the profile")] String Description; + [Write, Description("The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters.")] String DeviceNameTemplate; + [Write, Description("The AutoPilot device type that this profile is applicable to. Possible values are: windowsPc, surfaceHub2."), ValueMap{"windowsPc","surfaceHub2","holoLens","surfaceHub2S","virtualMachine","unknownFutureValue"}, Values{"windowsPc","surfaceHub2","holoLens","surfaceHub2S","virtualMachine","unknownFutureValue"}] String DeviceType; + [Required, Description("Name of the profile")] String DisplayName; + [Write, Description("Enable Autopilot White Glove for the profile.")] Boolean EnableWhiteGlove; + [Write, Description("Enrollment status screen setting"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings")] String EnrollmentStatusScreenSettings; + [Write, Description("HardwareHash Extraction for the profile")] Boolean ExtractHardwareHash; + [Write, Description("Language configured on the device")] String Language; + [Write, Description("AzureAD management app ID used during client device-based enrollment discovery")] String ManagementServiceAppId; + [Write, Description("Out of box experience setting"), EmbeddedInstance("MSFT_MicrosoftGraphoutOfBoxExperienceSettings")] String OutOfBoxExperienceSettings; + [Key, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/readme.md new file mode 100644 index 0000000000..d123803a75 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/readme.md @@ -0,0 +1,6 @@ + +# IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined + +## Description + +Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json new file mode 100644 index 0000000000..7b8811c9f0 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined", + "description": "This resource configures an Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementServiceConfig.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementServiceConfig.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementServiceConfig.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementServiceConfig.ReadWrite.All" + } + ] + } + } +} + +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 new file mode 100644 index 0000000000..6af0fe92ff --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 @@ -0,0 +1,1500 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DeviceNameTemplate, + + [Parameter()] + [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [System.String] + $DeviceType, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $EnableWhiteGlove, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnrollmentStatusScreenSettings, + + [Parameter()] + [System.Boolean] + $ExtractHardwareHash, + + [Parameter()] + [System.String] + $Language, + + [Parameter()] + [System.String] + $ManagementServiceAppId, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OutOfBoxExperienceSettings, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure A D Joined with Id {$Id}" + + if(-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure A D Joined with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Windows Autopilot Deployment Profile Azure A D Joined with Id {$Id} and DisplayName {$DisplayName} was found." + + #region resource generator code + $complexEnrollmentStatusScreenSettings = @{} + $complexEnrollmentStatusScreenSettings.Add('AllowDeviceUseBeforeProfileAndAppInstallComplete', $getValue.EnrollmentStatusScreenSettings.allowDeviceUseBeforeProfileAndAppInstallComplete) + $complexEnrollmentStatusScreenSettings.Add('AllowDeviceUseOnInstallFailure', $getValue.EnrollmentStatusScreenSettings.allowDeviceUseOnInstallFailure) + $complexEnrollmentStatusScreenSettings.Add('AllowLogCollectionOnInstallFailure', $getValue.EnrollmentStatusScreenSettings.allowLogCollectionOnInstallFailure) + $complexEnrollmentStatusScreenSettings.Add('BlockDeviceSetupRetryByUser', $getValue.EnrollmentStatusScreenSettings.blockDeviceSetupRetryByUser) + $complexEnrollmentStatusScreenSettings.Add('CustomErrorMessage', $getValue.EnrollmentStatusScreenSettings.customErrorMessage) + $complexEnrollmentStatusScreenSettings.Add('HideInstallationProgress', $getValue.EnrollmentStatusScreenSettings.hideInstallationProgress) + $complexEnrollmentStatusScreenSettings.Add('InstallProgressTimeoutInMinutes', $getValue.EnrollmentStatusScreenSettings.installProgressTimeoutInMinutes) + if($complexEnrollmentStatusScreenSettings.values.Where({ $null -ne $_ }).count -eq 0) + { + $complexEnrollmentStatusScreenSettings = $null + } + + $complexOutOfBoxExperienceSettings = @{} + if ($null -ne $getValue.OutOfBoxExperienceSettings.deviceUsageType) + { + $complexOutOfBoxExperienceSettings.Add('DeviceUsageType', $getValue.OutOfBoxExperienceSettings.deviceUsageType.toString()) + } + $complexOutOfBoxExperienceSettings.Add('HideEscapeLink', $getValue.OutOfBoxExperienceSettings.hideEscapeLink) + $complexOutOfBoxExperienceSettings.Add('HideEULA', $getValue.OutOfBoxExperienceSettings.hideEULA) + $complexOutOfBoxExperienceSettings.Add('HidePrivacySettings', $getValue.OutOfBoxExperienceSettings.hidePrivacySettings) + $complexOutOfBoxExperienceSettings.Add('SkipKeyboardSelectionPage', $getValue.OutOfBoxExperienceSettings.skipKeyboardSelectionPage) + if ($null -ne $getValue.OutOfBoxExperienceSettings.userType) + { + $complexOutOfBoxExperienceSettings.Add('UserType', $getValue.OutOfBoxExperienceSettings.userType.toString()) + } + if($complexOutOfBoxExperienceSettings.values.Where({ $null -ne $_ }).count -eq 0) + { + $complexOutOfBoxExperienceSettings = $null + } + + #endregion + + #region resource generator code + $enumDeviceType = $null + if ($null -ne $getValue.DeviceType) + { + $enumDeviceType = $getValue.DeviceType.ToString() + } + + #endregion + + $results = @{ + #region resource generator code + Description = $getValue.Description + DeviceNameTemplate = $getValue.DeviceNameTemplate + DeviceType = $enumDeviceType + DisplayName = $getValue.DisplayName + EnableWhiteGlove = $getValue.EnableWhiteGlove + EnrollmentStatusScreenSettings = $complexEnrollmentStatusScreenSettings + ExtractHardwareHash = $getValue.ExtractHardwareHash + Language = $getValue.Language + ManagementServiceAppId = $getValue.ManagementServiceAppId + OutOfBoxExperienceSettings = $complexOutOfBoxExperienceSettings + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + $assignmentsValues = Get-MgDeviceManagementWindowAutopilotDeploymentProfileAssignment -WindowsAutopilotDeploymentProfileId $Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DeviceNameTemplate, + + [Parameter()] + [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [System.String] + $DeviceType, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $EnableWhiteGlove, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnrollmentStatusScreenSettings, + + [Parameter()] + [System.Boolean] + $ExtractHardwareHash, + + [Parameter()] + [System.String] + $Language, + + [Parameter()] + [System.String] + $ManagementServiceAppId, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OutOfBoxExperienceSettings, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('Credential') | Out-Null + $PSBoundParameters.Remove('ApplicationId') | Out-Null + $PSBoundParameters.Remove('ApplicationSecret') | Out-Null + $PSBoundParameters.Remove('TenantId') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('Verbose') | Out-Null + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Windows Autopilot Deployment Profile Azure A D Joined with DisplayName {$DisplayName}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $CreateParameters.Remove('Id') | Out-Null + + $keys=(([Hashtable]$CreateParameters).clone()).Keys + foreach($key in $keys) + { + if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + { + $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + } + } + #region resource generator code + $CreateParameters.Add("@odata.type", "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile") + $policy=New-MgDeviceManagementWindowAutopilotDeploymentProfile -BodyParameter $CreateParameters + $assignmentsHash=@() + foreach($assignment in $Assignments) + { + $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + + if($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/windowsAutopilotDeploymentProfiles' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Windows Autopilot Deployment Profile Azure A D Joined with Id {$($currentInstance.Id)}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + + $keys=(([Hashtable]$UpdateParameters).clone()).Keys + foreach($key in $keys) + { + if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + { + $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + } + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile") + Update-MgDeviceManagementWindowAutopilotDeploymentProfile ` + -WindowsAutopilotDeploymentProfileId $currentInstance.Id ` + -BodyParameter $UpdateParameters + $assignmentsHash=@() + foreach($assignment in $Assignments) + { + $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/windowsAutopilotDeploymentProfiles' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Windows Autopilot Deployment Profile Azure A D Joined with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DeviceNameTemplate, + + [Parameter()] + [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [System.String] + $DeviceType, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $EnableWhiteGlove, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EnrollmentStatusScreenSettings, + + [Parameter()] + [System.Boolean] + $ExtractHardwareHash, + + [Parameter()] + [System.String] + $Language, + + [Parameter()] + [System.String] + $ManagementServiceAppId, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $OutOfBoxExperienceSettings, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Windows Autopilot Deployment Profile Azure A D Joined with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + $testResult = $false + break; + } + + $ValuesToCheck.Remove($key) | Out-Null + + } + } + + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + if ( $null -ne $Results.EnrollmentStatusScreenSettings) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.EnrollmentStatusScreenSettings ` + -CIMInstanceName 'MicrosoftGraphwindowsEnrollmentStatusScreenSettings1' + if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.EnrollmentStatusScreenSettings = $complexTypeStringResult + } + else + { + $Results.Remove('EnrollmentStatusScreenSettings') | Out-Null + } + } + if ( $null -ne $Results.OutOfBoxExperienceSettings) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.OutOfBoxExperienceSettings ` + -CIMInstanceName 'MicrosoftGraphoutOfBoxExperienceSettings1' + if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.OutOfBoxExperienceSettings = $complexTypeStringResult + } + else + { + $Results.Remove('OutOfBoxExperienceSettings') | Out-Null + } + } + if($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.EnrollmentStatusScreenSettings) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnrollmentStatusScreenSettings" -isCIMArray:$False + } + if ($Results.OutOfBoxExperienceSettings) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "OutOfBoxExperienceSettings" -isCIMArray:$False + } + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + } + #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable + $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) + $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function Update-DeviceConfigurationPolicyAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $Targets, + + [Parameter()] + [System.String] + $Repository='deviceManagement/configurationPolicies', + + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion='beta' + ) + try + { + $deviceManagementPolicyAssignments=@() + $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + + foreach($target in $targets) + { + $formattedTarget=@{"@odata.type"=$target.dataType} + if($target.groupId) + { + $formattedTarget.Add('groupId',$target.groupId) + } + if($target.collectionId) + { + $formattedTarget.Add('collectionId',$target.collectionId) + } + if($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + } + if($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + } + $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $null + } +} + +function Rename-M365DSCCimInstanceParameter +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $Properties + ) + + $keyToRename=@{ + "odataType"="@odata.type" + } + + $result=$Properties + + $type=$Properties.getType().FullName + + #region Array + if ($type -like '*[[\]]') + { + $values = @() + foreach ($item in $Properties) + { + $values += Rename-M365DSCCimInstanceParameter $item + } + $result=$values + + return ,$result + } + #endregion + + #region Single + if($type -like "*Hashtable") + { + $result=([Hashtable]$Properties).clone() + } + if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + { + $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result + $keys=($hashProperties.clone()).keys + foreach($key in $keys) + { + $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + if ($key -in $keyToRename.Keys) + { + $keyName=$keyToRename.$key + } + + $property=$hashProperties.$key + if($null -ne $property) + { + $hashProperties.Remove($key) + $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + } + } + $result = $hashProperties + } + + return $result + #endregion +} + +function Get-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter()] + $ComplexObject + ) + + if($null -eq $ComplexObject) + { + return $null + } + + if($ComplexObject.gettype().fullname -like "*[[\]]") + { + $results=@() + + foreach($item in $ComplexObject) + { + if($item) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results+=$hash + } + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + + if($ComplexObject.getType().fullname -like '*Dictionary*') + { + $results = @{} + + $ComplexObject=[hashtable]::new($ComplexObject) + $keys=$ComplexObject.Keys + foreach ($key in $keys) + { + if($null -ne $ComplexObject.$key) + { + $keyName = $key + + $keyType=$ComplexObject.$key.gettype().fullname + + if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$key) + } + } + } + return [hashtable]$results + } + + $results = @{} + + if($ComplexObject.getType().Fullname -like "*hashtable") + { + $keys = $ComplexObject.keys + } + else + { + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + } + + foreach ($key in $keys) + { + $keyName=$key + if($ComplexObject.getType().Fullname -notlike "*hashtable") + { + $keyName=$key.Name + } + + if($null -ne $ComplexObject.$keyName) + { + $keyType=$ComplexObject.$keyName.gettype().fullname + if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$keyName) + } + } + } + + return [hashtable]$results +} + +<# + Use ComplexTypeMapping to overwrite the type of nested CIM + Example + $complexMapping=@( + @{ + Name="ApprovalStages" + CimInstanceName="MSFT_MicrosoftGraphapprovalstage1" + IsRequired=$false + } + @{ + Name="PrimaryApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + @{ + Name="EscalationApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + ) + With + Name: the name of the parameter to be overwritten + CimInstanceName: The type of the CIM instance (can include or not the prefix MSFT_) + IsRequired: If isRequired equals true, an empty hashtable or array will be returned. Some of the Graph parameters are required even though they are empty +#> +function Get-M365DSCDRGComplexTypeToString +{ + [CmdletBinding()] + param( + [Parameter()] + $ComplexObject, + + [Parameter(Mandatory = $true)] + [System.String] + $CIMInstanceName, + + [Parameter()] + [Array] + $ComplexTypeMapping, + + [Parameter()] + [System.String] + $Whitespace='', + + [Parameter()] + [System.uint32] + $IndentLevel=3, + + [Parameter()] + [switch] + $isArray=$false + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + $indent='' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent+=' ' + } + #If ComplexObject is an Array + if ($ComplexObject.GetType().FullName -like "*[[\]]") + { + $currentProperty=@() + $IndentLevel++ + foreach ($item in $ComplexObject) + { + $splat=@{ + 'ComplexObject'=$item + 'CIMInstanceName'=$CIMInstanceName + 'IndentLevel'=$IndentLevel + } + if ($ComplexTypeMapping) + { + $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + } + + $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,$currentProperty + } + + $currentProperty='' + if($isArray) + { + $currentProperty += "`r`n" + $currentProperty += $indent + } + + $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $currentProperty += "MSFT_$CIMInstanceName{`r`n" + $IndentLevel++ + $indent='' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent+=' ' + } + $keyNotNull = 0 + + if ($ComplexObject.Keys.count -eq 0) + { + return $null + } + + foreach ($key in $ComplexObject.Keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyNotNull++ + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + { + $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + + $isArray=$false + if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + { + $isArray=$true + } + #overwrite type if object defined in mapping complextypemapping + if($key -in $ComplexTypeMapping.Name) + { + $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashProperty=$ComplexObject[$key] + } + else + { + $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + } + + if(-not $isArray) + { + $currentProperty += $indent + $key + ' = ' + } + + if($isArray -and $key -in $ComplexTypeMapping.Name ) + { + if($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $key + ' = ' + $currentProperty += "@(" + } + } + + if ($isArray) + { + $IndentLevel++ + foreach ($item in $ComplexObject[$key]) + { + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + { + $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "@()`r`n" + } + $currentProperty += $nestedPropertyString + } + $IndentLevel-- + } + else + { + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "`$null`r`n" + } + $currentProperty += $nestedPropertyString + } + if($isArray) + { + if($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $currentProperty += ')' + $currentProperty += "`r`n" + } + } + $isArray=$PSBoundParameters.IsArray + } + else + { + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($indent) + } + } + else + { + $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + + if($mappedKey -and $mappedKey.isRequired) + { + if($mappedKey.isArray) + { + $currentProperty += "$indent$key = @()`r`n" + } + else + { + $currentProperty += "$indent$key = `$null`r`n" + } + } + } + } + $indent='' + for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + { + $indent+=' ' + } + $currentProperty += "$indent}" + if($isArray -or $IndentLevel -gt 4) + { + $currentProperty += "`r`n" + } + + #Indenting last parenthese when the cim instance is an array + if($IndentLevel -eq 5) + { + $indent='' + for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + { + $indent+=' ' + } + $currentProperty += $indent + } + + $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") + if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + { + $currentProperty=$null + } + + return $currentProperty +} + +Function Get-M365DSCDRGSimpleObjectTypeToString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory = 'true')] + [System.String] + $Key, + + [Parameter(Mandatory = 'true')] + $Value, + + [Parameter()] + [System.String] + $Space=" " + + ) + + $returnValue="" + switch -Wildcard ($Value.GetType().Fullname ) + { + "*.Boolean" + { + $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + } + "*.String" + { + if($key -eq '@odata.type') + { + $key='odataType' + } + $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + } + "*.DateTime" + { + $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + } + "*[[\]]" + { + $returnValue= $Space + $key + " = @(" + $whitespace="" + $newline="" + if($Value.count -gt 1) + { + $returnValue += "`r`n" + $whitespace=$Space+" " + $newline="`r`n" + } + foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + { + switch -Wildcard ($item.GetType().Fullname ) + { + "*.String" + { + $returnValue += "$whitespace'$item'$newline" + } + "*.DateTime" + { + $returnValue += "$whitespace'$item'$newline" + } + Default + { + $returnValue += "$whitespace$item$newline" + } + } + } + if($Value.count -gt 1) + { + $returnValue += "$Space)`r`n" + } + else + { + $returnValue += ")`r`n" + + } + } + Default + { + $returnValue= $Space + $Key + " = " + $Value + "`r`n" + } + } + return $returnValue +} + +function Compare-M365DSCComplexObject +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param( + [Parameter()] + $Source, + [Parameter()] + $Target + ) + + #Comparing full objects + if($null -eq $Source -and $null -eq $Target) + { + return $true + } + + $sourceValue="" + $targetValue="" + if (($null -eq $Source) -xor ($null -eq $Target)) + { + if($null -eq $Source) + { + $sourceValue="Source is null" + } + + if($null -eq $Target) + { + $targetValue="Target is null" + } + Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" + return $false + } + + if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + { + if($source.count -ne $target.count) + { + Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" + return $false + } + if($source.count -eq 0) + { + return $true + } + + foreach($item in $Source) + { + + $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach($targetItem in $Target) + { + $compareResult= Compare-M365DSCComplexObject ` + -Source $hashSource ` + -Target $targetItem + + if ($compareResult) + { + break + } + } + + if(-not $compareResult) + { + Write-Verbose -Message "Configuration drift - The complex array items are not identical" + return $false + } + } + return $true + } + + $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + foreach ($key in $keys) + { + #Matching possible key names between Source and Target + $skey=$key + $tkey=$key + + $sourceValue=$Source.$key + $targetValue=$Target.$tkey + #One of the item is null and not the other + if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) + { + + if($null -eq $Source.$key) + { + $sourceValue="null" + } + + if($null -eq $Target.$tkey) + { + $targetValue="null" + } + + #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + + #Both keys aren't null or empty + if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + { + if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + { + #Recursive call for complex object + $compareResult= Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` + -Target $Target.$tkey + + if(-not $compareResult) + { + + #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + else + { + #Simple object comparison + $referenceObject=$Target.$tkey + $differenceObject=$Source.$key + + #Identifying date from the current values + $targetType=($Target.$tkey.getType()).Name + if($targetType -like "*Date*") + { + $compareResult=$true + $sourceDate= [DateTime]$Source.$key + if($sourceDate -ne $targetType) + { + $compareResult=$null + } + } + else + { + $compareResult = Compare-Object ` + -ReferenceObject ($referenceObject) ` + -DifferenceObject ($differenceObject) + } + + if ($null -ne $compareResult) + { + #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + } + } + + return $true +} +function Convert-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $ComplexObject + ) + + + if($ComplexObject.getType().Fullname -like "*[[\]]") + { + $results=@() + foreach($item in $ComplexObject) + { + $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results+=$hash + } + + #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject + + if($null -ne $hashComplexObject) + { + + $results=$hashComplexObject.clone() + $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + foreach ($key in $keys) + { + if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + { + $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + } + else + { + $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) + $propertyValue=$results[$key] + $results.remove($key)|out-null + $results.add($propertyName,$propertyValue) + } + } + } + return [hashtable]$results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.schema.mof new file mode 100644 index 0000000000..89fb636bb7 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.schema.mof @@ -0,0 +1,54 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings1 +{ + [Write, Description("Allow or block user to use device before profile and app installation complete")] Boolean AllowDeviceUseBeforeProfileAndAppInstallComplete; + [Write, Description("Allow the user to continue using the device on installation failure")] Boolean AllowDeviceUseOnInstallFailure; + [Write, Description("Allow or block log collection on installation failure")] Boolean AllowLogCollectionOnInstallFailure; + [Write, Description("Allow the user to retry the setup on installation failure")] Boolean BlockDeviceSetupRetryByUser; + [Write, Description("Set custom error message to show upon installation failure")] String CustomErrorMessage; + [Write, Description("Show or hide installation progress to user")] Boolean HideInstallationProgress; + [Write, Description("Set installation progress timeout in minutes")] UInt32 InstallProgressTimeoutInMinutes; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphOutOfBoxExperienceSettings1 +{ + [Write, Description("AAD join authentication type. Possible values are: singleUser, shared."), ValueMap{"singleUser","shared"}, Values{"singleUser","shared"}] String DeviceUsageType; + [Write, Description("If set to true, then the user can't start over with different account, on company sign-in")] Boolean HideEscapeLink; + [Write, Description("Show or hide EULA to user")] Boolean HideEULA; + [Write, Description("Show or hide privacy settings to user")] Boolean HidePrivacySettings; + [Write, Description("If set, then skip the keyboard selection page if Language and Region are set")] Boolean SkipKeyboardSelectionPage; + [Write, Description("Type of user. Possible values are: administrator, standard."), ValueMap{"administrator","standard"}, Values{"administrator","standard"}] String UserType; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneWindowsAutopilotDeploymentProfileAzureADJoined")] +class MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined : OMI_BaseResource +{ + [Write, Description("Description of the profile")] String Description; + [Write, Description("The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters.")] String DeviceNameTemplate; + [Write, Description("The AutoPilot device type that this profile is applicable to. Possible values are: windowsPc, surfaceHub2."), ValueMap{"windowsPc","surfaceHub2","holoLens","surfaceHub2S","virtualMachine","unknownFutureValue"}, Values{"windowsPc","surfaceHub2","holoLens","surfaceHub2S","virtualMachine","unknownFutureValue"}] String DeviceType; + [Required, Description("Name of the profile")] String DisplayName; + [Write, Description("Enable Autopilot White Glove for the profile.")] Boolean EnableWhiteGlove; + [Write, Description("Enrollment status screen setting"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1")] String EnrollmentStatusScreenSettings; + [Write, Description("HardwareHash Extraction for the profile")] Boolean ExtractHardwareHash; + [Write, Description("Language configured on the device")] String Language; + [Write, Description("AzureAD management app ID used during client device-based enrollment discovery")] String ManagementServiceAppId; + [Write, Description("Out of box experience setting"), EmbeddedInstance("MSFT_MicrosoftGraphoutOfBoxExperienceSettings1")] String OutOfBoxExperienceSettings; + [Key, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/readme.md new file mode 100644 index 0000000000..1605729876 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/readme.md @@ -0,0 +1,6 @@ + +# IntuneWindowsAutopilotDeploymentProfileAzureADJoined + +## Description + +Intune Windows Autopilot Deployment Profile Azure A D Joined diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json new file mode 100644 index 0000000000..6d78e2f7d8 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "IntuneWindowsAutopilotDeploymentProfileAzureADJoined", + "description": "This resource configures an Intune Windows Autopilot Deployment Profile Azure A D Joined.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementServiceConfig.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementServiceConfig.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementServiceConfig.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementServiceConfig.ReadWrite.All" + } + ] + } + } +} + +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined-Example.ps1 new file mode 100644 index 0000000000..6f7309152d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined-Example.ps1 @@ -0,0 +1,41 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example' + { + Assignments = @(); + Credential = $Credscredential; + Description = ""; + DeviceNameTemplate = ""; + DeviceType = "windowsPc"; + DisplayName = "hybrid"; + EnableWhiteGlove = $True; + Ensure = "Present"; + ExtractHardwareHash = $False; + HybridAzureADJoinSkipConnectivityCheck = $True; + Id = "36b4d209-c9af-487f-8cf2-8397cefbc29a"; + Language = "os-default"; + OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'standard' + }; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADJoined-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADJoined-Example.ps1 new file mode 100644 index 0000000000..6195152786 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADJoined-Example.ps1 @@ -0,0 +1,45 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsAutopilotDeploymentProfileAzureADJoined 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + Description = ""; + DeviceNameTemplate = "test"; + DeviceType = "windowsPc"; + DisplayName = "AAD"; + EnableWhiteGlove = $True; + Ensure = "Present"; + ExtractHardwareHash = $True; + Id = "30914319-d49b-46da-b054-625d933c5769"; + Language = ""; + OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings1{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + }; + } + } +} diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index ed23678196..c637e73074 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -1567,15 +1567,17 @@ function Get-ComplexTypeConstructorToString { $loopPropertyName=Get-StringFirstCharacterToLower -Value $loopPropertyName } - if($Property.IsRootProperty -eq $false -and -not $IsNested) + if($Property.IsRootProperty -eq $false ) { $loopPropertyName=Get-StringFirstCharacterToLower -Value $Property.Name $propertyName = Get-StringFirstCharacterToLower -Value $Property.Name - $valuePrefix += "AdditionalProperties." - $referencePrefix += "AdditionalProperties." - $referencePrefix += "$propertyName." + if(-not $IsNested) + { + $valuePrefix += "AdditionalProperties." + $referencePrefix += "AdditionalProperties." + } } - + $referencePrefix += "$propertyName." if($property.IsArray) { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 new file mode 100644 index 0000000000..1ea64bc5e4 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 @@ -0,0 +1,386 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath "..\..\Unit" ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\Stubs\Microsoft365.psm1" ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\Stubs\Generic.psm1" ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\UnitTestHelper.psm1" ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + } + + Mock -CommandName New-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + } + + Mock -CommandName Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfileAssignment -MockWith { + } + + } + # Test contexts + Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = "FakeStringValue" + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + HybridAzureADJoinSkipConnectivityCheck = $True + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = "singleUser" + SkipKeyboardSelectionPage = $True + UserType = "administrator" + } -ClientOnly) + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + return $null + } + } + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgDeviceManagementWindowAutopilotDeploymentProfile -Exactly 1 + } + } + + Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = "FakeStringValue" + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + HybridAzureADJoinSkipConnectivityCheck = $True + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = "singleUser" + SkipKeyboardSelectionPage = $True + UserType = "administrator" + } -ClientOnly) + Ensure = "Absent" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + return @{ + AdditionalProperties = @{ + hybridAzureADJoinSkipConnectivityCheck = $True + '@odata.type' = "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile" + } + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = "FakeStringValue" + AllowDeviceUseOnInstallFailure = $True + } + ExtractHardwareHash = $True + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = "singleUser" + SkipKeyboardSelectionPage = $True + UserType = "administrator" + } + + } + } + } + + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -Exactly 1 + } + } + Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = "FakeStringValue" + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + HybridAzureADJoinSkipConnectivityCheck = $True + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = "singleUser" + SkipKeyboardSelectionPage = $True + UserType = "administrator" + } -ClientOnly) + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + return @{ + AdditionalProperties = @{ + hybridAzureADJoinSkipConnectivityCheck = $True + '@odata.type' = "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile" + } + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = "FakeStringValue" + AllowDeviceUseOnInstallFailure = $True + } + ExtractHardwareHash = $True + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = "singleUser" + SkipKeyboardSelectionPage = $True + UserType = "administrator" + } + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = "FakeStringValue" + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + HybridAzureADJoinSkipConnectivityCheck = $True + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = "singleUser" + SkipKeyboardSelectionPage = $True + UserType = "administrator" + } -ClientOnly) + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + return @{ + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnrollmentStatusScreenSettings = @{ + InstallProgressTimeoutInMinutes = 7 + CustomErrorMessage = "FakeStringValue" + } + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = @{ + DeviceUsageType = "singleUser" + UserType = "administrator" + } + } + } + } + + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It "Should call the Set method" { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgDeviceManagementWindowAutopilotDeploymentProfile -Exactly 1 + } + } + + Context -Name "ReverseDSC Tests" -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + return @{ + AdditionalProperties = @{ + hybridAzureADJoinSkipConnectivityCheck = $True + '@odata.type' = "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile" + } + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = "FakeStringValue" + AllowDeviceUseOnInstallFailure = $True + } + ExtractHardwareHash = $True + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = "singleUser" + SkipKeyboardSelectionPage = $True + UserType = "administrator" + } + + } + } + } + It "Should Reverse Engineer resource from the Export method" { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 new file mode 100644 index 0000000000..20f5fda876 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 @@ -0,0 +1,379 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath "..\..\Unit" ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\Stubs\Microsoft365.psm1" ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\Stubs\Generic.psm1" ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\UnitTestHelper.psm1" ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneWindowsAutopilotDeploymentProfileAzureADJoined" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + } + + Mock -CommandName New-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + } + + Mock -CommandName Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfileAssignment -MockWith { + } + + } + # Test contexts + Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADJoined should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1 -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = "FakeStringValue" + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = "singleUser" + SkipKeyboardSelectionPage = $True + UserType = "administrator" + } -ClientOnly) + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + return $null + } + } + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgDeviceManagementWindowAutopilotDeploymentProfile -Exactly 1 + } + } + + Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADJoined exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1 -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = "FakeStringValue" + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = "singleUser" + SkipKeyboardSelectionPage = $True + UserType = "administrator" + } -ClientOnly) + Ensure = "Absent" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile" + } + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = "FakeStringValue" + AllowDeviceUseOnInstallFailure = $True + } + ExtractHardwareHash = $True + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = "singleUser" + SkipKeyboardSelectionPage = $True + UserType = "administrator" + } + + } + } + } + + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -Exactly 1 + } + } + Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADJoined Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1 -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = "FakeStringValue" + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = "singleUser" + SkipKeyboardSelectionPage = $True + UserType = "administrator" + } -ClientOnly) + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile" + } + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = "FakeStringValue" + AllowDeviceUseOnInstallFailure = $True + } + ExtractHardwareHash = $True + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = "singleUser" + SkipKeyboardSelectionPage = $True + UserType = "administrator" + } + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADJoined exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1 -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = "FakeStringValue" + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = "singleUser" + SkipKeyboardSelectionPage = $True + UserType = "administrator" + } -ClientOnly) + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + return @{ + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnrollmentStatusScreenSettings = @{ + InstallProgressTimeoutInMinutes = 7 + CustomErrorMessage = "FakeStringValue" + } + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = @{ + DeviceUsageType = "singleUser" + UserType = "administrator" + } + } + } + } + + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It "Should call the Set method" { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgDeviceManagementWindowAutopilotDeploymentProfile -Exactly 1 + } + } + + Context -Name "ReverseDSC Tests" -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile" + } + Description = "FakeStringValue" + DeviceNameTemplate = "FakeStringValue" + DeviceType = "windowsPc" + DisplayName = "FakeStringValue" + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = "FakeStringValue" + AllowDeviceUseOnInstallFailure = $True + } + ExtractHardwareHash = $True + Id = "FakeStringValue" + Language = "FakeStringValue" + ManagementServiceAppId = "FakeStringValue" + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = "singleUser" + SkipKeyboardSelectionPage = $True + UserType = "administrator" + } + + } + } + } + It "Should Reverse Engineer resource from the Export method" { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From 608cf9dd475448cc38fb2c21a50de34075025195 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Sat, 18 Mar 2023 15:46:14 +0100 Subject: [PATCH 023/187] One more update --- ...DSC.EXOHostedContentFilterPolicy.Tests.ps1 | 495 +++++++++--------- 1 file changed, 245 insertions(+), 250 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOHostedContentFilterPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOHostedContentFilterPolicy.Tests.ps1 index 6bf6958a9d..06966ab348 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOHostedContentFilterPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOHostedContentFilterPolicy.Tests.ps1 @@ -54,56 +54,55 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'HostedContentFilterPolicy creation.' -Fixture { BeforeAll { $testParams = @{ - Ensure = 'Present' - Identity = 'TestPolicy' - Credential = $Credential - AdminDisplayName = 'This ContentFilter policiy is a test' - AddXHeaderValue = 'MyCustomSpamHeader' - ModifySubjectValue = 'SPAM!' - RedirectToRecipients = @() - TestModeBccToRecipients = @() - QuarantineRetentionPeriod = 15 - EndUserSpamNotificationFrequency = 1 - TestModeAction = 'AddXHeader' - IncreaseScoreWithImageLinks = 'Off' - IncreaseScoreWithNumericIps = 'On' - IncreaseScoreWithRedirectToOtherPort = 'On' - IncreaseScoreWithBizOrInfoUrls = 'On' - MarkAsSpamEmptyMessages = 'On' - MarkAsSpamJavaScriptInHtml = 'On' - MarkAsSpamFramesInHtml = 'On' - MarkAsSpamObjectTagsInHtml = 'On' - MarkAsSpamEmbedTagsInHtml = 'Off' - MarkAsSpamFormTagsInHtml = 'Off' - MarkAsSpamWebBugsInHtml = 'On' - MarkAsSpamSensitiveWordList = 'Test' - MarkAsSpamSpfRecordHardFail = 'On' - MarkAsSpamFromAddressAuthFail = 'On' - MarkAsSpamBulkMail = 'On' - MarkAsSpamNdrBackscatter = 'On' - LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') - RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') - HighConfidencePhishAction = 'Quarantine' - HighConfidenceSpamAction = 'Quarantine' - SpamAction = 'MoveToJmf' - EnableEndUserSpamNotifications = $true - DownloadLink = $false - EnableRegionBlockList = $true - EnableLanguageBlockList = $true - EndUserSpamNotificationCustomFromName = 'Spam Notification' - EndUserSpamNotificationCustomSubject = 'This is SPAM' - EndUserSpamNotificationLanguage = 'Default' - BulkThreshold = 5 - AllowedSenders = @('test@contoso.com', 'test@fabrikam.com') - AllowedSenderDomains = @('contoso.com', 'fabrikam.com') - BlockedSenders = @('me@privacy.net', 'thedude@contoso.com') - BlockedSenderDomains = @('privacy.net', 'facebook.com') - PhishZapEnabled = $true - SpamZapEnabled = $true - InlineSafetyTipsEnabled = $true - BulkSpamAction = 'MoveToJmf' - PhishSpamAction = 'Quarantine' - MakeDefault = $false + Ensure = 'Present' + Identity = 'TestPolicy' + Credential = $Credential + AdminDisplayName = 'This ContentFilter policiy is a test' + AddXHeaderValue = 'MyCustomSpamHeader' + ModifySubjectValue = 'SPAM!' + RedirectToRecipients = @() + TestModeBccToRecipients = @() + QuarantineRetentionPeriod = 15 + EndUserSpamNotificationFrequency = 1 + TestModeAction = 'AddXHeader' + IncreaseScoreWithImageLinks = 'Off' + IncreaseScoreWithNumericIps = 'On' + IncreaseScoreWithRedirectToOtherPort = 'On' + IncreaseScoreWithBizOrInfoUrls = 'On' + MarkAsSpamEmptyMessages = 'On' + MarkAsSpamJavaScriptInHtml = 'On' + MarkAsSpamFramesInHtml = 'On' + MarkAsSpamObjectTagsInHtml = 'On' + MarkAsSpamEmbedTagsInHtml = 'Off' + MarkAsSpamFormTagsInHtml = 'Off' + MarkAsSpamWebBugsInHtml = 'On' + MarkAsSpamSensitiveWordList = 'Test' + MarkAsSpamSpfRecordHardFail = 'On' + MarkAsSpamFromAddressAuthFail = 'On' + MarkAsSpamBulkMail = 'On' + MarkAsSpamNdrBackscatter = 'On' + LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') + RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') + HighConfidencePhishAction = 'Quarantine' + HighConfidenceSpamAction = 'Quarantine' + SpamAction = 'MoveToJmf' + EnableEndUserSpamNotifications = $true + DownloadLink = $false + EnableRegionBlockList = $true + EnableLanguageBlockList = $true + EndUserSpamNotificationCustomSubject = 'This is SPAM' + EndUserSpamNotificationLanguage = 'Default' + BulkThreshold = 5 + AllowedSenders = @('test@contoso.com', 'test@fabrikam.com') + AllowedSenderDomains = @('contoso.com', 'fabrikam.com') + BlockedSenders = @('me@privacy.net', 'thedude@contoso.com') + BlockedSenderDomains = @('privacy.net', 'facebook.com') + PhishZapEnabled = $true + SpamZapEnabled = $true + InlineSafetyTipsEnabled = $true + BulkSpamAction = 'MoveToJmf' + PhishSpamAction = 'Quarantine' + MakeDefault = $false } Mock -CommandName Get-HostedContentFilterPolicy -MockWith { @@ -125,126 +124,124 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'HostedContentFilterPolicy update not required.' -Fixture { BeforeAll { $testParams = @{ - Ensure = 'Present' - Identity = 'TestPolicy' - Credential = $Credential - AdminDisplayName = 'This ContentFilter policiy is a test' - AddXHeaderValue = 'MyCustomSpamHeader' - ModifySubjectValue = 'SPAM!' - RedirectToRecipients = @() - TestModeBccToRecipients = @() - QuarantineRetentionPeriod = 15 - EndUserSpamNotificationFrequency = 1 - TestModeAction = 'AddXHeader' - IncreaseScoreWithImageLinks = 'Off' - IncreaseScoreWithNumericIps = 'On' - IncreaseScoreWithRedirectToOtherPort = 'On' - IncreaseScoreWithBizOrInfoUrls = 'On' - MarkAsSpamEmptyMessages = 'On' - MarkAsSpamJavaScriptInHtml = 'On' - MarkAsSpamFramesInHtml = 'On' - MarkAsSpamObjectTagsInHtml = 'On' - MarkAsSpamEmbedTagsInHtml = 'Off' - MarkAsSpamFormTagsInHtml = 'Off' - MarkAsSpamWebBugsInHtml = 'On' - MarkAsSpamSensitiveWordList = 'Test' - MarkAsSpamSpfRecordHardFail = 'On' - MarkAsSpamFromAddressAuthFail = 'On' - MarkAsSpamBulkMail = 'On' - MarkAsSpamNdrBackscatter = 'On' - LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') - RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') - HighConfidencePhishAction = 'Quarantine' - HighConfidenceSpamAction = 'Quarantine' - SpamAction = 'MoveToJmf' - EnableEndUserSpamNotifications = $true - DownloadLink = $false - EnableRegionBlockList = $true - EnableLanguageBlockList = $true - EndUserSpamNotificationCustomFromName = 'Spam Notification' - EndUserSpamNotificationCustomSubject = 'This is SPAM' - EndUserSpamNotificationLanguage = 'Default' - BulkThreshold = 5 - AllowedSenders = @('test@contoso.com', 'test@fabrikam.com') - AllowedSenderDomains = @('contoso.com', 'fabrikam.com') - BlockedSenders = @('me@privacy.net', 'thedude@contoso.com') - BlockedSenderDomains = @('privacy.net', 'facebook.com') - PhishZapEnabled = $true - SpamZapEnabled = $true - InlineSafetyTipsEnabled = $true - BulkSpamAction = 'MoveToJmf' - PhishSpamAction = 'Quarantine' - MakeDefault = $false + Ensure = 'Present' + Identity = 'TestPolicy' + Credential = $Credential + AdminDisplayName = 'This ContentFilter policiy is a test' + AddXHeaderValue = 'MyCustomSpamHeader' + ModifySubjectValue = 'SPAM!' + RedirectToRecipients = @() + TestModeBccToRecipients = @() + QuarantineRetentionPeriod = 15 + EndUserSpamNotificationFrequency = 1 + TestModeAction = 'AddXHeader' + IncreaseScoreWithImageLinks = 'Off' + IncreaseScoreWithNumericIps = 'On' + IncreaseScoreWithRedirectToOtherPort = 'On' + IncreaseScoreWithBizOrInfoUrls = 'On' + MarkAsSpamEmptyMessages = 'On' + MarkAsSpamJavaScriptInHtml = 'On' + MarkAsSpamFramesInHtml = 'On' + MarkAsSpamObjectTagsInHtml = 'On' + MarkAsSpamEmbedTagsInHtml = 'Off' + MarkAsSpamFormTagsInHtml = 'Off' + MarkAsSpamWebBugsInHtml = 'On' + MarkAsSpamSensitiveWordList = 'Test' + MarkAsSpamSpfRecordHardFail = 'On' + MarkAsSpamFromAddressAuthFail = 'On' + MarkAsSpamBulkMail = 'On' + MarkAsSpamNdrBackscatter = 'On' + LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') + RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') + HighConfidencePhishAction = 'Quarantine' + HighConfidenceSpamAction = 'Quarantine' + SpamAction = 'MoveToJmf' + EnableEndUserSpamNotifications = $true + DownloadLink = $false + EnableRegionBlockList = $true + EnableLanguageBlockList = $true + EndUserSpamNotificationCustomSubject = 'This is SPAM' + EndUserSpamNotificationLanguage = 'Default' + BulkThreshold = 5 + AllowedSenders = @('test@contoso.com', 'test@fabrikam.com') + AllowedSenderDomains = @('contoso.com', 'fabrikam.com') + BlockedSenders = @('me@privacy.net', 'thedude@contoso.com') + BlockedSenderDomains = @('privacy.net', 'facebook.com') + PhishZapEnabled = $true + SpamZapEnabled = $true + InlineSafetyTipsEnabled = $true + BulkSpamAction = 'MoveToJmf' + PhishSpamAction = 'Quarantine' + MakeDefault = $false } Mock -CommandName Get-HostedContentFilterPolicy -MockWith { return @{ - Ensure = 'Present' - Identity = 'TestPolicy' - Credential = $Credential - AdminDisplayName = 'This ContentFilter policiy is a test' - AddXHeaderValue = 'MyCustomSpamHeader' - ModifySubjectValue = 'SPAM!' - RedirectToRecipients = @() - TestModeBccToRecipients = @() - QuarantineRetentionPeriod = 15 - EndUserSpamNotificationFrequency = 1 - TestModeAction = 'AddXHeader' - IncreaseScoreWithImageLinks = 'Off' - IncreaseScoreWithNumericIps = 'On' - IncreaseScoreWithRedirectToOtherPort = 'On' - IncreaseScoreWithBizOrInfoUrls = 'On' - MarkAsSpamEmptyMessages = 'On' - MarkAsSpamJavaScriptInHtml = 'On' - MarkAsSpamFramesInHtml = 'On' - MarkAsSpamObjectTagsInHtml = 'On' - MarkAsSpamEmbedTagsInHtml = 'Off' - MarkAsSpamFormTagsInHtml = 'Off' - MarkAsSpamWebBugsInHtml = 'On' - MarkAsSpamSensitiveWordList = 'Test' - MarkAsSpamSpfRecordHardFail = 'On' - MarkAsSpamFromAddressAuthFail = 'On' - MarkAsSpamBulkMail = 'On' - MarkAsSpamNdrBackscatter = 'On' - LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') - RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') - HighConfidencePhishAction = 'Quarantine' - HighConfidenceSpamAction = 'Quarantine' - SpamAction = 'MoveToJmf' - EnableEndUserSpamNotifications = $true - DownloadLink = $false - EnableRegionBlockList = $true - EnableLanguageBlockList = $true - EndUserSpamNotificationCustomFromName = 'Spam Notification' - EndUserSpamNotificationCustomSubject = 'This is SPAM' - EndUserSpamNotificationLanguage = 'Default' - BulkThreshold = 5 - AllowedSenders = @{ + Ensure = 'Present' + Identity = 'TestPolicy' + Credential = $Credential + AdminDisplayName = 'This ContentFilter policiy is a test' + AddXHeaderValue = 'MyCustomSpamHeader' + ModifySubjectValue = 'SPAM!' + RedirectToRecipients = @() + TestModeBccToRecipients = @() + QuarantineRetentionPeriod = 15 + EndUserSpamNotificationFrequency = 1 + TestModeAction = 'AddXHeader' + IncreaseScoreWithImageLinks = 'Off' + IncreaseScoreWithNumericIps = 'On' + IncreaseScoreWithRedirectToOtherPort = 'On' + IncreaseScoreWithBizOrInfoUrls = 'On' + MarkAsSpamEmptyMessages = 'On' + MarkAsSpamJavaScriptInHtml = 'On' + MarkAsSpamFramesInHtml = 'On' + MarkAsSpamObjectTagsInHtml = 'On' + MarkAsSpamEmbedTagsInHtml = 'Off' + MarkAsSpamFormTagsInHtml = 'Off' + MarkAsSpamWebBugsInHtml = 'On' + MarkAsSpamSensitiveWordList = 'Test' + MarkAsSpamSpfRecordHardFail = 'On' + MarkAsSpamFromAddressAuthFail = 'On' + MarkAsSpamBulkMail = 'On' + MarkAsSpamNdrBackscatter = 'On' + LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') + RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') + HighConfidencePhishAction = 'Quarantine' + HighConfidenceSpamAction = 'Quarantine' + SpamAction = 'MoveToJmf' + EnableEndUserSpamNotifications = $true + DownloadLink = $false + EnableRegionBlockList = $true + EnableLanguageBlockList = $true + EndUserSpamNotificationCustomSubject = 'This is SPAM' + EndUserSpamNotificationLanguage = 'Default' + BulkThreshold = 5 + AllowedSenders = @{ Sender = @( [PSCustomObject]@{Address = 'test@contoso.com' }, [PSCustomObject]@{Address = 'test@fabrikam.com' } ) } - AllowedSenderDomains = @( + AllowedSenderDomains = @( [PSCustomObject]@{Domain = 'contoso.com' }, [PSCustomObject]@{Domain = 'fabrikam.com' } ) - BlockedSenders = @{ + BlockedSenders = @{ Sender = @( [PSCustomObject]@{Address = 'me@privacy.net' }, [PSCustomObject]@{Address = 'thedude@contoso.com' } ) } - BlockedSenderDomains = @( + BlockedSenderDomains = @( [PSCustomObject]@{Domain = 'privacy.net' }, [PSCustomObject]@{Domain = 'facebook.com' } ) - PhishZapEnabled = $true - SpamZapEnabled = $true - InlineSafetyTipsEnabled = $true - BulkSpamAction = 'MoveToJmf' - PhishSpamAction = 'Quarantine' - IsDefault = $false + PhishZapEnabled = $true + SpamZapEnabled = $true + InlineSafetyTipsEnabled = $true + BulkSpamAction = 'MoveToJmf' + PhishSpamAction = 'Quarantine' + IsDefault = $false } } } @@ -257,126 +254,124 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'HostedContentFilterPolicy update needed.' -Fixture { BeforeAll { $testParams = @{ - Ensure = 'Present' - Identity = 'TestPolicy' - Credential = $Credential - AdminDisplayName = 'This ContentFilter policiy is a test' - AddXHeaderValue = 'MyCustomSpamHeader' - ModifySubjectValue = 'SPAM!' - RedirectToRecipients = @() - TestModeBccToRecipients = @() - QuarantineRetentionPeriod = 15 - EndUserSpamNotificationFrequency = 1 - TestModeAction = 'AddXHeader' - IncreaseScoreWithImageLinks = 'Off' - IncreaseScoreWithNumericIps = 'On' - IncreaseScoreWithRedirectToOtherPort = 'On' - IncreaseScoreWithBizOrInfoUrls = 'On' - MarkAsSpamEmptyMessages = 'On' - MarkAsSpamJavaScriptInHtml = 'On' - MarkAsSpamFramesInHtml = 'On' - MarkAsSpamObjectTagsInHtml = 'On' - MarkAsSpamEmbedTagsInHtml = 'Off' - MarkAsSpamFormTagsInHtml = 'Off' - MarkAsSpamWebBugsInHtml = 'On' - MarkAsSpamSensitiveWordList = 'Test' - MarkAsSpamSpfRecordHardFail = 'On' - MarkAsSpamFromAddressAuthFail = 'On' - MarkAsSpamBulkMail = 'On' - MarkAsSpamNdrBackscatter = 'On' - LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') - RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') - HighConfidencePhishAction = 'Quarantine' - HighConfidenceSpamAction = 'Quarantine' - SpamAction = 'MoveToJmf' - EnableEndUserSpamNotifications = $true - DownloadLink = $false - EnableRegionBlockList = $true - EnableLanguageBlockList = $true - EndUserSpamNotificationCustomFromName = 'Spam Notification' - EndUserSpamNotificationCustomSubject = 'This is SPAM' - EndUserSpamNotificationLanguage = 'Default' - BulkThreshold = 5 - AllowedSenders = @('test@contoso.com', 'test@fabrikam.com') - AllowedSenderDomains = @('contoso.com', 'fabrikam.com') - BlockedSenders = @('me@privacy.net', 'thedude@contoso.com') - BlockedSenderDomains = @('privacy.net', 'facebook.com') - PhishZapEnabled = $true - SpamZapEnabled = $true - InlineSafetyTipsEnabled = $true - BulkSpamAction = 'MoveToJmf' - PhishSpamAction = 'Quarantine' - MakeDefault = $false + Ensure = 'Present' + Identity = 'TestPolicy' + Credential = $Credential + AdminDisplayName = 'This ContentFilter policiy is a test' + AddXHeaderValue = 'MyCustomSpamHeader' + ModifySubjectValue = 'SPAM!' + RedirectToRecipients = @() + TestModeBccToRecipients = @() + QuarantineRetentionPeriod = 15 + EndUserSpamNotificationFrequency = 1 + TestModeAction = 'AddXHeader' + IncreaseScoreWithImageLinks = 'Off' + IncreaseScoreWithNumericIps = 'On' + IncreaseScoreWithRedirectToOtherPort = 'On' + IncreaseScoreWithBizOrInfoUrls = 'On' + MarkAsSpamEmptyMessages = 'On' + MarkAsSpamJavaScriptInHtml = 'On' + MarkAsSpamFramesInHtml = 'On' + MarkAsSpamObjectTagsInHtml = 'On' + MarkAsSpamEmbedTagsInHtml = 'Off' + MarkAsSpamFormTagsInHtml = 'Off' + MarkAsSpamWebBugsInHtml = 'On' + MarkAsSpamSensitiveWordList = 'Test' + MarkAsSpamSpfRecordHardFail = 'On' + MarkAsSpamFromAddressAuthFail = 'On' + MarkAsSpamBulkMail = 'On' + MarkAsSpamNdrBackscatter = 'On' + LanguageBlockList = @('AF', 'SQ', 'AR', 'HY', 'AZ', 'EU', 'BE', 'BN', 'BS', 'BR', 'BG', 'CA', 'ZH-CN', 'ZH-TW', 'HR', 'CS', 'DA', 'NL', 'EO', 'ET', 'FO', 'TL', 'FI', 'FR', 'FY', 'GL', 'KA', 'DE', 'EL', 'KL', 'GU', 'HA', 'HE', 'HI', 'HU', 'IS', 'ID', 'GA', 'ZU', 'IT', 'JA', 'KN', 'KK', 'SW', 'KO', 'KU', 'KY', 'LA', 'LV', 'LT', 'LB', 'MK', 'MS', 'ML', 'MT', 'MI', 'MR', 'MN', 'NB', 'NN', 'PS', 'FA', 'PL', 'PT', 'PA', 'RO', 'RM', 'RU', 'SE', 'SR', 'SK', 'SL', 'WEN', 'SV', 'TA', 'TE', 'TH', 'TR', 'UK', 'UR', 'UZ', 'VI', 'CY', 'YI') + RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ', 'AG', 'AR', 'AM', 'AW', 'AU', 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ', 'BJ', 'BM', 'BT', 'BO', 'BQ', 'BA', 'BW', 'BV', 'BR', 'IO', 'VG', 'BN', 'BG', 'BF', 'BI', 'CV', 'KH', 'CM', 'KY', 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG', 'CD', 'CK', 'CR', 'CI', 'HR', 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC', 'EG', 'SV', 'GQ', 'ER', 'EE', 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF', 'GA', 'GM', 'GE', 'DE', 'GH', 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN', 'GW', 'GY', 'HT', 'HM', 'VA', 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE', 'IM', 'IL', 'IT', 'JM', 'XJ', 'SJ', 'JP', 'JE', 'JO', 'KZ', 'KE', 'KI', 'KR', 'KW', 'KG', 'LA', 'LV', 'LB', 'LS', 'LR', 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY', 'MV', 'ML', 'MT', 'MH', 'MQ', 'MR', 'MU', 'YT', 'FM', 'MD', 'MC', 'MN', 'ME', 'MS', 'MA', 'MZ', 'MM', 'NA', 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU', 'NF', 'KP', 'MP', 'NO', 'OM', 'PK', 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL', 'PT', 'PR', 'QA', 'RE', 'RO', 'RU', 'RW', 'XS', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC', 'WS', 'SM', 'ST', 'SA', 'SN', 'RS', 'SC', 'SL', 'SG', 'XE', 'SX', 'SK', 'SI', 'SB', 'SO', 'ZA', 'GS', 'ES', 'LK', 'SD', 'SR', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ', 'TZ', 'TH', 'TL', 'TG', 'TK', 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA', 'AE', 'UY', 'UZ', 'VU', 'VE', 'VN', 'WF', 'YE', 'ZM', 'ZW') + HighConfidencePhishAction = 'Quarantine' + HighConfidenceSpamAction = 'Quarantine' + SpamAction = 'MoveToJmf' + EnableEndUserSpamNotifications = $true + DownloadLink = $false + EnableRegionBlockList = $true + EnableLanguageBlockList = $true + EndUserSpamNotificationCustomSubject = 'This is SPAM' + EndUserSpamNotificationLanguage = 'Default' + BulkThreshold = 5 + AllowedSenders = @('test@contoso.com', 'test@fabrikam.com') + AllowedSenderDomains = @('contoso.com', 'fabrikam.com') + BlockedSenders = @('me@privacy.net', 'thedude@contoso.com') + BlockedSenderDomains = @('privacy.net', 'facebook.com') + PhishZapEnabled = $true + SpamZapEnabled = $true + InlineSafetyTipsEnabled = $true + BulkSpamAction = 'MoveToJmf' + PhishSpamAction = 'Quarantine' + MakeDefault = $false } Mock -CommandName Get-HostedContentFilterPolicy -MockWith { return @{ - Ensure = 'Present' - Identity = 'TestPolicy' - Credential = $Credential - AdminDisplayName = 'This ContentFilter policiy is a test' - AddXHeaderValue = 'MyCustomSpamHeader' - ModifySubjectValue = 'SPAM!' - RedirectToRecipients = @() - TestModeBccToRecipients = @() - QuarantineRetentionPeriod = 15 - EndUserSpamNotificationFrequency = 1 - TestModeAction = 'AddXHeader' - IncreaseScoreWithImageLinks = 'Off' - IncreaseScoreWithNumericIps = 'On' - IncreaseScoreWithRedirectToOtherPort = 'On' - IncreaseScoreWithBizOrInfoUrls = 'On' - MarkAsSpamEmptyMessages = 'On' - MarkAsSpamJavaScriptInHtml = 'On' - MarkAsSpamFramesInHtml = 'On' - MarkAsSpamObjectTagsInHtml = 'On' - MarkAsSpamEmbedTagsInHtml = 'Off' - MarkAsSpamFormTagsInHtml = 'Off' - MarkAsSpamWebBugsInHtml = 'On' - MarkAsSpamSensitiveWordList = 'Test' - MarkAsSpamSpfRecordHardFail = 'On' - MarkAsSpamFromAddressAuthFail = 'On' - MarkAsSpamBulkMail = 'On' - MarkAsSpamNdrBackscatter = 'On' - LanguageBlockList = @() - RegionBlockList = @() - HighConfidencePhishAction = 'Quarantine' - HighConfidenceSpamAction = 'Quarantine' - SpamAction = 'MoveToJmf' - EnableEndUserSpamNotifications = $true - DownloadLink = $false - EnableRegionBlockList = $true - EnableLanguageBlockList = $true - EndUserSpamNotificationCustomFromName = 'Spam Notification' - EndUserSpamNotificationCustomSubject = 'This is SPAM' - EndUserSpamNotificationLanguage = 'Default' - BulkThreshold = 5 - AllowedSenders = @{ + Ensure = 'Present' + Identity = 'TestPolicy' + Credential = $Credential + AdminDisplayName = 'This ContentFilter policiy is a test' + AddXHeaderValue = 'MyCustomSpamHeader' + ModifySubjectValue = 'SPAM!' + RedirectToRecipients = @() + TestModeBccToRecipients = @() + QuarantineRetentionPeriod = 15 + EndUserSpamNotificationFrequency = 1 + TestModeAction = 'AddXHeader' + IncreaseScoreWithImageLinks = 'Off' + IncreaseScoreWithNumericIps = 'On' + IncreaseScoreWithRedirectToOtherPort = 'On' + IncreaseScoreWithBizOrInfoUrls = 'On' + MarkAsSpamEmptyMessages = 'On' + MarkAsSpamJavaScriptInHtml = 'On' + MarkAsSpamFramesInHtml = 'On' + MarkAsSpamObjectTagsInHtml = 'On' + MarkAsSpamEmbedTagsInHtml = 'Off' + MarkAsSpamFormTagsInHtml = 'Off' + MarkAsSpamWebBugsInHtml = 'On' + MarkAsSpamSensitiveWordList = 'Test' + MarkAsSpamSpfRecordHardFail = 'On' + MarkAsSpamFromAddressAuthFail = 'On' + MarkAsSpamBulkMail = 'On' + MarkAsSpamNdrBackscatter = 'On' + LanguageBlockList = @() + RegionBlockList = @() + HighConfidencePhishAction = 'Quarantine' + HighConfidenceSpamAction = 'Quarantine' + SpamAction = 'MoveToJmf' + EnableEndUserSpamNotifications = $true + DownloadLink = $false + EnableRegionBlockList = $true + EnableLanguageBlockList = $true + EndUserSpamNotificationCustomSubject = 'This is SPAM' + EndUserSpamNotificationLanguage = 'Default' + BulkThreshold = 5 + AllowedSenders = @{ Sender = @( [PSCustomObject]@{Address = 'test@contoso.com' }, [PSCustomObject]@{Address = 'test@fabrikam.com' } ) } - AllowedSenderDomains = @( + AllowedSenderDomains = @( [PSCustomObject]@{Domain = 'contoso.com' }, [PSCustomObject]@{Domain = 'fabrikam.com' } ) - BlockedSenders = @{ + BlockedSenders = @{ Sender = @( [PSCustomObject]@{Address = 'me@privacy.net' }, [PSCustomObject]@{Address = 'thedude@contoso.com' } ) } - BlockedSenderDomains = @( + BlockedSenderDomains = @( [PSCustomObject]@{Domain = 'privacy.net' }, [PSCustomObject]@{Domain = 'facebook.com' } ) - PhishZapEnabled = $true - SpamZapEnabled = $true - InlineSafetyTipsEnabled = $true - BulkSpamAction = 'MoveToJmf' - PhishSpamAction = 'MoveToJmf' - MakeDefault = $false + PhishZapEnabled = $true + SpamZapEnabled = $true + InlineSafetyTipsEnabled = $true + BulkSpamAction = 'MoveToJmf' + PhishSpamAction = 'MoveToJmf' + MakeDefault = $false } } } From aab7e637e31cebd410854ac602c3d228d1f41d22 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Sun, 19 Mar 2023 21:40:54 +0100 Subject: [PATCH 024/187] Updated changelog and added removal of ID parameter check in Test method --- CHANGELOG.md | 30 +++++++++-- .../MSFT_AADAdministrativeUnit.psm1 | 42 +++++++-------- .../MSFT_AADAdministrativeUnit.schema.mof | 4 +- .../MSFT_AADConditionalAccessPolicy.psm1 | 18 +++---- ...MSFT_AADConditionalAccessPolicy.schema.mof | 4 +- ...AADEntitlementManagementAccessPackage.psm1 | 24 ++++----- ...nagementAccessPackageAssignmentPolicy.psm1 | 24 ++++----- ...ntAccessPackageAssignmentPolicy.schema.mof | 2 +- ...tlementManagementAccessPackageCatalog.psm1 | 31 ++++++----- ...tManagementAccessPackageCatalog.schema.mof | 4 +- ...anagementAccessPackageCatalogResource.psm1 | 29 +++++------ ...entAccessPackageCatalogResource.schema.mof | 2 +- ...lementManagementConnectedOrganization.psm1 | 30 +++++------ ...ManagementConnectedOrganization.schema.mof | 2 +- .../MSFT_AADRoleSetting.psm1 | 2 - .../MSFT_IntuneASRRulesPolicyWindows10.psm1 | 12 ++--- ...T_IntuneASRRulesPolicyWindows10.schema.mof | Bin 16446 -> 16656 bytes ...usPolicyWindows10SettingCatalog.schema.mof | Bin 32600 -> 33050 bytes .../MSFT_IntuneAppProtectionPolicyiOS.psm1 | 4 +- ...tionRulesPolicyWindows10ConfigManager.psm1 | 25 ++++----- ...lesPolicyWindows10ConfigManager.schema.mof | Bin 16108 -> 16324 bytes ...ationPolicyAndroidDeviceAdministrator.psm1 | 25 ++++----- ...olicyAndroidDeviceAdministrator.schema.mof | 2 +- ...ConfigurationPolicyAndroidDeviceOwner.psm1 | 24 ++++----- ...urationPolicyAndroidDeviceOwner.schema.mof | 2 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 26 +++++----- ...nPolicyAndroidOpenSourceProject.schema.mof | 2 +- ..._IntuneDeviceConfigurationPolicyMacOS.psm1 | 25 ++++----- ...eDeviceConfigurationPolicyMacOS.schema.mof | 2 +- ...FT_IntuneDeviceConfigurationPolicyiOS.psm1 | 26 +++++----- ...uneDeviceConfigurationPolicyiOS.schema.mof | 2 +- ...otectionPolicyWindows10SettingCatalog.psm1 | 13 ++--- ...ationPolicyAndroidDeviceAdministrator.psm1 | 29 ++++++----- ...olicyAndroidDeviceAdministrator.schema.mof | 2 +- ...ionPolicyAndroidEntrepriseDeviceOwner.psm1 | 25 ++++----- ...icyAndroidEntrepriseDeviceOwner.schema.mof | 2 +- ...ionPolicyAndroidEntrepriseWorkProfile.psm1 | 25 ++++----- ...icyAndroidEntrepriseWorkProfile.schema.mof | 2 +- ...WifiConfigurationPolicyAndroidForWork.psm1 | 25 ++++----- ...nfigurationPolicyAndroidForWork.schema.mof | 2 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 25 ++++----- ...nPolicyAndroidOpenSourceProject.schema.mof | 2 +- ...MSFT_IntuneWifiConfigurationPolicyIOS.psm1 | 25 ++++----- ...ntuneWifiConfigurationPolicyIOS.schema.mof | 2 +- ...FT_IntuneWifiConfigurationPolicyMacOS.psm1 | 25 ++++----- ...uneWifiConfigurationPolicyMacOS.schema.mof | 2 +- ...ntuneWifiConfigurationPolicyWindows10.psm1 | 25 ++++----- ...ifiConfigurationPolicyWindows10.schema.mof | 2 +- ...ForBusinessRingUpdateProfileWindows10.psm1 | 49 +++++++++--------- ...nProtectionPolicyWindows10MdmEnrolled.psm1 | 1 + ...BusinessFeatureUpdateProfileWindows10.psm1 | 37 ++++++------- 51 files changed, 387 insertions(+), 358 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3b17ae5151..7657045bcb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,32 @@ # Change log for Microsoft365DSC +# BREAKING CHANGES (APRIL 5TH RELEASE) + +* AADAdministrativeUnit, AADConditionalAccessPolicy, AADEntitlementManagementAccessPackage, + AADEntitlementManagementAccessPackageAssignmentPolicy, AADEntitlementManagementAccessPackageCatalog, + AADEntitlementManagementAccessPackageCatalogResource, AADEntitlementManagementAccessPackageCatalogResource, + AADEntitlementManagementConnectedOrganization, AADRoleSetting, + IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator, IntuneDeviceConfigurationPolicyAndroidDeviceOwner, + IntuneDeviceConfigurationPolicyAndroidOpenSourceProject, IntuneDeviceConfigurationPolicyMacOS, + IntuneDeviceConfigurationPolicyiOS, IntuneExploitProtectionPolicyWindows10SettingCatalog, + IntuneWifiConfigurationPolicyAndroidDeviceAdministrator, IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner, + IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile, IntuneWifiConfigurationPolicyAndroidForWork, + IntuneWifiConfigurationPolicyAndroidOpenSourceProject, IntuneWifiConfigurationPolicyIOS, + IntuneWifiConfigurationPolicyMacOS, IntuneWifiConfigurationPolicyWindows10, + IntuneWindowUpdateForBusinessRingUpdateProfileWindows10, IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10, + IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled, IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required +* EXOIRMConfiguration, EXOPerimeterConfiguration, EXOResourceConfiguration + * [BREAKING CHANGE] Setting Id as Key parameter +* IntuneAntivirusPolicyWindows10SettingCatalog, IntuneASRRulesPolicyWindows10, + IntuneAppProtectionPolicyiOS, IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager, + IntuneSettingCatalogASRRulesPolicyWindows10, + * [BREAKING CHANGE] Setting Identity as Key parameter and DisplayName as Required +* MISC + * Added a QA check to test for the presence of a Key parameter and fixes + resources where this was not the case. + FIXES [#2925](https://github.com/microsoft/Microsoft365DSC/issues/2925) + # UNRELEASED * EXORoleAssignmentPolicy @@ -7,9 +34,6 @@ FIXES [#2977](https://github.com/microsoft/Microsoft365DSC/issues/2977) * MISC * Added QA test that checks for existence of an example for each resource. - * Added a QA check to test for the presence of a Key parameter and fixes - resources where this was not the case. - FIXES [#2925](https://github.com/microsoft/Microsoft365DSC/issues/2925) * DRG * Various fixes: Remove invalid character from description in schema.mof diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 3e4e9b54ba..0ec886d97a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -5,22 +5,22 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Description, + $Id, [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] - [validateset('Public', 'HiddenMembership')] [System.String] - $Visibility, + $Description, [Parameter()] + [validateset('Public', 'HiddenMembership')] [System.String] - $Id, + $Visibility, [Parameter()] [validateset('Assigned', 'Dynamic')] @@ -43,10 +43,9 @@ function Get-TargetResource [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $ScopedRoleMembers, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', @@ -253,22 +252,22 @@ function Set-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Description, + $Id, [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] - [validateset('Public', 'HiddenMembership')] [System.String] - $Visibility, + $Description, [Parameter()] + [validateset('Public', 'HiddenMembership')] [System.String] - $Id, + $Visibility, [Parameter()] [validateset('Assigned', 'Dynamic')] @@ -291,9 +290,9 @@ function Set-TargetResource [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $ScopedRoleMembers, - #endregion - [Parameter(Mandatory = $true)] + + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', @@ -744,21 +743,22 @@ function Test-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Description, + $Id, [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] - [validateset('Public', 'HiddenMembership')] [System.String] - $Visibility, + $Description, [Parameter()] + [validateset('Public', 'HiddenMembership')] [System.String] - $Id, + $Visibility, [Parameter()] [validateset('Assigned', 'Dynamic')] @@ -781,10 +781,9 @@ function Test-TargetResource [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $ScopedRoleMembers, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', @@ -867,6 +866,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null # Visibility is currently not returned by Get-TargetResource $ValuesToCheck.Remove('Visibility') | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof index bdb24ef69d..a476c1d911 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof @@ -16,8 +16,8 @@ class MSFT_MicrosoftGraphScopedRoleMembership [ClassVersion("1.0.0.0"), FriendlyName("AADAdministrativeUnit")] class MSFT_AADAdministrativeUnit : OMI_BaseResource { - [Key, Description("DisplayName of the Administrative Unit")] String DisplayName; - [Write, Description("Object-Id of the Administrative Unit")] String Id; + [Key, Description("Object-Id of the Administrative Unit")] String Id; + [Required, Description("DisplayName of the Administrative Unit")] String DisplayName; [Write, Description("Description of the Administrative Unit")] String Description; [Write, Description("Visibility of the Administrative Unit. Specify HiddenMembership if members of the AU are hidden")] String Visibility; [Write, Description("Specify membership type. Possible values are Assigned and Dynamic. Note that the functionality is currently in preview.")] String MembershipType; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index ba92ae59d5..455c081988 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -6,11 +6,11 @@ function Get-TargetResource ( [Parameter(Mandatory = $true)] [System.String] - $DisplayName, + $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Id, + $DisplayName, [Parameter()] [System.String] @@ -653,11 +653,11 @@ function Set-TargetResource ( [Parameter(Mandatory = $true)] [System.String] - $DisplayName, + $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Id, + $DisplayName, [Parameter()] [System.String] @@ -1521,11 +1521,11 @@ function Test-TargetResource ( [Parameter(Mandatory = $true)] [System.String] - $DisplayName, + $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Id, + $DisplayName, [Parameter()] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof index e2877f13e3..f07de8dcca 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof @@ -1,8 +1,8 @@ [ClassVersion("1.0.0.0"), FriendlyName("AADConditionalAccessPolicy")] class MSFT_AADConditionalAccessPolicy : OMI_BaseResource { - [Key, Description("DisplayName of the AAD CA Policy")] String DisplayName; - [Write, Description("Specifies the GUID for the Policy.")] String Id; + [Key, Description("Specifies the GUID for the Policy.")] String Id; + [Required, Description("DisplayName of the AAD CA Policy")] String DisplayName; [Write, Description("Specifies the State of the Policy."), ValueMap{"disabled","enabled","enabledForReportingButNotEnforced"}, Values{"disabled","enabled","enabledForReportingButNotEnforced"}] String State; [Write, Description("Cloud Apps in scope of the Policy.")] String IncludeApplications[]; [Write, Description("Cloud Apps out of scope of the Policy.")] String ExcludeApplications[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 index fba64fda86..3342a32696 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 @@ -9,6 +9,10 @@ function Get-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogId, @@ -17,10 +21,6 @@ function Get-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsHidden, @@ -208,6 +208,10 @@ function Set-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogId, @@ -216,10 +220,6 @@ function Set-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsHidden, @@ -676,6 +676,10 @@ function Test-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogId, @@ -684,10 +688,6 @@ function Test-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsHidden, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 index b795a5d69f..fcae2a395e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 @@ -8,6 +8,10 @@ function Get-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $AccessPackageId, @@ -24,10 +28,6 @@ function Get-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Int32] $DurationInDays, @@ -315,6 +315,10 @@ function Set-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $AccessPackageId, @@ -331,10 +335,6 @@ function Set-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Int32] $DurationInDays, @@ -484,6 +484,10 @@ function Test-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $AccessPackageId, @@ -500,10 +504,6 @@ function Test-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Int32] $DurationInDays, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof index e4aecf5d08..121fb2dde6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof @@ -120,11 +120,11 @@ class MSFT_MicrosoftGraphcustomextensionendpointconfiguration class MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy : OMI_BaseResource { [Key, Description("Id of the access package assignment policy.")] String Id; + [Required, Description("The display name of the policy.")] String DisplayName; [Write, Description("Identifier of the access package.")] String AccessPackageId; [Write, Description("Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews are not required."), EmbeddedInstance("MSFT_MicrosoftGraphassignmentreviewsettings")] String AccessReviewSettings; [Write, Description("Indicates whether a user can extend the access package assignment duration after approval.")] Boolean CanExtend; [Write, Description("The description of the policy.")] String Description; - [Required, Description("The display name of the policy.")] String DisplayName; [Write, Description("The number of days in which assignments from this policy last until they are expired.")] UInt32 DurationInDays; [Write, Description("The expiration date for assignments created in this policy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z")] String ExpirationDateTime; [Write, Description("Questions that are posed to the requestor."), EmbeddedInstance("MSFT_MicrosoftGraphaccesspackagequestion")] String Questions[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 index 765ef5c2a8..f598123654 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 @@ -8,6 +8,10 @@ function Get-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogStatus, @@ -21,10 +25,6 @@ function Get-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsExternallyVisible, @@ -150,11 +150,14 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter(Mandatory = $true)] [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogStatus, @@ -168,10 +171,6 @@ function Set-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsExternallyVisible, @@ -289,11 +288,14 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter(Mandatory = $true)] [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogStatus, @@ -307,10 +309,6 @@ function Test-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsExternallyVisible, @@ -373,9 +371,10 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" if ($testResult) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof index 23f6dd298c..965bb2071c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof @@ -1,13 +1,11 @@ - - [ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackageCatalog")] class MSFT_AADEntitlementManagementAccessPackageCatalog : OMI_BaseResource { [Key, Description("The id of the access package catalog.")] String Id; + [Required, Description("The display name of the access package catalog.")] String DisplayName; [Write, Description("Has the value Published if the access packages are available for management.")] String CatalogStatus; [Write, Description("One of UserManaged or ServiceDefault."), ValueMap{"UserManaged","ServiceDefault"}, Values{"UserManaged","ServiceDefault"}] String CatalogType; [Write, Description("The description of the access package catalog.")] String Description; - [Required, Description("The display name of the access package catalog.")] String DisplayName; [Write, Description("Whether the access packages in this catalog can be requested by users outside of the tenant.")] Boolean IsExternallyVisible; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 index f56aff76b8..b3027f35d2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 @@ -9,6 +9,10 @@ function Get-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogId, @@ -29,10 +33,6 @@ function Get-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsPendingOnboarding, @@ -152,6 +152,7 @@ function Get-TargetResource } $hashAttributes += $hashAttribute } + $results = [ordered]@{ Id = $Id CatalogId = $CatalogId @@ -174,7 +175,6 @@ function Get-TargetResource ManagedIdentity = $ManagedIdentity.IsPresent } - return [System.Collections.Hashtable] $results } catch @@ -199,6 +199,10 @@ function Set-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogId, @@ -219,10 +223,6 @@ function Set-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsPendingOnboarding, @@ -349,9 +349,7 @@ function Set-TargetResource } #region resource generator code New-MgEntitlementManagementAccessPackageResourceRequest @resourceRequest - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -445,6 +443,10 @@ function Test-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogId, @@ -465,10 +467,6 @@ function Test-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsPendingOnboarding, @@ -574,6 +572,7 @@ function Test-TargetResource $ValuesToCheck.Remove('AddedBy') | Out-Null $ValuesToCheck.Remove('AddedOn') | Out-Null $ValuesToCheck.Remove('IsPendingOnboarding') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof index ef0fec69e8..9fe9523d1c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof @@ -61,12 +61,12 @@ class MSFT_MicrosoftGraphaccessPackageAnswerChoice class MSFT_AADEntitlementManagementAccessPackageCatalogResource : OMI_BaseResource { [Key, Description("Id of the access package catalog resource.")] String Id; + [Required, Description("The display name of the resource, such as the application name, group name or site name.")] String DisplayName; [Write, Description("The unique ID of the access package catalog.")] String CatalogId; [Write, Description("The name of the user or application that first added this resource. Read-only.")] String AddedBy; [Write, Description("The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.")] String AddedOn; [Write, Description("Contains information about the attributes to be collected from the requestor and sent to the resource application."), EmbeddedInstance("MSFT_MicrosoftGraphaccesspackageresourceattribute")] String Attributes[]; [Write, Description("A description for the resource.")] String Description; - [Required, Description("The display name of the resource, such as the application name, group name or site name.")] String DisplayName; [Write, Description("True if the resource is not yet available for assignment. Read-only.")] Boolean IsPendingOnboarding; [Write, Description("The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group.")] String OriginId; [Write, Description("The type of the resource in the origin system.")] String OriginSystem; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 index ebfcf07762..bfb4c14b64 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 @@ -8,14 +8,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $IdentitySources, @@ -172,7 +172,6 @@ function Get-TargetResource $getIdentitySources = $sources } - $results = @{ Id = $getValue.id Description = $getValue.description @@ -213,14 +212,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $IdentitySources, @@ -416,14 +415,11 @@ function Set-TargetResource -DirectoryObjectId $sponsor } #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing a new Entitlement Management Connected Organization {$($currentInstance.Id)}" Remove-MgEntitlementManagementConnectedOrganization -ConnectedOrganizationId $currentInstance.Id - - } } @@ -437,14 +433,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $IdentitySources, @@ -537,7 +533,6 @@ function Test-TargetResource } $ValuesToCheck.Remove($key) | Out-Null - } } @@ -545,6 +540,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof index 58f8fe2a5c..896f8e2c64 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof @@ -14,8 +14,8 @@ class MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource class MSFT_AADEntitlementManagementConnectedOrganization : OMI_BaseResource { [Key, Description("The Id of the Connected organization object.")] String Id; - [Write, Description("The description of the connected organization.")] String Description; [Required, Description("The display name of the connected organization.")] String DisplayName; + [Write, Description("The description of the connected organization.")] String Description; [Write, Description("The identity sources in this connected organization."), EmbeddedInstance("MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource")] String IdentitySources[]; [Write, Description("The state of a connected organization defines whether assignment policies with requestor scope type AllConfiguredConnectedOrganizationSubjects are applicable or not."), ValueMap{"configured","proposed","unknownFutureValue"}, Values{"configured","proposed","unknownFutureValue"}] String State; [Write, Description("Collection of objectID of extenal sponsors. the sponsor can be a user or a group.")] String ExternalSponsors[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 index b33f198bcd..9ece57a9f7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 @@ -1056,8 +1056,6 @@ function Set-TargetResource -UnifiedRoleManagementPolicyRuleId $role.id ` -BodyParameter $params ` -ErrorAction Stop - - } catch { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 index 3eb855efa4..2a49ccb586 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 @@ -4,7 +4,7 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter(Mandatory = $True)] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -112,7 +112,7 @@ function Get-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', @@ -245,7 +245,7 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter(Mandatory = $True)] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -353,7 +353,7 @@ function Set-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', @@ -492,7 +492,7 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter(Mandatory = $True)] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -600,7 +600,7 @@ function Test-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.schema.mof index 6c282667ce2a61b70578afab09ad82c2d0845d0f..e8085c4b848c9b3e847b34ce0fbdc325775d3767 100644 GIT binary patch delta 433 zcmdnjz&N3aal$rc1qOx58-)!wKAFST>-Tuc(aWjJRE{I=NTM;X>;71V{8TG0Im6CdJox*LvVjTv(SS` u2wFXd2~JMnW|^#Jy#vnYu=xOEZ&tDug80?Y&YO`H7&YL?(Ve`)ei{HTPJTiF delta 317 zcmbQx#JI14al*FAQ#gz^zUyNF(G%YZY(BzzjuFJ3e2V=DklwX9gp-A7a~wAZUZBCZ*+O6gh~u=`KwD>93iz~(KJp9W@3&QZDtH+PP*14voWW)n3Hi24N@8$gVJ&C9f( zK^>&K3oLL(?-AqXEd~P2K%U)Z4ihV|2C!{Y%ox16iYpb;3unHV4vNw i-UFsj*n9vhcws99QlPh4&t8g=k#lk*tM=q7hiL$pG<=N! diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof index 479f950c0bf9414e041b9092afbe224f97827793..00904b2f5de4edbfabb5e90f2cae8c8466a0bffb 100644 GIT binary patch delta 1049 zcmY*XUuaTs6jocdnfAwMZA?p7$T0t017|TCtC-YgQY^<>R=3)UESohM&Mc&dD2T95 z48Xbp5?E3aF@m6n2zPI}+M&Vtwu22M^6lY9BH9sU1Zs?L>)`M983x!c1LlS)9IAHGjeS8}*%f0J zj9Z>C0C9^A&vz9m;YQxNmjQUU`;T}E%-eK~eC((YuIxB1ab-sk)7$_RI8nW4Q6*n9 z0v30b)U%#RyxnafDxCGSNQ%78jvw}o)`L<#@(G1hNOPUY?YBzZSGG) z0F*+TFf-cvKhXw>vwr9e#hASm3bFeM4pA^KHqp#aNKRo*sGa*x9Z(rIpyR?4i$(po zT8kR?=7`GDwQ(3Ny>b@F60k zIu{@IAX3sp52H9^$dDK^Bt)X8xI~CZ4-zr<6d@sf=etxsopXM_-#O>^9lmTvGB??? z0vLAByUL`E;`2%)mbZOml*7{YGLJ=!)}E6fTlWEy^{X6^A+<9HMnHQt?qE34@RNbF zC5LL$AhpT3uq$XGbGzeKva~nE(Am-`38A?!N$_j@aUf!KBoEG5!udnIW1=B}>Gm|I z!WzapbfJNgTS0dx@1zwa_b&#~+SAa}xd(R~brI@;gt8&xi({sUFV$~k6IYJgxgelp z;-s6D3Kl&Di6|I%G{fqtbs=l(3Xx2Mwk{Wb@lBCb#+mMGR~7=;Z+)2?9 z9$(j~Mt?jaZ6V&!R;b+AgnVBH^qZeKr+_Qgic^C{YhHS&#`3?CtdJ!gdv3|X8|H?I zvP`0UXHB5w7&CVl{}=D?m3hJMogcX`p*N*bC1YWf?#BO-G*%R`RA+z_TM!bL1Rj7T78<%vj#K8_%p^1eA_)_CCENj1?Z0`S zC==Kgpc@@G{}bnfar`$&Ncq7zlSA~BHjBt=zyusOSIPIGni`>a1TL^SPPqoA)PJ*@ z+9tRR&_x29wKVP^3-E0Y(}Ebb`Jwi8h|EK6-OZ15)gXqz93Eld1D4&q(C{E!+2kJM zYp{Tr++%VJ%68nm#PkMS(dK35GH}l1Hx|3#Ixbl5fwQ++eSonyU$7Q}X)xR@U@OJQ P3XBSHRO(I+vzrD0Zy%B= delta 301 zcmX?7|E6}rw#idCj5faOV*$|<-wA9!!g`Jo#GZVL{RoiWwK;^dg=zCWZVtxHZ+H|y zQd*O3_}+o&%~AXAm7KhxkOO}#0%JbPdN`FJVEUM$h?5f%QWsm7`L?g5H{@6 z=>R)vbCI4JMCUsLACR=u<|d;W#>FfqjFVYRY$m&zp4cp6CdLGDwuKDDAImIvf&DYV hY7dyMvHk#7FvmuSaq|{i4@O4L$&IYqllAPU0RVtMbzlGh diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 index 8bd5000c45..98b4674903 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Identity, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AppsBlockClipboardSharing, @@ -424,14 +424,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AppsBlockClipboardSharing, @@ -824,14 +824,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AppsBlockClipboardSharing, @@ -1139,6 +1139,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof index 0959b4b07a..82b822512a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof @@ -21,8 +21,8 @@ class MSFT_MicrosoftGraphapplistitem class MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Block clipboard sharing between apps (Samsung KNOX Standard 4.0+).")] Boolean AppsBlockClipboardSharing; [Write, Description("Block copy and paste functionality.")] Boolean AppsBlockCopyPaste; [Write, Description("Block YouTube (Samsung KNOX Standard 4.0+).")] Boolean AppsBlockYouTube; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 index 154f2d0b8f..a698022ef5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AccountsBlockModification, @@ -869,14 +869,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AccountsBlockModification, @@ -1606,14 +1606,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AccountsBlockModification, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof index cf73c6fcac..3bceab1f93 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof @@ -84,8 +84,8 @@ class MSFT_MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod class MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner : OMI_BaseResource { [Key, Description("The Id of the policy.")] String Id; - [Write, Description("The description of the policy.")] String Description; [Required, Description("The display name of hte policy.")] String DisplayName; + [Write, Description("The description of the policy.")] String Description; [Write, Description("Block modification of accounts. Only supported on Dedicated devices.")] Boolean AccountsBlockModification; [Write, Description("When allowed, users can enable the 'unknown sources' setting to install apps from sources other than the Google Play Store.")] Boolean AppsAllowInstallFromUnknownSources; [Write, Description("Devices check for app updates daily. The default behavior is to let device users decide. They'll be able to set their preferences in the managed Google Play app."), ValueMap{"notConfigured","userChoice","never","wiFiOnly","always"}, Values{"notConfigured","userChoice","never","wiFiOnly","always"}] String AppsAutoUpdatePolicy; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 index 2ae8ed21ff..0c547707f6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AppsBlockInstallFromUnknownSources, @@ -222,14 +222,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AppsBlockInstallFromUnknownSources, @@ -473,14 +473,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AppsBlockInstallFromUnknownSources, @@ -639,6 +639,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" @@ -891,7 +892,6 @@ function Get-M365DSCDRGComplexTypeToString -isArray:$true ` -CIMInstanceName $CIMInstanceName ` -Whitespace ' ' - } if ([string]::IsNullOrEmpty($currentProperty)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof index a867422190..bf6ea6e768 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Prevent applications from unknown sources.")] Boolean AppsBlockInstallFromUnknownSources; [Write, Description("Prevent bluetooth configuration.")] Boolean BluetoothBlockConfiguration; [Write, Description("Prevents using Bluetooth on devices.")] Boolean BluetoothBlocked; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index b2207e4c51..62166aba7a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AddingGameCenterFriendsBlocked, @@ -455,14 +455,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AddingGameCenterFriendsBlocked, @@ -889,14 +889,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AddingGameCenterFriendsBlocked, @@ -1237,6 +1237,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof index 675c812cdd..dfb9bb6515 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof @@ -59,8 +59,8 @@ class MSFT_MicrosoftGraphmacosappleeventreceiver class MSFT_IntuneDeviceConfigurationPolicyMacOS : OMI_BaseResource { [Key, Description("")] String Id; - [Write, Description("")] String Description; [Required, Description("")] String DisplayName; + [Write, Description("")] String Description; [Write, Description("")] Boolean AddingGameCenterFriendsBlocked; [Write, Description("")] Boolean AirDropBlocked; [Write, Description("Blocks users from unlocking their Mac with Apple Watch.")] Boolean AppleWatchBlockAutoUnlock; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 index 83d2ba5fad..7d61a42be8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AccountBlockModification, @@ -1102,14 +1102,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AccountBlockModification, @@ -2037,14 +2037,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AccountBlockModification, @@ -2885,6 +2885,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" @@ -2961,7 +2962,6 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop -All:$true | Where-Object ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof index 78cce20f3f..1a6a9421e4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof @@ -82,8 +82,8 @@ class MSFT_MicrosoftGraphiosnetworkusagerule class MSFT_IntuneDeviceConfigurationPolicyIOS : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Indicates whether or not to allow account modification when the device is in supervised mode.")] Boolean AccountBlockModification; [Write, Description("Activation Lock makes it harder for a lost or stolen device to be reactivated.")] Boolean ActivationLockAllowWhenSupervised; [Write, Description("Indicates whether or not to allow AirDrop when the device is in supervised mode.")] Boolean AirDropBlocked; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 index 181face5ba..d93346bee9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 @@ -4,7 +4,7 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter(Mandatory = $True)] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -28,7 +28,7 @@ function Get-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = $true, @@ -191,7 +191,7 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter(Mandatory = $True)] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -215,7 +215,7 @@ function Set-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = $true, @@ -358,7 +358,7 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter(Mandatory = $True)] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -382,7 +382,7 @@ function Test-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = $true, @@ -435,6 +435,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Identity') | Out-Null if ($CurrentValues.Ensure -eq 'Absent') { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 index 7143dd488a..9fd22114ca 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -177,14 +177,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -393,14 +393,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -524,9 +524,10 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof index e380df3ac8..f805671d7c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator : OMI_BaseResource { [Key, Description("Id of the Intune Policy.")] String Id; - [Write, Description("Description of the Intune Policy.")] String Description; [Required, Description("Display name of the Intune Policy.")] String DisplayName; + [Write, Description("Description of the Intune Policy.")] String Description; [Write, Description("Connect automatically.")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 index 71e7a84345..043ebbf8d6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -212,14 +212,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -456,14 +456,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -615,6 +615,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof index 1e48dac488..5991811e4f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner : OMI_BaseResource { [Key, Description("Id of the Intune policy")] String Id; - [Write, Description("Description of the Intune policy")] String Description; [Required, Description("Disaply name of the Intune policy")] String DisplayName; + [Write, Description("Description of the Intune policy")] String Description; [Write, Description("If the network is in range, automatically connect.")] Boolean ConnectAutomatically; [Write, Description("Don't show this Wi-Fi network on an end-user's device in the list of available networks. The SSID will not be broadcasted.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 index 747392f233..b0cad95c9b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -176,14 +176,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -391,14 +391,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -521,6 +521,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof index b4d905deb6..0002c7f327 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Connect automatically.")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 index c9c830ec39..e8b71073d8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -176,14 +176,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -391,14 +391,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -521,6 +521,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof index 339532ca23..3180b02f68 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyAndroidForWork : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 index 2b64a5ec29..f4e4d7a442 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -186,14 +186,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -409,14 +409,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -547,6 +547,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof index f6db025c0e..7cde3d4be4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Connect automatically to the network.")] Boolean ConnectAutomatically; [Write, Description("Define if the network should be connected if hidden.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Define the network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 index 52f4776961..2f33cae9c8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -207,14 +207,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -447,14 +447,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -602,6 +602,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof index 8cd1c94f97..80b861f7ce 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyIOS : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Disable the MAC address randomization.")] Boolean DisableMacAddressRandomization; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 index 1bf5416850..a621c74d12 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -202,14 +202,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -438,14 +438,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -589,6 +589,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof index 05caa16920..befed6c8e4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyMacOS : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 index 8bfa808b8e..7b05cbfb49 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -218,14 +218,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -467,14 +467,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -631,6 +631,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof index 7501e91c5d..966ecac18c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyWindows10 : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect to preferred network")] Boolean ConnectToPreferredNetwork; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 index a7a14891e0..f697b893fa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 @@ -5,6 +5,14 @@ function Get-TargetResource param ( #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.Boolean] $AllowWindows11Upgrade, @@ -154,14 +162,6 @@ function Get-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - [Parameter(Mandatory = $true)] - [System.String] - $Id, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -450,6 +450,14 @@ function Set-TargetResource param ( #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.Boolean] $AllowWindows11Upgrade, @@ -599,14 +607,6 @@ function Set-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - [Parameter(Mandatory = $true)] - [System.String] - $Id, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -747,6 +747,14 @@ function Test-TargetResource param ( #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.Boolean] $AllowWindows11Upgrade, @@ -896,14 +904,6 @@ function Test-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - [Parameter(Mandatory = $true)] - [System.String] - $Id, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -990,6 +990,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 index 3e58a03d1f..cdce75a210 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 @@ -819,6 +819,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 index d179490b2f..6ca810bc24 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 @@ -5,14 +5,18 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Description, + $Id, [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.String] $FeatureUpdateVersion, @@ -21,10 +25,6 @@ function Get-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $RolloutSettings, - [Parameter(Mandatory = $true)] - [System.String] - $Id, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -176,14 +176,18 @@ function Set-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Description, + $Id, [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.String] $FeatureUpdateVersion, @@ -192,10 +196,6 @@ function Set-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $RolloutSettings, - [Parameter(Mandatory = $true)] - [System.String] - $Id, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -339,14 +339,18 @@ function Test-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Description, + $Id, [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.String] $FeatureUpdateVersion, @@ -355,10 +359,6 @@ function Test-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $RolloutSettings, - [Parameter(Mandatory = $true)] - [System.String] - $Id, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -445,6 +445,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" From e03869e7b92d84f366f1ff10e425a0f7cca8e371 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Sun, 19 Mar 2023 21:53:19 +0100 Subject: [PATCH 025/187] Updated examples --- .../1-CreateNewAdministrativeUnit.ps1 | 1 + .../1-ConfigureAADConditionalAccessPolicy.ps1 | 75 ++++++++++--------- 2 files changed, 39 insertions(+), 37 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-CreateNewAdministrativeUnit.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-CreateNewAdministrativeUnit.ps1 index 3601ae86d0..0881426df3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-CreateNewAdministrativeUnit.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-CreateNewAdministrativeUnit.ps1 @@ -18,6 +18,7 @@ Configuration Example { AADAdministrativeUnit 'TestUnit' { + Id = '49a843c7-e80c-4bae-8819-825656a108f2' DisplayName = 'Test-Unit' MembershipRule = "(user.country -eq `"Canada`")" MembershipRuleProcessingState = 'On' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 index c6d0512b0e..b18eed404e 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 @@ -16,43 +16,44 @@ Configuration Example { AADConditionalAccessPolicy 'Allin-example' { - BuiltInControls = @("Mfa", "CompliantDevice", "DomainJoinedDevice", "ApprovedApplication", "CompliantApplication") - ClientAppTypes = @("ExchangeActiveSync", "Browser", "MobileAppsAndDesktopClients", "Other") - CloudAppSecurityIsEnabled = $True - CloudAppSecurityType = "MonitorOnly" - DisplayName = "Allin-example" - ExcludeApplications = @("803ee9ca-3f7f-4824-bd6e-0b99d720c35c", "00000012-0000-0000-c000-000000000000", "00000007-0000-0000-c000-000000000000", "Office365") - ExcludeDevices = @("Compliant", "DomainJoined") - ExcludeGroups = @() - ExcludeLocations = @("Blocked Countries") - ExcludePlatforms = @("Windows", "WindowsPhone", "MacOS") - ExcludeRoles = @("Company Administrator", "Application Administrator", "Application Developer", "Cloud Application Administrator", "Cloud Device Administrator") - ExcludeUsers = @("admin@contoso.com", "AAdmin@contoso.com", "CAAdmin@contoso.com", "AllanD@contoso.com", "AlexW@contoso.com", "GuestsOrExternalUsers") - ExcludeExternalTenantsMembers = @(); - ExcludeExternalTenantsMembershipKind = "all"; - ExcludeGuestOrExternalUserTypes = @("internalGuest","b2bCollaborationMember"); - GrantControlOperator = "OR" - IncludeApplications = @("All") - IncludeDevices = @("All") - IncludeGroups = @() - IncludeLocations = @("AllTrusted") - IncludePlatforms = @("Android", "IOS") - IncludeRoles = @("Compliance Administrator") - IncludeUserActions = @() - IncludeUsers = @("Alexw@contoso.com") - IncludeExternalTenantsMembers = @("11111111-1111-1111-1111-111111111111"); - IncludeExternalTenantsMembershipKind = "enumerated"; - IncludeGuestOrExternalUserTypes = @("b2bCollaborationGuest"); - PersistentBrowserIsEnabled = $false - PersistentBrowserMode = "" - SignInFrequencyIsEnabled = $True - SignInFrequencyType = "Hours" - SignInFrequencyValue = 5 - SignInRiskLevels = @("High", "Medium") - State = "disabled" - UserRiskLevels = @("High", "Medium") - Ensure = "Present" - Credential = $credsGlobalAdmin + Id = '4b0bb08f-85ab-4a12-a12c-06114b6ac6df' + DisplayName = 'Allin-example' + BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') + ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') + CloudAppSecurityIsEnabled = $true + CloudAppSecurityType = 'MonitorOnly' + ExcludeApplications = @('803ee9ca-3f7f-4824-bd6e-0b99d720c35c', '00000012-0000-0000-c000-000000000000', '00000007-0000-0000-c000-000000000000', 'Office365') + ExcludeDevices = @('Compliant', 'DomainJoined') + ExcludeGroups = @() + ExcludeLocations = @('Blocked Countries') + ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') + ExcludeRoles = @('Company Administrator', 'Application Administrator', 'Application Developer', 'Cloud Application Administrator', 'Cloud Device Administrator') + ExcludeUsers = @('admin@contoso.com', 'AAdmin@contoso.com', 'CAAdmin@contoso.com', 'AllanD@contoso.com', 'AlexW@contoso.com', 'GuestsOrExternalUsers') + ExcludeExternalTenantsMembers = @() + ExcludeExternalTenantsMembershipKind = 'all' + ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') + GrantControlOperator = 'OR' + IncludeApplications = @('All') + IncludeDevices = @('All') + IncludeGroups = @() + IncludeLocations = @('AllTrusted') + IncludePlatforms = @('Android', 'IOS') + IncludeRoles = @('Compliance Administrator') + IncludeUserActions = @() + IncludeUsers = @('Alexw@contoso.com') + IncludeExternalTenantsMembers = @('11111111-1111-1111-1111-111111111111') + IncludeExternalTenantsMembershipKind = 'enumerated' + IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest') + PersistentBrowserIsEnabled = $false + PersistentBrowserMode = '' + SignInFrequencyIsEnabled = $true + SignInFrequencyType = 'Hours' + SignInFrequencyValue = 5 + SignInRiskLevels = @('High', 'Medium') + State = 'disabled' + UserRiskLevels = @('High', 'Medium') + Ensure = 'Present' + Credential = $credsGlobalAdmin } } } From dc728275caccf6a834d87c70433ed0951479963d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Wed, 22 Mar 2023 09:32:50 +0100 Subject: [PATCH 026/187] TeamsGroupPolicyAssignment Exported configuration cannot be used because of duplicated key value Fixes #3054 --- CHANGELOG.md | 6 ++++++ .../MSFT_TeamsGroupPolicyAssignment.psm1 | 18 +++++++++--------- .../MSFT_TeamsGroupPolicyAssignment.schema.mof | 6 +++--- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d98d037910..59cc870c19 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# Breaking Changes (APRIL 5TH RELEASE) + +* TeamsGroupPolicyAssignment change of key and required parameters + * [BREAKING CHANGE] Setting GroupId and PolicyType as Key parameters + FIXES [#3054](https://github.com/microsoft/Microsoft365DSC/issues/3054) + # UNRELEASED * AADRoleSetting diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 index ef834f1ec4..9f200efe49 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 @@ -8,11 +8,11 @@ function Get-TargetResource [System.String] $GroupDisplayName, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $GroupId, - [Parameter()] + [Parameter(Mandatory = $true)] [ValidateSet('CallingLineIdentity', 'TeamsAppSetupPolicy', 'TeamsAudioConferencingPolicy', 'TeamsCallingPolicy', 'TeamsCallParkPolicy', 'TeamsChannelsPolicy', 'TeamsComplianceRecordingPolicy', 'TenantDialPlan', 'TeamsMeetingBroadcastPolicy', 'TeamsMeetingPolicy', 'TeamsMessagingPolicy', 'TeamsShiftsPolicy', 'TeamsUpdateManagementPolicy', 'TeamsVerticalPackagePolicy')] [System.String] $PolicyType, @@ -21,7 +21,7 @@ function Get-TargetResource [System.String] $PolicyName, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $Priority, @@ -128,11 +128,11 @@ function Set-TargetResource [System.String] $GroupDisplayName, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $GroupId, - [Parameter()] + [Parameter(Mandatory = $true)] [ValidateSet('CallingLineIdentity', 'TeamsAppSetupPolicy', 'TeamsAudioConferencingPolicy', 'TeamsCallingPolicy', 'TeamsCallParkPolicy', 'TeamsChannelsPolicy', 'TeamsComplianceRecordingPolicy', 'TenantDialPlan', 'TeamsMeetingBroadcastPolicy', 'TeamsMeetingPolicy', 'TeamsMessagingPolicy', 'TeamsShiftsPolicy', 'TeamsUpdateManagementPolicy', 'TeamsVerticalPackagePolicy')] [System.String] $PolicyType, @@ -141,7 +141,7 @@ function Set-TargetResource [System.String] $PolicyName, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $Priority, @@ -271,11 +271,11 @@ function Test-TargetResource [System.String] $GroupDisplayName, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $GroupId, - [Parameter()] + [Parameter(Mandatory = $true)] [ValidateSet('CallingLineIdentity', 'TeamsAppSetupPolicy', 'TeamsAudioConferencingPolicy', 'TeamsCallingPolicy', 'TeamsCallParkPolicy', 'TeamsChannelsPolicy', 'TeamsComplianceRecordingPolicy', 'TenantDialPlan', 'TeamsMeetingBroadcastPolicy', 'TeamsMeetingPolicy', 'TeamsMessagingPolicy', 'TeamsShiftsPolicy', 'TeamsUpdateManagementPolicy', 'TeamsVerticalPackagePolicy')] [System.String] $PolicyType, @@ -284,7 +284,7 @@ function Test-TargetResource [System.String] $PolicyName, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $Priority, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof index 2f6127a2e7..ba45cfaecf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof @@ -2,10 +2,10 @@ class MSFT_TeamsGroupPolicyAssignment : OMI_BaseResource { [Write, Description("Group Displayname of the group the policys are assigned to")] string GroupDisplayName; - [Write, Description("GroupId, alternatively to Group Displayname")] String GroupId; - [Write, Description("Teams PolicyType. The type of the policy to be assigned. Possible values:"), ValueMap{"CallingLineIdentity","TeamsAppSetupPolicy","TeamsAudioConferencingPolicy","TeamsCallingPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TenantDialPlan","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVerticalPackagePolicy"}, Values{"CallingLineIdentity","TeamsAppSetupPolicy","TeamsAudioConferencingPolicy","TeamsCallingPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TenantDialPlan","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVerticalPackagePolicy"}] String PolicyType; + [Key, Description("GroupId, alternatively to Group Displayname")] String GroupId; + [Key, Description("Teams PolicyType. The type of the policy to be assigned. Possible values:"), ValueMap{"CallingLineIdentity","TeamsAppSetupPolicy","TeamsAudioConferencingPolicy","TeamsCallingPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TenantDialPlan","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVerticalPackagePolicy"}, Values{"CallingLineIdentity","TeamsAppSetupPolicy","TeamsAudioConferencingPolicy","TeamsCallingPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TenantDialPlan","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVerticalPackagePolicy"}] String PolicyType; [Write, Description("Teams PolicyName. The name of the policy to be assigned.")] string PolicyName; - [Key, Description("Teams Priority. The rank of the policy assignment, relative to other group policy assignments for the same policy type")] string Priority; + [Write, Description("Teams Priority. The rank of the policy assignment, relative to other group policy assignments for the same policy type")] string Priority; [Write, Description("Present ensures the group policy assignment exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Teams Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; From 6b5f34f4dafc365a987da1e90cc15d67c00bb9d4 Mon Sep 17 00:00:00 2001 From: Chris Hill <53898223+Borgquite@users.noreply.github.com> Date: Fri, 24 Mar 2023 13:45:08 +0000 Subject: [PATCH 027/187] Create AU ScopedRoleMembership example --- .../2-CreateNewAdministrativeUnit.ps1 | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 new file mode 100644 index 0000000000..d09f4fdecc --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 @@ -0,0 +1,59 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsGlobalAdmin + ) + + Import-DscResource -ModuleName Microsoft365DSC + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsGlobalAdmin + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADGroup 'TestGroup' + { + DisplayName = 'TestGroup' + MailNickname = 'TestGroup' + SecurityEnabled = $true + MailEnabled = $false + IsAssignableToRole = $true + Ensure = "Present" + Credential = $credsGlobalAdmin + } + AADAdministrativeUnit 'TestUnit' + { + DisplayName = 'Test-Unit' + ScopedRoleMembers = @( + MSFT_MicrosoftGraphScopedRoleMembership + { + RoleName = "User Administrator" + RoleMemberInfo = MSFT_MicrosoftGraphIdentity + { + Identity = "TestGroup" + Type = "Group" + } + } + ) + Ensure = 'Present' + Credential = $credsGlobalAdmin + DependsOn = "[AADGroup]TestGroup" + } + } +} From 001ce7aa6b24bc942816133928d51e9676bfc7ab Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 25 Mar 2023 15:03:02 +0000 Subject: [PATCH 028/187] DRG + Code cleanup --- CHANGELOG.md | 24 +- ...tDeploymentProfileAzureADHybridJoined.psm1 | 393 +++++++------- .../readme.md | 2 +- .../settings.json | 2 +- ...topilotDeploymentProfileAzureADJoined.psm1 | 393 +++++++------- .../readme.md | 2 +- .../settings.json | 2 +- ...mentProfileAzureADHybridJoined-Example.ps1 | 2 +- ...DeploymentProfileAzureADJoined-Example.ps1 | 2 +- .../M365DSCResourceGenerator.psm1 | 479 +++++++++--------- ResourceGenerator/Module.Template.psm1 | 316 ++++++------ 11 files changed, 808 insertions(+), 809 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 789d9ec861..ea4a578c21 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,10 +2,17 @@ # UNRELEASED - -* IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 - * Initial Release - FIXES [#2832](https://github.com/microsoft/Microsoft365DSC/issues/2832) +* IntuneWindowsAutopilotDeploymentProfileAzureADJoined + * Initial release + FIXES [#2605](https://github.com/microsoft/Microsoft365DSC/issues/2605) +* IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined + * Initial release + FIXES [#2605](https://github.com/microsoft/Microsoft365DSC/issues/2605) +* DRG + * Various fixes + Cleanup generated code + Fix AdditionalProperties complex constructor + Fix Read privileges in settings file # 1.23.322.1 @@ -21,12 +28,9 @@ * IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 * Initial release FIXES [#2831](https://github.com/microsoft/Microsoft365DSC/issues/2831) -* IntuneWindowsAutopilotDeploymentProfileAzureADJoined - * Initial release - FIXES [#2605](https://github.com/microsoft/Microsoft365DSC/issues/2605) -* IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined - * Initial release - FIXES [#2605](https://github.com/microsoft/Microsoft365DSC/issues/2605) +* IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 + * Initial Release + FIXES [#2832](https://github.com/microsoft/Microsoft365DSC/issues/2832) * SCDLPCompliancePolicy * Added support or Endpoint, On-Premises, PowerBI and ThirdPartyApps locations and exceptions. FIXES [#3023](https://github.com/microsoft/Microsoft365DSC/issues/3023) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 index fa048f98ba..c4ea456b96 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 @@ -116,9 +116,9 @@ function Get-TargetResource if ($null -eq $getValue) { - Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined with Id {$Id}" + Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile ` -Filter "DisplayName eq '$DisplayName'" ` @@ -128,11 +128,11 @@ function Get-TargetResource #endregion if ($null -eq $getValue) { - Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined with DisplayName {$DisplayName}" + Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with DisplayName {$DisplayName}" return $nullResult } $Id = $getValue.Id - Write-Verbose -Message "An Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined with Id {$Id} and DisplayName {$DisplayName} was found." + Write-Verbose -Message "An Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$Id} and DisplayName {$DisplayName} was found." #region resource generator code $complexEnrollmentStatusScreenSettings = @{} @@ -143,7 +143,7 @@ function Get-TargetResource $complexEnrollmentStatusScreenSettings.Add('CustomErrorMessage', $getValue.EnrollmentStatusScreenSettings.customErrorMessage) $complexEnrollmentStatusScreenSettings.Add('HideInstallationProgress', $getValue.EnrollmentStatusScreenSettings.hideInstallationProgress) $complexEnrollmentStatusScreenSettings.Add('InstallProgressTimeoutInMinutes', $getValue.EnrollmentStatusScreenSettings.installProgressTimeoutInMinutes) - if($complexEnrollmentStatusScreenSettings.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexEnrollmentStatusScreenSettings.values.Where({$null -ne $_}).count -eq 0) { $complexEnrollmentStatusScreenSettings = $null } @@ -161,11 +161,10 @@ function Get-TargetResource { $complexOutOfBoxExperienceSettings.Add('UserType', $getValue.OutOfBoxExperienceSettings.userType.toString()) } - if($complexOutOfBoxExperienceSettings.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexOutOfBoxExperienceSettings.values.Where({$null -ne $_}).count -eq 0) { $complexOutOfBoxExperienceSettings = $null } - #endregion #region resource generator code @@ -174,7 +173,6 @@ function Get-TargetResource { $enumDeviceType = $getValue.DeviceType.ToString() } - #endregion $results = @{ @@ -206,7 +204,7 @@ function Get-TargetResource { $assignmentValue = @{ dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' - deviceAndAppManagementAssignmentFilterType = $(if($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId groupId = $assignmentEntry.Target.AdditionalProperties.groupId @@ -343,31 +341,31 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - Write-Verbose -Message "Creating an Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined with DisplayName {$DisplayName}" + Write-Verbose -Message "Creating an Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with DisplayName {$DisplayName}" $PSBoundParameters.Remove("Assignments") | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code $CreateParameters.Add("@odata.type", "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile") - $policy=New-MgDeviceManagementWindowAutopilotDeploymentProfile -BodyParameter $CreateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $policy = New-MgDeviceManagementWindowAutopilotDeploymentProfile -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - if($policy.id) + if ($policy.id) { Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` @@ -377,7 +375,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Updating the Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Updating the Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$($currentInstance.Id)}" $PSBoundParameters.Remove("Assignments") | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() @@ -385,12 +383,12 @@ function Set-TargetResource $UpdateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code @@ -398,19 +396,20 @@ function Set-TargetResource Update-MgDeviceManagementWindowAutopilotDeploymentProfile ` -WindowsAutopilotDeploymentProfileId $currentInstance.Id ` -BodyParameter $UpdateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/windowsAutopilotDeploymentProfiles' #endregion } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Removing the Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$($currentInstance.Id)}" #region resource generator code Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $currentInstance.Id #endregion @@ -520,7 +519,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of the Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined with Id {$Id} and DisplayName {$DisplayName}" + Write-Verbose -Message "Testing configuration of the Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$Id} and DisplayName {$DisplayName}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -552,7 +551,6 @@ function Test-TargetResource } $ValuesToCheck.Remove($key) | Out-Null - } } @@ -668,12 +666,12 @@ function Export-TargetResource $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ( $null -ne $Results.EnrollmentStatusScreenSettings) + if ($null -ne $Results.EnrollmentStatusScreenSettings) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.EnrollmentStatusScreenSettings ` -CIMInstanceName 'MicrosoftGraphwindowsEnrollmentStatusScreenSettings' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.EnrollmentStatusScreenSettings = $complexTypeStringResult } @@ -682,12 +680,12 @@ function Export-TargetResource $Results.Remove('EnrollmentStatusScreenSettings') | Out-Null } } - if ( $null -ne $Results.OutOfBoxExperienceSettings) + if ($null -ne $Results.OutOfBoxExperienceSettings) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.OutOfBoxExperienceSettings ` -CIMInstanceName 'MicrosoftGraphoutOfBoxExperienceSettings' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.OutOfBoxExperienceSettings = $complexTypeStringResult } @@ -696,7 +694,7 @@ function Export-TargetResource $Results.Remove('OutOfBoxExperienceSettings') | Out-Null } } - if($Results.Assignments) + if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) @@ -726,8 +724,8 @@ function Export-TargetResource $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable - $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) - $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace("`r`n;`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -765,40 +763,40 @@ function Update-DeviceConfigurationPolicyAssignment [Parameter()] [System.String] - $Repository='deviceManagement/configurationPolicies', + $Repository = 'deviceManagement/configurationPolicies', [Parameter()] [ValidateSet('v1.0','beta')] [System.String] - $APIVersion='beta' + $APIVersion = 'beta' ) try { - $deviceManagementPolicyAssignments=@() - $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach ($target in $targets) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) + $formattedTarget = @{"@odata.type" = $target.dataType} + if ($target.groupId) { $formattedTarget.Add('groupId',$target.groupId) } - if($target.collectionId) + if ($target.collectionId) { $formattedTarget.Add('collectionId',$target.collectionId) } - if($target.deviceAndAppManagementAssignmentFilterType) + if ($target.deviceAndAppManagementAssignmentFilterType) { $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) } - if($target.deviceAndAppManagementAssignmentFilterId) + if ($target.deviceAndAppManagementAssignmentFilterId) { $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -823,13 +821,13 @@ function Rename-M365DSCCimInstanceParameter $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" + $keyToRename = @{ + "odataType" = "@odata.type" } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -839,31 +837,31 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values return ,$result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like "*Hashtable") { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) @@ -871,7 +869,6 @@ function Rename-M365DSCCimInstanceParameter } $result = $hashProperties } - return $result #endregion } @@ -885,21 +882,21 @@ function Get-M365DSCDRGComplexTypeToHashtable $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like "*[[\]]") { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } @@ -909,21 +906,21 @@ function Get-M365DSCDRGComplexTypeToHashtable return ,[hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -940,7 +937,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like "*hashtable") { $keys = $ComplexObject.keys } @@ -951,16 +948,16 @@ function Get-M365DSCDRGComplexTypeToHashtable foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike "*hashtable") { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -972,7 +969,6 @@ function Get-M365DSCDRGComplexTypeToHashtable } } } - return [hashtable]$results } @@ -1018,15 +1014,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -1034,22 +1030,22 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array if ($ComplexObject.GetType().FullName -like "*[[\]]") { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { @@ -1065,20 +1061,20 @@ function Get-M365DSCDRGComplexTypeToString return ,$currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -1094,32 +1090,32 @@ function Get-M365DSCDRGComplexTypeToString $keyNotNull++ if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' $currentProperty += "@(" @@ -1133,7 +1129,7 @@ function Get-M365DSCDRGComplexTypeToString { if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $item ` @@ -1141,7 +1137,7 @@ function Get-M365DSCDRGComplexTypeToString -IndentLevel $IndentLevel ` -ComplexTypeMapping $ComplexTypeMapping ` -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -1156,22 +1152,22 @@ function Get-M365DSCDRGComplexTypeToString -CIMInstanceName $hashPropertyType ` -IndentLevel $IndentLevel ` -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1180,11 +1176,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1195,34 +1191,33 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel-1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel-2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } - return $currentProperty } @@ -1240,43 +1235,43 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' - ) + ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { "*.Boolean" { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } "*.String" { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key ='odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } "*.DateTime" { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } "*[[\]]" { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + " = @(" + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) { - switch -Wildcard ($item.GetType().Fullname ) + switch -Wildcard ($item.GetType().Fullname) { "*.String" { @@ -1292,7 +1287,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1304,7 +1299,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + " = " + $Value + "`r`n" } } return $returnValue @@ -1322,47 +1317,46 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -1372,36 +1366,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1409,18 +1403,17 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { - #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" return $false } @@ -1428,18 +1421,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like "*Date*") { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1457,9 +1450,9 @@ function Compare-M365DSCComplexObject } } } - return $true } + function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] @@ -1469,14 +1462,13 @@ function Convert-M365DSCDRGComplexTypeToHashtable $ComplexObject ) - - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like "*[[\]]") { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) @@ -1487,22 +1479,21 @@ function Convert-M365DSCDRGComplexTypeToHashtable } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null + $propertyValue = $results[$key] + $results.remove($key) | Out-Null $results.add($propertyName,$propertyValue) } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/readme.md index d123803a75..98dc200ead 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/readme.md @@ -3,4 +3,4 @@ ## Description -Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined +Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json index 7b8811c9f0..58318b4636 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json @@ -1,6 +1,6 @@ { "resourceName": "IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined", - "description": "This resource configures an Intune Windows Autopilot Deployment Profile Azure A D Hybrid Joined.", + "description": "This resource configures an Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined.", "permissions": { "graph": { "delegated": { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 index 6af0fe92ff..9b3c6c77b2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 @@ -112,9 +112,9 @@ function Get-TargetResource if ($null -eq $getValue) { - Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure A D Joined with Id {$Id}" + Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure AD Joined with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile ` -Filter "DisplayName eq '$DisplayName'" ` @@ -124,11 +124,11 @@ function Get-TargetResource #endregion if ($null -eq $getValue) { - Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure A D Joined with DisplayName {$DisplayName}" + Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure AD Joined with DisplayName {$DisplayName}" return $nullResult } $Id = $getValue.Id - Write-Verbose -Message "An Intune Windows Autopilot Deployment Profile Azure A D Joined with Id {$Id} and DisplayName {$DisplayName} was found." + Write-Verbose -Message "An Intune Windows Autopilot Deployment Profile Azure AD Joined with Id {$Id} and DisplayName {$DisplayName} was found." #region resource generator code $complexEnrollmentStatusScreenSettings = @{} @@ -139,7 +139,7 @@ function Get-TargetResource $complexEnrollmentStatusScreenSettings.Add('CustomErrorMessage', $getValue.EnrollmentStatusScreenSettings.customErrorMessage) $complexEnrollmentStatusScreenSettings.Add('HideInstallationProgress', $getValue.EnrollmentStatusScreenSettings.hideInstallationProgress) $complexEnrollmentStatusScreenSettings.Add('InstallProgressTimeoutInMinutes', $getValue.EnrollmentStatusScreenSettings.installProgressTimeoutInMinutes) - if($complexEnrollmentStatusScreenSettings.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexEnrollmentStatusScreenSettings.values.Where({$null -ne $_}).count -eq 0) { $complexEnrollmentStatusScreenSettings = $null } @@ -157,11 +157,10 @@ function Get-TargetResource { $complexOutOfBoxExperienceSettings.Add('UserType', $getValue.OutOfBoxExperienceSettings.userType.toString()) } - if($complexOutOfBoxExperienceSettings.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexOutOfBoxExperienceSettings.values.Where({$null -ne $_}).count -eq 0) { $complexOutOfBoxExperienceSettings = $null } - #endregion #region resource generator code @@ -170,7 +169,6 @@ function Get-TargetResource { $enumDeviceType = $getValue.DeviceType.ToString() } - #endregion $results = @{ @@ -201,7 +199,7 @@ function Get-TargetResource { $assignmentValue = @{ dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' - deviceAndAppManagementAssignmentFilterType = $(if($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId groupId = $assignmentEntry.Target.AdditionalProperties.groupId @@ -334,31 +332,31 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - Write-Verbose -Message "Creating an Intune Windows Autopilot Deployment Profile Azure A D Joined with DisplayName {$DisplayName}" + Write-Verbose -Message "Creating an Intune Windows Autopilot Deployment Profile Azure AD Joined with DisplayName {$DisplayName}" $PSBoundParameters.Remove("Assignments") | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code $CreateParameters.Add("@odata.type", "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile") - $policy=New-MgDeviceManagementWindowAutopilotDeploymentProfile -BodyParameter $CreateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $policy = New-MgDeviceManagementWindowAutopilotDeploymentProfile -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - if($policy.id) + if ($policy.id) { Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` @@ -368,7 +366,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Updating the Intune Windows Autopilot Deployment Profile Azure A D Joined with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Updating the Intune Windows Autopilot Deployment Profile Azure AD Joined with Id {$($currentInstance.Id)}" $PSBoundParameters.Remove("Assignments") | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() @@ -376,12 +374,12 @@ function Set-TargetResource $UpdateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code @@ -389,19 +387,20 @@ function Set-TargetResource Update-MgDeviceManagementWindowAutopilotDeploymentProfile ` -WindowsAutopilotDeploymentProfileId $currentInstance.Id ` -BodyParameter $UpdateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/windowsAutopilotDeploymentProfiles' #endregion } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Intune Windows Autopilot Deployment Profile Azure A D Joined with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Removing the Intune Windows Autopilot Deployment Profile Azure AD Joined with Id {$($currentInstance.Id)}" #region resource generator code Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $currentInstance.Id #endregion @@ -507,7 +506,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of the Intune Windows Autopilot Deployment Profile Azure A D Joined with Id {$Id} and DisplayName {$DisplayName}" + Write-Verbose -Message "Testing configuration of the Intune Windows Autopilot Deployment Profile Azure AD Joined with Id {$Id} and DisplayName {$DisplayName}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -539,7 +538,6 @@ function Test-TargetResource } $ValuesToCheck.Remove($key) | Out-Null - } } @@ -655,12 +653,12 @@ function Export-TargetResource $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ( $null -ne $Results.EnrollmentStatusScreenSettings) + if ($null -ne $Results.EnrollmentStatusScreenSettings) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.EnrollmentStatusScreenSettings ` -CIMInstanceName 'MicrosoftGraphwindowsEnrollmentStatusScreenSettings1' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.EnrollmentStatusScreenSettings = $complexTypeStringResult } @@ -669,12 +667,12 @@ function Export-TargetResource $Results.Remove('EnrollmentStatusScreenSettings') | Out-Null } } - if ( $null -ne $Results.OutOfBoxExperienceSettings) + if ($null -ne $Results.OutOfBoxExperienceSettings) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.OutOfBoxExperienceSettings ` -CIMInstanceName 'MicrosoftGraphoutOfBoxExperienceSettings1' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.OutOfBoxExperienceSettings = $complexTypeStringResult } @@ -683,7 +681,7 @@ function Export-TargetResource $Results.Remove('OutOfBoxExperienceSettings') | Out-Null } } - if($Results.Assignments) + if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) @@ -713,8 +711,8 @@ function Export-TargetResource $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable - $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) - $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace("`r`n;`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -752,40 +750,40 @@ function Update-DeviceConfigurationPolicyAssignment [Parameter()] [System.String] - $Repository='deviceManagement/configurationPolicies', + $Repository = 'deviceManagement/configurationPolicies', [Parameter()] [ValidateSet('v1.0','beta')] [System.String] - $APIVersion='beta' + $APIVersion = 'beta' ) try { - $deviceManagementPolicyAssignments=@() - $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach ($target in $targets) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) + $formattedTarget = @{"@odata.type" = $target.dataType} + if ($target.groupId) { $formattedTarget.Add('groupId',$target.groupId) } - if($target.collectionId) + if ($target.collectionId) { $formattedTarget.Add('collectionId',$target.collectionId) } - if($target.deviceAndAppManagementAssignmentFilterType) + if ($target.deviceAndAppManagementAssignmentFilterType) { $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) } - if($target.deviceAndAppManagementAssignmentFilterId) + if ($target.deviceAndAppManagementAssignmentFilterId) { $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -810,13 +808,13 @@ function Rename-M365DSCCimInstanceParameter $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" + $keyToRename = @{ + "odataType" = "@odata.type" } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -826,31 +824,31 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values return ,$result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like "*Hashtable") { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) @@ -858,7 +856,6 @@ function Rename-M365DSCCimInstanceParameter } $result = $hashProperties } - return $result #endregion } @@ -872,21 +869,21 @@ function Get-M365DSCDRGComplexTypeToHashtable $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like "*[[\]]") { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } @@ -896,21 +893,21 @@ function Get-M365DSCDRGComplexTypeToHashtable return ,[hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -927,7 +924,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like "*hashtable") { $keys = $ComplexObject.keys } @@ -938,16 +935,16 @@ function Get-M365DSCDRGComplexTypeToHashtable foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike "*hashtable") { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -959,7 +956,6 @@ function Get-M365DSCDRGComplexTypeToHashtable } } } - return [hashtable]$results } @@ -1005,15 +1001,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -1021,22 +1017,22 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array if ($ComplexObject.GetType().FullName -like "*[[\]]") { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { @@ -1052,20 +1048,20 @@ function Get-M365DSCDRGComplexTypeToString return ,$currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -1081,32 +1077,32 @@ function Get-M365DSCDRGComplexTypeToString $keyNotNull++ if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' $currentProperty += "@(" @@ -1120,7 +1116,7 @@ function Get-M365DSCDRGComplexTypeToString { if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $item ` @@ -1128,7 +1124,7 @@ function Get-M365DSCDRGComplexTypeToString -IndentLevel $IndentLevel ` -ComplexTypeMapping $ComplexTypeMapping ` -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -1143,22 +1139,22 @@ function Get-M365DSCDRGComplexTypeToString -CIMInstanceName $hashPropertyType ` -IndentLevel $IndentLevel ` -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1167,11 +1163,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1182,34 +1178,33 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel-1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel-2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } - return $currentProperty } @@ -1227,43 +1222,43 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' - ) + ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { "*.Boolean" { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } "*.String" { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key ='odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } "*.DateTime" { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } "*[[\]]" { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + " = @(" + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) { - switch -Wildcard ($item.GetType().Fullname ) + switch -Wildcard ($item.GetType().Fullname) { "*.String" { @@ -1279,7 +1274,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1291,7 +1286,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + " = " + $Value + "`r`n" } } return $returnValue @@ -1309,47 +1304,46 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -1359,36 +1353,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1396,18 +1390,17 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { - #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" return $false } @@ -1415,18 +1408,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like "*Date*") { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1444,9 +1437,9 @@ function Compare-M365DSCComplexObject } } } - return $true } + function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] @@ -1456,14 +1449,13 @@ function Convert-M365DSCDRGComplexTypeToHashtable $ComplexObject ) - - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like "*[[\]]") { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) @@ -1474,22 +1466,21 @@ function Convert-M365DSCDRGComplexTypeToHashtable } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null + $propertyValue = $results[$key] + $results.remove($key) | Out-Null $results.add($propertyName,$propertyValue) } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/readme.md index 1605729876..1aec929d34 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/readme.md @@ -3,4 +3,4 @@ ## Description -Intune Windows Autopilot Deployment Profile Azure A D Joined +Intune Windows Autopilot Deployment Profile Azure AD Joined diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json index 6d78e2f7d8..1ec0ef7339 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json @@ -1,6 +1,6 @@ { "resourceName": "IntuneWindowsAutopilotDeploymentProfileAzureADJoined", - "description": "This resource configures an Intune Windows Autopilot Deployment Profile Azure A D Joined.", + "description": "This resource configures an Intune Windows Autopilot Deployment Profile Azure AD Joined.", "permissions": { "graph": { "delegated": { diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined-Example.ps1 index 6f7309152d..06438e0b37 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined-Example.ps1 @@ -33,7 +33,7 @@ Configuration Example HideEscapeLink = $True HidePrivacySettings = $True DeviceUsageType = 'singleUser' - SkipKeyboardSelectionPage = $True + SkipKeyboardSelectionPage = $False UserType = 'standard' }; } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADJoined-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADJoined-Example.ps1 index 6195152786..e4dc75584f 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADJoined-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADJoined-Example.ps1 @@ -33,7 +33,7 @@ Configuration Example Id = "30914319-d49b-46da-b054-625d933c5769"; Language = ""; OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings1{ - HideEULA = $True + HideEULA = $False HideEscapeLink = $True HidePrivacySettings = $True DeviceUsageType = 'singleUser' diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index c637e73074..3d9f86d560 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -191,7 +191,7 @@ function New-M365DSCResource $assignmentCmdlet=Get-Command ($cmdletFound.Name+'Assignment') -Module $GraphModule -ErrorAction SilentlyContinue $assignmentCmdletNoun = $assignmentCmdlet.Noun $assignmentKey = (($assignmentCmdlet.ParameterSets|where-Object -filterScript {$_.Name -eq 'List'}).Parameters | where-Object -filterScript {$_.IsMandatory}).Name - if( -not [String]::IsNullOrWhiteSpace($repository) ` + if (-not [String]::IsNullOrWhiteSpace($repository) ` -and -not [String]::IsNullOrWhiteSpace($assignmentCmdletNoun) ` -and -not [String]::IsNullOrWhiteSpace($assignmentKey)) { @@ -214,7 +214,7 @@ function New-M365DSCResource $CimInstancesSchemaContent = '' if ($null -ne $CimInstances) { - foreach($CimInstance in $CimInstances) + foreach ($CimInstance in $CimInstances) { $CimInstancesSchemaContent += Get-M365DSCDRGCimInstancesSchemaStringContent ` -CIMInstance $CimInstance ` @@ -249,7 +249,7 @@ function New-M365DSCResource $fakeValuesString = Get-M365DSCHashAsString -Values $fakeValues $targetResourceFakeValuesString = Get-M365DSCHashAsString -Values $targetResourceFakeValues -Space ' ' $assignmentMock = '' - if($addIntuneAssignments) + if ($addIntuneAssignments) { $assignmentMock = "`r`n`r`n Mock -CommandName Get-$assignmentCmdletNoun -MockWith {`r`n" $assignmentMock += " }`r`n" @@ -275,7 +275,7 @@ function New-M365DSCResource Write-TokenReplacement -Token '' -value $GetcmdletName -FilePath $unitTestPath $updateVerb='Update' $updateCmdlet=Find-MgGraphCommand -Command "$updateVerb-$CmdLetNoun" -ApiVersion $ApiVersion -errorAction SilentlyContinue - if($null -eq $updateCmdlet) + if ($null -eq $updateCmdlet) { $updateVerb='Set' } @@ -283,7 +283,7 @@ function New-M365DSCResource Write-TokenReplacement -Token '' -value "Remove-$($CmdLetNoun)" -FilePath $unitTestPath Write-TokenReplacement -Token '' -value "New-$($CmdLetNoun)" -FilePath $unitTestPath Update-Microsoft365StubFile -CmdletNoun $CmdLetNoun - if($addIntuneAssignments) + if ($addIntuneAssignments) { Update-Microsoft365StubFile -CmdletNoun $assignmentCmdletNoun } @@ -303,6 +303,7 @@ function New-M365DSCResource { $resourceDescription = $resourceDescription.replace($platform, $platforms.$platform) } + $resourceDescription = $resourceDescription.Replace('Azure A D','Azure AD') } $getCmdlet = Get-Command -Name "Get-$($CmdLetNoun)" -Module $GraphModule @@ -317,11 +318,11 @@ function New-M365DSCResource $primaryKey = '' $alternativeKey = '' - if($typeProperties.Name -contains 'id') + if ($typeProperties.Name -contains 'id') { $primaryKey = 'Id' $alternativeKey = 'DisplayName' - if($typeProperties.Name -contains 'name') + if ($typeProperties.Name -contains 'name') { $alternativeKey = 'Name' } @@ -330,15 +331,15 @@ function New-M365DSCResource if ($null -ne $getKeyIdentifier ) { $getParameterString = [System.Text.StringBuilder]::New() - foreach($key in $getKeyIdentifier ) + foreach ($key in $getKeyIdentifier ) { - if($getKeyIdentifier.Count -gt 1) + if ($getKeyIdentifier.Count -gt 1) { $getParameterString.append("```r`n") |out-null $getParameterString.append(" ") |out-null } $keyValue = $key - if($key -eq "$($actualtype)Id") + if ($key -eq "$($actualtype)Id") { $keyValue = $primaryKey } @@ -350,7 +351,7 @@ function New-M365DSCResource $getDefaultParameterSet = $getCmdlet.ParameterSets | Where-Object -FilterScript { $_.Name -eq 'List' } $getListIdentifier =$getDefaultParameterSet.Parameters.Name $getAlternativeFilterString = [System.Text.StringBuilder]::New() - if($getListIdentifier -contains 'Filter') + if ($getListIdentifier -contains 'Filter') { $getAlternativeFilterString.appendline(" -Filter `"$alternativeKey eq '`$$alternativeKey'`" ``")|out-null $getAlternativeFilterString.append(" -ErrorAction SilentlyContinue")|out-null @@ -372,37 +373,41 @@ function New-M365DSCResource Write-TokenReplacement -Token '' -Value "Get-$($CmdLetNoun)" -FilePath $moduleFilePath $complexTypeConstructor="" - if(-Not [String]::IsNullOrEmpty($hashtableResults.ComplexTypeConstructor)) + if (-Not [String]::IsNullOrEmpty($hashtableResults.ComplexTypeConstructor)) { $complexTypeConstructor = $hashtableResults.ComplexTypeConstructor $complexTypeConstructor = "`r`n #region resource generator code`r`n" + $complexTypeConstructor + $complexTypeConstructor = $complexTypeConstructor.Substring(0, $complexTypeConstructor.Length -2) $complexTypeConstructor = $complexTypeConstructor + " #endregion`r`n" } Write-TokenReplacement -Token '' -Value $complexTypeConstructor -FilePath $moduleFilePath $enumTypeConstructor="" - if(-Not [String]::IsNullOrEmpty($hashtableResults.EnumTypeConstructor)) + if (-Not [String]::IsNullOrEmpty($hashtableResults.EnumTypeConstructor)) { $enumTypeConstructor = $hashtableResults.EnumTypeConstructor $enumTypeConstructor = "`r`n #region resource generator code`r`n" + $enumTypeConstructor + $enumTypeConstructor = $enumTypeConstructor.Substring(0, $enumTypeConstructor.Length -2) $enumTypeConstructor = $enumTypeConstructor + " #endregion`r`n" } Write-TokenReplacement -Token '' -Value $enumTypeConstructor -FilePath $moduleFilePath $dateTypeConstructor="" - if(-Not [String]::IsNullOrEmpty($hashtableResults.DateTypeConstructor)) + if (-Not [String]::IsNullOrEmpty($hashtableResults.DateTypeConstructor)) { $dateTypeConstructor = $hashtableResults.DateTypeConstructor $dateTypeConstructor = "`r`n #region resource generator code`r`n" + $dateTypeConstructor + $dateTypeConstructor = $dateTypeConstructor.Substring(0, $dateTypeConstructor.Length -2) $dateTypeConstructor = $dateTypeConstructor + " #endregion`r`n" } Write-TokenReplacement -Token '' -Value $dateTypeConstructor -FilePath $moduleFilePath $timeTypeConstructor="" - if(-Not [String]::IsNullOrEmpty($hashtableResults.TimeTypeConstructor)) + if (-Not [String]::IsNullOrEmpty($hashtableResults.TimeTypeConstructor)) { $timeTypeConstructor = $hashtableResults.TimeTypeConstructor $timeTypeConstructor = "`r`n #region resource generator code`r`n" + $timeTypeConstructor + $timeTypeConstructor = $timeTypeConstructor.Substring(0, $timeTypeConstructor.Length -2) $timeTypeConstructor = $timeTypeConstructor + " #endregion`r`n" } Write-TokenReplacement -Token '' -Value $timeTypeConstructor -FilePath $moduleFilePath @@ -415,15 +420,15 @@ function New-M365DSCResource if ($null -ne $newKeyIdentifier ) { $newParameterString = [System.Text.StringBuilder]::New() - foreach($key in $newKeyIdentifier ) + foreach ($key in $newKeyIdentifier ) { - if($newKeyIdentifier.Count -gt 1) + if ($newKeyIdentifier.Count -gt 1) { $newParameterString.append(" ```r`n") |out-null $newParameterString.append(" ") |out-null } $keyValue = $key - if($key -eq 'BodyParameter') + if ($key -eq 'BodyParameter') { $keyValue = 'CreateParameters' } @@ -432,7 +437,7 @@ function New-M365DSCResource [String]$newKeyIdentifier = $newParameterString.ToString() } $odataType=$null - if($true)#$isAdditionalProperty) + if ($true)#$isAdditionalProperty) { $odataType=" `$CreateParameters.Add(`"@odata.type`", `"#microsoft.graph.$SelectedODataType`")`r`n" } @@ -463,16 +468,16 @@ function New-M365DSCResource } $trailingCharRemoval="" - if($cimInstances.count -gt 0) + if ($cimInstances.count -gt 0) { $trailingCharRemoval=@' #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable - $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) - $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace("`r`n;`r`n" , "`r`n" ) '@ } $requiredKey = '' - if(-not [String]::IsNullOrEmpty($alternativeKey)) + if (-not [String]::IsNullOrEmpty($alternativeKey)) { $requiredKey = "`r`n DisplayName = `$config.DisplayName" } @@ -486,7 +491,7 @@ function New-M365DSCResource $updateVerb='Update' $updateCmdlet=Find-MgGraphCommand -Command "$updateVerb-$CmdLetNoun" -ApiVersion $ApiVersion -errorAction SilentlyContinue - if($null -eq $updateCmdlet) + if ($null -eq $updateCmdlet) { $updateVerb='Set' } @@ -497,19 +502,19 @@ function New-M365DSCResource if ($null -ne $updateKeyIdentifier ) { $updateParameterString = [System.Text.StringBuilder]::New() - foreach($key in $updateKeyIdentifier ) + foreach ($key in $updateKeyIdentifier ) { - if($updateKeyIdentifier.Count -gt 1) + if ($updateKeyIdentifier.Count -gt 1) { $updateParameterString.append(" ```r`n") |out-null $updateParameterString.append(" ") |out-null } $keyValue = $key - if($key -eq 'BodyParameter') + if ($key -eq 'BodyParameter') { $keyValue = 'UpdateParameters' } - if($key -eq "$($actualtype)Id") + if ($key -eq "$($actualtype)Id") { $keyValue = 'currentInstance.'+$primaryKey } @@ -518,7 +523,7 @@ function New-M365DSCResource [String]$updateKeyIdentifier = $updateParameterString.ToString() } $odataType=$null - if($true)#$isAdditionalProperty) + if ($true)#$isAdditionalProperty) { $odataType=" `$UpdateParameters.Add(`"@odata.type`", `"#microsoft.graph.$SelectedODataType`")`r`n" } @@ -533,15 +538,15 @@ function New-M365DSCResource if ($null -ne $removeKeyIdentifier ) { $removeParameterString = [System.Text.StringBuilder]::New() - foreach($key in $removeKeyIdentifier ) + foreach ($key in $removeKeyIdentifier ) { - if($removeKeyIdentifier.Count -gt 1) + if ($removeKeyIdentifier.Count -gt 1) { $removeParameterString.append(" ```r`n") |out-null $removeParameterString.append(" ") |out-null } $keyValue = $key - if($removeKeyIdentifier.Count -eq 1) + if ($removeKeyIdentifier.Count -eq 1) { $keyValue='currentInstance.'+$primaryKey } @@ -565,7 +570,7 @@ function New-M365DSCResource $AssignmentsGet += " {`r`n" $AssignmentsGet += " `$assignmentValue = @{`r`n" $AssignmentsGet += " dataType = `$assignmentEntry.Target.AdditionalProperties.'@odata.type'`r`n" - $AssignmentsGet += " deviceAndAppManagementAssignmentFilterType = `$(if(`$null -ne `$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType)`r`n" + $AssignmentsGet += " deviceAndAppManagementAssignmentFilterType = `$(if (`$null -ne `$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType)`r`n" $AssignmentsGet += " {`$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()})`r`n" $AssignmentsGet += " deviceAndAppManagementAssignmentFilterId = `$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId`r`n" $AssignmentsGet += " groupId = `$assignmentEntry.Target.AdditionalProperties.groupId`r`n" @@ -576,25 +581,26 @@ function New-M365DSCResource $AssignmentsRemove += " `$PSBoundParameters.Remove(`"Assignments`") | Out-Null`r`n" - $AssignmentsNew += " `$assignmentsHash=@()`r`n" - $AssignmentsNew += " foreach(`$assignment in `$Assignments)`r`n" + $AssignmentsNew += " `$assignmentsHash = @()`r`n" + $AssignmentsNew += " foreach (`$assignment in `$Assignments)`r`n" $AssignmentsNew += " {`r`n" - $AssignmentsNew += " `$assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject `$Assignment`r`n" + $AssignmentsNew += " `$assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject `$Assignment`r`n" $AssignmentsNew += " }`r`n" $AssignmentsNew += "`r`n" - $AssignmentsNew += " if(`$policy.id)`r`n" + $AssignmentsNew += " if (`$policy.id)`r`n" $AssignmentsNew += " {`r`n" $AssignmentsNew += " Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId `$policy.id ```r`n" $AssignmentsNew += " -Targets `$assignmentsHash ```r`n" $AssignmentsNew += " -Repository '$repository'`r`n" $AssignmentsNew += " }`r`n" - $AssignmentsUpdate += " `$assignmentsHash=@()`r`n" - $AssignmentsUpdate += " foreach(`$assignment in `$Assignments)`r`n" + $AssignmentsUpdate += " `$assignmentsHash = @()`r`n" + $AssignmentsUpdate += " foreach (`$assignment in `$Assignments)`r`n" $AssignmentsUpdate += " {`r`n" - $AssignmentsUpdate += " `$assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject `$Assignment`r`n" + $AssignmentsUpdate += " `$assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject `$Assignment`r`n" $AssignmentsUpdate += " }`r`n" - $AssignmentsUpdate += " Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId `$currentInstance.id ```r`n" + $AssignmentsUpdate += " Update-DeviceConfigurationPolicyAssignment ```r`n" + $AssignmentsUpdate += " -DeviceConfigurationPolicyId `$currentInstance.id ```r`n" $AssignmentsUpdate += " -Targets `$assignmentsHash ```r`n" $AssignmentsUpdate += " -Repository '$repository'`r`n" @@ -614,40 +620,40 @@ function Update-DeviceConfigurationPolicyAssignment [Parameter()] [System.String] - `$Repository='deviceManagement/configurationPolicies', + `$Repository = 'deviceManagement/configurationPolicies', [Parameter()] [ValidateSet('v1.0','beta')] [System.String] - `$APIVersion='beta' + `$APIVersion = 'beta' ) try { - `$deviceManagementPolicyAssignments=@() - `$Uri="https://graph.microsoft.com/`$APIVersion/`$Repository/`$DeviceConfigurationPolicyId/assign" + `$deviceManagementPolicyAssignments = @() + `$Uri = "https://graph.microsoft.com/`$APIVersion/`$Repository/`$DeviceConfigurationPolicyId/assign" - foreach(`$target in `$targets) + foreach (`$target in `$targets) { - `$formattedTarget=@{"@odata.type"=`$target.dataType} - if(`$target.groupId) + `$formattedTarget = @{"@odata.type" = `$target.dataType} + if (`$target.groupId) { `$formattedTarget.Add('groupId',`$target.groupId) } - if(`$target.collectionId) + if (`$target.collectionId) { `$formattedTarget.Add('collectionId',`$target.collectionId) } - if(`$target.deviceAndAppManagementAssignmentFilterType) + if (`$target.deviceAndAppManagementAssignmentFilterType) { `$formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',`$target.deviceAndAppManagementAssignmentFilterType) } - if(`$target.deviceAndAppManagementAssignmentFilterId) + if (`$target.deviceAndAppManagementAssignmentFilterId) { `$formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',`$target.deviceAndAppManagementAssignmentFilterId) } - `$deviceManagementPolicyAssignments+=@{'target'= `$formattedTarget} + `$deviceManagementPolicyAssignments += @{'target' = `$formattedTarget} } - `$body=@{'assignments'=`$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + `$body = @{'assignments' = `$deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 #write-verbose -Message `$body Invoke-MgGraphRequest -Method POST -Uri `$Uri -Body `$body -ErrorAction Stop } @@ -680,7 +686,7 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments '@ $AssignmentsProperty = " [Write, Description(`"Represents the assignment to the Intune policy.`"), EmbeddedInstance(`"MSFT_DeviceManagementConfigurationPolicyAssignments`")] String Assignments[];`r`n" $AssignmentsConvertComplexToString = @" - if(`$Results.Assignments) + if (`$Results.Assignments) { `$complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject `$Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if (`$complexTypeStringResult) @@ -1203,7 +1209,7 @@ function Get-TypeProperties ) $namespace=$CmdletDefinition|Where-Object -FilterScript {$_.EntityType.Name -contains $Entity} - if($null -eq $namespace) + if ($null -eq $namespace) { $namespace=$CmdletDefinition|Where-Object -FilterScript {$_.ComplexType.Name -contains $Entity} } @@ -1215,30 +1221,30 @@ function Get-TypeProperties $isComplex=$false $entityType=$namespace.EntityType|Where-Object -FilterScript{$_.Name -eq $baseType} $isAbstract=$false - if($entityType.Abstract -eq 'True') + if ($entityType.Abstract -eq 'True') { $isAbstract=$true } - if($null -eq $entityType) + if ($null -eq $entityType) { $isComplex=$true $entityType=$namespace.ComplexType|Where-Object -FilterScript{$_.Name -eq $baseType} - #if($entityType.Abstract -eq 'true') - if($null -eq $entityType.BaseType) + #if ($entityType.Abstract -eq 'true') + if ($null -eq $entityType.BaseType) { $isAbstract=$true } } - if($null -ne $entityType.Property) + if ($null -ne $entityType.Property) { $rawProperties=$entityType.Property - foreach($property in $rawProperties) + foreach ($property in $rawProperties) { $IsRootProperty=$false - if(($entityType.BaseType -eq "graph.Entity") -or ($entityType.Name -eq "entity") -or $isAbstract) + if (($entityType.BaseType -eq "graph.Entity") -or ($entityType.Name -eq "entity") -or $isAbstract) { $IsRootProperty=$true } @@ -1249,7 +1255,7 @@ function Get-TypeProperties $myProperty.Add('IsRootProperty',$IsRootProperty) $myProperty.Add('ParentType',$entityType.Name) $description = '' - if(-not [String]::IsNullOrWhiteSpace($property.Annotation.String)) + if (-not [String]::IsNullOrWhiteSpace($property.Annotation.String)) { $description =$property.Annotation.String.replace('"',"'") $description =$description -replace '[^\p{L}\p{Nd}/(/}/_ -.,=:)'']', '' @@ -1257,7 +1263,7 @@ function Get-TypeProperties else { $annotation = $CmdletDefinition.Annotations | where-object -FilterScript {$_.Target -like "microsoft.graph.$($property.ParentNode.Name)/$($property.Name)" } - if(-not [String]::IsNullOrWhiteSpace($annotation.Annotation.String)) + if (-not [String]::IsNullOrWhiteSpace($annotation.Annotation.String)) { $description =$annotation.Annotation.String.replace('"',"'") $description =$description -replace '[^\p{L}\p{Nd}/(/}/_ -.,=:)'']', '' @@ -1270,22 +1276,22 @@ function Get-TypeProperties $properties+=$myProperty } } - if($isComplex) + if ($isComplex) { $abstractType=$namespace.ComplexType|Where-Object -FilterScript {$_.BaseType -eq "graph.$baseType"} - foreach($subType in $abstractType) + foreach ($subType in $abstractType) { $rawProperties=$subType.Property - foreach($property in $rawProperties) + foreach ($property in $rawProperties) { $IsRootProperty=$false - if($entityType.BaseType -eq "graph.Entity" -or $entityType.Name -eq "entity" ) + if ($entityType.BaseType -eq "graph.Entity" -or $entityType.Name -eq "entity" ) { $IsRootProperty=$true } - if($property.Name -notin ($properties.Name)) + if ($property.Name -notin ($properties.Name)) { $myProperty = @{} $myProperty.Add('Name',$property.Name) @@ -1293,7 +1299,7 @@ function Get-TypeProperties $myProperty.Add('IsRootProperty',$false) $myProperty.Add('ParentType',$entityType.Name) $description = '' - if(-not [String]::IsNullOrWhiteSpace($property.Annotation.String)) + if (-not [String]::IsNullOrWhiteSpace($property.Annotation.String)) { $description =$property.Annotation.String.replace('"',"'") $description =$description -replace '[^\p{L}\p{Nd}/(/}/_ -.,=:)'']', '' @@ -1301,7 +1307,7 @@ function Get-TypeProperties else { $annotation = $CmdletDefinition.Annotations | where-object -FilterScript {$_.Target -like "microsoft.graph.$($property.ParentNode.Name)/$($property.Name)" } - if(-not [String]::IsNullOrWhiteSpace($annotation.Annotation.String)) + if (-not [String]::IsNullOrWhiteSpace($annotation.Annotation.String)) { $description =$annotation.Annotation.String.replace('"',"'") $description =$description -replace '[^\p{L}\p{Nd}/(/}/_ -.,=:)'']', '' @@ -1314,7 +1320,7 @@ function Get-TypeProperties } } - if(([Array]$abstractType.Name).Count -gt 0) + if (([Array]$abstractType.Name).Count -gt 0) { $myProperty = @{} $myProperty.Add('Name','@odata.type') @@ -1328,13 +1334,13 @@ function Get-TypeProperties } } - if($IncludeNavigationProperties -and $null -ne $entityType.NavigationProperty) + if ($IncludeNavigationProperties -and $null -ne $entityType.NavigationProperty) { $rawProperties=$entityType.NavigationProperty - foreach($property in $rawProperties) + foreach ($property in $rawProperties) { $IsRootProperty=$false - if($entityType.BaseType -eq "graph.Entity" -or $entityType.Name -eq "entity" ) + if ($entityType.BaseType -eq "graph.Entity" -or $entityType.Name -eq "entity" ) { $IsRootProperty=$true } @@ -1352,7 +1358,7 @@ function Get-TypeProperties } $baseType=$null - if(-not [String]::IsNullOrEmpty($entityType.BaseType)) + if (-not [String]::IsNullOrEmpty($entityType.BaseType)) { $baseType=$entityType.BaseType.replace('graph.','') } @@ -1361,19 +1367,19 @@ function Get-TypeProperties # Enrich properties $result=@() - foreach($property in $properties) + foreach ($property in $properties) { $derivedType=$property.Type #Array $isArray=$false $isEnum=$false - if($derivedType -eq 'Custom.Enum') + if ($derivedType -eq 'Custom.Enum') { $isEnum=$true } $isComplex=$false - if($derivedType -like "Collection(*)") + if ($derivedType -like "Collection(*)") { $isArray=$true $derivedType=$derivedType.Replace('Collection(','').replace(')','') @@ -1384,11 +1390,11 @@ function Get-TypeProperties #} #DerivedType - if($derivedType -like ('graph.*')) + if ($derivedType -like ('graph.*')) { $derivedType=$derivedType.Replace('graph.','') #Enum - if($derivedType -in $namespace.EnumType.Name) + if ($derivedType -in $namespace.EnumType.Name) { $isEnum=$true $enumType=$namespace.EnumType | where-Object -FilterScript {$_.Name -eq $derivedType} @@ -1397,12 +1403,12 @@ function Get-TypeProperties } #Complex - if(($derivedType -in $namespace.ComplexType.Name) -or ($property.IsNavigationProperty)) + if (($derivedType -in $namespace.ComplexType.Name) -or ($property.IsNavigationProperty)) { $complexName=$property.Name+"-"+$property.Type $isComplex=$true - if($complexName -notin $global:ComplexList) + if ($complexName -notin $global:ComplexList) { #$global:ComplexList+= $complexName @@ -1415,26 +1421,26 @@ function Get-TypeProperties } } } - if($derivedType -like ('Edm.*')) + if ($derivedType -like ('Edm.*')) { $derivedType=$derivedType.Replace('Edm','System') - if($derivedType -like ('*.TimeOfDay')) + if ($derivedType -like ('*.TimeOfDay')) { $derivedType='System.TimeSpan' } - if($derivedType -like ('*.Date')) + if ($derivedType -like ('*.Date')) { $derivedType='System.DateTime' } } - if($cimClasses -contains "MSFT_$Workload$derivedType") + if ($cimClasses -contains "MSFT_$Workload$derivedType") { $cimCounter = ([Array]($CimClasses | where-object {$_ -like "MSFT_$Workload$derivedType*"})).count $derivedType += $cimCounter.ToString() } - if($isEnum) + if ($isEnum) { $derivedType='System.String' } @@ -1462,20 +1468,20 @@ function Get-Microsoft365DSCModuleCimClass $resources = (Get-ChildItem $resourcesPath).FullName $resources = $resources | Where-Object -FilterScript {$_ -notlike "*MSFT_$ResourceName.schema.mof"} $cimClasses = @() - foreach($resource in $resources) + foreach ($resource in $resources) { $text = Get-Content $resource - foreach($line in $text) + foreach ($line in $text) { - if($line -like "class MSFT_*") + if ($line -like "class MSFT_*") { $class = $line.replace("class ","").replace("Class ","") - if($line -like "*:*") + if ($line -like "*:*") { $class = $class.split(":")[0].trim() } - if($class -notin $cimClasses) + if ($class -notin $cimClasses) { $cimClasses += $class } @@ -1554,7 +1560,7 @@ function Get-ComplexTypeConstructorToString $valuePrefix = "getValue." $referencePrefix = "getValue." - if($isNested) + if ($isNested) { #$valuePrefix = "`$current$propertyName." $valuePrefix = "$ParentPropertyValuePath" @@ -1563,61 +1569,58 @@ function Get-ComplexTypeConstructorToString } $loopPropertyName= $Property.Name - if($isParentfromAdditionalProperties) + if ($isParentfromAdditionalProperties) { $loopPropertyName=Get-StringFirstCharacterToLower -Value $loopPropertyName } - if($Property.IsRootProperty -eq $false ) + if ($Property.IsRootProperty -eq $false -and -not $IsNested) { $loopPropertyName=Get-StringFirstCharacterToLower -Value $Property.Name $propertyName = Get-StringFirstCharacterToLower -Value $Property.Name - if(-not $IsNested) - { - $valuePrefix += "AdditionalProperties." - $referencePrefix += "AdditionalProperties." - } + $valuePrefix += "AdditionalProperties." + $referencePrefix += "AdditionalProperties." } $referencePrefix += "$propertyName." - if($property.IsArray) + if ($property.IsArray) { $tempPropertyName="my$propertyName" - if($isNested) + if ($isNested) { $valuePrefix=$ParentPropertyValuePath - if($null -eq $valuePrefix) + if ($null -eq $valuePrefix) { $propRoot=$ParentPropertyName.replace("my","") $valuePrefix="current$propRoot." - if($property.IsRootProperty -eq $false -and -not $IsNested) + if ($property.IsRootProperty -eq $false -and -not $IsNested) { $valuePrefix += "AdditionalProperties." } } } $iterationPropertyName="current$propertyName" - $complexString.appendLine( $spacing + "`$$returnPropertyName" + " = @()") | Out-Null - $complexString.appendLine( $spacing + "foreach(`$$iterationPropertyName in `$$valuePrefix" + $loopPropertyName + ")" ) | Out-Null - $complexString.appendLine( $spacing + "{" ) | Out-Null + $complexString.appendLine($spacing + "`$$returnPropertyName" + " = @()") | Out-Null + $complexString.appendLine($spacing + "foreach (`$$iterationPropertyName in `$$valuePrefix" + $loopPropertyName + ")" ) | Out-Null + $complexString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount } - $complexString.appendLine( $spacing + "`$$tempPropertyName" + " = @{}") | Out-Null + $complexString.appendLine($spacing + "`$$tempPropertyName" + " = @{}") | Out-Null - foreach($nestedProperty in $property.Properties) + foreach ($nestedProperty in $property.Properties) { $nestedPropertyName = Get-StringFirstCharacterToUpper -Value $nestedProperty.Name - if($nestedPropertyName -eq '@odata.type') + if ($nestedPropertyName -eq '@odata.type') { $nestedPropertyName = 'odataType' } $valuePrefix = "getValue." - if($Property.IsArray) + if ($Property.IsArray) { $valuePrefix = "$iterationPropertyName." } - if($isNested -and -not $Property.IsArray) + if ($isNested -and -not $Property.IsArray) { $propRoot=$ParentPropertyName.replace("my","") #$valuePrefix = "current$propRoot." @@ -1625,36 +1628,36 @@ function Get-ComplexTypeConstructorToString #$recallProperty=$propertyName $recallProperty='' - if($isParentfromAdditionalProperties) + if ($isParentfromAdditionalProperties) { $recallProperty=Get-StringFirstCharacterToLower -Value $propertyName } $valuePrefix += "$recallProperty." } $AssignedPropertyName = $nestedProperty.Name - if($nestedProperty.IsRootProperty -eq $false -and -not $IsNested) + if ($nestedProperty.IsRootProperty -eq $false -and -not $IsNested) { $valuePrefix += "AdditionalProperties." } - if($nestedProperty.IsRootProperty -eq $false -or $IsParentFromAdditionalProperties) + if ($nestedProperty.IsRootProperty -eq $false -or $IsParentFromAdditionalProperties) { $AssignedPropertyName = Get-StringFirstCharacterToLower -Value $nestedProperty.Name } - if( $AssignedPropertyName.contains("@")) + if ($AssignedPropertyName.contains("@")) { $AssignedPropertyName="'$AssignedPropertyName'" } - if((-not $isNested) -and (-not $Property.IsArray) -and ([String]::IsNullOrWhiteSpace($ParentPropertyValuePath))) + if ((-not $isNested) -and (-not $Property.IsArray) -and ([String]::IsNullOrWhiteSpace($ParentPropertyValuePath))) { $valuePrefix += "$propertyName." } - if($nestedProperty.IsComplexType) + if ($nestedProperty.IsComplexType) { $complexName=$Property.Name+"-"+$nestedProperty.Type - #if($complexName -notin $global:ComplexList) + #if ($complexName -notin $global:ComplexList) #{ $global:ComplexList+= $complexName @@ -1667,79 +1670,79 @@ function Get-ComplexTypeConstructorToString -ParentPropertyValuePath $referencePrefix ` -IsParentFromAdditionalProperties (-not $Property.IsRootProperty) - $complexString.append( $nestedString ) | Out-Null + $complexString.append($nestedString ) | Out-Null #} } else { - if($nestedProperty.Type -like "*.Date*") + if ($nestedProperty.Type -like "*.Date*") { $nestedPropertyType=$nestedProperty.Type.split(".")|select-object -last 1 - $complexString.appendLine( $spacing + "if(`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null - $complexString.appendLine( $spacing + "{" ) | Out-Null + $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + $complexString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount $AssignedPropertyName += ").ToString('$DateFormat')" - $complexString.appendLine( $spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null $IndentCount -- $spacing = $indent * $IndentCount - $complexString.appendLine( $spacing + "}" ) | Out-Null + $complexString.appendLine($spacing + "}" ) | Out-Null } - elseif($nestedProperty.Type -like "*.Time*") + elseif ($nestedProperty.Type -like "*.Time*") { $nestedPropertyType=$nestedProperty.Type.split(".")|select-object -last 1 - $complexString.appendLine( $spacing + "if(`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null - $complexString.appendLine( $spacing + "{" ) | Out-Null + $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + $complexString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount $AssignedPropertyName += ").ToString()" - $complexString.appendLine( $spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null $IndentCount -- $spacing = $indent * $IndentCount - $complexString.appendLine( $spacing + "}" ) | Out-Null + $complexString.appendLine($spacing + "}" ) | Out-Null } else { - if($nestedProperty.IsEnumType) + if ($nestedProperty.IsEnumType) { - if($isNested) + if ($isNested) { - $complexString.appendLine( $spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null } else { - $complexString.appendLine( $spacing + "if (`$null -ne `$$referencePrefix$AssignedPropertyName)" ) | Out-Null + $complexString.appendLine($spacing + "if (`$null -ne `$$referencePrefix$AssignedPropertyName)" ) | Out-Null } - $complexString.appendLine( $spacing + "{" ) | Out-Null + $complexString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount - if($isNested) + if ($isNested) { - $complexString.append( $spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', `$$valuePrefix$AssignedPropertyName.toString()" ) | Out-Null + $complexString.append($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', `$$valuePrefix$AssignedPropertyName.toString()" ) | Out-Null } else { - $complexString.append( $spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', `$$referencePrefix$AssignedPropertyName.toString()" ) | Out-Null + $complexString.append($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', `$$referencePrefix$AssignedPropertyName.toString()" ) | Out-Null } - $complexString.append( ")`r`n" ) | Out-Null + $complexString.append(")`r`n" ) | Out-Null $IndentCount -- $spacing = $indent * $IndentCount - $complexString.appendLine( $spacing + "}" ) | Out-Null + $complexString.appendLine($spacing + "}" ) | Out-Null } else { - if($isNested) + if ($isNested) { - $complexString.appendLine( $spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', `$$valuePrefix$AssignedPropertyName)" ) | Out-Null } else { - $complexString.appendLine( $spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', `$$referencePrefix$AssignedPropertyName)" ) | Out-Null + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', `$$referencePrefix$AssignedPropertyName)" ) | Out-Null } } @@ -1747,37 +1750,37 @@ function Get-ComplexTypeConstructorToString } } - if($property.IsArray) + if ($property.IsArray) { - $complexString.appendLine( $spacing + "if(`$$tempPropertyName.values.Where({ `$null -ne `$_ }).count -gt 0)" ) | Out-Null - $complexString.appendLine( $spacing + "{" ) | Out-Null + $complexString.appendLine($spacing + "if (`$$tempPropertyName.values.Where({`$null -ne `$_}).count -gt 0)" ) | Out-Null + $complexString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount - $complexString.appendLine( $spacing + "`$$returnPropertyName += `$$tempPropertyName" ) | Out-Null + $complexString.appendLine($spacing + "`$$returnPropertyName += `$$tempPropertyName" ) | Out-Null $IndentCount -- $spacing = $indent * $IndentCount - $complexString.appendLine( $spacing + "}" ) | Out-Null + $complexString.appendLine($spacing + "}" ) | Out-Null $IndentCount -- $spacing = $indent * $IndentCount - $complexString.appendLine( $spacing + "}" ) | Out-Null - if($IsNested) + $complexString.appendLine($spacing + "}" ) | Out-Null + if ($IsNested) { - $complexString.appendLine( $spacing + "`$$ParentPropertyName" +".Add('$propertyName',`$$returnPropertyName" +")" ) | Out-Null + $complexString.appendLine($spacing + "`$$ParentPropertyName" +".Add('$propertyName',`$$returnPropertyName" +")" ) | Out-Null } } else { - $complexString.appendLine( $spacing + "if(`$$tempPropertyName.values.Where({ `$null -ne `$_ }).count -eq 0)" ) | Out-Null - $complexString.appendLine( $spacing + "{" ) | Out-Null + $complexString.appendLine($spacing + "if (`$$tempPropertyName.values.Where({`$null -ne `$_}).count -eq 0)" ) | Out-Null + $complexString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount - $complexString.appendLine( $spacing + "`$$returnPropertyName = `$null" ) | Out-Null + $complexString.appendLine($spacing + "`$$returnPropertyName = `$null" ) | Out-Null $IndentCount -- $spacing = $indent * $IndentCount - $complexString.appendLine( $spacing + "}" ) | Out-Null - if($IsNested) + $complexString.appendLine($spacing + "}" ) | Out-Null + if ($IsNested) { - $complexString.appendLine( $spacing + "`$$ParentPropertyName" +".Add('$propertyName',`$$returnPropertyName" +")" ) | Out-Null + $complexString.appendLine($spacing + "`$$ParentPropertyName" +".Add('$propertyName',`$$returnPropertyName" +")" ) | Out-Null } } @@ -1820,35 +1823,35 @@ function Get-DateTypeConstructorToString $propertyType=$Property.Type.split(".")|select-object -last 1 - if($Property.IsRootProperty -eq $false) + if ($Property.IsRootProperty -eq $false) { $propertyName = Get-StringFirstCharacterToLower -Value $Property.Name $valuePrefix += "AdditionalProperties." } - if($property.IsArray) + if ($property.IsArray) { - $dateString.appendLine( $spacing + "`$$returnPropertyName" + " = @()") | Out-Null - $dateString.appendLine( $spacing + "foreach(`$current$propertyName in `$$valuePrefix$PropertyName)" ) | Out-Null - $dateString.appendLine( $spacing + "{" ) | Out-Null + $dateString.appendLine($spacing + "`$$returnPropertyName" + " = @()") | Out-Null + $dateString.appendLine($spacing + "foreach (`$current$propertyName in `$$valuePrefix$PropertyName)" ) | Out-Null + $dateString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount - $dateString.appendLine( $spacing + "`$$returnPropertyName += ([$propertyType]`$current$propertyName).ToString('$DateFormat')") | Out-Null + $dateString.appendLine($spacing + "`$$returnPropertyName += ([$propertyType]`$current$propertyName).ToString('$DateFormat')") | Out-Null $IndentCount -- $spacing = $indent * $IndentCount - $dateString.appendLine( $spacing + "}" ) | Out-Null + $dateString.appendLine($spacing + "}" ) | Out-Null } else { - $dateString.appendLine( $spacing + "`$$returnPropertyName" + " = `$null") | Out-Null - $dateString.appendLine( $spacing + "if (`$null -ne `$$valuePrefix$PropertyName)" ) | Out-Null - $dateString.appendLine( $spacing + "{" ) | Out-Null + $dateString.appendLine($spacing + "`$$returnPropertyName" + " = `$null") | Out-Null + $dateString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$PropertyName)" ) | Out-Null + $dateString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount - $dateString.appendLine( $spacing + "`$$returnPropertyName = ([$propertyType]`$$valuePrefix$PropertyName).ToString('$DateFormat')") | Out-Null + $dateString.appendLine($spacing + "`$$returnPropertyName = ([$propertyType]`$$valuePrefix$PropertyName).ToString('$DateFormat')") | Out-Null $IndentCount -- $spacing = $indent * $IndentCount - $dateString.appendLine( $spacing + "}" ) | Out-Null + $dateString.appendLine($spacing + "}" ) | Out-Null } return $dateString.ToString() @@ -1890,35 +1893,35 @@ function Get-TimeTypeConstructorToString $propertyType=$Property.Type.split(".")|select-object -last 1 - if($Property.IsRootProperty -eq $false) + if ($Property.IsRootProperty -eq $false) { $propertyName = Get-StringFirstCharacterToLower -Value $Property.Name $valuePrefix += "AdditionalProperties." } - if($property.IsArray) + if ($property.IsArray) { - $timeString.appendLine( $spacing + "`$$returnPropertyName" + " = @()") | Out-Null - $timeString.appendLine( $spacing + "foreach(`$current$propertyName in `$$valuePrefix$PropertyName)" ) | Out-Null - $timeString.appendLine( $spacing + "{" ) | Out-Null + $timeString.appendLine($spacing + "`$$returnPropertyName" + " = @()") | Out-Null + $timeString.appendLine($spacing + "foreach (`$current$propertyName in `$$valuePrefix$PropertyName)" ) | Out-Null + $timeString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount - $timeString.appendLine( $spacing + "`$$returnPropertyName += ([$propertyType]`$current$propertyName).ToString()") | Out-Null + $timeString.appendLine($spacing + "`$$returnPropertyName += ([$propertyType]`$current$propertyName).ToString()") | Out-Null $IndentCount -- $spacing = $indent * $IndentCount - $timeString.appendLine( $spacing + "}" ) | Out-Null + $timeString.appendLine($spacing + "}" ) | Out-Null } else { - $timeString.appendLine( $spacing + "`$$returnPropertyName" + " = `$null") | Out-Null - $timeString.appendLine( $spacing + "if (`$null -ne `$$valuePrefix$PropertyName)" ) | Out-Null - $timeString.appendLine( $spacing + "{" ) | Out-Null + $timeString.appendLine($spacing + "`$$returnPropertyName" + " = `$null") | Out-Null + $timeString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$PropertyName)" ) | Out-Null + $timeString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount - $timeString.appendLine( $spacing + "`$$returnPropertyName = ([$propertyType]`$$valuePrefix$PropertyName).ToString()") | Out-Null + $timeString.appendLine($spacing + "`$$returnPropertyName = ([$propertyType]`$$valuePrefix$PropertyName).ToString()") | Out-Null $IndentCount -- $spacing = $indent * $IndentCount - $timeString.appendLine( $spacing + "}" ) | Out-Null + $timeString.appendLine($spacing + "}" ) | Out-Null } return $timeString.ToString() @@ -1954,21 +1957,21 @@ function Get-EnumTypeConstructorToString $propertyName = Get-StringFirstCharacterToUpper -Value $Property.Name $returnPropertyName= "enum"+ $propertyName - if($Property.IsRootProperty -eq $false) + if ($Property.IsRootProperty -eq $false) { $propertyName = Get-StringFirstCharacterToLower -Value $Property.Name $valuePrefix += "AdditionalProperties." } - $enumString.appendLine( $spacing + "`$$returnPropertyName" + " = `$null") | Out-Null - $enumString.appendLine( $spacing + "if (`$null -ne `$$valuePrefix$PropertyName)" ) | Out-Null - $enumString.appendLine( $spacing + "{" ) | Out-Null + $enumString.appendLine($spacing + "`$$returnPropertyName" + " = `$null") | Out-Null + $enumString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$PropertyName)" ) | Out-Null + $enumString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount - $enumString.appendLine( $spacing + "`$$returnPropertyName = `$$valuePrefix$PropertyName.ToString()") | Out-Null + $enumString.appendLine($spacing + "`$$returnPropertyName = `$$valuePrefix$PropertyName.ToString()") | Out-Null $IndentCount -- $spacing = $indent * $IndentCount - $enumString.appendLine( $spacing + "}" ) | Out-Null + $enumString.appendLine($spacing + "}" ) | Out-Null return $enumString.ToString() @@ -2288,7 +2291,7 @@ function Get-M365DSCFakeValues foreach ($parameter in $parameters) { - if($null -ne (Get-Variable hashValue -ErrorAction SilentlyContinue)) + if ($null -ne (Get-Variable hashValue -ErrorAction SilentlyContinue)) { try { @@ -2297,21 +2300,21 @@ function Get-M365DSCFakeValues catch {} } $parameterName = $parameter.Name - if($parameter.Name -eq "@odata.type" -and $IsGetTargetResource) + if ($parameter.Name -eq "@odata.type" -and $IsGetTargetResource) { $parameterName = 'odataType' } - if($parameter.IsComplexType) + if ($parameter.IsComplexType) { [hashtable]$hashValue = @{} $propertyType = $workload + $parameter.Type - if($IsGetTargetResource) + if ($IsGetTargetResource) { $propertyType = "MSFT_$propertyType" $hashValue.add('CIMType', $propertyType) } $IsParentFromAdditionalProperties=$false - if(-not $parameter.IsRootProperty) + if (-not $parameter.IsRootProperty) { $IsParentFromAdditionalProperties=$true } @@ -2338,13 +2341,13 @@ function Get-M365DSCFakeValues if ($parameter.Members) { $fakeValue = $parameter.Members[0] - if($parameter.Name -eq "@odata.type") + if ($parameter.Name -eq "@odata.type") { $fakeValue = "#microsoft.graph." + $parameter.Members[0] } } $hashValue = $fakeValue - if($parameter.IsArray) + if ($parameter.IsArray) { [string[]]$hashValue = @($fakeValue) } @@ -2417,7 +2420,7 @@ function Get-M365DSCFakeValues } else { - if($IsParentFromAdditionalProperties) + if ($IsParentFromAdditionalProperties) { $parameterName = Get-StringFirstCharacterToLower -Value $parameterName } @@ -2425,12 +2428,12 @@ function Get-M365DSCFakeValues } } } - if(-not [String]::isNullorEmpty($AdditionalPropertiesType)) + if (-not [String]::isNullorEmpty($AdditionalPropertiesType)) { $additionalProperties.Add('@odata.type', '#microsoft.graph.' + $AdditionalPropertiesType) } - if($additionalProperties.count -gt 0) + if ($additionalProperties.count -gt 0) { $result.Add('AdditionalProperties', $additionalProperties) } @@ -2574,6 +2577,24 @@ function Get-M365DSCResourcePermission ) $readPermissionsNames = (Find-MgGraphCommand -Command "Get-$CmdLetNoun" -ApiVersion $ApiVersion| Select-Object -First 1 -ExpandProperty Permissions).Name + $leastReadPermissions = @() + + foreach ($permission in $readPermissionsNames) + { + $splitPermission = $permission.Split('.') + if ($splitPermission[1] -eq 'ReadWrite') + { + if ($readPermissionsNames -notcontains "$($splitPermission[0]).Read.$($splitPermission[2])") + { + $leastReadPermissions += $permission + } + } + else + { + $leastReadPermissions += $permission + } + } + $updatePermissionsNames = (Find-MgGraphCommand -Command "$UpdateVerb-$CmdLetNoun" -ApiVersion $ApiVersion | Select-Object -First 1 -ExpandProperty Permissions).Name switch ($Workload) @@ -2589,7 +2610,7 @@ function Get-M365DSCResourcePermission } $readPermissions = @() - foreach ($permission in $readPermissionsNames) + foreach ($permission in $leastReadPermissions) { $readPermissions += @{'name' = $permission } } @@ -2634,7 +2655,7 @@ function Get-M365DSCDRGCimInstancesSchemaStringContent $stringResult = '' $cimInstanceType = Get-StringFirstCharacterToUpper -Value $cimInstance.Type - if ( $cimInstanceType -notin $Global:AlreadyFoundInstances) + if ($cimInstanceType -notin $Global:AlreadyFoundInstances) { $stringResult += "[ClassVersion(`"1.0.0`")]`r`n" $stringResult += 'class MSFT_' + $Workload + $cimInstanceType + "`r`n" @@ -2648,7 +2669,7 @@ function Get-M365DSCDRGCimInstancesSchemaStringContent if ($property.IsComplexType) { - if ( $propertyType -notin $Global:AlreadyFoundInstances) + if ($propertyType -notin $Global:AlreadyFoundInstances) { $Global:AlreadyFoundInstances += $cimInstanceType @@ -2676,7 +2697,7 @@ function Get-M365DSCDRGCimInstancesSchemaStringContent $mySet = '' foreach ($member in $property.Members) { - if($property.Name -eq "@odata.type") + if ($property.Name -eq "@odata.type") { $member="#microsoft.graph."+$member } @@ -2686,7 +2707,7 @@ function Get-M365DSCDRGCimInstancesSchemaStringContent $propertySet = ", ValueMap{$mySet}, Values{$mySet}" } $propertyName = $property.Name - if($property.Name -eq "@odata.type") + if ($property.Name -eq "@odata.type") { $propertyName="odataType" } @@ -2704,7 +2725,7 @@ function Get-M365DSCDRGCimInstancesSchemaStringContent } $stringResult += "};`r`n" $stringResult += $nestedResults - if ( $cimInstanceType -notin $Global:AlreadyFoundInstances) + if ($cimInstanceType -notin $Global:AlreadyFoundInstances) { $Global:AlreadyFoundInstances += $cimInstanceType } @@ -2985,7 +3006,7 @@ function Get-ComplexTypeMapping $complexMapping = @() $propertyType = Get-StringFirstCharacterToUpper -Value $Property.Type $isRequired=$false - if($property.Description -like "* Required.*") + if ($property.Description -like "* Required.*") { $isRequired=$true } @@ -2995,10 +3016,10 @@ function Get-ComplexTypeMapping IsRequired = $isRequired } $complexMapping += $map - foreach($nestedProperty in $property.Properties) + foreach ($nestedProperty in $property.Properties) { - if($nestedProperty.IsComplexType) + if ($nestedProperty.IsComplexType) { $complexMapping += Get-ComplexTypeMapping -Property $nestedProperty -Workload $Workload } @@ -3077,10 +3098,10 @@ function New-M365HashTableMapping $global:ComplexList = $null [Array]$complexMapping = Get-ComplexTypeMapping -Property $property -Workload $Workload $complexMappingString = [System.Text.StringBuilder]::New() - if($complexMapping.count -gt 1) + if ($complexMapping.count -gt 1) { $complexMappingString.appendLine(" `$complexMapping = @(") | out-null - foreach($map in $complexMapping) + foreach ($map in $complexMapping) { $complexMappingString.appendLine(" @{")| out-null $complexMappingString.appendLine(" Name = '" + $map.Name + "'")| out-null @@ -3091,22 +3112,22 @@ function New-M365HashTableMapping $complexMappingString.appendLine(" )")| out-null } - $convertToString += " if ( `$null -ne `$Results.$parameterName)`r`n" + $convertToString += " if (`$null -ne `$Results.$parameterName)`r`n" $convertToString += " {`r`n" - if(-Not ([String]::IsNullOrEmpty($complexMappingString.toString()))) + if (-Not ([String]::IsNullOrEmpty($complexMappingString.toString()))) { $convertToString += $complexMappingString.toString() } $convertToString += " `$complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ```r`n" $convertToString += " -ComplexObject `$Results.$parameterName ```r`n" $convertToString += " -CIMInstanceName '$CimInstanceName'" - if(-Not ([String]::IsNullOrEmpty($complexMappingString.toString()))) + if (-Not ([String]::IsNullOrEmpty($complexMappingString.toString()))) { $convertToString += " ```r`n" $convertToString += " -ComplexTypeMapping `$complexMapping`r`n" } $convertToString += "`r`n" - $convertToString += " if(-Not [String]::IsNullOrWhiteSpace(`$complexTypeStringResult))`r`n" + $convertToString += " if (-Not [String]::IsNullOrWhiteSpace(`$complexTypeStringResult))`r`n" $convertToString += " {`r`n" $convertToString += " `$Results.$parameterName = `$complexTypeStringResult`r`n" $convertToString += " }`r`n" @@ -3123,15 +3144,15 @@ function New-M365HashTableMapping } - if($property.IsEnumType) + if ($property.IsEnumType) { $enumTypeConstructor.appendLine((Get-EnumTypeConstructorToString -Property $property -IndentCount 2 -DateFormat $DateFormat)) } - if($property.Type -like "System.Date*") + if ($property.Type -like "System.Date*") { $dateTypeConstructor.appendLine((Get-DateTypeConstructorToString -Property $property -IndentCount 2 -DateFormat $DateFormat)) } - if($property.Type -like "System.Time*") + if ($property.Type -like "System.Time*") { $timeTypeConstructor.appendLine((Get-TimeTypeConstructorToString -Property $property -IndentCount 2 -DateFormat $DateFormat)) } @@ -3143,15 +3164,15 @@ function New-M365HashTableMapping { $hashtable += "`$complex$propertyName`r`n" } - elseif($property.Type -like "System.Date*") + elseif ($property.Type -like "System.Date*") { $hashtable += "`$date$propertyName`r`n" } - elseif($property.Type -like "System.Time*") + elseif ($property.Type -like "System.Time*") { $hashtable += "`$time$propertyName`r`n" } - elseif($property.IsEnumType) + elseif ($property.IsEnumType) { $hashtable += "`$enum$propertyName`r`n" } @@ -3179,14 +3200,14 @@ function New-M365HashTableMapping 'CertificateThumbprint' 'Managedidentity' ) - foreach($key in $defaultKeys) + foreach ($key in $defaultKeys) { $keyValue = "`$$key" - if($key -eq 'Ensure') + if ($key -eq 'Ensure') { $keyValue = "'Present'" } - if($key -eq 'ManagedIdentity') + if ($key -eq 'ManagedIdentity') { $keyValue = '$ManagedIdentity.IsPresent' } @@ -3288,7 +3309,7 @@ function Get-ResourceStub $stub=[System.Text.StringBuilder]::New() $version= (get-Command -Noun $cmdletNoun | select-object -Unique Version | Sort-Object -Descending | Select-Object -First 1).Version.toString() $commands = get-Command -Noun $cmdletNoun |where-object { $_.Version -eq $version } - foreach($command in $commands) + foreach ($command in $commands) { $command= get-Command -Name $command.Name |where-object { $_.Version -eq $version } $stub.AppendLine("function $($command.Name)")|out-null @@ -3300,29 +3321,29 @@ function Get-ResourceStub $i=0 $keys= ($parameters.keys) | where-object { $_ -notin $parametersToSkip } $keyCount = $keys.count - foreach($key in $keys) + foreach ($key in $keys) { $stub.AppendLine(" [Parameter()]")|out-null $name = ($parameters.$key).Name $type = ($parameters.$key).ParameterType.toString() $isArray = $false - if( $type -like "*[[\]]") + if ($type -like "*[[\]]") { $isArray = $true } - if( $type -notlike "System.*") + if ($type -notlike "System.*") { $type = "PSObject" - if($isArray) + if ($isArray) { $type += "[]" } } $stub.AppendLine(" [$type]")|out-null $stub.Append(" `$$name")|out-null - if( $i -lt $keyCount -1 ) + if ($i -lt $keyCount -1 ) { $stub.Append(",`r`n")|out-null } @@ -3352,7 +3373,7 @@ function Update-Microsoft365StubFile -Resolve) $content = Get-Content -Path $FilePath - if( ($content|select-string -pattern "function Get-$CmdletNoun$").count -eq 0) + if (($content|select-string -pattern "function Get-$CmdletNoun$").count -eq 0) { $content += "#region $CmdletNoun`r`n" + (Get-ResourceStub -CmdletNoun $CmdletNoun) + "#endregion`r`n" Set-Content -Path $FilePath -Value $content diff --git a/ResourceGenerator/Module.Template.psm1 b/ResourceGenerator/Module.Template.psm1 index e016944156..60e48be25e 100644 --- a/ResourceGenerator/Module.Template.psm1 +++ b/ResourceGenerator/Module.Template.psm1 @@ -66,7 +66,7 @@ function Get-TargetResource { Write-Verbose -Message "Could not find an with {$}" - if(-Not [string]::IsNullOrEmpty($)) + if (-Not [string]::IsNullOrEmpty($)) { $getValue = ` @@ -168,16 +168,16 @@ function Set-TargetResource $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } }<#ResourceGenerator #region resource generator code - $policy= <#NewKeyIdentifier#> + $policy = <#NewKeyIdentifier#> <#AssignmentsNew#> #endregionResourceGenerator#> } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') @@ -189,12 +189,12 @@ function Set-TargetResource $UpdateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } }<#ResourceGenerator #region resource generator code @@ -293,7 +293,6 @@ function Test-TargetResource } $ValuesToCheck.Remove($key) | Out-Null - } } @@ -440,13 +439,13 @@ function Export-TargetResource $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" + $keyToRename = @{ + "odataType" = "@odata.type" } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -456,31 +455,31 @@ function Export-TargetResource { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values return ,$result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like "*Hashtable") { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) @@ -488,7 +487,6 @@ function Export-TargetResource } $result = $hashProperties } - return $result #endregion } @@ -502,21 +500,21 @@ function Get-M365DSCDRGComplexTypeToHashtable $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like "*[[\]]") { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } @@ -526,21 +524,21 @@ function Get-M365DSCDRGComplexTypeToHashtable return ,[hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -557,7 +555,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like "*hashtable") { $keys = $ComplexObject.keys } @@ -568,16 +566,16 @@ function Get-M365DSCDRGComplexTypeToHashtable foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike "*hashtable") { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -589,7 +587,6 @@ function Get-M365DSCDRGComplexTypeToHashtable } } } - return [hashtable]$results } @@ -635,15 +632,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -651,22 +648,22 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array if ($ComplexObject.GetType().FullName -like "*[[\]]") { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { @@ -682,20 +679,20 @@ function Get-M365DSCDRGComplexTypeToString return ,$currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -711,32 +708,32 @@ function Get-M365DSCDRGComplexTypeToString $keyNotNull++ if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' $currentProperty += "@(" @@ -750,7 +747,7 @@ function Get-M365DSCDRGComplexTypeToString { if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $item ` @@ -758,7 +755,7 @@ function Get-M365DSCDRGComplexTypeToString -IndentLevel $IndentLevel ` -ComplexTypeMapping $ComplexTypeMapping ` -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -773,22 +770,22 @@ function Get-M365DSCDRGComplexTypeToString -CIMInstanceName $hashPropertyType ` -IndentLevel $IndentLevel ` -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -797,11 +794,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -812,34 +809,33 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel-1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel-2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } - return $currentProperty } @@ -857,43 +853,43 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' - ) + ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { "*.Boolean" { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } "*.String" { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key ='odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } "*.DateTime" { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } "*[[\]]" { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + " = @(" + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) { - switch -Wildcard ($item.GetType().Fullname ) + switch -Wildcard ($item.GetType().Fullname) { "*.String" { @@ -909,7 +905,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -921,7 +917,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + " = " + $Value + "`r`n" } } return $returnValue @@ -939,47 +935,46 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -989,36 +984,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1026,18 +1021,17 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { - #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" return $false } @@ -1045,18 +1039,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like "*Date*") { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1074,9 +1068,9 @@ function Compare-M365DSCComplexObject } } } - return $true } + function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] @@ -1086,14 +1080,13 @@ function Convert-M365DSCDRGComplexTypeToHashtable $ComplexObject ) - - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like "*[[\]]") { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) @@ -1104,22 +1097,21 @@ function Convert-M365DSCDRGComplexTypeToHashtable } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null + $propertyValue = $results[$key] + $results.remove($key) | Out-Null $results.add($propertyName,$propertyValue) } } From d22476a78eaf86f77ae22aece8f39ccf0affb21c Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 25 Mar 2023 15:15:32 +0000 Subject: [PATCH 029/187] minor fix --- ...uneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 | 2 +- ...FT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 | 2 +- ResourceGenerator/Module.Template.psm1 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 index c4ea456b96..a4cd3d415d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 @@ -547,7 +547,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 index 9b3c6c77b2..b45d4c08d5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 @@ -534,7 +534,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null diff --git a/ResourceGenerator/Module.Template.psm1 b/ResourceGenerator/Module.Template.psm1 index 60e48be25e..56659937cf 100644 --- a/ResourceGenerator/Module.Template.psm1 +++ b/ResourceGenerator/Module.Template.psm1 @@ -289,7 +289,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null From f7b7ee4a2aaf2f8b656f05f3962f1bb2c93403e8 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Mon, 27 Mar 2023 08:47:47 +0100 Subject: [PATCH 030/187] fix changelog --- CHANGELOG.md | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea4a578c21..2f04cb230f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,18 +10,20 @@ FIXES [#2605](https://github.com/microsoft/Microsoft365DSC/issues/2605) * DRG * Various fixes - Cleanup generated code - Fix AdditionalProperties complex constructor - Fix Read privileges in settings file + * Cleanup generated code + * Fix AdditionalProperties complex constructor + * Fix Read privileges in settings file # 1.23.322.1 +* AADRoleSetting + * Added CertificateThumbPrint and ApplicationId to the output of the Get method +* EXODistributionGroup + * Fixed an error where the name wasn't properly escaped in the Filter + FIXES [#3044](https://github.com/microsoft/Microsoft365DSC/issues/3044) * EXORoleAssignmentPolicy * Fix issue with IsDefault parameter FIXES [#2977](https://github.com/microsoft/Microsoft365DSC/issues/2977) -* IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 - * Initial Release - FIXES [#2832](https://github.com/microsoft/Microsoft365DSC/issues/2832) * IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 * Initial release FIXES [#2834](https://github.com/microsoft/Microsoft365DSC/issues/2834) @@ -50,14 +52,14 @@ Fixes[#2980](https://github.com/microsoft/Microsoft365DSC/issues/2980) * DRG * Various fixes: - Remove invalid character from description in schema.mof - Add Id as key in schema.mof - Add DisplayName as Required in schema.mof - Fix issue with nested CIM array from test unit - Remove Select-MgProfile from module - Add DisplayName as Mandatory in module - Fix issue with AdditionalProperties for nested objects from module - Fix Ensure default value + * Remove invalid character from description in schema.mof + * Add Id as key in schema.mof + * Add DisplayName as Required in schema.mof + * Fix issue with nested CIM array from test unit + * Remove Select-MgProfile from module + * Add DisplayName as Mandatory in module + * Fix issue with AdditionalProperties for nested objects from module + * Fix Ensure default value # 1.23.315.2 From 693fd3962e3ce386c816e183cb9c0137aa343b4f Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 27 Mar 2023 14:51:03 +0000 Subject: [PATCH 031/187] Updated Resources and Cmdlet documentation pages --- ...lotDeploymentProfileAzureADHybridJoined.md | 143 +++++++++++++++++ ...AutopilotDeploymentProfileAzureADJoined.md | 146 ++++++++++++++++++ 2 files changed, 289 insertions(+) create mode 100644 docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.md create mode 100644 docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADJoined.md diff --git a/docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.md b/docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.md new file mode 100644 index 0000000000..72a28ca056 --- /dev/null +++ b/docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.md @@ -0,0 +1,143 @@ +# IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **HybridAzureADJoinSkipConnectivityCheck** | Write | Boolean | The Autopilot Hybrid Azure AD join flow will continue even if it does not establish domain controller connectivity during OOBE. | | +| **Description** | Write | String | Description of the profile | | +| **DeviceNameTemplate** | Write | String | The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters. | | +| **DeviceType** | Write | String | The AutoPilot device type that this profile is applicable to. Possible values are: windowsPc, surfaceHub2. | `windowsPc`, `surfaceHub2`, `holoLens`, `surfaceHub2S`, `virtualMachine`, `unknownFutureValue` | +| **DisplayName** | Required | String | Name of the profile | | +| **EnableWhiteGlove** | Write | Boolean | Enable Autopilot White Glove for the profile. | | +| **EnrollmentStatusScreenSettings** | Write | MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings | Enrollment status screen setting | | +| **ExtractHardwareHash** | Write | Boolean | HardwareHash Extraction for the profile | | +| **Language** | Write | String | Language configured on the device | | +| **ManagementServiceAppId** | Write | String | AzureAD management app ID used during client device-based enrollment discovery | | +| **OutOfBoxExperienceSettings** | Write | MSFT_MicrosoftGraphoutOfBoxExperienceSettings | Out of box experience setting | | +| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + +### MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **AllowDeviceUseBeforeProfileAndAppInstallComplete** | Write | Boolean | Allow or block user to use device before profile and app installation complete | | +| **AllowDeviceUseOnInstallFailure** | Write | Boolean | Allow the user to continue using the device on installation failure | | +| **AllowLogCollectionOnInstallFailure** | Write | Boolean | Allow or block log collection on installation failure | | +| **BlockDeviceSetupRetryByUser** | Write | Boolean | Allow the user to retry the setup on installation failure | | +| **CustomErrorMessage** | Write | String | Set custom error message to show upon installation failure | | +| **HideInstallationProgress** | Write | Boolean | Show or hide installation progress to user | | +| **InstallProgressTimeoutInMinutes** | Write | UInt32 | Set installation progress timeout in minutes | | + +### MSFT_MicrosoftGraphOutOfBoxExperienceSettings + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DeviceUsageType** | Write | String | AAD join authentication type. Possible values are: singleUser, shared. | `singleUser`, `shared` | +| **HideEscapeLink** | Write | Boolean | If set to true, then the user can't start over with different account, on company sign-in | | +| **HideEULA** | Write | Boolean | Show or hide EULA to user | | +| **HidePrivacySettings** | Write | Boolean | Show or hide privacy settings to user | | +| **SkipKeyboardSelectionPage** | Write | Boolean | If set, then skip the keyboard selection page if Language and Region are set | | +| **UserType** | Write | String | Type of user. Possible values are: administrator, standard. | `administrator`, `standard` | + + +## Description + +Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementServiceConfig.Read.All + +- **Update** + + - DeviceManagementServiceConfig.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementServiceConfig.Read.All + +- **Update** + + - DeviceManagementServiceConfig.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example' + { + Assignments = @(); + Credential = $Credscredential; + Description = ""; + DeviceNameTemplate = ""; + DeviceType = "windowsPc"; + DisplayName = "hybrid"; + EnableWhiteGlove = $True; + Ensure = "Present"; + ExtractHardwareHash = $False; + HybridAzureADJoinSkipConnectivityCheck = $True; + Id = "36b4d209-c9af-487f-8cf2-8397cefbc29a"; + Language = "os-default"; + OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $False + UserType = 'standard' + }; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADJoined.md b/docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADJoined.md new file mode 100644 index 0000000000..a2a1990fe4 --- /dev/null +++ b/docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADJoined.md @@ -0,0 +1,146 @@ +# IntuneWindowsAutopilotDeploymentProfileAzureADJoined + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Description** | Write | String | Description of the profile | | +| **DeviceNameTemplate** | Write | String | The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters. | | +| **DeviceType** | Write | String | The AutoPilot device type that this profile is applicable to. Possible values are: windowsPc, surfaceHub2. | `windowsPc`, `surfaceHub2`, `holoLens`, `surfaceHub2S`, `virtualMachine`, `unknownFutureValue` | +| **DisplayName** | Required | String | Name of the profile | | +| **EnableWhiteGlove** | Write | Boolean | Enable Autopilot White Glove for the profile. | | +| **EnrollmentStatusScreenSettings** | Write | MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1 | Enrollment status screen setting | | +| **ExtractHardwareHash** | Write | Boolean | HardwareHash Extraction for the profile | | +| **Language** | Write | String | Language configured on the device | | +| **ManagementServiceAppId** | Write | String | AzureAD management app ID used during client device-based enrollment discovery | | +| **OutOfBoxExperienceSettings** | Write | MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 | Out of box experience setting | | +| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + +### MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings1 + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **AllowDeviceUseBeforeProfileAndAppInstallComplete** | Write | Boolean | Allow or block user to use device before profile and app installation complete | | +| **AllowDeviceUseOnInstallFailure** | Write | Boolean | Allow the user to continue using the device on installation failure | | +| **AllowLogCollectionOnInstallFailure** | Write | Boolean | Allow or block log collection on installation failure | | +| **BlockDeviceSetupRetryByUser** | Write | Boolean | Allow the user to retry the setup on installation failure | | +| **CustomErrorMessage** | Write | String | Set custom error message to show upon installation failure | | +| **HideInstallationProgress** | Write | Boolean | Show or hide installation progress to user | | +| **InstallProgressTimeoutInMinutes** | Write | UInt32 | Set installation progress timeout in minutes | | + +### MSFT_MicrosoftGraphOutOfBoxExperienceSettings1 + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DeviceUsageType** | Write | String | AAD join authentication type. Possible values are: singleUser, shared. | `singleUser`, `shared` | +| **HideEscapeLink** | Write | Boolean | If set to true, then the user can't start over with different account, on company sign-in | | +| **HideEULA** | Write | Boolean | Show or hide EULA to user | | +| **HidePrivacySettings** | Write | Boolean | Show or hide privacy settings to user | | +| **SkipKeyboardSelectionPage** | Write | Boolean | If set, then skip the keyboard selection page if Language and Region are set | | +| **UserType** | Write | String | Type of user. Possible values are: administrator, standard. | `administrator`, `standard` | + + +## Description + +Intune Windows Autopilot Deployment Profile Azure AD Joined + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementServiceConfig.Read.All + +- **Update** + + - DeviceManagementServiceConfig.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementServiceConfig.Read.All + +- **Update** + + - DeviceManagementServiceConfig.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsAutopilotDeploymentProfileAzureADJoined 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + Description = ""; + DeviceNameTemplate = "test"; + DeviceType = "windowsPc"; + DisplayName = "AAD"; + EnableWhiteGlove = $True; + Ensure = "Present"; + ExtractHardwareHash = $True; + Id = "30914319-d49b-46da-b054-625d933c5769"; + Language = ""; + OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings1{ + HideEULA = $False + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + }; + } + } +} +``` + From 5849a7c5e471dfe1a62f3bdf133297cf3308148e Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 27 Mar 2023 16:10:03 +0000 Subject: [PATCH 032/187] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/exchange/EXOIRMConfiguration.md | 8 ++++---- docs/docs/resources/exchange/EXOResourceConfiguration.md | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/docs/resources/exchange/EXOIRMConfiguration.md b/docs/docs/resources/exchange/EXOIRMConfiguration.md index ea24a212c5..9fd379db92 100644 --- a/docs/docs/resources/exchange/EXOIRMConfiguration.md +++ b/docs/docs/resources/exchange/EXOIRMConfiguration.md @@ -4,7 +4,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Identity** | Write | String | The Identity parameter specifies the Perimeter Configuration policy that you want to modify. | | +| **IsSingleInstance** | Key | String | Only valid value is 'Yes'. | `Yes` | | **AutomaticServiceUpdateEnabled** | Write | Boolean | The AutomaticServiceUpdateEnabled parameter specifies whether to allow the automatic addition of new features within Azure Information Protection for your cloud-based organization. | | | **AzureRMSLicensingEnabled** | Write | Boolean | The AzureRMSLicensingEnabled parameter specifies whether the Exchange Online organization can to connect directly to Azure Rights Management. | | | **DecryptAttachmentForEncryptOnly** | Write | Boolean | The DecryptAttachmentForEncryptOnly parameter specifies whether mail recipients have unrestricted rights on the attachment or not for Encrypt-only mails sent using Microsoft Purview Message Encryption. | | @@ -69,7 +69,7 @@ Configuration Example { EXOIRMConfiguration 'ConfigureIRMConfiguration' { - Identity = "Global" + IsSingleInstance = 'Yes' AutomaticServiceUpdateEnabled = $True AzureRMSLicensingEnabled = $True DecryptAttachmentForEncryptOnly = $True @@ -82,8 +82,8 @@ Configuration Example SimplifiedClientAccessDoNotForwardDisabled = $True SimplifiedClientAccessEnabled = $True SimplifiedClientAccessEncryptOnlyDisabled = $True - TransportDecryptionSetting = "Mandatory" - Ensure = "Present" + TransportDecryptionSetting = 'Mandatory' + Ensure = 'Present' Credential = $credsGlobalAdmin } } diff --git a/docs/docs/resources/exchange/EXOResourceConfiguration.md b/docs/docs/resources/exchange/EXOResourceConfiguration.md index 4d44feea3d..92c6f5799e 100644 --- a/docs/docs/resources/exchange/EXOResourceConfiguration.md +++ b/docs/docs/resources/exchange/EXOResourceConfiguration.md @@ -4,7 +4,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Identity** | Write | String | The Identity parameter specifies the Perimeter Configuration policy that you want to modify. | | +| **IsSingleInstance** | Key | String | Only valid value is 'Yes'. | `Yes` | | **ResourcePropertySchema** | Write | StringArray[] | The ResourcePropertySchema parameter specifies the custom resource property that you want to make available to room or equipment mailboxes. This parameter uses the syntax Room/ or Equipment/ where the value doesn't contain spaces. For example, Room/Whiteboard or Equipment/Van. | | | **Ensure** | Write | String | Specifies if this Outbound connector should exist. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | @@ -56,7 +56,7 @@ Configuration Example { EXOResourceConfiguration 'ConfigureResourceConfiguration' { - Identity = 'Global' + IsSingleInstance = 'Yes' ResourcePropertySchema = @('Room/TV', 'Equipment/Laptop') Ensure = 'Present' Credential = $credsGlobalAdmin From 0f680d7b8b0473c26cdd3b82dcf0509ef90d8e96 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 6 Mar 2023 13:27:10 +0100 Subject: [PATCH 033/187] Added check for Key parameter (breaking change) --- ...AADEntitlementManagementAccessPackage.psm1 | 36 +- ...itlementManagementAccessPackage.schema.mof | 4 +- ...tlementManagementAccessPackageCatalog.psm1 | 24 +- ...tManagementAccessPackageCatalog.schema.mof | 4 +- ...anagementAccessPackageCatalogResource.psm1 | 37 +- ...entAccessPackageCatalogResource.schema.mof | 4 +- .../MSFT_EXOPerimeterConfiguration.psm1 | 8 +- .../MSFT_EXOPerimeterConfiguration.schema.mof | 2 +- .../MSFT_IntuneAppProtectionPolicyiOS.psm1 | 22 +- ...FT_IntuneAppProtectionPolicyiOS.schema.mof | 6 +- ...ationPolicyAndroidDeviceAdministrator.psm1 | 54 +- ...olicyAndroidDeviceAdministrator.schema.mof | 4 +- ...ConfigurationPolicyAndroidDeviceOwner.psm1 | 1216 ++++++++--------- ...urationPolicyAndroidDeviceOwner.schema.mof | 4 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 59 +- ...nPolicyAndroidOpenSourceProject.schema.mof | 4 +- ..._IntuneDeviceConfigurationPolicyMacOS.psm1 | 38 +- ...eDeviceConfigurationPolicyMacOS.schema.mof | 4 +- ...FT_IntuneDeviceConfigurationPolicyiOS.psm1 | 48 +- ...uneDeviceConfigurationPolicyiOS.schema.mof | 4 +- ...ationPolicyAndroidDeviceAdministrator.psm1 | 56 +- ...olicyAndroidDeviceAdministrator.schema.mof | 4 +- ...ionPolicyAndroidEntrepriseDeviceOwner.psm1 | 69 +- ...icyAndroidEntrepriseDeviceOwner.schema.mof | 4 +- ...ionPolicyAndroidEntrepriseWorkProfile.psm1 | 69 +- ...icyAndroidEntrepriseWorkProfile.schema.mof | 4 +- ...WifiConfigurationPolicyAndroidForWork.psm1 | 69 +- ...nfigurationPolicyAndroidForWork.schema.mof | 4 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 69 +- ...nPolicyAndroidOpenSourceProject.schema.mof | 4 +- ...MSFT_IntuneWifiConfigurationPolicyIOS.psm1 | 68 +- ...ntuneWifiConfigurationPolicyIOS.schema.mof | 4 +- ...FT_IntuneWifiConfigurationPolicyMacOS.psm1 | 69 +- ...uneWifiConfigurationPolicyMacOS.schema.mof | 4 +- ...ntuneWifiConfigurationPolicyWindows10.psm1 | 69 +- ...ifiConfigurationPolicyWindows10.schema.mof | 4 +- ...nProtectionPolicyWindows10MdmEnrolled.psm1 | 597 ++++---- ...ctionPolicyWindows10MdmEnrolled.schema.mof | 4 +- Tests/QA/Microsoft365DSC.Resources.Tests.ps1 | 112 ++ 39 files changed, 1314 insertions(+), 1551 deletions(-) create mode 100644 Tests/QA/Microsoft365DSC.Resources.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 index 66302a4217..e33d5725ce 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -17,7 +17,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -44,13 +44,12 @@ function Get-TargetResource [Parameter()] [System.String[]] $IncompatibleGroups, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -205,7 +204,7 @@ function Set-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -217,7 +216,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -244,13 +243,12 @@ function Set-TargetResource [Parameter()] [System.String[]] $IncompatibleGroups, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -467,7 +465,7 @@ function Set-TargetResource { Remove-MgEntitlementManagementAccessPackageIncompatibleAccessPackageByRef ` -AccessPackageId $currentInstance.Id ` - -AccessPackageId1 $incompatibleAccessPackage + -AccessPackageId1 $incompatibleAccessPackage } #endregion @@ -504,7 +502,7 @@ function Set-TargetResource { Remove-MgEntitlementManagementAccessPackageIncompatibleGroupByRef ` -AccessPackageId $currentInstance.Id ` - -GroupId $incompatibleGroup + -GroupId $incompatibleGroup } #endregion @@ -625,8 +623,6 @@ function Set-TargetResource } } - #write-verbose -message ($params|convertTo-json -depth 20) - Remove-MgEntitlementManagementAccessPackageResourceRoleScope ` -AccessPackageId $currentInstance.Id ` -AccessPackageResourceRoleScopeId $currentRole.Id @@ -656,8 +652,6 @@ function Set-TargetResource -AccessPackageId $currentInstance.Id ` -AccessPackageResourceRoleScopeId $currentRoleScope.Id } - - #endregion #endregion } @@ -668,7 +662,6 @@ function Set-TargetResource #region resource generator code Remove-MgEntitlementManagementAccessPackage -AccessPackageId $currentInstance.Id #endregion - } } @@ -679,7 +672,7 @@ function Test-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -691,7 +684,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -718,13 +711,12 @@ function Test-TargetResource [Parameter()] [System.String[]] $IncompatibleGroups, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.schema.mof index d27b8ba71c..15c64384a4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.schema.mof @@ -9,10 +9,10 @@ class MSFT_AccessPackageResourceRoleScope [ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackage")] class MSFT_AADEntitlementManagementAccessPackage : OMI_BaseResource { - [Write, Description("The Id of the access package.")] String Id; + [Key, Description("The Id of the access package.")] String Id; + [Required, Description("The display name of the access package.")] String DisplayName; [Write, Description("Identifier of the access package catalog referencing this access package.")] String CatalogId; [Write, Description("The description of the access package.")] String Description; - [Write, Description("The display name of the access package.")] String DisplayName; [Write, Description("Whether the access package is hidden from the requestor.")] Boolean IsHidden; [Write, Description("Indicates whether role scopes are visible.")] Boolean IsRoleScopesVisible; [Write, Description("The resources and roles included in the access package."), EmbeddedInstance("MSFT_AccessPackageResourceRoleScope")] String AccessPackageResourceRoleScopes[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 index ab93af2a0c..cad9bb174b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 @@ -4,7 +4,7 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -21,7 +21,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -29,10 +29,10 @@ function Get-TargetResource [System.Boolean] $IsExternallyVisible, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -151,7 +151,7 @@ function Set-TargetResource param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -168,7 +168,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -176,10 +176,10 @@ function Set-TargetResource [System.Boolean] $IsExternallyVisible, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -290,7 +290,7 @@ function Test-TargetResource param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -307,7 +307,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -315,10 +315,10 @@ function Test-TargetResource [System.Boolean] $IsExternallyVisible, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof index ab77f22443..23f6dd298c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof @@ -3,11 +3,11 @@ [ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackageCatalog")] class MSFT_AADEntitlementManagementAccessPackageCatalog : OMI_BaseResource { - [Write, Description("The id of the access package catalog.")] String Id; + [Key, Description("The id of the access package catalog.")] String Id; [Write, Description("Has the value Published if the access packages are available for management.")] String CatalogStatus; [Write, Description("One of UserManaged or ServiceDefault."), ValueMap{"UserManaged","ServiceDefault"}, Values{"UserManaged","ServiceDefault"}] String CatalogType; [Write, Description("The description of the access package catalog.")] String Description; - [Write, Description("The display name of the access package catalog.")] String DisplayName; + [Required, Description("The display name of the access package catalog.")] String DisplayName; [Write, Description("Whether the access packages in this catalog can be requested by users outside of the tenant.")] Boolean IsExternallyVisible; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 index 89fba2c042..6b6f299fd4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -29,7 +29,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -52,13 +52,12 @@ function Get-TargetResource [Parameter()] [System.String] $Url, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -116,7 +115,7 @@ function Get-TargetResource #region resource generator code $getValue = Get-MgEntitlementManagementAccessPackageCatalogAccessPackageResource ` - -AccessPackageCatalogId $CatalogId ` + -AccessPackageCatalogId $CatalogId ` -Filter "Id eq '$Id'" -ErrorAction SilentlyContinue if ($null -eq $getValue) @@ -196,7 +195,7 @@ function Set-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -220,7 +219,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -243,13 +242,12 @@ function Set-TargetResource [Parameter()] [System.String] $Url, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -392,11 +390,8 @@ function Set-TargetResource AccessPackageresource = $resource } #region resource generator code - #write-verbose ($resourceRequest|convertTo-Json -depth 20) New-MgEntitlementManagementAccessPackageResourceRequest @resourceRequest - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -428,16 +423,13 @@ function Set-TargetResource $resource = Rename-M365DSCCimInstanceParameter -Properties $resource ` -Mapping $mapping - #region resource generator code $resourceRequest = @{ CatalogId = $CatalogId RequestType = 'AdminRemove' AccessPackageresource = $resource } - #region resource generator code New-MgEntitlementManagementAccessPackageResourceRequest @resourceRequest - #endregion } } @@ -449,7 +441,7 @@ function Test-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -473,7 +465,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -496,13 +488,12 @@ function Test-TargetResource [Parameter()] [System.String] $Url, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -675,7 +666,7 @@ function Export-TargetResource $catalogId = $catalog.id - [array]$resources = Get-MgEntitlementManagementAccessPackageCatalogAccessPackageResource -AccessPackageCatalogId $catalogId -ErrorAction Stop + [array]$resources = Get-MgEntitlementManagementAccessPackageCatalogAccessPackageResource -AccessPackageCatalogId $catalogId -ErrorAction Stop $j = 1 $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof index 49f6d81abf..ef0fec69e8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof @@ -60,13 +60,13 @@ class MSFT_MicrosoftGraphaccessPackageAnswerChoice [ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackageCatalogResource")] class MSFT_AADEntitlementManagementAccessPackageCatalogResource : OMI_BaseResource { - [Write, Description("Id of the access package catalog resource.")] String Id; + [Key, Description("Id of the access package catalog resource.")] String Id; [Write, Description("The unique ID of the access package catalog.")] String CatalogId; [Write, Description("The name of the user or application that first added this resource. Read-only.")] String AddedBy; [Write, Description("The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.")] String AddedOn; [Write, Description("Contains information about the attributes to be collected from the requestor and sent to the resource application."), EmbeddedInstance("MSFT_MicrosoftGraphaccesspackageresourceattribute")] String Attributes[]; [Write, Description("A description for the resource.")] String Description; - [Write, Description("The display name of the resource, such as the application name, group name or site name.")] String DisplayName; + [Required, Description("The display name of the resource, such as the application name, group name or site name.")] String DisplayName; [Write, Description("True if the resource is not yet available for assignment. Read-only.")] Boolean IsPendingOnboarding; [Write, Description("The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group.")] String OriginId; [Write, Description("The type of the resource in the origin system.")] String OriginSystem; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 index 7cab0e8aad..26bb0a2157 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 @@ -4,7 +4,7 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -117,7 +117,7 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -199,7 +199,7 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -380,7 +380,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.schema.mof index a6c00afd5b..31b7879ac0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("EXOPerimeterConfiguration")] class MSFT_EXOPerimeterConfiguration : OMI_BaseResource { - [Write, Description("The Identity parameter specifies the Perimeter Configuration policy that you want to modify.")] String Identity; + [Key, Description("The Identity parameter specifies the Perimeter Configuration policy that you want to modify.")] String Identity; [Write, Description("Use the GatewayIPAddresses parameter to create or modify a list of gateway server IP addresses to add to IP safelists.")] String GatewayIPAddresses[]; [Write, Description("Specifies if this Outbound connector should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 index a961655ec7..a606c978a6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 @@ -4,11 +4,11 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -228,10 +228,10 @@ function Get-TargetResource [System.String] $CustomBrowserProtocol, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -434,11 +434,11 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -658,10 +658,10 @@ function Set-TargetResource [System.String] $CustomBrowserProtocol, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -812,11 +812,11 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -1039,7 +1039,7 @@ function Test-TargetResource [Parameter(Mandatory = $true)] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof index 439b1c51ff..17fd97dd4d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof @@ -1,8 +1,8 @@ [ClassVersion("1.0.0.0"), FriendlyName("IntuneAppProtectionPolicyiOS")] class MSFT_IntuneAppProtectionPolicyiOS : OMI_BaseResource { - [Write, Description("Identity of the iOS App Protection Policy.")] String Identity; - [Write, Description("Display name of the iOS App Protection Policy.")] String DisplayName; + [Key, Description("Identity of the iOS App Protection Policy.")] String Identity; + [Required, Description("Display name of the iOS App Protection Policy.")] String DisplayName; [Write, Description("Description of the iOS App Protection Policy.")] String Description; [Write, Description("The period after which access is checked when the device is not connected to the internet.")] String PeriodOfflineBeforeAccessCheck; [Write, Description("The period after which access is checked when the device is connected to the internet.")] String PeriodOnlineBeforeAccessCheck; @@ -16,7 +16,7 @@ class MSFT_IntuneAppProtectionPolicyiOS : OMI_BaseResource [Write, Description("Indicates whether users may use the Save As menu item to save a copy of protected files.")] Boolean SaveAsBlocked; [Write, Description("The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped.")] String PeriodOfflineBeforeWipeIsEnforced; [Write, Description("Indicates whether an app-level pin is required.")] Boolean PinRequired; - [write, description("Indicates whether use of the app pin is required if the device pin is set.")] Boolean DisableAppPinIfDevicePinIsSet; + [Write, description("Indicates whether use of the app pin is required if the device pin is set.")] Boolean DisableAppPinIfDevicePinIsSet; [Write, Description("Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.")] UInt32 MaximumPinRetries; [Write, Description("Block simple PIN and require complex PIN to be set.")] Boolean SimplePinBlocked; [Write, Description("Minimum pin length required for an app-level pin if PinRequired is set to True.")] UInt32 MinimumPinLength; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 index 5cd79ef6ee..502c15914e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -5,15 +5,15 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Id, + $Identity, [Parameter()] [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -225,13 +225,12 @@ function Get-TargetResource [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -398,7 +397,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -420,9 +419,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -430,7 +428,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -642,13 +640,12 @@ function Set-TargetResource [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -743,7 +740,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -758,9 +754,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -796,7 +790,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -808,24 +801,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -835,9 +819,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -845,7 +828,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -1057,13 +1040,12 @@ function Test-TargetResource [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -1140,13 +1122,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -1233,7 +1215,6 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` @@ -1242,7 +1223,6 @@ function Export-TargetResource } #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -2027,7 +2007,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof index a21f8df130..0959b4b07a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof @@ -20,9 +20,9 @@ class MSFT_MicrosoftGraphapplistitem [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator")] class MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Block clipboard sharing between apps (Samsung KNOX Standard 4.0+).")] Boolean AppsBlockClipboardSharing; [Write, Description("Block copy and paste functionality.")] Boolean AppsBlockCopyPaste; [Write, Description("Block YouTube (Samsung KNOX Standard 4.0+).")] Boolean AppsBlockYouTube; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 index 3df9632229..44404997f0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -26,12 +26,12 @@ function Get-TargetResource $AppsAllowInstallFromUnknownSources, [Parameter()] - [ValidateSet('notConfigured','userChoice','never','wiFiOnly','always')] + [ValidateSet('notConfigured', 'userChoice', 'never', 'wiFiOnly', 'always')] [System.String] $AppsAutoUpdatePolicy, [Parameter()] - [ValidateSet('deviceDefault','prompt','autoGrant','autoDeny')] + [ValidateSet('deviceDefault', 'prompt', 'autoGrant', 'autoDeny')] [System.String] $AppsDefaultPermissionPolicy, @@ -68,7 +68,7 @@ function Get-TargetResource $CrossProfilePoliciesAllowCopyPaste, [Parameter()] - [ValidateSet('notConfigured','crossProfileDataSharingBlocked','dataSharingFromWorkToPersonalBlocked','crossProfileDataSharingAllowed','unkownFutureValue')] + [ValidateSet('notConfigured', 'crossProfileDataSharingBlocked', 'dataSharingFromWorkToPersonalBlocked', 'crossProfileDataSharingAllowed', 'unkownFutureValue')] [System.String] $CrossProfilePoliciesAllowDataSharing, @@ -93,7 +93,7 @@ function Get-TargetResource $DeviceOwnerLockScreenMessage, [Parameter()] - [ValidateSet('notConfigured','dedicatedDevice','fullyManaged')] + [ValidateSet('notConfigured', 'dedicatedDevice', 'fullyManaged')] [System.String] $EnrollmentProfile, @@ -122,7 +122,7 @@ function Get-TargetResource $KioskCustomizationPowerButtonActionsBlocked, [Parameter()] - [ValidateSet('notConfigured','notificationsAndSystemInfoEnabled','systemInfoOnly')] + [ValidateSet('notConfigured', 'notificationsAndSystemInfoEnabled', 'systemInfoOnly')] [System.String] $KioskCustomizationStatusBar, @@ -131,7 +131,7 @@ function Get-TargetResource $KioskCustomizationSystemErrorWarnings, [Parameter()] - [ValidateSet('notConfigured','navigationEnabled','homeButtonOnly')] + [ValidateSet('notConfigured', 'navigationEnabled', 'homeButtonOnly')] [System.String] $KioskCustomizationSystemNavigation, @@ -168,7 +168,7 @@ function Get-TargetResource $KioskModeFlashlightConfigurationEnabled, [Parameter()] - [ValidateSet('notConfigured','darkSquare','darkCircle','lightSquare','lightCircle')] + [ValidateSet('notConfigured', 'darkSquare', 'darkCircle', 'lightSquare', 'lightCircle')] [System.String] $KioskModeFolderIcon, @@ -181,7 +181,7 @@ function Get-TargetResource $KioskModeGridWidth, [Parameter()] - [ValidateSet('notConfigured','smallest','small','regular','large','largest')] + [ValidateSet('notConfigured', 'smallest', 'small', 'regular', 'large', 'largest')] [System.String] $KioskModeIconSize, @@ -206,7 +206,7 @@ function Get-TargetResource $KioskModeManagedHomeScreenInactiveSignOutNoticeInSeconds, [Parameter()] - [ValidateSet('notConfigured','simple','complex')] + [ValidateSet('notConfigured', 'simple', 'complex')] [System.String] $KioskModeManagedHomeScreenPinComplexity, @@ -239,7 +239,7 @@ function Get-TargetResource $KioskModeMediaVolumeConfigurationEnabled, [Parameter()] - [ValidateSet('notConfigured','portrait','landscape','autoRotate')] + [ValidateSet('notConfigured', 'portrait', 'landscape', 'autoRotate')] [System.String] $KioskModeScreenOrientation, @@ -272,7 +272,7 @@ function Get-TargetResource $KioskModeShowDeviceInfo, [Parameter()] - [ValidateSet('notConfigured','singleAppMode','multiAppMode')] + [ValidateSet('notConfigured', 'singleAppMode', 'multiAppMode')] [System.String] $KioskModeUseManagedHomeScreenApp, @@ -281,7 +281,7 @@ function Get-TargetResource $KioskModeVirtualHomeButtonEnabled, [Parameter()] - [ValidateSet('notConfigured','swipeUp','floating')] + [ValidateSet('notConfigured', 'swipeUp', 'floating')] [System.String] $KioskModeVirtualHomeButtonType, @@ -322,7 +322,7 @@ function Get-TargetResource $MicrosoftLauncherDockPresenceAllowUserModification, [Parameter()] - [ValidateSet('notConfigured','show','hide','disabled')] + [ValidateSet('notConfigured', 'show', 'hide', 'disabled')] [System.String] $MicrosoftLauncherDockPresenceConfiguration, @@ -335,7 +335,7 @@ function Get-TargetResource $MicrosoftLauncherFeedEnabled, [Parameter()] - [ValidateSet('notConfigured','top','bottom','hide')] + [ValidateSet('notConfigured', 'top', 'bottom', 'hide')] [System.String] $MicrosoftLauncherSearchBarPlacementConfiguration, @@ -352,7 +352,7 @@ function Get-TargetResource $PasswordBlockKeyguard, [Parameter()] - [ValidateSet('notConfigured','camera','notifications','unredactedNotifications','trustAgents','fingerprint','remoteInput','allFeatures','face','iris','biometrics')] + [ValidateSet('notConfigured', 'camera', 'notifications', 'unredactedNotifications', 'trustAgents', 'fingerprint', 'remoteInput', 'allFeatures', 'face', 'iris', 'biometrics')] [System.String[]] $PasswordBlockKeyguardFeatures, @@ -397,12 +397,12 @@ function Get-TargetResource $PasswordPreviousPasswordCountToBlock, [Parameter()] - [ValidateSet('deviceDefault','required','numeric','numericComplex','alphabetic','alphanumeric','alphanumericWithSymbols','lowSecurityBiometric','customPassword')] + [ValidateSet('deviceDefault', 'required', 'numeric', 'numericComplex', 'alphabetic', 'alphanumeric', 'alphanumericWithSymbols', 'lowSecurityBiometric', 'customPassword')] [System.String] $PasswordRequiredType, [Parameter()] - [ValidateSet('deviceDefault','daily','unkownFutureValue')] + [ValidateSet('deviceDefault', 'daily', 'unkownFutureValue')] [System.String] $PasswordRequireUnlock, @@ -423,7 +423,7 @@ function Get-TargetResource $PersonalProfilePersonalApplications, [Parameter()] - [ValidateSet('notConfigured','blockedApps','allowedApps')] + [ValidateSet('notConfigured', 'blockedApps', 'allowedApps')] [System.String] $PersonalProfilePlayStoreMode, @@ -432,7 +432,7 @@ function Get-TargetResource $PersonalProfileScreenCaptureBlocked, [Parameter()] - [ValidateSet('notConfigured','allowList','blockList')] + [ValidateSet('notConfigured', 'allowList', 'blockList')] [System.String] $PlayStoreMode, @@ -461,7 +461,7 @@ function Get-TargetResource $StatusBarBlocked, [Parameter()] - [ValidateSet('notConfigured','ac','usb','wireless')] + [ValidateSet('notConfigured', 'ac', 'usb', 'wireless')] [System.String[]] $StayOnModes, @@ -482,7 +482,7 @@ function Get-TargetResource $SystemUpdateFreezePeriods, [Parameter()] - [ValidateSet('deviceDefault','postpone','windowed','automatic')] + [ValidateSet('deviceDefault', 'postpone', 'windowed', 'automatic')] [System.String] $SystemUpdateInstallType, @@ -563,12 +563,12 @@ function Get-TargetResource $WorkProfilePasswordPreviousPasswordCountToBlock, [Parameter()] - [ValidateSet('deviceDefault','required','numeric','numericComplex','alphabetic','alphanumeric','alphanumericWithSymbols','lowSecurityBiometric','customPassword')] + [ValidateSet('deviceDefault', 'required', 'numeric', 'numericComplex', 'alphabetic', 'alphanumeric', 'alphanumericWithSymbols', 'lowSecurityBiometric', 'customPassword')] [System.String] $WorkProfilePasswordRequiredType, [Parameter()] - [ValidateSet('deviceDefault','daily','unkownFutureValue')] + [ValidateSet('deviceDefault', 'daily', 'unkownFutureValue')] [System.String] $WorkProfilePasswordRequireUnlock, @@ -576,17 +576,15 @@ function Get-TargetResource [System.Int32] $WorkProfilePasswordSignInFailureCountBeforeFactoryReset, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -642,7 +640,7 @@ function Get-TargetResource try { - $getValue=$null + $getValue = $null #region resource generator code $getValue = Get-MgDeviceManagementDeviceConfiguration ` @@ -650,7 +648,7 @@ function Get-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.id -eq $Id ` - } + } if (-not $getValue) { @@ -659,7 +657,7 @@ function Get-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration' -and $_.displayName -eq $($DisplayName) ` - } + } } #endregion @@ -675,13 +673,13 @@ function Get-TargetResource #region resource generator code Id = $getValue.Id Description = $getValue.Description -# DeviceManagementApplicabilityRuleDeviceMode = $getValue.DeviceManagementApplicabilityRuleDeviceMode -# DeviceManagementApplicabilityRuleOsEdition = $getValue.DeviceManagementApplicabilityRuleOsEdition -# DeviceManagementApplicabilityRuleOsVersion = $getValue.DeviceManagementApplicabilityRuleOsVersion + # DeviceManagementApplicabilityRuleDeviceMode = $getValue.DeviceManagementApplicabilityRuleDeviceMode + # DeviceManagementApplicabilityRuleOsEdition = $getValue.DeviceManagementApplicabilityRuleOsEdition + # DeviceManagementApplicabilityRuleOsVersion = $getValue.DeviceManagementApplicabilityRuleOsVersion DisplayName = $getValue.DisplayName -# RoleScopeTagIds = $getValue.RoleScopeTagIds -# SupportsScopeTags = $getValue.SupportsScopeTags -# Version = $getValue.Version + # RoleScopeTagIds = $getValue.RoleScopeTagIds + # SupportsScopeTags = $getValue.SupportsScopeTags + # Version = $getValue.Version AccountsBlockModification = $getValue.AdditionalProperties.accountsBlockModification AppsAllowInstallFromUnknownSources = $getValue.AdditionalProperties.appsAllowInstallFromUnknownSources AppsAutoUpdatePolicy = $getValue.AdditionalProperties.appsAutoUpdatePolicy @@ -816,15 +814,13 @@ function Get-TargetResource WorkProfilePasswordRequiredType = $getValue.AdditionalProperties.workProfilePasswordRequiredType WorkProfilePasswordRequireUnlock = $getValue.AdditionalProperties.workProfilePasswordRequireUnlock WorkProfilePasswordSignInFailureCountBeforeFactoryReset = $getValue.AdditionalProperties.workProfilePasswordSignInFailureCountBeforeFactoryReset -# Assignments = $getValue.AdditionalProperties.assignments -# DeviceSettingStateSummaries = $getValue.AdditionalProperties.deviceSettingStateSummaries -# DeviceStatuses = $getValue.AdditionalProperties.deviceStatuses -# DeviceStatusOverview = $getValue.AdditionalProperties.deviceStatusOverview -# GroupAssignments = $getValue.AdditionalProperties.groupAssignments -# UserStatuses = $getValue.AdditionalProperties.userStatuses -# UserStatusOverview = $getValue.AdditionalProperties.userStatusOverview - - + # Assignments = $getValue.AdditionalProperties.assignments + # DeviceSettingStateSummaries = $getValue.AdditionalProperties.deviceSettingStateSummaries + # DeviceStatuses = $getValue.AdditionalProperties.deviceStatuses + # DeviceStatusOverview = $getValue.AdditionalProperties.deviceStatusOverview + # GroupAssignments = $getValue.AdditionalProperties.groupAssignments + # UserStatuses = $getValue.AdditionalProperties.userStatuses + # UserStatusOverview = $getValue.AdditionalProperties.userStatusOverview Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -834,20 +830,20 @@ function Get-TargetResource Managedidentity = $ManagedIdentity.IsPresent } - $myAssignments=@() - $myAssignments+=Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $getValue.Id + $myAssignments = @() + $myAssignments += Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $getValue.Id $assignmentResult = @() foreach ($assignmentEntry in $myAssignments) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.toString() - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } - $results.Add('Assignments',$assignmentResult) + $results.Add('Assignments', $assignmentResult) return [System.Collections.Hashtable] $results } @@ -868,9 +864,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -878,7 +873,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -891,12 +886,12 @@ function Set-TargetResource $AppsAllowInstallFromUnknownSources, [Parameter()] - [ValidateSet('notConfigured','userChoice','never','wiFiOnly','always')] + [ValidateSet('notConfigured', 'userChoice', 'never', 'wiFiOnly', 'always')] [System.String] $AppsAutoUpdatePolicy, [Parameter()] - [ValidateSet('deviceDefault','prompt','autoGrant','autoDeny')] + [ValidateSet('deviceDefault', 'prompt', 'autoGrant', 'autoDeny')] [System.String] $AppsDefaultPermissionPolicy, @@ -933,7 +928,7 @@ function Set-TargetResource $CrossProfilePoliciesAllowCopyPaste, [Parameter()] - [ValidateSet('notConfigured','crossProfileDataSharingBlocked','dataSharingFromWorkToPersonalBlocked','crossProfileDataSharingAllowed','unkownFutureValue')] + [ValidateSet('notConfigured', 'crossProfileDataSharingBlocked', 'dataSharingFromWorkToPersonalBlocked', 'crossProfileDataSharingAllowed', 'unkownFutureValue')] [System.String] $CrossProfilePoliciesAllowDataSharing, @@ -958,7 +953,7 @@ function Set-TargetResource $DeviceOwnerLockScreenMessage, [Parameter()] - [ValidateSet('notConfigured','dedicatedDevice','fullyManaged')] + [ValidateSet('notConfigured', 'dedicatedDevice', 'fullyManaged')] [System.String] $EnrollmentProfile, @@ -987,7 +982,7 @@ function Set-TargetResource $KioskCustomizationPowerButtonActionsBlocked, [Parameter()] - [ValidateSet('notConfigured','notificationsAndSystemInfoEnabled','systemInfoOnly')] + [ValidateSet('notConfigured', 'notificationsAndSystemInfoEnabled', 'systemInfoOnly')] [System.String] $KioskCustomizationStatusBar, @@ -996,7 +991,7 @@ function Set-TargetResource $KioskCustomizationSystemErrorWarnings, [Parameter()] - [ValidateSet('notConfigured','navigationEnabled','homeButtonOnly')] + [ValidateSet('notConfigured', 'navigationEnabled', 'homeButtonOnly')] [System.String] $KioskCustomizationSystemNavigation, @@ -1033,7 +1028,7 @@ function Set-TargetResource $KioskModeFlashlightConfigurationEnabled, [Parameter()] - [ValidateSet('notConfigured','darkSquare','darkCircle','lightSquare','lightCircle')] + [ValidateSet('notConfigured', 'darkSquare', 'darkCircle', 'lightSquare', 'lightCircle')] [System.String] $KioskModeFolderIcon, @@ -1046,7 +1041,7 @@ function Set-TargetResource $KioskModeGridWidth, [Parameter()] - [ValidateSet('notConfigured','smallest','small','regular','large','largest')] + [ValidateSet('notConfigured', 'smallest', 'small', 'regular', 'large', 'largest')] [System.String] $KioskModeIconSize, @@ -1071,7 +1066,7 @@ function Set-TargetResource $KioskModeManagedHomeScreenInactiveSignOutNoticeInSeconds, [Parameter()] - [ValidateSet('notConfigured','simple','complex')] + [ValidateSet('notConfigured', 'simple', 'complex')] [System.String] $KioskModeManagedHomeScreenPinComplexity, @@ -1104,7 +1099,7 @@ function Set-TargetResource $KioskModeMediaVolumeConfigurationEnabled, [Parameter()] - [ValidateSet('notConfigured','portrait','landscape','autoRotate')] + [ValidateSet('notConfigured', 'portrait', 'landscape', 'autoRotate')] [System.String] $KioskModeScreenOrientation, @@ -1137,7 +1132,7 @@ function Set-TargetResource $KioskModeShowDeviceInfo, [Parameter()] - [ValidateSet('notConfigured','singleAppMode','multiAppMode')] + [ValidateSet('notConfigured', 'singleAppMode', 'multiAppMode')] [System.String] $KioskModeUseManagedHomeScreenApp, @@ -1146,7 +1141,7 @@ function Set-TargetResource $KioskModeVirtualHomeButtonEnabled, [Parameter()] - [ValidateSet('notConfigured','swipeUp','floating')] + [ValidateSet('notConfigured', 'swipeUp', 'floating')] [System.String] $KioskModeVirtualHomeButtonType, @@ -1187,7 +1182,7 @@ function Set-TargetResource $MicrosoftLauncherDockPresenceAllowUserModification, [Parameter()] - [ValidateSet('notConfigured','show','hide','disabled')] + [ValidateSet('notConfigured', 'show', 'hide', 'disabled')] [System.String] $MicrosoftLauncherDockPresenceConfiguration, @@ -1200,7 +1195,7 @@ function Set-TargetResource $MicrosoftLauncherFeedEnabled, [Parameter()] - [ValidateSet('notConfigured','top','bottom','hide')] + [ValidateSet('notConfigured', 'top', 'bottom', 'hide')] [System.String] $MicrosoftLauncherSearchBarPlacementConfiguration, @@ -1217,7 +1212,7 @@ function Set-TargetResource $PasswordBlockKeyguard, [Parameter()] - [ValidateSet('notConfigured','camera','notifications','unredactedNotifications','trustAgents','fingerprint','remoteInput','allFeatures','face','iris','biometrics')] + [ValidateSet('notConfigured', 'camera', 'notifications', 'unredactedNotifications', 'trustAgents', 'fingerprint', 'remoteInput', 'allFeatures', 'face', 'iris', 'biometrics')] [System.String[]] $PasswordBlockKeyguardFeatures, @@ -1262,12 +1257,12 @@ function Set-TargetResource $PasswordPreviousPasswordCountToBlock, [Parameter()] - [ValidateSet('deviceDefault','required','numeric','numericComplex','alphabetic','alphanumeric','alphanumericWithSymbols','lowSecurityBiometric','customPassword')] + [ValidateSet('deviceDefault', 'required', 'numeric', 'numericComplex', 'alphabetic', 'alphanumeric', 'alphanumericWithSymbols', 'lowSecurityBiometric', 'customPassword')] [System.String] $PasswordRequiredType, [Parameter()] - [ValidateSet('deviceDefault','daily','unkownFutureValue')] + [ValidateSet('deviceDefault', 'daily', 'unkownFutureValue')] [System.String] $PasswordRequireUnlock, @@ -1288,7 +1283,7 @@ function Set-TargetResource $PersonalProfilePersonalApplications, [Parameter()] - [ValidateSet('notConfigured','blockedApps','allowedApps')] + [ValidateSet('notConfigured', 'blockedApps', 'allowedApps')] [System.String] $PersonalProfilePlayStoreMode, @@ -1297,7 +1292,7 @@ function Set-TargetResource $PersonalProfileScreenCaptureBlocked, [Parameter()] - [ValidateSet('notConfigured','allowList','blockList')] + [ValidateSet('notConfigured', 'allowList', 'blockList')] [System.String] $PlayStoreMode, @@ -1326,7 +1321,7 @@ function Set-TargetResource $StatusBarBlocked, [Parameter()] - [ValidateSet('notConfigured','ac','usb','wireless')] + [ValidateSet('notConfigured', 'ac', 'usb', 'wireless')] [System.String[]] $StayOnModes, @@ -1347,7 +1342,7 @@ function Set-TargetResource $SystemUpdateFreezePeriods, [Parameter()] - [ValidateSet('deviceDefault','postpone','windowed','automatic')] + [ValidateSet('deviceDefault', 'postpone', 'windowed', 'automatic')] [System.String] $systemUpdateInstallType, @@ -1428,12 +1423,12 @@ function Set-TargetResource $WorkProfilePasswordPreviousPasswordCountToBlock, [Parameter()] - [ValidateSet('deviceDefault','required','numeric','numericComplex','alphabetic','alphanumeric','alphanumericWithSymbols','lowSecurityBiometric','customPassword')] + [ValidateSet('deviceDefault', 'required', 'numeric', 'numericComplex', 'alphabetic', 'alphanumeric', 'alphanumericWithSymbols', 'lowSecurityBiometric', 'customPassword')] [System.String] $WorkProfilePasswordRequiredType, [Parameter()] - [ValidateSet('deviceDefault','daily','unkownFutureValue')] + [ValidateSet('deviceDefault', 'daily', 'unkownFutureValue')] [System.String] $WorkProfilePasswordRequireUnlock, @@ -1441,17 +1436,15 @@ function Set-TargetResource [System.Int32] $WorkProfilePasswordSignInFailureCountBeforeFactoryReset, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -1510,92 +1503,87 @@ function Set-TargetResource $PSBoundParameters.Remove('TenantId') | Out-Null $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() - $CreateParameters=Rename-M365DSCCimInstanceODataParameter -Properties $CreateParameters + $CreateParameters = Rename-M365DSCCimInstanceODataParameter -Properties $CreateParameters - $CreateParameters.Remove("Id") | Out-Null - $CreateParameters.Remove("Verbose") | Out-Null + $CreateParameters.Remove('Id') | Out-Null + $CreateParameters.Remove('Verbose') | Out-Null - foreach($key in ($CreateParameters.clone()).Keys) + foreach ($key in ($CreateParameters.clone()).Keys) { - if($CreateParameters[$key].getType().Fullname -like "*CimInstance*") + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') { - $CreateParameters[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] } - if($key -ne '@odata.type') + if ($key -ne '@odata.type') { - $keyName=$key.substring(0,1).ToLower()+$key.substring(1,$key.length-1) - $keyValue=$CreateParameters.$key - $CreateParameters.remove($key)|out-null - $CreateParameters.add($keyName,$keyValue)|out-null + $keyName = $key.substring(0, 1).ToLower() + $key.substring(1, $key.length - 1) + $keyValue = $CreateParameters.$key + $CreateParameters.remove($key) | Out-Null + $CreateParameters.add($keyName, $keyValue) | Out-Null } } - $CreateParameters.add("@odata.type","#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration") + $CreateParameters.add('@odata.type', '#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration') #region resource generator code - $policy=New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - if($policy.id) + if ($policy.id) { Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() - $UpdateParameters=Rename-M365DSCCimInstanceODataParameter -Properties $UpdateParameters + $UpdateParameters = Rename-M365DSCCimInstanceODataParameter -Properties $UpdateParameters - $UpdateParameters.Remove("Id") | Out-Null - $UpdateParameters.Remove("Verbose") | Out-Null + $UpdateParameters.Remove('Id') | Out-Null + $UpdateParameters.Remove('Verbose') | Out-Null - foreach($key in (($UpdateParameters.clone()).Keys|Sort-Object)) + foreach ($key in (($UpdateParameters.clone()).Keys | Sort-Object)) { - if($UpdateParameters.$key.getType().Fullname -like "*CimInstance*") + if ($UpdateParameters.$key.getType().Fullname -like '*CimInstance*') { - $UpdateParameters.$key=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } - if($key -ne '@odata.type') + if ($key -ne '@odata.type') { - $keyName=$key.substring(0,1).ToLower()+$key.substring(1,$key.length-1) - $keyValue=$UpdateParameters.$key + $keyName = $key.substring(0, 1).ToLower() + $key.substring(1, $key.length - 1) + $keyValue = $UpdateParameters.$key $UpdateParameters.remove($key) - $UpdateParameters.add($keyName,$keyValue) + $UpdateParameters.add($keyName, $keyValue) } } - $UpdateParameters.add("@odata.type","#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration") + $UpdateParameters.add('@odata.type', '#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration') Update-MgDeviceManagementDeviceConfiguration -BodyParameter $UpdateParameters ` -DeviceConfigurationId $currentInstance.Id - $assignmentsHash=@() - foreach($assignment in $Assignments) + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -1604,7 +1592,6 @@ function Set-TargetResource #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -1614,9 +1601,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -1624,7 +1610,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -1637,12 +1623,12 @@ function Test-TargetResource $AppsAllowInstallFromUnknownSources, [Parameter()] - [ValidateSet('notConfigured','userChoice','never','wiFiOnly','always')] + [ValidateSet('notConfigured', 'userChoice', 'never', 'wiFiOnly', 'always')] [System.String] $AppsAutoUpdatePolicy, [Parameter()] - [ValidateSet('deviceDefault','prompt','autoGrant','autoDeny')] + [ValidateSet('deviceDefault', 'prompt', 'autoGrant', 'autoDeny')] [System.String] $AppsDefaultPermissionPolicy, @@ -1679,7 +1665,7 @@ function Test-TargetResource $CrossProfilePoliciesAllowCopyPaste, [Parameter()] - [ValidateSet('notConfigured','crossProfileDataSharingBlocked','dataSharingFromWorkToPersonalBlocked','crossProfileDataSharingAllowed','unkownFutureValue')] + [ValidateSet('notConfigured', 'crossProfileDataSharingBlocked', 'dataSharingFromWorkToPersonalBlocked', 'crossProfileDataSharingAllowed', 'unkownFutureValue')] [System.String] $CrossProfilePoliciesAllowDataSharing, @@ -1704,7 +1690,7 @@ function Test-TargetResource $DeviceOwnerLockScreenMessage, [Parameter()] - [ValidateSet('notConfigured','dedicatedDevice','fullyManaged')] + [ValidateSet('notConfigured', 'dedicatedDevice', 'fullyManaged')] [System.String] $EnrollmentProfile, @@ -1733,7 +1719,7 @@ function Test-TargetResource $KioskCustomizationPowerButtonActionsBlocked, [Parameter()] - [ValidateSet('notConfigured','notificationsAndSystemInfoEnabled','systemInfoOnly')] + [ValidateSet('notConfigured', 'notificationsAndSystemInfoEnabled', 'systemInfoOnly')] [System.String] $KioskCustomizationStatusBar, @@ -1742,7 +1728,7 @@ function Test-TargetResource $KioskCustomizationSystemErrorWarnings, [Parameter()] - [ValidateSet('notConfigured','navigationEnabled','homeButtonOnly')] + [ValidateSet('notConfigured', 'navigationEnabled', 'homeButtonOnly')] [System.String] $KioskCustomizationSystemNavigation, @@ -1779,7 +1765,7 @@ function Test-TargetResource $KioskModeFlashlightConfigurationEnabled, [Parameter()] - [ValidateSet('notConfigured','darkSquare','darkCircle','lightSquare','lightCircle')] + [ValidateSet('notConfigured', 'darkSquare', 'darkCircle', 'lightSquare', 'lightCircle')] [System.String] $KioskModeFolderIcon, @@ -1792,7 +1778,7 @@ function Test-TargetResource $KioskModeGridWidth, [Parameter()] - [ValidateSet('notConfigured','smallest','small','regular','large','largest')] + [ValidateSet('notConfigured', 'smallest', 'small', 'regular', 'large', 'largest')] [System.String] $KioskModeIconSize, @@ -1817,7 +1803,7 @@ function Test-TargetResource $KioskModeManagedHomeScreenInactiveSignOutNoticeInSeconds, [Parameter()] - [ValidateSet('notConfigured','simple','complex')] + [ValidateSet('notConfigured', 'simple', 'complex')] [System.String] $KioskModeManagedHomeScreenPinComplexity, @@ -1850,7 +1836,7 @@ function Test-TargetResource $KioskModeMediaVolumeConfigurationEnabled, [Parameter()] - [ValidateSet('notConfigured','portrait','landscape','autoRotate')] + [ValidateSet('notConfigured', 'portrait', 'landscape', 'autoRotate')] [System.String] $KioskModeScreenOrientation, @@ -1883,7 +1869,7 @@ function Test-TargetResource $KioskModeShowDeviceInfo, [Parameter()] - [ValidateSet('notConfigured','singleAppMode','multiAppMode')] + [ValidateSet('notConfigured', 'singleAppMode', 'multiAppMode')] [System.String] $KioskModeUseManagedHomeScreenApp, @@ -1892,7 +1878,7 @@ function Test-TargetResource $KioskModeVirtualHomeButtonEnabled, [Parameter()] - [ValidateSet('notConfigured','swipeUp','floating')] + [ValidateSet('notConfigured', 'swipeUp', 'floating')] [System.String] $KioskModeVirtualHomeButtonType, @@ -1933,7 +1919,7 @@ function Test-TargetResource $MicrosoftLauncherDockPresenceAllowUserModification, [Parameter()] - [ValidateSet('notConfigured','show','hide','disabled')] + [ValidateSet('notConfigured', 'show', 'hide', 'disabled')] [System.String] $MicrosoftLauncherDockPresenceConfiguration, @@ -1946,7 +1932,7 @@ function Test-TargetResource $MicrosoftLauncherFeedEnabled, [Parameter()] - [ValidateSet('notConfigured','top','bottom','hide')] + [ValidateSet('notConfigured', 'top', 'bottom', 'hide')] [System.String] $MicrosoftLauncherSearchBarPlacementConfiguration, @@ -1963,7 +1949,7 @@ function Test-TargetResource $PasswordBlockKeyguard, [Parameter()] - [ValidateSet('notConfigured','camera','notifications','unredactedNotifications','trustAgents','fingerprint','remoteInput','allFeatures','face','iris','biometrics')] + [ValidateSet('notConfigured', 'camera', 'notifications', 'unredactedNotifications', 'trustAgents', 'fingerprint', 'remoteInput', 'allFeatures', 'face', 'iris', 'biometrics')] [System.String[]] $PasswordBlockKeyguardFeatures, @@ -2008,12 +1994,12 @@ function Test-TargetResource $PasswordPreviousPasswordCountToBlock, [Parameter()] - [ValidateSet('deviceDefault','required','numeric','numericComplex','alphabetic','alphanumeric','alphanumericWithSymbols','lowSecurityBiometric','customPassword')] + [ValidateSet('deviceDefault', 'required', 'numeric', 'numericComplex', 'alphabetic', 'alphanumeric', 'alphanumericWithSymbols', 'lowSecurityBiometric', 'customPassword')] [System.String] $PasswordRequiredType, [Parameter()] - [ValidateSet('deviceDefault','daily','unkownFutureValue')] + [ValidateSet('deviceDefault', 'daily', 'unkownFutureValue')] [System.String] $PasswordRequireUnlock, @@ -2034,7 +2020,7 @@ function Test-TargetResource $PersonalProfilePersonalApplications, [Parameter()] - [ValidateSet('notConfigured','blockedApps','allowedApps')] + [ValidateSet('notConfigured', 'blockedApps', 'allowedApps')] [System.String] $PersonalProfilePlayStoreMode, @@ -2043,7 +2029,7 @@ function Test-TargetResource $PersonalProfileScreenCaptureBlocked, [Parameter()] - [ValidateSet('notConfigured','allowList','blockList')] + [ValidateSet('notConfigured', 'allowList', 'blockList')] [System.String] $PlayStoreMode, @@ -2072,7 +2058,7 @@ function Test-TargetResource $StatusBarBlocked, [Parameter()] - [ValidateSet('notConfigured','ac','usb','wireless')] + [ValidateSet('notConfigured', 'ac', 'usb', 'wireless')] [System.String[]] $StayOnModes, @@ -2093,7 +2079,7 @@ function Test-TargetResource $SystemUpdateFreezePeriods, [Parameter()] - [ValidateSet('deviceDefault','postpone','windowed','automatic')] + [ValidateSet('deviceDefault', 'postpone', 'windowed', 'automatic')] [System.String] $SystemUpdateInstallType, @@ -2174,12 +2160,12 @@ function Test-TargetResource $WorkProfilePasswordPreviousPasswordCountToBlock, [Parameter()] - [ValidateSet('deviceDefault','required','numeric','numericComplex','alphabetic','alphanumeric','alphanumericWithSymbols','lowSecurityBiometric','customPassword')] + [ValidateSet('deviceDefault', 'required', 'numeric', 'numericComplex', 'alphabetic', 'alphanumeric', 'alphanumericWithSymbols', 'lowSecurityBiometric', 'customPassword')] [System.String] $WorkProfilePasswordRequiredType, [Parameter()] - [ValidateSet('deviceDefault','daily','unkownFutureValue')] + [ValidateSet('deviceDefault', 'daily', 'unkownFutureValue')] [System.String] $WorkProfilePasswordRequireUnlock, @@ -2187,17 +2173,15 @@ function Test-TargetResource [System.Int32] $WorkProfilePasswordSignInFailureCountBeforeFactoryReset, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -2241,34 +2225,33 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if($CurrentValues.Ensure -eq "Absent") + if ($CurrentValues.Ensure -eq 'Absent') { Write-Verbose -Message "Test-TargetResource returned $false" return $false } - $testResult=$true + $testResult = $true #Compare Cim instances - foreach($key in $PSBoundParameters.Keys) + foreach ($key in $PSBoundParameters.Keys) { - $source=$PSBoundParameters.$key - $target=$CurrentValues.$key - if($source.getType().Name -like "*CimInstance*") + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') { - $source=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - $testResult=Compare-M365DSCComplexObject ` + $testResult = Compare-M365DSCComplexObject ` -Source ($source) ` -Target ($target) - if(-Not $testResult) + if (-Not $testResult) { - $testResult=$false - break; + $testResult = $false + break } - $ValuesToCheck.Remove($key)|Out-Null - + $ValuesToCheck.Remove($key) | Out-Null } } @@ -2278,21 +2261,21 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $ValuesToCheck.Remove('Id') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) { - if(($null -ne $CurrentValues[$key]) ` - -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) { - $CurrentValues[$key]=$CurrentValues[$key].toString() + $CurrentValues[$key] = $CurrentValues[$key].toString() } } #Compare basic parameters - if($testResult) + if ($testResult) { $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -2392,327 +2375,327 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.AzureAdSharedDeviceDataClearApps) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.AzureAdSharedDeviceDataClearApps -CIMInstanceName MicrosoftGraphapplistitem - if ($complexTypeStringResult) + if ($Results.AzureAdSharedDeviceDataClearApps) { - $Results.AzureAdSharedDeviceDataClearApps = $complexTypeStringResult - } - else - { - $Results.Remove('AzureAdSharedDeviceDataClearApps') | Out-Null - } - } - if ($Results.DetailedHelpText) - { - $complexTypeMapping=@( - @{ - Name='DetailedHelpText' - CimInstanceName='MicrosoftGraphandroiddeviceowneruserfacingmessage' + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.AzureAdSharedDeviceDataClearApps -CIMInstanceName MicrosoftGraphapplistitem + if ($complexTypeStringResult) + { + $Results.AzureAdSharedDeviceDataClearApps = $complexTypeStringResult } - @{ - Name='localizedMessages' - CimInstanceName='MicrosoftGraphkeyvaluepair' + else + { + $Results.Remove('AzureAdSharedDeviceDataClearApps') | Out-Null } - ) - - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.DetailedHelpText ` - -CIMInstanceName MicrosoftGraphandroiddeviceowneruserfacingmessage ` - -ComplexTypeMapping $complexTypeMapping - - if ($complexTypeStringResult) - { - $Results.DetailedHelpText = $complexTypeStringResult } - else + if ($Results.DetailedHelpText) { - $Results.Remove('DetailedHelpText') | Out-Null - } - } - if ($Results.DeviceOwnerLockScreenMessage) - { - $complexTypeMapping=@( - @{ - Name='DeviceOwnerLockScreenMessage' - CimInstanceName='MicrosoftGraphandroiddeviceowneruserfacingmessage' + $complexTypeMapping = @( + @{ + Name = 'DetailedHelpText' + CimInstanceName = 'MicrosoftGraphandroiddeviceowneruserfacingmessage' + } + @{ + Name = 'localizedMessages' + CimInstanceName = 'MicrosoftGraphkeyvaluepair' + } + ) + + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.DetailedHelpText ` + -CIMInstanceName MicrosoftGraphandroiddeviceowneruserfacingmessage ` + -ComplexTypeMapping $complexTypeMapping + + if ($complexTypeStringResult) + { + $Results.DetailedHelpText = $complexTypeStringResult } - @{ - Name='localizedMessages' - CimInstanceName='MicrosoftGraphkeyvaluepair' - isRequired=$true + else + { + $Results.Remove('DetailedHelpText') | Out-Null } - ) - - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.DeviceOwnerLockScreenMessage ` - -CIMInstanceName MicrosoftGraphandroiddeviceowneruserfacingmessage ` - -ComplexTypeMapping $complexTypeMapping - if ($complexTypeStringResult) - { - $Results.DeviceOwnerLockScreenMessage = $complexTypeStringResult } - else + if ($Results.DeviceOwnerLockScreenMessage) { - $Results.Remove('DeviceOwnerLockScreenMessage') | Out-Null - } - } + $complexTypeMapping = @( + @{ + Name = 'DeviceOwnerLockScreenMessage' + CimInstanceName = 'MicrosoftGraphandroiddeviceowneruserfacingmessage' + } + @{ + Name = 'localizedMessages' + CimInstanceName = 'MicrosoftGraphkeyvaluepair' + isRequired = $true + } + ) - if ($Results.GlobalProxy) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.GlobalProxy -CIMInstanceName MicrosoftGraphandroiddeviceownerglobalproxy - if ($complexTypeStringResult) - { - $Results.GlobalProxy = $complexTypeStringResult + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.DeviceOwnerLockScreenMessage ` + -CIMInstanceName MicrosoftGraphandroiddeviceowneruserfacingmessage ` + -ComplexTypeMapping $complexTypeMapping + if ($complexTypeStringResult) + { + $Results.DeviceOwnerLockScreenMessage = $complexTypeStringResult + } + else + { + $Results.Remove('DeviceOwnerLockScreenMessage') | Out-Null + } } - else + + if ($Results.GlobalProxy) { - $Results.Remove('GlobalProxy') | Out-Null - } - } - if ($Results.KioskModeAppPositions) - { - $complexTypeMapping=@( - @{ - Name='kioskModeAppPositions' - CimInstanceName='MicrosoftGraphandroiddeviceownerkioskmodeapppositionitem' + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.GlobalProxy -CIMInstanceName MicrosoftGraphandroiddeviceownerglobalproxy + if ($complexTypeStringResult) + { + $Results.GlobalProxy = $complexTypeStringResult } - @{ - Name='item' - CimInstanceName='MicrosoftGraphandroiddeviceownerkioskmodefolderitem' - isRequired=$true + else + { + $Results.Remove('GlobalProxy') | Out-Null } - ) - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.KioskModeAppPositions ` - -CIMInstanceName MicrosoftGraphandroiddeviceownerkioskmodeapppositionitem ` - -ComplexTypeMapping $complexTypeMapping - if ($complexTypeStringResult) - { - $Results.KioskModeAppPositions = $complexTypeStringResult } - else + if ($Results.KioskModeAppPositions) { - $Results.Remove('KioskModeAppPositions') | Out-Null - } - } - if ($Results.KioskModeApps) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.KioskModeApps -CIMInstanceName MicrosoftGraphapplistitem - if ($complexTypeStringResult) - { - $Results.KioskModeApps = $complexTypeStringResult + $complexTypeMapping = @( + @{ + Name = 'kioskModeAppPositions' + CimInstanceName = 'MicrosoftGraphandroiddeviceownerkioskmodeapppositionitem' + } + @{ + Name = 'item' + CimInstanceName = 'MicrosoftGraphandroiddeviceownerkioskmodefolderitem' + isRequired = $true + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.KioskModeAppPositions ` + -CIMInstanceName MicrosoftGraphandroiddeviceownerkioskmodeapppositionitem ` + -ComplexTypeMapping $complexTypeMapping + if ($complexTypeStringResult) + { + $Results.KioskModeAppPositions = $complexTypeStringResult + } + else + { + $Results.Remove('KioskModeAppPositions') | Out-Null + } } - else + if ($Results.KioskModeApps) { - $Results.Remove('KioskModeApps') | Out-Null + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.KioskModeApps -CIMInstanceName MicrosoftGraphapplistitem + if ($complexTypeStringResult) + { + $Results.KioskModeApps = $complexTypeStringResult + } + else + { + $Results.Remove('KioskModeApps') | Out-Null + } } - } - if ($Results.KioskModeManagedFolders) - { - $complexTypeMapping=@( - @{ - Name='kioskModeManagedFolders' - CimInstanceName='MicrosoftGraphandroiddeviceownerkioskmodemanagedfolder' + if ($Results.KioskModeManagedFolders) + { + $complexTypeMapping = @( + @{ + Name = 'kioskModeManagedFolders' + CimInstanceName = 'MicrosoftGraphandroiddeviceownerkioskmodemanagedfolder' + } + @{ + Name = 'items' + CimInstanceName = 'MicrosoftGraphandroiddeviceownerkioskmodefolderitem' + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.KioskModeManagedFolders ` + -CIMInstanceName MicrosoftGraphandroiddeviceownerkioskmodemanagedfolder ` + -ComplexTypeMapping $complexTypeMapping + + if ($complexTypeStringResult) + { + $Results.KioskModeManagedFolders = $complexTypeStringResult } - @{ - Name='items' - CimInstanceName='MicrosoftGraphandroiddeviceownerkioskmodefolderitem' + else + { + $Results.Remove('KioskModeManagedFolders') | Out-Null } - ) - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.KioskModeManagedFolders ` - -CIMInstanceName MicrosoftGraphandroiddeviceownerkioskmodemanagedfolder ` - -ComplexTypeMapping $complexTypeMapping - if ($complexTypeStringResult) - { - $Results.KioskModeManagedFolders = $complexTypeStringResult - } - else - { - $Results.Remove('KioskModeManagedFolders') | Out-Null } - } - - if ($Results.PersonalProfilePersonalApplications) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.PersonalProfilePersonalApplications -CIMInstanceName MicrosoftGraphapplistitem - if ($complexTypeStringResult) - { - $Results.PersonalProfilePersonalApplications = $complexTypeStringResult - } - else + if ($Results.PersonalProfilePersonalApplications) { - $Results.Remove('PersonalProfilePersonalApplications') | Out-Null - } - } - if ($Results.ShortHelpText) - { - $complexTypeMapping=@( - @{ - Name='ShortHelpText' - CimInstanceName='MicrosoftGraphandroiddeviceowneruserfacingmessage' + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.PersonalProfilePersonalApplications -CIMInstanceName MicrosoftGraphapplistitem + if ($complexTypeStringResult) + { + $Results.PersonalProfilePersonalApplications = $complexTypeStringResult } - @{ - Name='localizedMessages' - CimInstanceName='MicrosoftGraphkeyvaluepair' - isRequired=$true - isArray=$true + else + { + $Results.Remove('PersonalProfilePersonalApplications') | Out-Null } - ) - - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.ShortHelpText ` - -CIMInstanceName MicrosoftGraphandroiddeviceowneruserfacingmessage ` - -ComplexTypeMapping $complexTypeMapping - if ($complexTypeStringResult) - { - $Results.ShortHelpText = $complexTypeStringResult - } - else - { - $Results.Remove('ShortHelpText') | Out-Null } - } - if ($Results.SystemUpdateFreezePeriods) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.SystemUpdateFreezePeriods -CIMInstanceName MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod - if ($complexTypeStringResult) + if ($Results.ShortHelpText) { - $Results.SystemUpdateFreezePeriods = $complexTypeStringResult + $complexTypeMapping = @( + @{ + Name = 'ShortHelpText' + CimInstanceName = 'MicrosoftGraphandroiddeviceowneruserfacingmessage' + } + @{ + Name = 'localizedMessages' + CimInstanceName = 'MicrosoftGraphkeyvaluepair' + isRequired = $true + isArray = $true + } + ) + + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.ShortHelpText ` + -CIMInstanceName MicrosoftGraphandroiddeviceowneruserfacingmessage ` + -ComplexTypeMapping $complexTypeMapping + if ($complexTypeStringResult) + { + $Results.ShortHelpText = $complexTypeStringResult + } + else + { + $Results.Remove('ShortHelpText') | Out-Null + } } - else + if ($Results.SystemUpdateFreezePeriods) { - $Results.Remove('SystemUpdateFreezePeriods') | Out-Null + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.SystemUpdateFreezePeriods -CIMInstanceName MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod + if ($complexTypeStringResult) + { + $Results.SystemUpdateFreezePeriods = $complexTypeStringResult + } + else + { + $Results.Remove('SystemUpdateFreezePeriods') | Out-Null + } } - } - if($Results.Assignments) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments - if ($complexTypeStringResult) + if ($Results.Assignments) { - $Results.Assignments = $complexTypeStringResult - } - else - { - $Results.Remove('Assignments') | Out-Null + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } } - } $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential - if ($Results.AzureAdSharedDeviceDataClearApps) - { - $isCIMArray=$false - if($Results.AzureAdSharedDeviceDataClearApps.getType().Fullname -like "*[[\]]") + if ($Results.AzureAdSharedDeviceDataClearApps) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.AzureAdSharedDeviceDataClearApps.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'AzureAdSharedDeviceDataClearApps' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "AzureAdSharedDeviceDataClearApps" -isCIMArray:$isCIMArray - } - if ($Results.DetailedHelpText) - { - $isCIMArray=$false - if($Results.DetailedHelpText.getType().Fullname -like "*[[\]]") + if ($Results.DetailedHelpText) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.DetailedHelpText.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DetailedHelpText' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DetailedHelpText" -isCIMArray:$isCIMArray - } - if ($Results.DeviceOwnerLockScreenMessage) - { - $isCIMArray=$false - if($Results.DeviceOwnerLockScreenMessage.getType().Fullname -like "*[[\]]") + if ($Results.DeviceOwnerLockScreenMessage) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.DeviceOwnerLockScreenMessage.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DeviceOwnerLockScreenMessage' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DeviceOwnerLockScreenMessage" -isCIMArray:$isCIMArray - } - if ($Results.GlobalProxy) - { - $isCIMArray=$false - if($Results.GlobalProxy.getType().Fullname -like "*[[\]]") + if ($Results.GlobalProxy) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.GlobalProxy.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'GlobalProxy' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "GlobalProxy" -isCIMArray:$isCIMArray - } - if ($Results.KioskModeAppPositions) - { - $isCIMArray=$false - if($Results.KioskModeAppPositions.getType().Fullname -like "*[[\]]") + if ($Results.KioskModeAppPositions) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.KioskModeAppPositions.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'KioskModeAppPositions' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "KioskModeAppPositions" -isCIMArray:$isCIMArray - } - if ($Results.KioskModeApps) - { - $isCIMArray=$false - if($Results.KioskModeApps.getType().Fullname -like "*[[\]]") + if ($Results.KioskModeApps) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.KioskModeApps.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'KioskModeApps' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "KioskModeApps" -isCIMArray:$isCIMArray - } - if ($Results.KioskModeManagedFolders) - { - $isCIMArray=$false - if($Results.KioskModeManagedFolders.getType().Fullname -like "*[[\]]") + if ($Results.KioskModeManagedFolders) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.KioskModeManagedFolders.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'KioskModeManagedFolders' -IsCIMArray:$isCIMArray -Verbose } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "KioskModeManagedFolders" -isCIMArray:$isCIMArray -Verbose - } - if ($Results.PersonalProfilePersonalApplications) - { - $isCIMArray=$false - if($Results.PersonalProfilePersonalApplications.getType().Fullname -like "*[[\]]") + if ($Results.PersonalProfilePersonalApplications) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.PersonalProfilePersonalApplications.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'PersonalProfilePersonalApplications' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "PersonalProfilePersonalApplications" -isCIMArray:$isCIMArray - } - if ($Results.ShortHelpText) - { - $isCIMArray=$false - if($Results.ShortHelpText.getType().Fullname -like "*[[\]]") + if ($Results.ShortHelpText) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.ShortHelpText.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ShortHelpText' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ShortHelpText" -isCIMArray:$isCIMArray - } - if ($Results.SystemUpdateFreezePeriods) - { - $isCIMArray=$false - if($Results.SystemUpdateFreezePeriods.getType().Fullname -like "*[[\]]") + if ($Results.SystemUpdateFreezePeriods) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.SystemUpdateFreezePeriods.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'SystemUpdateFreezePeriods' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "SystemUpdateFreezePeriods" -isCIMArray:$isCIMArray - } - if ($Results.Assignments) - { - $isCIMArray=$false - if($Results.Assignments.getType().Fullname -like "*[[\]]") + if ($Results.Assignments) { - $isCIMArray=$true + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$isCIMArray - } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -2753,58 +2736,58 @@ function Export-TargetResource function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { return $ComplexObject } - if($ComplexObject.getType().Fullname -like "*hashtable[[\]]") + if ($ComplexObject.getType().Fullname -like '*hashtable[[\]]') { return [hashtable[]]$ComplexObject } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $results = @{} - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property' -and $_.Name -ne 'AdditionalProperties'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' -and $_.Name -ne 'AdditionalProperties' } foreach ($key in $keys) { - if($ComplexObject.$($key.Name)) + if ($ComplexObject.$($key.Name)) { $keyName = $key.Name[0].ToString().ToLower() + $key.Name.Substring(1, $key.Name.Length - 1) - if($ComplexObject.$($key.Name).gettype().fullname -like "*CimInstance*") + if ($ComplexObject.$($key.Name).gettype().fullname -like '*CimInstance*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$($key.Name) @@ -2838,11 +2821,11 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace="", + $Whitespace = '', [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -2851,19 +2834,19 @@ function Get-M365DSCDRGComplexTypeToString } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() foreach ($item in $ComplexObject) { - $split=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'Whitespace'=" $whitespace" + $split = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'Whitespace' = " $whitespace" } if ($ComplexTypeMapping) { - $split.add('ComplexTypeMapping',$ComplexTypeMapping) + $split.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @split @@ -2873,11 +2856,11 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty="" - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" } @@ -2889,67 +2872,67 @@ function Get-M365DSCDRGComplexTypeToString if ($ComplexObject[$key]) { $keyNotNull++ - if ($ComplexObject[$key].GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject[$key].GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if($key -notin $ComplexTypeMapping.Name) + if ($key -notin $ComplexTypeMapping.Name) { - $Whitespace+=" " + $Whitespace += ' ' } - if(-not $isArray -or ($isArray -and $key -in $ComplexTypeMapping.Name )) + if (-not $isArray -or ($isArray -and $key -in $ComplexTypeMapping.Name )) { - $currentProperty += $whitespace + $key + " = " - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $currentProperty += $whitespace + $key + ' = ' + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $currentProperty += "@(" + $currentProperty += '@(' } } - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $Whitespace="" + $Whitespace = '' } $currentProperty += Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -Whitespace $Whitespace ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -Whitespace $Whitespace ` + -ComplexTypeMapping $ComplexTypeMapping - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $currentProperty += ")" + $currentProperty += ')' } - } + } else { - if(-not $isArray) + if (-not $isArray) { - $Whitespace= " " + $Whitespace = ' ' } - $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($Whitespace+" ") + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($Whitespace + ' ') } } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$Whitespace $key = @()`r`n" } @@ -2979,49 +2962,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } foreach ($item in $Value) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -3031,7 +3014,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -3043,7 +3026,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -3055,80 +3038,81 @@ function Rename-M365DSCCimInstanceODataParameter [Parameter(Mandatory = 'true')] $Properties ) - $clonedProperties=$Properties.clone() - foreach($key in $Properties.keys) + $clonedProperties = $Properties.clone() + foreach ($key in $Properties.keys) + { + if ($Properties.$key) { - if($Properties.$key) - { - switch -Wildcard ($Properties.$key.GetType().Fullname) { - '*CimInstance[[\]]' + switch -Wildcard ($Properties.$key.GetType().Fullname) + { + '*CimInstance[[\]]' + { + if ($properties.$key.count -gt 0) { - if($properties.$key.count -gt 0) + $values = @() + + foreach ($item in $Properties.$key) { - $values=@() - - foreach($item in $Properties.$key) - { - $CIMHash= Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $values+=Rename-M365DSCCimInstanceODataParameter -Properties $CIMHash - } - $clonedProperties.$key=$values + $CIMHash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $values += Rename-M365DSCCimInstanceODataParameter -Properties $CIMHash } - break; + $clonedProperties.$key = $values } - '*hashtable[[\]]' + break + } + '*hashtable[[\]]' + { + if ($properties.$key.count -gt 0) { - if($properties.$key.count -gt 0) + $values = @() + + foreach ($item in $Properties.$key) { - $values=@() - - foreach($item in $Properties.$key) - { - $CIMHash= Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $values+=Rename-M365DSCCimInstanceODataParameter -Properties $CIMHash - } - $clonedProperties.$key=$values + $CIMHash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $values += Rename-M365DSCCimInstanceODataParameter -Properties $CIMHash } - break; + $clonedProperties.$key = $values } - '*CimInstance' - { - $CIMHash= Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Properties.$key - $keys=($CIMHash.clone()).keys + break + } + '*CimInstance' + { + $CIMHash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Properties.$key + $keys = ($CIMHash.clone()).keys - if($keys -contains 'odataType') - { - $CIMHash.add('@odata.type',$CIMHash.odataType) - $CIMHash.remove('odataType') - $clonedProperties.$key=$CIMHash - } - break; + if ($keys -contains 'odataType') + { + $CIMHash.add('@odata.type', $CIMHash.odataType) + $CIMHash.remove('odataType') + $clonedProperties.$key = $CIMHash } - '*Hashtable' + break + } + '*Hashtable' + { + $keys = ($Properties.$key).keys + if ($keys -contains 'odataType') { - $keys=($Properties.$key).keys - if($keys -contains 'odataType') - { - $Properties.$key.add('@odata.type',$Properties.$key.odataType) - $Properties.$key.remove('odataType') - $clonedProperties.$key=$Properties.$key - } - break; + $Properties.$key.add('@odata.type', $Properties.$key.odataType) + $Properties.$key.remove('odataType') + $clonedProperties.$key = $Properties.$key } - Default + break + } + Default + { + if ($key -eq 'odataType') { - if($key -eq 'odataType') - { - $clonedProperties.remove('odataType') - $clonedProperties.add('@odata.type',$properties.$key) - } + $clonedProperties.remove('odataType') + $clonedProperties.add('@odata.type', $properties.$key) } } } } + } - return $clonedProperties + return $clonedProperties } function Compare-M365DSCComplexObject { @@ -3142,51 +3126,51 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - $i=0 - foreach($item in $Source) + $i = 0 + foreach ($item in $Source) { - $compareResult= Compare-M365DSCComplexObject ` - -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source[$i]) ` - -Target $Target[$i] + $compareResult = Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source[$i]) ` + -Target $Target[$i] - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } $i++ @@ -3194,40 +3178,40 @@ function Compare-M365DSCComplexObject return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #write-verbose -message "Comparing key: {$key}" #Matching possible key names between Source and Target - $skey=$key - $tkey=$key - if($key -eq 'odataType') + $skey = $key + $tkey = $key + if ($key -eq 'odataType') { - $skey='@odata.type' + $skey = '@odata.type' } else { - $tmpkey=$Target.keys|Where-Object -FilterScript {$_ -eq "$key"} - if($tkey) + $tmpkey = $Target.keys | Where-Object -FilterScript { $_ -eq "$key" } + if ($tkey) { - $tkey=$tmpkey|Select-Object -First 1 + $tkey = $tmpkey | Select-Object -First 1 } } - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$skey) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$skey) + if ($null -eq $Source.$skey) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -3235,16 +3219,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$skey) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$skey) -and ($null -ne $Target.$tkey)) { - if($Source.$skey.getType().FullName -like "*CimInstance*" -or $Source.$skey.getType().FullName -like "*hashtable*" ) + if ($Source.$skey.getType().FullName -like '*CimInstance*' -or $Source.$skey.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$skey) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" return $false @@ -3253,8 +3237,8 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$skey + $referenceObject = $Target.$tkey + $differenceObject = $Source.$skey $compareResult = Compare-Object ` -ReferenceObject ($referenceObject) ` @@ -3276,47 +3260,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($hashComplexObject) + if ($hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } @@ -3337,32 +3321,32 @@ function Update-DeviceConfigurationPolicyAssignment ) try { - $deviceManagementPolicyAssignments=@() + $deviceManagementPolicyAssignments = @() - $Uri="https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/$DeviceConfigurationPolicyId/assign" + $Uri = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach ($target in $targets) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) + $formattedTarget = @{'@odata.type' = $target.dataType } + if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } - if($target.collectionId) + if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } - if($target.deviceAndAppManagementAssignmentFilterType) + if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } - if($target.deviceAndAppManagementAssignmentFilterId) + if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop @@ -3372,7 +3356,7 @@ function Update-DeviceConfigurationPolicyAssignment try { Write-Verbose -Message $_ - $tenantIdValue = "" + $tenantIdValue = '' $tenantIdValue = $Credential.UserName.Split('@')[1] Add-M365DSCEvent -Message $_ -EntryType 'Error' ` -EventID 1 -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof index cc526ec33f..cf73c6fcac 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof @@ -83,9 +83,9 @@ class MSFT_MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationPolicyAndroidDeviceOwner")] class MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner : OMI_BaseResource { - [Write, Description("The Id of the policy.")] String Id; + [Key, Description("The Id of the policy.")] String Id; [Write, Description("The description of the policy.")] String Description; - [Write, Description("The display name of hte policy.")] String DisplayName; + [Required, Description("The display name of hte policy.")] String DisplayName; [Write, Description("Block modification of accounts. Only supported on Dedicated devices.")] Boolean AccountsBlockModification; [Write, Description("When allowed, users can enable the 'unknown sources' setting to install apps from sources other than the Google Play Store.")] Boolean AppsAllowInstallFromUnknownSources; [Write, Description("Devices check for app updates daily. The default behavior is to let device users decide. They'll be able to set their preferences in the managed Google Play app."), ValueMap{"notConfigured","userChoice","never","wiFiOnly","always"}, Values{"notConfigured","userChoice","never","wiFiOnly","always"}] String AppsAutoUpdatePolicy; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 index ba306015c3..209226ee9b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -74,17 +74,15 @@ function Get-TargetResource [System.Boolean] $WifiBlockEditConfigurations, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -160,7 +158,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -188,8 +185,6 @@ function Get-TargetResource StorageBlockExternalMedia = $getValue.AdditionalProperties.storageBlockExternalMedia StorageBlockUsbFileTransfer = $getValue.AdditionalProperties.storageBlockUsbFileTransfer WifiBlockEditConfigurations = $getValue.AdditionalProperties.wifiBlockEditConfigurations - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -200,7 +195,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -222,9 +217,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -232,7 +226,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -293,17 +287,15 @@ function Set-TargetResource [System.Boolean] $WifiBlockEditConfigurations, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -363,7 +355,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -398,7 +389,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -413,9 +403,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -451,7 +439,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -463,24 +450,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -490,9 +468,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -500,7 +477,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -561,17 +538,15 @@ function Test-TargetResource [System.Boolean] $WifiBlockEditConfigurations, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -626,7 +601,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -666,8 +640,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -741,7 +715,6 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` @@ -1390,7 +1363,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof index 5b69f46c69..a867422190 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationPolicyAndroidOpenSourceProject")] class MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Prevent applications from unknown sources.")] Boolean AppsBlockInstallFromUnknownSources; [Write, Description("Prevent bluetooth configuration.")] Boolean BluetoothBlockConfiguration; [Write, Description("Prevents using Bluetooth on devices.")] Boolean BluetoothBlocked; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index 91a81327d4..e023c8e050 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -256,17 +256,15 @@ function Get-TargetResource [System.Boolean] $WallpaperModificationBlocked, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -342,7 +340,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -431,7 +428,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -454,7 +451,7 @@ function Set-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -462,7 +459,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -710,10 +707,10 @@ function Set-TargetResource $Assignments, #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -858,7 +855,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -871,7 +867,6 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -890,7 +885,7 @@ function Test-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -898,7 +893,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -1146,10 +1141,10 @@ function Test-TargetResource $Assignments, #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -1204,7 +1199,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -1226,13 +1220,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -2076,7 +2070,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof index 0c1b24b70d..675c812cdd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof @@ -58,9 +58,9 @@ class MSFT_MicrosoftGraphmacosappleeventreceiver [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationPolicyMacOS")] class MSFT_IntuneDeviceConfigurationPolicyMacOS : OMI_BaseResource { - [Write, Description("")] String Id; + [Key, Description("")] String Id; [Write, Description("")] String Description; - [Write, Description("")] String DisplayName; + [Required, Description("")] String DisplayName; [Write, Description("")] Boolean AddingGameCenterFriendsBlocked; [Write, Description("")] Boolean AirDropBlocked; [Write, Description("Blocks users from unlocking their Mac with Apple Watch.")] Boolean AppleWatchBlockAutoUnlock; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 index 5a253e34f0..75be35b100 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -771,17 +771,15 @@ function Get-TargetResource [System.Boolean] $WifiPowerOnForced, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -853,10 +851,8 @@ function Get-TargetResource -and $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosGeneralDeviceConfiguration' ` } } - #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -865,7 +861,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -1045,7 +1040,6 @@ function Get-TargetResource WiFiConnectToAllowedNetworksOnlyForced = $getValue.AdditionalProperties.wiFiConnectToAllowedNetworksOnlyForced WifiPowerOnForced = $getValue.AdditionalProperties.wifiPowerOnForced Managedidentity = $ManagedIdentity.IsPresent - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -1068,7 +1062,6 @@ function Get-TargetResource $results.Add('MediaContentRatingUnitedStates', $getValue.additionalProperties.mediaContentRatingUnitedStates) $results.Add('NetworkUsageRules', $getValue.additionalProperties.networkUsageRules) - $returnAssignments = @() $returnAssignments += Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $getValue.Id $assignmentResult = @() @@ -1105,7 +1098,7 @@ function Set-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -1113,7 +1106,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -1871,17 +1864,15 @@ function Set-TargetResource [System.Boolean] $WifiPowerOnForced, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -1940,7 +1931,6 @@ function Set-TargetResource $PSBoundParameters.Remove('TenantId') | Out-Null $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -1984,9 +1974,7 @@ function Set-TargetResource Update-DeviceConfigurationPolicyAssignments -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -2026,9 +2014,7 @@ function Set-TargetResource } Update-DeviceConfigurationPolicyAssignments -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -2047,7 +2033,7 @@ function Test-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -2055,7 +2041,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -2813,17 +2799,15 @@ function Test-TargetResource [System.Boolean] $WifiPowerOnForced, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -2890,11 +2874,10 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null - } } @@ -2903,8 +2886,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -2987,7 +2970,6 @@ function Export-TargetResource } #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof index 8de25813fb..78cce20f3f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof @@ -81,9 +81,9 @@ class MSFT_MicrosoftGraphiosnetworkusagerule [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationPolicyIOS")] class MSFT_IntuneDeviceConfigurationPolicyIOS : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Indicates whether or not to allow account modification when the device is in supervised mode.")] Boolean AccountBlockModification; [Write, Description("Activation Lock makes it harder for a lost or stolen device to be reactivated.")] Boolean ActivationLockAllowWhenSupervised; [Write, Description("Indicates whether or not to allow AirDrop when the device is in supervised mode.")] Boolean AirDropBlocked; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 index fbed815f62..e0ee717fe5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -38,17 +38,15 @@ function Get-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -124,7 +122,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -133,7 +130,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -143,8 +139,6 @@ function Get-TargetResource NetworkName = $getValue.AdditionalProperties.networkName Ssid = $getValue.AdditionalProperties.ssid WiFiSecurityType = $getValue.AdditionalProperties.wiFiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -155,7 +149,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -179,7 +173,7 @@ function Set-TargetResource ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -187,7 +181,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -212,17 +206,15 @@ function Set-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -317,7 +309,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -332,9 +323,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -370,7 +359,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -382,24 +370,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -409,9 +388,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -419,7 +397,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -444,17 +422,15 @@ function Test-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -531,13 +507,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -1264,7 +1240,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof index 2cb7f02a0e..e380df3ac8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyAndroidDeviceAdministrator")] class MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator : OMI_BaseResource { - [Write, Description("Id of the Intune Policy.")] String Id; + [Key, Description("Id of the Intune Policy.")] String Id; [Write, Description("Description of the Intune Policy.")] String Description; - [Write, Description("Display name of the Intune Policy.")] String DisplayName; + [Required, Description("Display name of the Intune Policy.")] String DisplayName; [Write, Description("Connect automatically.")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 index 585d663225..fc217699b5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -67,17 +67,15 @@ function Get-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -153,7 +151,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -162,7 +159,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -179,8 +175,6 @@ function Get-TargetResource ProxySettings = $getValue.AdditionalProperties.proxySettings Ssid = $getValue.AdditionalProperties.ssid WiFiSecurityType = $getValue.AdditionalProperties.wiFiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -191,7 +185,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -213,9 +207,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -223,7 +216,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -277,17 +270,15 @@ function Set-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -347,7 +338,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -382,7 +372,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -397,9 +386,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -435,7 +422,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -447,24 +433,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -474,9 +451,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -484,7 +460,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -538,17 +514,15 @@ function Test-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -603,7 +577,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -625,13 +598,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -643,8 +616,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -718,18 +691,14 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerWiFiConfiguration' ` } - - #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -758,7 +727,6 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments @@ -778,7 +746,6 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.Assignments) { $isCIMArray = $false @@ -1365,7 +1332,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof index 4af3eb60a0..1e48dac488 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner")] class MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner : OMI_BaseResource { - [Write, Description("Id of the Intune policy")] String Id; + [Key, Description("Id of the Intune policy")] String Id; [Write, Description("Description of the Intune policy")] String Description; - [Write, Description("Disaply name of the Intune policy")] String DisplayName; + [Required, Description("Disaply name of the Intune policy")] String DisplayName; [Write, Description("If the network is in range, automatically connect.")] Boolean ConnectAutomatically; [Write, Description("Don't show this Wi-Fi network on an end-user's device in the list of available networks. The SSID will not be broadcasted.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 index 63604f466a..84b89ce8aa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -38,17 +38,15 @@ function Get-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -124,7 +122,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -133,7 +130,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -143,8 +139,6 @@ function Get-TargetResource NetworkName = $getValue.AdditionalProperties.networkName Ssid = $getValue.AdditionalProperties.ssid WiFiSecurityType = $getValue.AdditionalProperties.wiFiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -155,7 +149,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -177,9 +171,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -187,7 +180,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -212,17 +205,15 @@ function Set-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -282,7 +273,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -317,7 +307,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -332,9 +321,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -370,7 +357,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -382,24 +368,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -409,9 +386,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -419,7 +395,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -444,17 +420,15 @@ function Test-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -509,7 +483,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -531,13 +504,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -549,8 +522,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -624,18 +597,14 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileWiFiConfiguration' ` } - - #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -664,7 +633,6 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments @@ -684,7 +652,6 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.Assignments) { $isCIMArray = $false @@ -1265,7 +1232,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof index 02b6e37865..b4d905deb6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile")] class MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Connect automatically.")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 index 52984d859d..77876499d3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -38,17 +38,15 @@ function Get-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -124,7 +122,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -133,7 +130,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -143,8 +139,6 @@ function Get-TargetResource NetworkName = $getValue.AdditionalProperties.networkName Ssid = $getValue.AdditionalProperties.ssid WiFiSecurityType = $getValue.AdditionalProperties.wiFiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -155,7 +149,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -177,9 +171,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -187,7 +180,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -212,17 +205,15 @@ function Set-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -282,7 +273,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -317,7 +307,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -332,9 +321,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -370,7 +357,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -382,24 +368,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -409,9 +386,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -419,7 +395,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -444,17 +420,15 @@ function Test-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -509,7 +483,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -531,13 +504,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -549,8 +522,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -624,18 +597,14 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidForWorkWiFiConfiguration' ` } - - #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -664,7 +633,6 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments @@ -684,7 +652,6 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.Assignments) { $isCIMArray = $false @@ -1266,7 +1233,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof index 6eec78e0da..339532ca23 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyAndroidForWork")] class MSFT_IntuneWifiConfigurationPolicyAndroidForWork : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 index 39c952fdb1..c30fd46d3b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -46,17 +46,15 @@ function Get-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -132,7 +130,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -141,7 +138,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -153,8 +149,6 @@ function Get-TargetResource PreSharedKeyIsSet = $getValue.AdditionalProperties.preSharedKeyIsSet Ssid = $getValue.AdditionalProperties.ssid WiFiSecurityType = $getValue.AdditionalProperties.wiFiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -165,7 +159,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -187,9 +181,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -197,7 +190,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -230,17 +223,15 @@ function Set-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -300,7 +291,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -335,7 +325,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -350,9 +339,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -388,7 +375,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -400,24 +386,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -427,9 +404,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -437,7 +413,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -470,17 +446,15 @@ function Test-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -535,7 +509,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -557,13 +530,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -575,8 +548,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -650,18 +623,14 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.aospDeviceOwnerWiFiConfiguration' ` } - - #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -690,7 +659,6 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments @@ -710,7 +678,6 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.Assignments) { $isCIMArray = $false @@ -1297,7 +1264,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof index 77718f23c1..f6db025c0e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyAndroidOpenSourceProject")] class MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Connect automatically to the network.")] Boolean ConnectAutomatically; [Write, Description("Define if the network should be connected if hidden.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Define the network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 index b7ab5bedd6..c13bd4ee62 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -63,17 +63,15 @@ function Get-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -149,7 +147,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -158,7 +155,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -174,8 +170,6 @@ function Get-TargetResource ProxySettings = $getValue.AdditionalProperties.proxySettings Ssid = $getValue.AdditionalProperties.ssid WiFiSecurityType = $getValue.AdditionalProperties.wiFiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -186,7 +180,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -208,9 +202,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -218,7 +211,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -268,17 +261,15 @@ function Set-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -338,7 +329,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -373,7 +363,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -388,9 +377,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -426,7 +413,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -438,24 +424,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -465,9 +442,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -475,7 +451,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -525,17 +501,15 @@ function Test-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -590,7 +564,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -612,13 +585,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -630,8 +603,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -712,11 +685,8 @@ function Export-TargetResource -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosWiFiConfiguration' ` } - - #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -745,7 +715,6 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments @@ -765,7 +734,6 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.Assignments) { $isCIMArray = $false @@ -1352,7 +1320,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof index 765285eb39..8cd1c94f97 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyIOS")] class MSFT_IntuneWifiConfigurationPolicyIOS : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Disable the MAC address randomization.")] Boolean DisableMacAddressRandomization; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 index 3380eb6d1b..5fe7e7adae 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -59,17 +59,15 @@ function Get-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -145,7 +143,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -154,7 +151,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -169,8 +165,6 @@ function Get-TargetResource ProxySettings = $getValue.AdditionalProperties.proxySettings Ssid = $getValue.AdditionalProperties.ssid WiFiSecurityType = $getValue.AdditionalProperties.wiFiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -181,7 +175,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -203,9 +197,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -213,7 +206,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -259,17 +252,15 @@ function Set-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -329,7 +320,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -364,7 +354,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -379,9 +368,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -417,7 +404,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -429,24 +415,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -456,9 +433,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -466,7 +442,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -512,17 +488,15 @@ function Test-TargetResource [System.String] $WiFiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -577,7 +551,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -599,13 +572,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -617,8 +590,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -692,18 +665,14 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSWiFiConfiguration' ` } - - #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -732,7 +701,6 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments @@ -752,7 +720,6 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.Assignments) { $isCIMArray = $false @@ -1338,7 +1305,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof index 60c265d2a4..05caa16920 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyMacOS")] class MSFT_IntuneWifiConfigurationPolicyMacOS : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 index d25122d17f..6ac20a5928 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -13,7 +13,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -72,17 +72,15 @@ function Get-TargetResource [System.String] $WifiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -158,7 +156,6 @@ function Get-TargetResource } #endregion - if ($null -eq $getValue) { Write-Verbose -Message "Nothing with id {$id} was found" @@ -167,7 +164,6 @@ function Get-TargetResource Write-Verbose -Message "Found something with id {$id}" $results = @{ - #region resource generator code Id = $getValue.Id Description = $getValue.Description @@ -185,8 +181,6 @@ function Get-TargetResource ProxySetting = $getValue.AdditionalProperties.proxySetting Ssid = $getValue.AdditionalProperties.ssid WifiSecurityType = $getValue.AdditionalProperties.wifiSecurityType - - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -197,7 +191,7 @@ function Get-TargetResource } $myAssignments = @() - $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -repository 'deviceConfigurations' + $myAssignments += Get-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $getValue.Id -Repository 'deviceConfigurations' $results.Add('Assignments', $myAssignments) return [System.Collections.Hashtable] $results @@ -219,9 +213,8 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -229,7 +222,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -288,17 +281,15 @@ function Set-TargetResource [System.String] $WifiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -358,7 +349,6 @@ function Set-TargetResource $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating {$DisplayName}" @@ -393,7 +383,6 @@ function Set-TargetResource $CreateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code $policy = New-MgDeviceManagementDeviceConfiguration @CreateParameters $assignmentsHash = @() @@ -408,9 +397,7 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository deviceConfigurations } - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -446,7 +433,6 @@ function Set-TargetResource $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) } - #region resource generator code Update-MgDeviceManagementDeviceConfiguration @UpdateParameters ` -DeviceConfigurationId $currentInstance.Id @@ -458,24 +444,15 @@ function Set-TargetResource Update-MgDeviceManagementPolicyAssignments -DeviceManagementPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository deviceConfigurations - #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$DisplayName}" - - #region resource generator code - #endregion - - - #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion - } } @@ -485,9 +462,8 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -495,7 +471,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -554,17 +530,15 @@ function Test-TargetResource [System.String] $WifiSecurityType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -619,7 +593,6 @@ function Test-TargetResource { if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $CIMArraySource = @() $CIMArrayTarget = @() $CIMArraySource += $PSBoundParameters[$key] @@ -641,13 +614,13 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } } if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -659,8 +632,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) @@ -734,18 +707,14 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsWifiConfiguration' ` } - - #endregion - $i = 1 $dscContent = '' if ($getValue.Length -eq 0) @@ -774,7 +743,6 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments @@ -794,7 +762,6 @@ function Export-TargetResource -Results $Results ` -Credential $Credential - if ($Results.Assignments) { $isCIMArray = $false @@ -1382,7 +1349,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/$APIVersion/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof index c3a54635ce..7501e91c5d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof @@ -11,9 +11,9 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyWindows10")] class MSFT_IntuneWifiConfigurationPolicyWindows10 : OMI_BaseResource { - [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Id of the Intune policy.")] String Id; [Write, Description("Description of the Intune policy.")] String Description; - [Write, Description("Display name of the Intune policy.")] String DisplayName; + [Required, Description("Display name of the Intune policy.")] String DisplayName; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect to preferred network")] Boolean ConnectToPreferredNetwork; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 index 88ed11883c..5071d9e1b0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 @@ -5,6 +5,14 @@ function Get-TargetResource param ( #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.Boolean] $AzureRightsManagementServicesAllowed, @@ -14,7 +22,7 @@ function Get-TargetResource $DataRecoveryCertificate, [Parameter()] - [ValidateSet('noProtection','encryptAndAuditOnly','encryptAuditAndPrompt','encryptAuditAndBlock')] + [ValidateSet('noProtection', 'encryptAndAuditOnly', 'encryptAuditAndPrompt', 'encryptAuditAndBlock')] [System.String] $EnforcementLevel, @@ -93,21 +101,12 @@ function Get-TargetResource [Parameter()] [System.String] $Description, - - [Parameter()] - [System.String] - $DisplayName, - - [Parameter()] - [System.String] - $Id, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -157,13 +156,13 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceAppMgtMdmWindowInformationProtectionPolicy -MdmWindowsInformationProtectionPolicyId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceAppMgtMdmWindowInformationProtectionPolicy -MdmWindowsInformationProtectionPolicyId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Windows Information Protection Policy for Windows10 Mdm Enrolled with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDeviceAppMgtMdmWindowInformationProtectionPolicy ` -Filter "DisplayName eq '$DisplayName'" ` @@ -171,6 +170,7 @@ function Get-TargetResource } } #endregion + if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Windows Information Protection Policy for Windows10 Mdm Enrolled with DisplayName {$DisplayName}" @@ -183,35 +183,35 @@ function Get-TargetResource $complexDataRecoveryCertificate = @{} $complexDataRecoveryCertificate.Add('Certificate', $getValue.DataRecoveryCertificate.certificate) $complexDataRecoveryCertificate.Add('Description', $getValue.DataRecoveryCertificate.description) - if($null -ne $getValue.DataRecoveryCertificate.expirationDateTime) + if ($null -ne $getValue.DataRecoveryCertificate.expirationDateTime) { $complexDataRecoveryCertificate.Add('ExpirationDateTime', ([DateTimeOffset]$getValue.DataRecoveryCertificate.expirationDateTime).ToString('o')) } $complexDataRecoveryCertificate.Add('SubjectName', $getValue.DataRecoveryCertificate.subjectName) - if($complexDataRecoveryCertificate.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexDataRecoveryCertificate.values.Where({ $null -ne $_ }).count -eq 0) { $complexDataRecoveryCertificate = $null } $complexEnterpriseInternalProxyServers = @() - foreach($currentEnterpriseInternalProxyServers in $getValue.enterpriseInternalProxyServers) + foreach ($currentEnterpriseInternalProxyServers in $getValue.enterpriseInternalProxyServers) { $myEnterpriseInternalProxyServers = @{} $myEnterpriseInternalProxyServers.Add('DisplayName', $currentEnterpriseInternalProxyServers.displayName) $myEnterpriseInternalProxyServers.Add('Resources', $currentEnterpriseInternalProxyServers.resources) - if($myEnterpriseInternalProxyServers.values.Where({ $null -ne $_ }).count -gt 0) + if ($myEnterpriseInternalProxyServers.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseInternalProxyServers += $myEnterpriseInternalProxyServers } } $complexEnterpriseIPRanges = @() - foreach($currentEnterpriseIPRanges in $getValue.enterpriseIPRanges) + foreach ($currentEnterpriseIPRanges in $getValue.enterpriseIPRanges) { $myEnterpriseIPRanges = @{} $myEnterpriseIPRanges.Add('DisplayName', $currentEnterpriseIPRanges.displayName) $complexRanges = @() - foreach($currentRanges in $currentEnterpriseIPRanges.ranges) + foreach ($currentRanges in $currentEnterpriseIPRanges.ranges) { $myRanges = @{} $myRanges.Add('CidrAddress', $currentRanges.AdditionalProperties.cidrAddress) @@ -221,79 +221,79 @@ function Get-TargetResource { $myRanges.Add('odataType', $currentRanges.AdditionalProperties.'@odata.type'.toString()) } - if($myRanges.values.Where({ $null -ne $_ }).count -gt 0) + if ($myRanges.values.Where({ $null -ne $_ }).count -gt 0) { $complexRanges += $myRanges } } - $myEnterpriseIPRanges.Add('Ranges',$complexRanges) - if($myEnterpriseIPRanges.values.Where({ $null -ne $_ }).count -gt 0) + $myEnterpriseIPRanges.Add('Ranges', $complexRanges) + if ($myEnterpriseIPRanges.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseIPRanges += $myEnterpriseIPRanges } } $complexEnterpriseNetworkDomainNames = @() - foreach($currentEnterpriseNetworkDomainNames in $getValue.enterpriseNetworkDomainNames) + foreach ($currentEnterpriseNetworkDomainNames in $getValue.enterpriseNetworkDomainNames) { $myEnterpriseNetworkDomainNames = @{} $myEnterpriseNetworkDomainNames.Add('DisplayName', $currentEnterpriseNetworkDomainNames.displayName) $myEnterpriseNetworkDomainNames.Add('Resources', $currentEnterpriseNetworkDomainNames.resources) - if($myEnterpriseNetworkDomainNames.values.Where({ $null -ne $_ }).count -gt 0) + if ($myEnterpriseNetworkDomainNames.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseNetworkDomainNames += $myEnterpriseNetworkDomainNames } } $complexEnterpriseProtectedDomainNames = @() - foreach($currentEnterpriseProtectedDomainNames in $getValue.enterpriseProtectedDomainNames) + foreach ($currentEnterpriseProtectedDomainNames in $getValue.enterpriseProtectedDomainNames) { $myEnterpriseProtectedDomainNames = @{} $myEnterpriseProtectedDomainNames.Add('DisplayName', $currentEnterpriseProtectedDomainNames.displayName) $myEnterpriseProtectedDomainNames.Add('Resources', $currentEnterpriseProtectedDomainNames.resources) - if($myEnterpriseProtectedDomainNames.values.Where({ $null -ne $_ }).count -gt 0) + if ($myEnterpriseProtectedDomainNames.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseProtectedDomainNames += $myEnterpriseProtectedDomainNames } } $complexEnterpriseProxiedDomains = @() - foreach($currentEnterpriseProxiedDomains in $getValue.enterpriseProxiedDomains) + foreach ($currentEnterpriseProxiedDomains in $getValue.enterpriseProxiedDomains) { $myEnterpriseProxiedDomains = @{} $myEnterpriseProxiedDomains.Add('DisplayName', $currentEnterpriseProxiedDomains.displayName) $complexProxiedDomains = @() - foreach($currentProxiedDomains in $currentEnterpriseProxiedDomains.proxiedDomains) + foreach ($currentProxiedDomains in $currentEnterpriseProxiedDomains.proxiedDomains) { $myProxiedDomains = @{} $myProxiedDomains.Add('IpAddressOrFQDN', $currentProxiedDomains.ipAddressOrFQDN) $myProxiedDomains.Add('Proxy', $currentProxiedDomains.proxy) - if($myProxiedDomains.values.Where({ $null -ne $_ }).count -gt 0) + if ($myProxiedDomains.values.Where({ $null -ne $_ }).count -gt 0) { $complexProxiedDomains += $myProxiedDomains } } - $myEnterpriseProxiedDomains.Add('ProxiedDomains',$complexProxiedDomains) - if($myEnterpriseProxiedDomains.values.Where({ $null -ne $_ }).count -gt 0) + $myEnterpriseProxiedDomains.Add('ProxiedDomains', $complexProxiedDomains) + if ($myEnterpriseProxiedDomains.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseProxiedDomains += $myEnterpriseProxiedDomains } } $complexEnterpriseProxyServers = @() - foreach($currentEnterpriseProxyServers in $getValue.enterpriseProxyServers) + foreach ($currentEnterpriseProxyServers in $getValue.enterpriseProxyServers) { $myEnterpriseProxyServers = @{} $myEnterpriseProxyServers.Add('DisplayName', $currentEnterpriseProxyServers.displayName) $myEnterpriseProxyServers.Add('Resources', $currentEnterpriseProxyServers.resources) - if($myEnterpriseProxyServers.values.Where({ $null -ne $_ }).count -gt 0) + if ($myEnterpriseProxyServers.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseProxyServers += $myEnterpriseProxyServers } } $complexExemptApps = @() - foreach($currentExemptApps in $getValue.exemptApps) + foreach ($currentExemptApps in $getValue.exemptApps) { $myExemptApps = @{} $myExemptApps.Add('Denied', $currentExemptApps.denied) @@ -308,26 +308,26 @@ function Get-TargetResource { $myExemptApps.Add('odataType', $currentExemptApps.AdditionalProperties.'@odata.type'.toString()) } - if($myExemptApps.values.Where({ $null -ne $_ }).count -gt 0) + if ($myExemptApps.values.Where({ $null -ne $_ }).count -gt 0) { $complexExemptApps += $myExemptApps } } $complexNeutralDomainResources = @() - foreach($currentNeutralDomainResources in $getValue.neutralDomainResources) + foreach ($currentNeutralDomainResources in $getValue.neutralDomainResources) { $myNeutralDomainResources = @{} $myNeutralDomainResources.Add('DisplayName', $currentNeutralDomainResources.displayName) $myNeutralDomainResources.Add('Resources', $currentNeutralDomainResources.resources) - if($myNeutralDomainResources.values.Where({ $null -ne $_ }).count -gt 0) + if ($myNeutralDomainResources.values.Where({ $null -ne $_ }).count -gt 0) { $complexNeutralDomainResources += $myNeutralDomainResources } } $complexProtectedApps = @() - foreach($currentProtectedApps in $getValue.protectedApps) + foreach ($currentProtectedApps in $getValue.protectedApps) { $myProtectedApps = @{} $myProtectedApps.Add('Denied', $currentProtectedApps.denied) @@ -342,24 +342,23 @@ function Get-TargetResource { $myProtectedApps.Add('odataType', $currentProtectedApps.AdditionalProperties.'@odata.type'.toString()) } - if($myProtectedApps.values.Where({ $null -ne $_ }).count -gt 0) + if ($myProtectedApps.values.Where({ $null -ne $_ }).count -gt 0) { $complexProtectedApps += $myProtectedApps } } $complexSmbAutoEncryptedFileExtensions = @() - foreach($currentSmbAutoEncryptedFileExtensions in $getValue.smbAutoEncryptedFileExtensions) + foreach ($currentSmbAutoEncryptedFileExtensions in $getValue.smbAutoEncryptedFileExtensions) { $mySmbAutoEncryptedFileExtensions = @{} $mySmbAutoEncryptedFileExtensions.Add('DisplayName', $currentSmbAutoEncryptedFileExtensions.displayName) $mySmbAutoEncryptedFileExtensions.Add('Resources', $currentSmbAutoEncryptedFileExtensions.resources) - if($mySmbAutoEncryptedFileExtensions.values.Where({ $null -ne $_ }).count -gt 0) + if ($mySmbAutoEncryptedFileExtensions.values.Where({ $null -ne $_ }).count -gt 0) { $complexSmbAutoEncryptedFileExtensions += $mySmbAutoEncryptedFileExtensions } } - #endregion #region resource generator code @@ -368,7 +367,6 @@ function Get-TargetResource { $enumEnforcementLevel = $getValue.EnforcementLevel.ToString() } - #endregion $results = @{ @@ -427,6 +425,14 @@ function Set-TargetResource param ( #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.Boolean] $AzureRightsManagementServicesAllowed, @@ -436,7 +442,7 @@ function Set-TargetResource $DataRecoveryCertificate, [Parameter()] - [ValidateSet('noProtection','encryptAndAuditOnly','encryptAuditAndPrompt','encryptAuditAndBlock')] + [ValidateSet('noProtection', 'encryptAndAuditOnly', 'encryptAuditAndPrompt', 'encryptAuditAndBlock')] [System.String] $EnforcementLevel, @@ -515,20 +521,12 @@ function Set-TargetResource [Parameter()] [System.String] $Description, - - [Parameter()] - [System.String] - $DisplayName, - - [Parameter()] - [System.String] - $Id, - #endregion - [Parameter(Mandatory = $true)] + + [Parameter(Mandatory)] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -586,16 +584,17 @@ function Set-TargetResource $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } + #region resource generator code - $policy=New-MgDeviceAppMgtMdmWindowInformationProtectionPolicy -BodyParameter $CreateParameters + $policy = New-MgDeviceAppMgtMdmWindowInformationProtectionPolicy -BodyParameter $CreateParameters #endregion } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') @@ -607,16 +606,17 @@ function Set-TargetResource $UpdateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } + #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.MdmWindowsInformationProtectionPolicy") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.MdmWindowsInformationProtectionPolicy') Update-MgDeviceAppMgtMdmWindowInformationProtectionPolicy ` -MdmWindowsInformationProtectionPolicyId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -624,7 +624,8 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Intune Windows Information Protection Policy for Windows10 Mdm Enrolled with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Removing the Intune Windows Information Protection Policy for Windows10 Mdm Enrolled with Id {$($currentInstance.Id)}" + #region resource generator code Remove-MgDeviceAppMgtMdmWindowInformationProtectionPolicy -MdmWindowsInformationProtectionPolicyId $currentInstance.Id #endregion @@ -638,6 +639,14 @@ function Test-TargetResource param ( #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.Boolean] $AzureRightsManagementServicesAllowed, @@ -647,7 +656,7 @@ function Test-TargetResource $DataRecoveryCertificate, [Parameter()] - [ValidateSet('noProtection','encryptAndAuditOnly','encryptAuditAndPrompt','encryptAuditAndBlock')] + [ValidateSet('noProtection', 'encryptAndAuditOnly', 'encryptAuditAndPrompt', 'encryptAuditAndBlock')] [System.String] $EnforcementLevel, @@ -726,21 +735,12 @@ function Test-TargetResource [Parameter()] [System.String] $Description, - - [Parameter()] - [System.String] - $DisplayName, - - [Parameter()] - [System.String] - $Id, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -807,7 +807,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -923,12 +923,13 @@ function Export-TargetResource $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results + if ( $null -ne $Results.DataRecoveryCertificate) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.DataRecoveryCertificate ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionDataRecoveryCertificate' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.DataRecoveryCertificate = $complexTypeStringResult } @@ -942,7 +943,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.EnterpriseInternalProxyServers ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionResourceCollection' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.EnterpriseInternalProxyServers = $complexTypeStringResult } @@ -955,14 +956,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'EnterpriseIPRanges' + Name = 'EnterpriseIPRanges' CimInstanceName = 'MicrosoftGraphWindowsInformationProtectionIPRangeCollection' - IsRequired = $False + IsRequired = $False } @{ - Name = 'Ranges' + Name = 'Ranges' CimInstanceName = 'MicrosoftGraphIpRange' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -970,7 +971,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionIPRangeCollection' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.EnterpriseIPRanges = $complexTypeStringResult } @@ -984,7 +985,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.EnterpriseNetworkDomainNames ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionResourceCollection' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.EnterpriseNetworkDomainNames = $complexTypeStringResult } @@ -998,7 +999,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.EnterpriseProtectedDomainNames ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionResourceCollection' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.EnterpriseProtectedDomainNames = $complexTypeStringResult } @@ -1011,14 +1012,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'EnterpriseProxiedDomains' + Name = 'EnterpriseProxiedDomains' CimInstanceName = 'MicrosoftGraphWindowsInformationProtectionProxiedDomainCollection' - IsRequired = $False + IsRequired = $False } @{ - Name = 'ProxiedDomains' + Name = 'ProxiedDomains' CimInstanceName = 'MicrosoftGraphProxiedDomain' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -1026,7 +1027,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionProxiedDomainCollection' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.EnterpriseProxiedDomains = $complexTypeStringResult } @@ -1040,7 +1041,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.EnterpriseProxyServers ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionResourceCollection' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.EnterpriseProxyServers = $complexTypeStringResult } @@ -1054,7 +1055,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.ExemptApps ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionApp' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.ExemptApps = $complexTypeStringResult } @@ -1068,7 +1069,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.NeutralDomainResources ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionResourceCollection' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.NeutralDomainResources = $complexTypeStringResult } @@ -1082,7 +1083,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.ProtectedApps ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionApp' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.ProtectedApps = $complexTypeStringResult } @@ -1096,7 +1097,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.SmbAutoEncryptedFileExtensions ` -CIMInstanceName 'MicrosoftGraphwindowsInformationProtectionResourceCollection' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.SmbAutoEncryptedFileExtensions = $complexTypeStringResult } @@ -1113,51 +1114,51 @@ function Export-TargetResource -Credential $Credential if ($Results.DataRecoveryCertificate) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DataRecoveryCertificate" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DataRecoveryCertificate' -IsCIMArray:$False } if ($Results.EnterpriseInternalProxyServers) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnterpriseInternalProxyServers" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnterpriseInternalProxyServers' -IsCIMArray:$True } if ($Results.EnterpriseIPRanges) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnterpriseIPRanges" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnterpriseIPRanges' -IsCIMArray:$True } if ($Results.EnterpriseNetworkDomainNames) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnterpriseNetworkDomainNames" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnterpriseNetworkDomainNames' -IsCIMArray:$True } if ($Results.EnterpriseProtectedDomainNames) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnterpriseProtectedDomainNames" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnterpriseProtectedDomainNames' -IsCIMArray:$True } if ($Results.EnterpriseProxiedDomains) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnterpriseProxiedDomains" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnterpriseProxiedDomains' -IsCIMArray:$True } if ($Results.EnterpriseProxyServers) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnterpriseProxyServers" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnterpriseProxyServers' -IsCIMArray:$True } if ($Results.ExemptApps) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ExemptApps" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ExemptApps' -IsCIMArray:$True } if ($Results.NeutralDomainResources) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "NeutralDomainResources" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'NeutralDomainResources' -IsCIMArray:$True } if ($Results.ProtectedApps) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ProtectedApps" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ProtectedApps' -IsCIMArray:$True } if ($Results.SmbAutoEncryptedFileExtensions) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "SmbAutoEncryptedFileExtensions" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'SmbAutoEncryptedFileExtensions' -IsCIMArray:$True } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable - $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) - $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( " ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -1179,22 +1180,24 @@ function Export-TargetResource return '' } } + function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] - param( + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] + param + ( [Parameter(Mandatory = 'true')] $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" + $keyToRename = @{ + 'odataType' = '@odata.type' } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -1204,34 +1207,34 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values - return ,$result + return , $result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like '*Hashtable') { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -1240,54 +1243,56 @@ function Rename-M365DSCCimInstanceParameter return $result #endregion } + function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] - param( + [OutputType([hashtable], [hashtable[]])] + param + ( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -1304,27 +1309,27 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' ) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -1368,7 +1373,8 @@ function Get-M365DSCDRGComplexTypeToHashtable function Get-M365DSCDRGComplexTypeToString { [CmdletBinding()] - param( + param + ( [Parameter()] $ComplexObject, @@ -1382,15 +1388,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -1398,26 +1404,26 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -1426,23 +1432,23 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -1456,37 +1462,37 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1495,17 +1501,17 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -1516,26 +1522,26 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1544,11 +1550,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1559,42 +1565,43 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } return $currentProperty } -Function Get-M365DSCDRGSimpleObjectTypeToString +function Get-M365DSCDRGSimpleObjectTypeToString { [CmdletBinding()] [OutputType([System.String])] - param( + param + ( [Parameter(Mandatory = 'true')] [System.String] $Key, @@ -1604,49 +1611,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1656,7 +1663,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1668,7 +1675,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1678,7 +1685,8 @@ function Compare-M365DSCComplexObject { [CmdletBinding()] [OutputType([System.Boolean])] - param( + param + ( [Parameter()] $Source, [Parameter()] @@ -1686,47 +1694,47 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -1736,36 +1744,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1773,16 +1781,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -1792,18 +1800,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1824,50 +1832,51 @@ function Compare-M365DSCComplexObject return $true } + function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] - param( + [OutputType([hashtable], [hashtable[]])] + param + ( [Parameter(Mandatory = 'true')] $ComplexObject ) - - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof index 92c43a6975..b597994499 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof @@ -55,6 +55,8 @@ class MSFT_MicrosoftGraphWindowsInformationProtectionApp [ClassVersion("1.0.0.0"), FriendlyName("IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled")] class MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled : OMI_BaseResource { + [Key, Description("The unique identifier for an entity. Read-only.")] String Id; + [Required, Description("Policy display name.")] String DisplayName; [Write, Description("Specifies whether to allow Azure RMS encryption for WIP")] Boolean AzureRightsManagementServicesAllowed; [Write, Description("Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent(DRA) certificate for encrypting file system(EFS)"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionDataRecoveryCertificate")] String DataRecoveryCertificate; [Write, Description("WIP enforcement level.See the Enum definition for supported values. Possible values are: noProtection, encryptAndAuditOnly, encryptAuditAndPrompt, encryptAuditAndBlock."), ValueMap{"noProtection","encryptAndAuditOnly","encryptAuditAndPrompt","encryptAuditAndBlock"}, Values{"noProtection","encryptAndAuditOnly","encryptAuditAndPrompt","encryptAuditAndBlock"}] String EnforcementLevel; @@ -77,8 +79,6 @@ class MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled : OMI_Ba [Write, Description("TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access")] String RightsManagementServicesTemplateId; [Write, Description("Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection")] String SmbAutoEncryptedFileExtensions[]; [Write, Description("The policy's description.")] String Description; - [Write, Description("Policy display name.")] String DisplayName; - [Write, Description("The unique identifier for an entity. Read-only.")] String Id; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Tests/QA/Microsoft365DSC.Resources.Tests.ps1 b/Tests/QA/Microsoft365DSC.Resources.Tests.ps1 new file mode 100644 index 0000000000..445ae5a0bf --- /dev/null +++ b/Tests/QA/Microsoft365DSC.Resources.Tests.ps1 @@ -0,0 +1,112 @@ +BeforeDiscovery { + $resourcesPath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\Modules\Microsoft365DSC\DSCResources' + $schemaFiles = Get-ChildItem -Path $resourcesPath -Filter '*.schema.mof' -Recurse | ForEach-Object { + @{ + ResourceName = $_.Directory.Name + FullName = $_.FullName + } + } +} + +Describe -Name "Check schema for resource ''" -ForEach $schemaFiles{ + BeforeAll { + function Get-MofSchemaObject + { + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $FileName + ) + + $temporaryPath = (Get-Item -Path env:TEMP).Value + + #region Workaround for OMI_BaseResource inheritance not resolving. + + $filePath = (Resolve-Path -Path $FileName).Path + $tempFilePath = Join-Path -Path $temporaryPath -ChildPath "DscMofHelper_$((New-Guid).Guid).tmp" + $rawContent = (Get-Content -Path $filePath -Raw) -replace '\s*:\s*OMI_BaseResource' + + Set-Content -LiteralPath $tempFilePath -Value $rawContent -ErrorAction 'Stop' + + # .NET methods don't like PowerShell drives + $tempFilePath = Convert-Path -Path $tempFilePath + + #endregion + + try + { + $exceptionCollection = [System.Collections.ObjectModel.Collection[System.Exception]]::new() + $moduleInfo = [System.Tuple]::Create('Module', [System.Version] '1.0.0') + + $class = [Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::ImportClasses( + $tempFilePath, $moduleInfo, $exceptionCollection + ) + } + catch + { + throw "Failed to import classes from file $FileName. Error $_" + } + finally + { + Remove-Item -LiteralPath $tempFilePath -Force + } + + foreach ($currentCimClass in $class) + { + $attributes = foreach ($property in $currentCimClass.CimClassProperties) + { + $state = switch ($property.flags) + { + { $_ -band [Microsoft.Management.Infrastructure.CimFlags]::Key } + { + 'Key' + } + { $_ -band [Microsoft.Management.Infrastructure.CimFlags]::Required } + { + 'Required' + } + { $_ -band [Microsoft.Management.Infrastructure.CimFlags]::ReadOnly } + { + 'Read' + } + default + { + 'Write' + } + } + + @{ + Name = $property.Name + State = $state + DataType = $property.CimType + ValueMap = $property.Qualifiers.Where( { $_.Name -eq 'ValueMap' }).Value + IsArray = $property.CimType -gt 16 + Description = $property.Qualifiers.Where( { $_.Name -eq 'Description' }).Value + EmbeddedInstance = $property.Qualifiers.Where( { $_.Name -eq 'EmbeddedInstance' }).Value + } + } + + @{ + ClassName = $currentCimClass.CimClassName + Attributes = $attributes + ClassVersion = $currentCimClass.CimClassQualifiers.Where( { $_.Name -eq 'ClassVersion' }).Value + FriendlyName = $currentCimClass.CimClassQualifiers.Where( { $_.Name -eq 'FriendlyName' }).Value + } + } + } + } + + It 'Schema should be read successfully' { + { Get-MofSchemaObject -FileName $FullName } | Should -Not -Throw + } + + It 'Schema should have a Key parameter' { + $schema = Get-MofSchemaObject -FileName $FullName + $attributes = ($schema | Where-Object { [String]::IsNullOrEmpty($_.FriendlyName) -eq $false }).Attributes + $keyCount = ($attributes | Where-Object { $_.State -eq 'Key' }).Count + $keyCount | Should -BeGreaterThan 1 + } +} From cd100627e447722634328943a7077167576c64de Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 6 Mar 2023 14:13:28 +0100 Subject: [PATCH 034/187] Corrected incorrect examples --- .../1-New iOS App Protection Policy.ps1 | 1 + .../1-NewIntuneDeviceConfigurationPolicyiOS.ps1 | 1 + 2 files changed, 2 insertions(+) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 index ede1cf7c67..6f9f0bfcf1 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 @@ -15,6 +15,7 @@ Configuration Example { IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' { + Id = '1352a41f-bd32-4ee3-b227-2f11b17b8614' DisplayName = 'My DSC iOS App Protection Policy' AllowedDataStorageLocations = @('sharePoint') AllowedInboundDataTransferSources = 'managedApps' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/1-NewIntuneDeviceConfigurationPolicyiOS.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/1-NewIntuneDeviceConfigurationPolicyiOS.ps1 index ad828c4486..30fd46b675 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/1-NewIntuneDeviceConfigurationPolicyiOS.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/1-NewIntuneDeviceConfigurationPolicyiOS.ps1 @@ -15,6 +15,7 @@ Configuration Example { IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' { + Id = '901c99e3-6429-4f02-851f-54b49a53f103' DisplayName = 'iOS DSC Policy' AccountBlockModification = $False ActivationLockAllowWhenSupervised = $False From 8d1ec9a7d605607e653a79139c1790b387f82569 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 6 Mar 2023 14:38:53 +0100 Subject: [PATCH 035/187] Corrected wrong Id parameter --- .../1-New iOS App Protection Policy.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 index 6f9f0bfcf1..2be60d404c 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 @@ -15,7 +15,7 @@ Configuration Example { IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' { - Id = '1352a41f-bd32-4ee3-b227-2f11b17b8614' + Identity = '1352a41f-bd32-4ee3-b227-2f11b17b8614' DisplayName = 'My DSC iOS App Protection Policy' AllowedDataStorageLocations = @('sharePoint') AllowedInboundDataTransferSources = 'managedApps' From aeba6a5facc29b98b580646e9f97caba8b8ffd6e Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 6 Mar 2023 16:04:24 +0100 Subject: [PATCH 036/187] Fixed unit tests after schema updates --- .../MSFT_AADAdministrativeUnit.psm1 | 486 +++++++++--------- ...AADEntitlementManagementAccessPackage.psm1 | 3 +- ...tlementManagementAccessPackageCatalog.psm1 | 3 +- ...anagementAccessPackageCatalogResource.psm1 | 3 +- .../MSFT_IntuneAppProtectionPolicyiOS.psm1 | 1 + ...ationPolicyAndroidDeviceAdministrator.psm1 | 3 +- ...ConfigurationPolicyAndroidDeviceOwner.psm1 | 3 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 3 +- ..._IntuneDeviceConfigurationPolicyMacOS.psm1 | 3 +- ...FT_IntuneDeviceConfigurationPolicyiOS.psm1 | 3 +- ...ationPolicyAndroidDeviceAdministrator.psm1 | 3 +- ...ionPolicyAndroidEntrepriseDeviceOwner.psm1 | 3 +- ...ionPolicyAndroidEntrepriseWorkProfile.psm1 | 3 +- ...WifiConfigurationPolicyAndroidForWork.psm1 | 3 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 3 +- ...MSFT_IntuneWifiConfigurationPolicyIOS.psm1 | 3 +- ...FT_IntuneWifiConfigurationPolicyMacOS.psm1 | 3 +- ...ntuneWifiConfigurationPolicyWindows10.psm1 | 3 +- ...nProtectionPolicyWindows10MdmEnrolled.psm1 | 1 + ...soft365DSC.AADAdministrativeUnit.Tests.ps1 | 126 ++--- ...DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 | 1 + 21 files changed, 342 insertions(+), 321 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 8d9b13c4fd..3e4e9b54ba 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -9,7 +9,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter(Mandatory=$true)] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -108,7 +108,7 @@ function Get-TargetResource { Write-Verbose -Message "Could not find an Azure AD Administrative Unit with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDirectoryAdministrativeUnit -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop } @@ -150,14 +150,14 @@ function Get-TargetResource $results.Add('MembershipRuleProcessingState', $getValue.AdditionalProperties.MembershipRuleProcessingState) } - write-verbose "AU {$DisplayName} MembershipType {$($results.MembershipType)}" + Write-Verbose -Message "AU {$DisplayName} MembershipType {$($results.MembershipType)}" if ($results.MembershipType -ne 'Dynamic') { - write-verbose "AU {$DisplayName} get Members" + Write-Verbose -Message "AU {$DisplayName} get Members" [array]$auMembers = Get-MgDirectoryAdministrativeUnitMember -AdministrativeUnitId $getValue.Id -All if ($auMembers.Count -gt 0) { - write-verbose "AU {$DisplayName} process $($auMembers.Count) members" + Write-Verbose -Message "AU {$DisplayName} process $($auMembers.Count) members" $memberSpec = @() foreach ($auMember in $auMembers) { @@ -178,61 +178,61 @@ function Get-TargetResource $member.Add('Identity', $memberObject.DisplayName) $member.Add('Type', 'Device') } - write-verbose "AU {$DisplayName} member found: Type '$($member.Type)' identity '$($member.Identity)'" + Write-Verbose -Message "AU {$DisplayName} member found: Type '$($member.Type)' identity '$($member.Identity)'" $memberSpec += $member } - write-verbose "AU {$DisplayName} add Members to results" + Write-Verbose -Message "AU {$DisplayName} add Members to results" $results.Add('Members', $memberSpec) } } - write-verbose "AU {$DisplayName} get Scoped Role Members" - $ErrorActionPreference = "Stop" + Write-Verbose -Message "AU {$DisplayName} get Scoped Role Members" + $ErrorActionPreference = 'Stop' [array]$auScopedRoleMembers = Get-MgDirectoryAdministrativeUnitScopedRoleMember -AdministrativeUnitId $getValue.Id -All if ($auScopedRoleMembers.Count -gt 0) { - write-verbose "AU {$DisplayName} process $($auScopedRoleMembers.Count) scoped role members" + Write-Verbose -Message "AU {$DisplayName} process $($auScopedRoleMembers.Count) scoped role members" $scopedRoleMemberSpec = @() foreach ($auScopedRoleMember in $auScopedRoleMembers) { - write-verbose "AU {$DisplayName} verify RoleId {$($auScopedRoleMember.RoleId)}" + Write-Verbose -Message "AU {$DisplayName} verify RoleId {$($auScopedRoleMember.RoleId)}" $roleObject = Get-MgDirectoryRole -DirectoryRoleId $auScopedRoleMember.RoleId -ErrorAction Stop - write-verbose "Found DirectoryRole '$($roleObject.DisplayName)' with id $($roleObject.Id)" + Write-Verbose -Message "Found DirectoryRole '$($roleObject.DisplayName)' with id $($roleObject.Id)" $scopedRoleMember = [ordered]@{ - RoleName = $roleObject.DisplayName - RoleMemberInfo = @{ - Type = $null - Identity = $null - } - } - write-verbose "AU {$DisplayName} verify RoleMemberInfo.Id {$($auScopedRoleMember.RoleMemberInfo.Id)}" + RoleName = $roleObject.DisplayName + RoleMemberInfo = @{ + Type = $null + Identity = $null + } + } + Write-Verbose -Message "AU {$DisplayName} verify RoleMemberInfo.Id {$($auScopedRoleMember.RoleMemberInfo.Id)}" $memberObject = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)" - write-verbose "AU {$DisplayName} @odata.Type={$($memberObject.'@odata.type')}" + Write-Verbose -Message "AU {$DisplayName} @odata.Type={$($memberObject.'@odata.type')}" if (($memberObject.'@odata.type') -match 'user') { - write-verbose "AU {$DisplayName} UPN = {$($memberObject.UserPrincipalName)}" + Write-Verbose -Message "AU {$DisplayName} UPN = {$($memberObject.UserPrincipalName)}" $scopedRoleMember.RoleMemberInfo.Identity = $memberObject.UserPrincipalName - $scopedRoleMember.RoleMemberInfo.Type = 'User' + $scopedRoleMember.RoleMemberInfo.Type = 'User' } elseif (($memberObject.'@odata.type') -match 'group') { - write-verbose "AU {$DisplayName} Group = {$($memberObject.DisplayName)}" + Write-Verbose -Message "AU {$DisplayName} Group = {$($memberObject.DisplayName)}" $scopedRoleMember.RoleMemberInfo.Identity = $memberObject.DisplayName - $scopedRoleMember.RoleMemberInfo.Type = 'Group' + $scopedRoleMember.RoleMemberInfo.Type = 'Group' } else { - write-verbose "AU {$DisplayName} SPN = {$($memberObject.DisplayName)}" + Write-Verbose -Message "AU {$DisplayName} SPN = {$($memberObject.DisplayName)}" $scopedRoleMember.RoleMemberInfo.Identity = $memberObject.DisplayName - $scopedRoleMember.RoleMemberInfo.Type = 'ServicePrincipal' + $scopedRoleMember.RoleMemberInfo.Type = 'ServicePrincipal' } - write-verbose "AU {$DisplayName} scoped role member: RoleName '$($scopedRoleMember.RoleName)' Type '$($scopedRoleMember.RoleMemberInfo.Type)' Identity '$($scopedRoleMember.RoleMemberInfo.Identity)'" + Write-Verbose -Message "AU {$DisplayName} scoped role member: RoleName '$($scopedRoleMember.RoleName)' Type '$($scopedRoleMember.RoleMemberInfo.Type)' Identity '$($scopedRoleMember.RoleMemberInfo.Identity)'" $scopedRoleMemberSpec += $scopedRoleMember } - write-verbose "AU {$DisplayName} add $($scopedRoleMemberSpec.Count) ScopedRoleMembers to results" + Write-Verbose -Message "AU {$DisplayName} add $($scopedRoleMemberSpec.Count) ScopedRoleMembers to results" $results.Add('ScopedRoleMembers', $scopedRoleMemberSpec) } - write-verbose "AU {$DisplayName} return results" + Write-Verbose -Message "AU {$DisplayName} return results" return [System.Collections.Hashtable] $results } catch @@ -257,7 +257,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter(Mandatory=$true)] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -359,28 +359,28 @@ function Set-TargetResource $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } $memberSpecification = $null if ($CreateParameters.MembershipType -ne 'Dynamic' -and $CreateParameters.Members.Count -gt 0) { $memberSpecification = @() - write-verbose "AU {$DisplayName} process $($CreateParameters.Members.Count) Members" + Write-Verbose -Message "AU {$DisplayName} process $($CreateParameters.Members.Count) Members" foreach ($member in $CreateParameters.Members) { - write-verbose "AU {$DisplayName} member Type '$($member.Type)' Identity '$($member.Identity)'" + Write-Verbose -Message "AU {$DisplayName} member Type '$($member.Type)' Identity '$($member.Identity)'" if ($member.Type -eq 'User') { $memberIdentity = Get-MgUser -Filter "UserPrincipalName eq '$($member.Identity)'" -ErrorAction Stop if ($memberIdentity) { - $memberSpecification += [pscustomobject]@{Type="$($member.Type)s";Id = $memberIdentity.Id } + $memberSpecification += [pscustomobject]@{Type = "$($member.Type)s"; Id = $memberIdentity.Id } } else { @@ -396,7 +396,7 @@ function Set-TargetResource { throw "AU {$($DisplayName)}: Group displayname {$($member.Identity)} is not unique" } - $memberSpecification += [pscustomobject]@{Type="$($member.Type)s";Id = $memberIdentity.Id } + $memberSpecification += [pscustomobject]@{Type = "$($member.Type)s"; Id = $memberIdentity.Id } } else { @@ -412,7 +412,7 @@ function Set-TargetResource { throw "AU {$($DisplayName)}: Device displayname {$($member.Identity)} is not unique" } - $memberSpecification += [pscustomobject]@{Type="$($member.Type)s";Id = $memberIdentity.Id } + $memberSpecification += [pscustomobject]@{Type = "$($member.Type)s"; Id = $memberIdentity.Id } } else { @@ -431,21 +431,23 @@ function Set-TargetResource # Resolve ScopedRoleMembers Type/Identity to user, group or service principal if ($CreateParameters.ScopedRoleMembers) { - write-verbose "AU {$DisplayName} process $($CreateParameters.ScopedRoleMembers.Count) ScopedRoleMembers" + Write-Verbose -Message "AU {$DisplayName} process $($CreateParameters.ScopedRoleMembers.Count) ScopedRoleMembers" $scopedRoleMemberSpecification = @() foreach ($roleMember in $CreateParameters.ScopedRoleMembers) { - write-verbose "AU {$DisplayName} member: role '$($roleMember.RoleName)' type '$($roleMember.Type)' identity $($roleMember.Identity)" - try { + Write-Verbose -Message "AU {$DisplayName} member: role '$($roleMember.RoleName)' type '$($roleMember.Type)' identity $($roleMember.Identity)" + try + { $roleObject = Get-MgDirectoryRole -Filter "DisplayName eq '$($roleMember.RoleName)'" -ErrorAction stop - write-verbose "AU {$DisplayName} role is enabled" + Write-Verbose -Message "AU {$DisplayName} role is enabled" } - catch { - write-verbose -Message "Azure AD role {$($rolemember.RoleName)} is not enabled" - $roleTemplate = Get-MgdirectoryRoleTemplate -Filter "DisplayName eq '$($roleMember.RoleName)'" -ErrorAction Stop + catch + { + Write-Verbose -Message "Azure AD role {$($rolemember.RoleName)} is not enabled" + $roleTemplate = Get-MgDirectoryRoleTemplate -Filter "DisplayName eq '$($roleMember.RoleName)'" -ErrorAction Stop if ($null -ne $roleTemplate) { - write-verbose -Message "Enable Azure AD role {$($rolemember.RoleName)} with id {$($roleTemplate.Id)}" + Write-Verbose -Message "Enable Azure AD role {$($rolemember.RoleName)} with id {$($roleTemplate.Id)}" $roleObject = New-MgDirectoryRole -RoleTemplateId $roleTemplate.Id -ErrorAction Stop } } @@ -503,7 +505,7 @@ function Set-TargetResource Write-Verbose -Message "Creating an Azure AD Administrative Unit with DisplayName {$DisplayName}" #region resource generator code - $policy=New-MgDirectoryAdministrativeUnit -BodyParameter $CreateParameters + $policy = New-MgDirectoryAdministrativeUnit -BodyParameter $CreateParameters if ($MembershipType -ne 'Dynamic') { @@ -534,10 +536,10 @@ function Set-TargetResource $UpdateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } @@ -559,12 +561,12 @@ function Set-TargetResource $currentMembers = @() foreach ($member in $backCurrentMembers) { - $currentMembers += [pscustomobject]@{Type=$member.Type; Identity = $member.Identity} + $currentMembers += [pscustomobject]@{Type = $member.Type; Identity = $member.Identity } } $desiredMembers = @() foreach ($member in $requestedMembers) { - $desiredMembers += [pscustomobject]@{Type=$member.Type; Identity = $member.Identity} + $desiredMembers += [pscustomobject]@{Type = $member.Type; Identity = $member.Identity } } $membersDiff = Compare-Object -ReferenceObject $currentMembers -DifferenceObject $desiredMembers -Property Identity, Type foreach ($diff in $membersDiff) @@ -599,7 +601,7 @@ function Set-TargetResource } if ($diff.SideIndicator -eq '=>') { - Write-Verbose "AdministrativeUnit {$DisplayName} Adding member {$($diff.Identity)}, type {$($diff.Type)}" + Write-Verbose -Message "AdministrativeUnit {$DisplayName} Adding member {$($diff.Identity)}, type {$($diff.Type)}" $memberBodyParam = @{ '@odata.id' = "https://graph.microsoft.com/v1.0/$memberType/$($memberObject.Id)" @@ -608,7 +610,7 @@ function Set-TargetResource } else { - Write-Verbose "Administrative Unit {$DisplayName} Removing member {$($diff.Identity)}, type {$($diff.Type)}" + Write-Verbose -Message "Administrative Unit {$DisplayName} Removing member {$($diff.Identity)}, type {$($diff.Type)}" Remove-MgDirectoryAdministrativeUnitMemberByRef -AdministrativeUnitId ($currentInstance.Id) -DirectoryObjectId ($memberObject.Id) | Out-Null } } @@ -650,11 +652,11 @@ function Set-TargetResource Type = $roleMember.RoleMemberInfo.Type } } - write-verbose "AU {$DisplayName} Update ScopedRoleMembers: Current members: $($compareCurrentScopedRoleMembersValue.Identity -join ', ')" - write-verbose " Desired members: $($compareDesiredScopedRoleMembersValue.Identity -join ', ')" + Write-Verbose -Message "AU {$DisplayName} Update ScopedRoleMembers: Current members: $($compareCurrentScopedRoleMembersValue.Identity -join ', ')" + Write-Verbose -Message " Desired members: $($compareDesiredScopedRoleMembersValue.Identity -join ', ')" $scopedRoleMembersDiff = Compare-Object -ReferenceObject $compareCurrentScopedRoleMembersValue -DifferenceObject $compareDesiredScopedRoleMembersValue -Property RoleName, Identity, Type - # $scopedRoleMembersDiff = Compare-Object -ReferenceObject $CurrentScopedRoleMembersValue -DifferenceObject $DesiredScopedRoleMembersValue -Property RoleName, Identity, Type - write-verbose " # compare results : $($scopedRoleMembersDiff.Count -gt 0)" + # $scopedRoleMembersDiff = Compare-Object -ReferenceObject $CurrentScopedRoleMembersValue -DifferenceObject $DesiredScopedRoleMembersValue -Property RoleName, Identity, Type + Write-Verbose -Message " # compare results : $($scopedRoleMembersDiff.Count -gt 0)" foreach ($diff in $scopedRoleMembersDiff) { @@ -681,7 +683,7 @@ function Set-TargetResource } else { - write-verbose "Compare ScopedRoleMembers - skip processing blank RoleName" + Write-Verbose -Message 'Compare ScopedRoleMembers - skip processing blank RoleName' continue # don't process, } } @@ -746,7 +748,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter(Mandatory=$true)] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] @@ -853,7 +855,7 @@ function Test-TargetResource { Write-Verbose -Message "Difference found for $key" $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -980,13 +982,13 @@ function Export-TargetResource if ($null -ne $Results.ScopedRoleMembers) { $complexMapping = @( - @{ - Name = 'RoleMemberInfo' - CimInstanceName = 'MicrosoftGraphIdentity' - } + @{ + Name = 'RoleMemberInfo' + CimInstanceName = 'MicrosoftGraphIdentity' + } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.ScopedRoleMembers) ` - -CIMInstanceName MicrosoftGraphScopedRoleMembership -ComplexTypeMapping $complexMapping + -CIMInstanceName MicrosoftGraphScopedRoleMembership -ComplexTypeMapping $complexMapping $Results.ScopedRoleMembers = $complexTypeStringResult @@ -998,7 +1000,7 @@ function Export-TargetResource if ($null -ne $Results.Members) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.Members) ` - -CIMInstanceName MicrosoftGraphIdentity + -CIMInstanceName MicrosoftGraphIdentity $Results.Members = $complexTypeStringResult if ([String]::IsNullOrEmpty($complexTypeStringResult)) @@ -1018,11 +1020,11 @@ function Export-TargetResource if ($null -ne $Results.ScopedRoleMembers) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "ScopedRoleMembers" -isCIMArray $true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'ScopedRoleMembers' -IsCIMArray $true } if ($null -ne $Results.Members) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Members" -isCIMArray $true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Members' -IsCIMArray $true } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -1034,7 +1036,7 @@ function Export-TargetResource } catch { - write-verbose "Exception: $($_.Exception.Message)" + Write-Verbose -Message "Exception: $($_.Exception.Message)" Write-Host $Global:M365DSCEmojiRedX @@ -1050,19 +1052,19 @@ function Export-TargetResource function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" + $keyToRename = @{ + 'odataType' = '@odata.type' } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -1072,34 +1074,34 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values - return ,$result + return , $result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like '*Hashtable') { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -1111,51 +1113,51 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -1172,27 +1174,27 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' ) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -1250,15 +1252,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -1266,55 +1268,55 @@ function Get-M365DSCDRGComplexTypeToString return $null } - write-verbose "Get-M365DSCDRGComplexTypeToString $CIMInstanceName isArray=$isArray" + Write-Verbose -Message "Get-M365DSCDRGComplexTypeToString $CIMInstanceName isArray=$isArray" - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat } - write-verbose "return array currentProperty on next line:`r`n $($currentProperty -join "`r`n")" + Write-Verbose -Message "return array currentProperty on next line:`r`n $($currentProperty -join "`r`n")" # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -1325,42 +1327,42 @@ function Get-M365DSCDRGComplexTypeToString foreach ($key in $ComplexObject.Keys) { - write-verbose "ComplexObject key=$key" + Write-Verbose -Message "ComplexObject key=$key" if ($null -ne $ComplexObject.$key) { - write-verbose "`tnot null" + Write-Verbose -Message "`tnot null" $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1369,9 +1371,9 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $currentProperty += Get-M365DSCDRGComplexTypeToString ` -ComplexObject $item ` @@ -1385,21 +1387,21 @@ function Get-M365DSCDRGComplexTypeToString else { $currentProperty += Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1408,11 +1410,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1423,28 +1425,28 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - write-verbose "return item currentProperty on next line:`r`n$currentProperty" + Write-Verbose -Message "return item currentProperty on next line:`r`n$currentProperty" return $currentProperty } @@ -1462,50 +1464,50 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - write-verbose "Get-M365DSCDRGSimpleObjectTypeToString key='$Key', value='$Value'. Type=$($value.gettype().fullname)" - $returnValue="" + Write-Verbose -Message "Get-M365DSCDRGSimpleObjectTypeToString key='$Key', value='$Value'. Type=$($value.gettype().fullname)" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } foreach ($item in $Value) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1515,7 +1517,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1527,10 +1529,10 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } - write-verbose "return '$returnValue'" + Write-Verbose -Message "return '$returnValue'" return $returnValue } @@ -1546,87 +1548,87 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem if ($compareResult) { - write-verbose "Compare-M365DSCComplexObject: Diff found" + Write-Verbose -Message 'Compare-M365DSCComplexObject: Diff found' break } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1634,16 +1636,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -1653,18 +1655,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1688,47 +1690,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 index e33d5725ce..fba64fda86 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 @@ -897,7 +897,8 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 index cad9bb174b..765ef5c2a8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 @@ -464,7 +464,8 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 index 6b6f299fd4..f56aff76b8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 @@ -685,7 +685,8 @@ function Export-TargetResource Write-Host " |---[$j/$($resources.Count)] $($resource.DisplayName)" -NoNewline $params = @{ - id = $resource.id + Id = $resource.id + DisplayName = $resource.displayName CatalogId = $catalogId Ensure = 'Present' Credential = $Credential diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 index a606c978a6..149dbff210 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 @@ -1163,6 +1163,7 @@ function Export-TargetResource Write-Host " |---[$i/$($policies.Count)] $($policy.displayName)" -NoNewline $params = @{ Identity = $policy.id + DisplayName = $policy.DisplayName Ensure = 'Present' Credential = $Credential ApplicationID = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 index 502c15914e..8bd5000c45 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -1237,7 +1237,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 index 44404997f0..154f2d0b8f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 @@ -2361,7 +2361,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.displayName)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 index 209226ee9b..2ae8ed21ff 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -737,7 +737,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index e023c8e050..b2207e4c51 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -1335,7 +1335,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 index 75be35b100..83d2ba5fad 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 @@ -2984,7 +2984,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.displayName)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 index e0ee717fe5..7143dd488a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -626,7 +626,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 index fc217699b5..71e7a84345 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 @@ -713,7 +713,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 index 84b89ce8aa..747392f233 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 @@ -619,7 +619,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 index 77876499d3..c9c830ec39 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 @@ -619,7 +619,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 index c30fd46d3b..2b64a5ec29 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -645,7 +645,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 index c13bd4ee62..52f4776961 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 @@ -701,7 +701,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 index 5fe7e7adae..1bf5416850 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 @@ -687,7 +687,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 index 6ac20a5928..8bfa808b8e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 @@ -729,7 +729,8 @@ function Export-TargetResource { Write-Host " |---[$i/$($getValue.Count)] $($config.id)" -NoNewline $params = @{ - id = $config.id + Id = $config.id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 index 5071d9e1b0..3e58a03d1f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 @@ -911,6 +911,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 index 3700d9ed30..a1e94681f2 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 @@ -84,7 +84,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Id = 'FakeStringValue1' Members = @( (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ - Type = 'User' + Type = 'User' Identity = 'john.smith@contoso.com' } -ClientOnly) ) @@ -129,7 +129,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Id = 'FakeStringValue2' Members = @( (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ - Type = 'User' + Type = 'User' Identity = 'john.smith@contoso.com' } -ClientOnly) ) @@ -168,10 +168,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'The AU Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = 'DSCAU' - DisplayName = 'DSCAU' - Id = 'DSCAU' - Members = @( + Description = 'DSCAU' + DisplayName = 'DSCAU' + Id = 'DSCAU' + Members = @( (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ Identity = 'John.Doe@mytenant.com' Type = 'User' @@ -179,7 +179,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) ScopedRoleMembers = @( (New-CimInstance -ClassName MSFT_MicrosoftGraphScopedRoleMembership -Property @{ - RoleName = 'User Administrator' + RoleName = 'User Administrator' RoleMemberInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ Identity = 'John.Doe@mytenant.com' Type = 'User' @@ -188,10 +188,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { #Type = 'User' } -ClientOnly) ) - Visibility = 'Public' - MembershipType = 'Assigned' + Visibility = 'Public' + MembershipType = 'Assigned' # MembershipRule and -ProcessingState params are only used when MembershipType is Dynamic - MembershipRule = 'Canada' + MembershipRule = 'Canada' MembershipRuleProcessingState = 'On' Ensure = 'Present' Credential = $Credential @@ -201,10 +201,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDirectoryAdministrativeUnit -MockWith { return @{ - Description = 'DSCAU' - DisplayName = 'DSCAU' - Id = 'DSCAU' - Visibility = 'Public' + Description = 'DSCAU' + DisplayName = 'DSCAU' + Id = 'DSCAU' + Visibility = 'Public' AdditionalProperties = @{ membershipType = 'Assigned' membershipRule = 'Canada' @@ -224,18 +224,18 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDirectoryAdministrativeUnitMember -MockWith { return @(@{ - Id = '1234567890' - }) + Id = '1234567890' + }) } Mock -CommandName Get-MgDirectoryAdministrativeUnitScopedRoleMember -MockWith { return @(@{ - RoleId = '12345-67890' - RoleMemberInfo = @{ - DisplayName = 'John Doe' - Id = '1234567890' - } - }) + RoleId = '12345-67890' + RoleMemberInfo = @{ + DisplayName = 'John Doe' + Id = '1234567890' + } + }) } Mock -CommandName Get-MgDirectoryRole -MockWith { @@ -272,9 +272,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { (New-CimInstance -ClassName MSFT_MicrosoftGraphScopedRoleMembership -Property @{ RoleName = 'User Administrator' RoleMemberInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ - Identity = 'John.Doe@mytenant.com' - Type = 'User' - } -ClientOnly) + Identity = 'John.Doe@mytenant.com' + Type = 'User' + } -ClientOnly) #Identity = 'John.Doe@mytenant.com' #Type = 'User' } -ClientOnly) @@ -287,10 +287,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDirectoryAdministrativeUnit -MockWith { return [pscustomobject]@{ - Description = 'DSCAU2' - DisplayName = 'DSCAU2' - Id = 'DSCAU2' - Visibility = 'Public' + Description = 'DSCAU2' + DisplayName = 'DSCAU2' + Id = 'DSCAU2' + Visibility = 'Public' } } @@ -363,9 +363,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { (New-CimInstance -ClassName MSFT_MicrosoftGraphScopedRoleMembership -Property @{ RoleName = 'User Administrator' RoleMemberInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ - Identity = 'John.Doe@mytenant.com' - Type = 'User' - } -ClientOnly) + Identity = 'John.Doe@mytenant.com' + Type = 'User' + } -ClientOnly) #Identity = 'John.Doe@mytenant.com' #Type = 'User' } -ClientOnly) @@ -377,10 +377,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDirectoryAdministrativeUnit -MockWith { return [pscustomobject]@{ - Description = 'DSCAU' - DisplayName = 'DSCAU' - Id = 'DSCAU' - Visibility = 'Public' + Description = 'DSCAU' + DisplayName = 'DSCAU' + Id = 'DSCAU' + Visibility = 'Public' } } @@ -441,10 +441,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDirectoryAdministrativeUnit -MockWith { return @{ - Description = 'ExportDSCAU' - DisplayName = 'ExportDSCAU' - Id = 'ExportDSCAU' - Visibility = 'Public' + Description = 'ExportDSCAU' + DisplayName = 'ExportDSCAU' + Id = 'ExportDSCAU' + Visibility = 'Public' } } @@ -464,22 +464,22 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDirectoryAdministrativeUnitScopedRoleMember -MockWith { return @([pscustomobject]@{ - RoleId = '12345-67890' - RoleMemberInfo = @{ - DisplayName = 'John Doe' - Id = '1234567890' - } - }, - [pscustomobject]@{ - RoleId = '09876-54321' - RoleMemberInfo = @{ - DisplayName = 'FakeRoleGroup' - Id = '0987654321' - } - }) - } - - Mock -CommandName Invoke-MgGraphRequest -ParameterFilter {$Uri -match '1234567890$'} -MockWith { + RoleId = '12345-67890' + RoleMemberInfo = @{ + DisplayName = 'John Doe' + Id = '1234567890' + } + }, + [pscustomobject]@{ + RoleId = '09876-54321' + RoleMemberInfo = @{ + DisplayName = 'FakeRoleGroup' + Id = '0987654321' + } + }) + } + + Mock -CommandName Invoke-MgGraphRequest -ParameterFilter { $Uri -match '1234567890$' } -MockWith { return [pscustomobject]@{ '@odata.type' = '#microsoft.graph.user' DisplayName = 'John Doe' @@ -488,22 +488,22 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Mock -CommandName Invoke-MgGraphRequest -ParameterFilter {$Uri -match '0987654321$'} -MockWith { + Mock -CommandName Invoke-MgGraphRequest -ParameterFilter { $Uri -match '0987654321$' } -MockWith { return [pscustomobject]@{ - '@odata.type' = '#microsoft.graph.group' - DisplayName = 'FakeRoleGroup' - Id = '0987654321' + '@odata.type' = '#microsoft.graph.group' + DisplayName = 'FakeRoleGroup' + Id = '0987654321' } } - Mock -CommandName Get-MgDirectoryRole -ParameterFilter {$DirectoryRoleId -eq '12345-67890'} -MockWith { + Mock -CommandName Get-MgDirectoryRole -ParameterFilter { $DirectoryRoleId -eq '12345-67890' } -MockWith { return [pscustomobject]@{ Id = '12345-67890' DisplayName = 'DSC User Administrator' } } - Mock -CommandName Get-MgDirectoryRole -ParameterFilter {$DirectoryRoleId -eq '09876-54321'} -MockWith { + Mock -CommandName Get-MgDirectoryRole -ParameterFilter { $DirectoryRoleId -eq '09876-54321' } -MockWith { return [pscustomobject]@{ Id = '09876-54321' DisplayName = 'DSC Groups Administrator' @@ -511,7 +511,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } It 'Should Reverse Engineer resource from the Export method' { - $result = Export-TargetResource @testParams -Verbose + $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 index 924dc63ba3..0f7f672c1b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 @@ -96,6 +96,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { PrintBlocked = $False SaveAsBlocked = $True SimplePinBlocked = $False + Identity = '12345-12345-12345-12345-12345' } Mock -CommandName Get-MgDeviceAppManagementiosManagedAppProtection -MockWith { return $null From 31f4e12cb2d71dc90d5cf17e2c9c8abb9482d4e6 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 6 Mar 2023 16:49:42 +0100 Subject: [PATCH 037/187] Updated changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 88aec801ca..3dd4987936 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,10 @@ * Cleanup generated code * Fix AdditionalProperties complex constructor * Fix Read privileges in settings file +* MISC + * Added a QA check to test for the presence of a Key parameter and fixes + resources where this was not the case. + FIXES [#2925](https://github.com/microsoft/Microsoft365DSC/issues/2925) # 1.23.322.1 From 9becebefc76589aa134915121ab4659ae44779a2 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Fri, 17 Mar 2023 20:39:23 +0100 Subject: [PATCH 038/187] Updating more resources --- ...nagementAccessPackageAssignmentPolicy.psm1 | 6 +- ...ntAccessPackageAssignmentPolicy.schema.mof | 2 +- ...lementManagementConnectedOrganization.psm1 | 502 +++++++++--------- ...ManagementConnectedOrganization.schema.mof | 2 +- .../MSFT_AADRoleSetting.psm1 | 6 +- .../MSFT_AADRoleSetting.schema.mof | 2 +- .../MSFT_IntuneASRRulesPolicyWindows10.psm1 | 6 +- ...T_IntuneASRRulesPolicyWindows10.schema.mof | Bin 16440 -> 16446 bytes ...ntivirusPolicyWindows10SettingCatalog.psm1 | 6 +- ...usPolicyWindows10SettingCatalog.schema.mof | Bin 32594 -> 32600 bytes ...tionRulesPolicyWindows10ConfigManager.psm1 | 6 +- ...lesPolicyWindows10ConfigManager.schema.mof | Bin 16102 -> 16108 bytes ...otectionPolicyWindows10SettingCatalog.psm1 | 6 +- ...onPolicyWindows10SettingCatalog.schema.mof | Bin 6736 -> 6850 bytes ...SettingCatalogASRRulesPolicyWindows10.psm1 | 6 +- ...gCatalogASRRulesPolicyWindows10.schema.mof | Bin 15922 -> 16144 bytes ...ForBusinessRingUpdateProfileWindows10.psm1 | 6 +- ...inessRingUpdateProfileWindows10.schema.mof | 4 +- ...BusinessFeatureUpdateProfileWindows10.psm1 | 6 +- ...ssFeatureUpdateProfileWindows10.schema.mof | 4 +- 20 files changed, 285 insertions(+), 285 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 index 73efcbbf18..1cb0179505 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 @@ -24,7 +24,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -331,7 +331,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -500,7 +500,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof index 8941a2ad16..e4aecf5d08 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof @@ -124,7 +124,7 @@ class MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy : OMI_BaseResou [Write, Description("Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews are not required."), EmbeddedInstance("MSFT_MicrosoftGraphassignmentreviewsettings")] String AccessReviewSettings; [Write, Description("Indicates whether a user can extend the access package assignment duration after approval.")] Boolean CanExtend; [Write, Description("The description of the policy.")] String Description; - [Write, Description("The display name of the policy.")] String DisplayName; + [Required, Description("The display name of the policy.")] String DisplayName; [Write, Description("The number of days in which assignments from this policy last until they are expired.")] UInt32 DurationInDays; [Write, Description("The expiration date for assignments created in this policy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z")] String ExpirationDateTime; [Write, Description("Questions that are posed to the requestor."), EmbeddedInstance("MSFT_MicrosoftGraphaccesspackagequestion")] String Questions[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 index 1a57243f01..6abfe87c47 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 @@ -12,7 +12,7 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -21,7 +21,7 @@ function Get-TargetResource $IdentitySources, [Parameter()] - [ValidateSet('configured','proposed','unknownFutureValue')] + [ValidateSet('configured', 'proposed', 'unknownFutureValue')] [System.String] $State, @@ -94,7 +94,7 @@ function Get-TargetResource { Write-Verbose -Message "Entitlement Management Connected Organization with id {$id} was not found." - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgEntitlementManagementConnectedOrganization ` -Filter "displayName eq '$DisplayName'" ` @@ -109,67 +109,67 @@ function Get-TargetResource } Write-Verbose -Message "Entitlement Management Connected Organization with id {$($getValue.id)} and displayName {$($getValue.DisplayName)} was found." - [Array]$getExternalSponsors=Get-MgEntitlementManagementConnectedOrganizationExternalSponsor -ConnectedOrganizationId $getValue.id + [Array]$getExternalSponsors = Get-MgEntitlementManagementConnectedOrganizationExternalSponsor -ConnectedOrganizationId $getValue.id if ($null -ne $getExternalSponsors -and $getExternalSponsors.count -gt 0) { - $sponsors=@() - foreach($sponsor in $getExternalSponsors) + $sponsors = @() + foreach ($sponsor in $getExternalSponsors) { - $sponsors+= $sponsor.id + $sponsors += $sponsor.id } - $getExternalSponsors=$sponsors + $getExternalSponsors = $sponsors } - [Array]$getInternalSponsors=Get-MgEntitlementManagementConnectedOrganizationInternalSponsor -ConnectedOrganizationId $getValue.id + [Array]$getInternalSponsors = Get-MgEntitlementManagementConnectedOrganizationInternalSponsor -ConnectedOrganizationId $getValue.id if ($null -ne $getInternalSponsors -and $getInternalSponsors.count -gt 0) { - $sponsors=@() - foreach($sponsor in $getInternalSponsors) + $sponsors = @() + foreach ($sponsor in $getInternalSponsors) { - $sponsors+= $sponsor.id + $sponsors += $sponsor.id } - $getInternalSponsors=$sponsors + $getInternalSponsors = $sponsors } - $getIdentitySources=$null + $getIdentitySources = $null if ($null -ne $getValue.IdentitySources) { - $sources=@() + $sources = @() foreach ($source in $getValue.IdentitySources) { - $formattedSource=@{ - odataType = $source.AdditionalProperties."@odata.type" + $formattedSource = @{ + odataType = $source.AdditionalProperties.'@odata.type' } - if(-not [String]::IsNullOrEmpty($source.AdditionalProperties.displayName)) + if (-not [String]::IsNullOrEmpty($source.AdditionalProperties.displayName)) { - $formattedSource.Add('DisplayName',$source.AdditionalProperties.displayName) + $formattedSource.Add('DisplayName', $source.AdditionalProperties.displayName) } - if(-not [String]::IsNullOrEmpty($source.AdditionalProperties.tenantId)) + if (-not [String]::IsNullOrEmpty($source.AdditionalProperties.tenantId)) { - $formattedSource.Add('ExternalTenantId',$source.AdditionalProperties.tenantId) + $formattedSource.Add('ExternalTenantId', $source.AdditionalProperties.tenantId) } - if(-not [String]::IsNullOrEmpty($source.AdditionalProperties.cloudInstance)) + if (-not [String]::IsNullOrEmpty($source.AdditionalProperties.cloudInstance)) { - $formattedSource.Add('CloudInstance',$source.AdditionalProperties.cloudInstance) + $formattedSource.Add('CloudInstance', $source.AdditionalProperties.cloudInstance) } - if(-not [String]::IsNullOrEmpty($source.AdditionalProperties.domainName)) + if (-not [String]::IsNullOrEmpty($source.AdditionalProperties.domainName)) { - $formattedSource.Add('DomainName',$source.AdditionalProperties.domainName) + $formattedSource.Add('DomainName', $source.AdditionalProperties.domainName) } - if(-not [String]::IsNullOrEmpty($source.AdditionalProperties.issuerUri)) + if (-not [String]::IsNullOrEmpty($source.AdditionalProperties.issuerUri)) { - $formattedSource.Add('IssuerUri',$source.AdditionalProperties.issuerUri) + $formattedSource.Add('IssuerUri', $source.AdditionalProperties.issuerUri) } - $sources+=$formattedSource + $sources += $formattedSource } - $getIdentitySources=$sources + $getIdentitySources = $sources } @@ -217,7 +217,7 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -226,7 +226,7 @@ function Set-TargetResource $IdentitySources, [Parameter()] - [ValidateSet('configured','proposed','unknownFutureValue')] + [ValidateSet('configured', 'proposed', 'unknownFutureValue')] [System.String] $State, @@ -304,24 +304,24 @@ function Set-TargetResource $CreateParameters.Remove('InternalSponsors') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } - $newConnectedOrganization=New-MgEntitlementManagementConnectedOrganization -BodyParameter $CreateParameters + $newConnectedOrganization = New-MgEntitlementManagementConnectedOrganization -BodyParameter $CreateParameters foreach ($sponsor in $ExternalSponsors) { - $directoryObject=Get-MgDirectoryObject -DirectoryObjectId $sponsor - $directoryObjectType=$directoryObject.AdditionalProperties."@odata.type" - $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1 - $directoryObjectRef=@{ - "@odata.id" = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" + $directoryObject = Get-MgDirectoryObject -DirectoryObjectId $sponsor + $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' + $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 + $directoryObjectRef = @{ + '@odata.id' = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" } New-MgEntitlementManagementConnectedOrganizationExternalSponsorByRef ` @@ -331,10 +331,10 @@ function Set-TargetResource foreach ($sponsor in $InternalSponsors) { - $directoryObject=Get-MgDirectoryObject -DirectoryObjectId $sponsor - $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1 - $directoryObjectRef=@{ - "@odata.id" = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" + $directoryObject = Get-MgDirectoryObject -DirectoryObjectId $sponsor + $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 + $directoryObjectRef = @{ + '@odata.id' = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" } New-MgEntitlementManagementConnectedOrganizationInternalSponsorByRef ` @@ -355,12 +355,12 @@ function Set-TargetResource $UpdateParameters.Remove('InternalSponsors') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } @@ -368,16 +368,16 @@ function Set-TargetResource -ConnectedOrganizationId $currentInstance.Id #region External Sponsors - $sponsorsDifferences=compare-object -ReferenceObject @($ExternalSponsors|select-object) -DifferenceObject @($currentInstance.ExternalSponsors|select-object) - $sponsorsToAdd=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '<='}).InputObject - $sponsorsToRemove=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '=>'}).InputObject + $sponsorsDifferences = Compare-Object -ReferenceObject @($ExternalSponsors | Select-Object) -DifferenceObject @($currentInstance.ExternalSponsors | Select-Object) + $sponsorsToAdd = ($sponsorsDifferences | Where-Object -FilterScript { $_.SideIndicator -eq '<=' }).InputObject + $sponsorsToRemove = ($sponsorsDifferences | Where-Object -FilterScript { $_.SideIndicator -eq '=>' }).InputObject foreach ($sponsor in $sponsorsToAdd) { - $directoryObject=Get-MgDirectoryObject -DirectoryObjectId $sponsor - $directoryObjectType=$directoryObject.AdditionalProperties."@odata.type" - $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1 - $directoryObjectRef=@{ - "@odata.id" = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" + $directoryObject = Get-MgDirectoryObject -DirectoryObjectId $sponsor + $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' + $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 + $directoryObjectRef = @{ + '@odata.id' = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" } New-MgEntitlementManagementConnectedOrganizationExternalSponsorByRef ` @@ -393,16 +393,16 @@ function Set-TargetResource #endregion #region Internal Sponsors - $sponsorsDifferences=compare-object -ReferenceObject @($InternalSponsors|select-object) -DifferenceObject @($currentInstance.InternalSponsors|select-object) - $sponsorsToAdd=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '<='}).InputObject - $sponsorsToRemove=($sponsorsDifferences | where-object -filterScript {$_.SideIndicator -eq '=>'}).InputObject + $sponsorsDifferences = Compare-Object -ReferenceObject @($InternalSponsors | Select-Object) -DifferenceObject @($currentInstance.InternalSponsors | Select-Object) + $sponsorsToAdd = ($sponsorsDifferences | Where-Object -FilterScript { $_.SideIndicator -eq '<=' }).InputObject + $sponsorsToRemove = ($sponsorsDifferences | Where-Object -FilterScript { $_.SideIndicator -eq '=>' }).InputObject foreach ($sponsor in $sponsorsToAdd) { - $directoryObject=Get-MgDirectoryObject -DirectoryObjectId $sponsor - $directoryObjectType=$directoryObject.AdditionalProperties."@odata.type" - $directoryObjectType=($directoryObject.AdditionalProperties."@odata.type").split(".")|select-object -last 1 - $directoryObjectRef=@{ - "@odata.id" = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" + $directoryObject = Get-MgDirectoryObject -DirectoryObjectId $sponsor + $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' + $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 + $directoryObjectRef = @{ + '@odata.id' = "https://graph.microsoft.com/beta/$($directoryObjectType)s/$($sponsor)" } New-MgEntitlementManagementConnectedOrganizationInternalSponsorByRef ` @@ -441,7 +441,7 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -450,7 +450,7 @@ function Test-TargetResource $IdentitySources, [Parameter()] - [ValidateSet('configured','proposed','unknownFutureValue')] + [ValidateSet('configured', 'proposed', 'unknownFutureValue')] [System.String] $State, @@ -509,34 +509,34 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false } - $testResult=$true + $testResult = $true #Compare Cim instances - foreach($key in $PSBoundParameters.Keys) + foreach ($key in $PSBoundParameters.Keys) { - $source=$PSBoundParameters.$key - $target=$CurrentValues.$key - if($source.getType().Name -like "*CimInstance*") + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') { - $source=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - $testResult=Compare-M365DSCComplexObject ` + $testResult = Compare-M365DSCComplexObject ` -Source ($source) ` -Target ($target) - if(-Not $testResult) + if (-Not $testResult) { - $testResult=$false - break; + $testResult = $false + break } - $ValuesToCheck.Remove($key)|Out-Null + $ValuesToCheck.Remove($key) | Out-Null } } @@ -632,10 +632,10 @@ function Export-TargetResource } foreach ($config in $getValue) { - $displayedKey=$config.id - if(-not [String]::IsNullOrEmpty($config.displayName)) + $displayedKey = $config.id + if (-not [String]::IsNullOrEmpty($config.displayName)) { - $displayedKey=$config.displayName + $displayedKey = $config.displayName } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ @@ -667,14 +667,14 @@ function Export-TargetResource } $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential if ($Results.IdentitySources) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "IdentitySources" -IsCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'IdentitySources' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -700,20 +700,20 @@ function Export-TargetResource function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" - "ExternalTenantId"="tenantId" + $keyToRename = @{ + 'odataType' = '@odata.type' + 'ExternalTenantId' = 'tenantId' } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -723,34 +723,34 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values - return ,$result + return , $result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like '*Hashtable') { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -762,51 +762,51 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -823,27 +823,27 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' ) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -876,15 +876,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -892,26 +892,26 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -920,23 +920,23 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -950,37 +950,37 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -989,9 +989,9 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $currentProperty += Get-M365DSCDRGComplexTypeToString ` -ComplexObject $item ` @@ -1005,21 +1005,21 @@ function Get-M365DSCDRGComplexTypeToString else { $currentProperty += Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1028,11 +1028,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1043,24 +1043,24 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } @@ -1081,49 +1081,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } foreach ($item in $Value) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1133,7 +1133,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1145,7 +1145,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1163,47 +1163,47 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -1213,36 +1213,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1250,16 +1250,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -1269,18 +1269,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1304,47 +1304,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof index d89234e33b..58f8fe2a5c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof @@ -15,7 +15,7 @@ class MSFT_AADEntitlementManagementConnectedOrganization : OMI_BaseResource { [Key, Description("The Id of the Connected organization object.")] String Id; [Write, Description("The description of the connected organization.")] String Description; - [Write, Description("The display name of the connected organization.")] String DisplayName; + [Required, Description("The display name of the connected organization.")] String DisplayName; [Write, Description("The identity sources in this connected organization."), EmbeddedInstance("MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource")] String IdentitySources[]; [Write, Description("The state of a connected organization defines whether assignment policies with requestor scope type AllConfiguredConnectedOrganizationSubjects are applicable or not."), ValueMap{"configured","proposed","unknownFutureValue"}, Values{"configured","proposed","unknownFutureValue"}] String State; [Write, Description("Collection of objectID of extenal sponsors. the sponsor can be a user or a group.")] String ExternalSponsors[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 index ca69e6c585..140bbce145 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 @@ -8,7 +8,7 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Displayname, @@ -379,7 +379,7 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Displayname, @@ -1081,7 +1081,7 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Displayname, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof index f85181c596..252c918f3d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof @@ -2,7 +2,7 @@ class MSFT_AADRoleSetting : OMI_BaseResource { [Key, Description("Specifies the RoleId.")] String Id; - [Write, Description("RuleDefinition Displayname")] String Displayname; + [Required, Description("RuleDefinition Displayname")] String Displayname; [Write, Description("Activation maximum duration (hours).")] String ActivationMaxDuration; [Write, Description("Require justification on activation (True/False)")] Boolean ActivationReqJustification; [Write, Description("Require ticket information on activation (True/False)")] Boolean ActivationReqTicket; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 index 0695f443ef..ce056587a0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 @@ -8,7 +8,7 @@ function Get-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -249,7 +249,7 @@ function Set-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -496,7 +496,7 @@ function Test-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.schema.mof index 8d006b6b63feb295968d4703feb4989140e3e3af..6c282667ce2a61b70578afab09ad82c2d0845d0f 100644 GIT binary patch delta 33 ncmdndz__o0af1sFe-J||Lm@*cLncEJkd-p=p#0_>o-@V(t|kg( delta 18 Zcmdnjz__DPx# delta 18 acmccdkMYt!#tjZUllMqyY|i6(RRjQ9D+s*+ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 index 3e509e64d6..2e47bdd4cc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 @@ -8,7 +8,7 @@ function Get-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -271,7 +271,7 @@ function Set-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -502,7 +502,7 @@ function Test-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.schema.mof index 9fc90e793b3d8b1747137442c828c0a4ce5a5533..56c7efda12b67d82ca9fee144081a19822ad1289 100644 GIT binary patch delta 31 mcmaD>`=)lo5gz^^hE#?^hEj%1h9V#b}u5uV9^_%t?u;`wC=08$|c?f?J) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 index 7c3693ba15..ad04565067 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 @@ -8,7 +8,7 @@ function Get-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -195,7 +195,7 @@ function Set-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -362,7 +362,7 @@ function Test-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.schema.mof index 503ab02b50fd7f8e3e06163d5f7d3f15036987e0..ce99615926aa11d06ec90749ad4097d04ff43782 100644 GIT binary patch delta 250 zcmca$a>#VTHf99|g~_%&x*H!%V}Y?ZFJOJf2;)rNzK&U7ea6fB;**`Audvw I+%I_$0FvxJ&j0`b delta 139 zcmX?PdckDEw#idCj5faOV*$|<-wA9!!g`Jo#GZVL{RoiWwK;?{fobwC?o~jJ*5p|{ zlfZNgZ`0-{yc|p*&Sn{bBOonWn+1do&W#< diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 index bc636051b6..440e48f88a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 @@ -8,7 +8,7 @@ function Get-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -282,7 +282,7 @@ function Set-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -535,7 +535,7 @@ function Test-TargetResource [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.schema.mof index f96ea724a5ac9928e964b45c0ffc0d428865540d..fd2e9967c3fa9548020e13985b7cb935d5046980 100644 GIT binary patch delta 586 zcmdl~Gofz6Hf99|g~=0nbvHhk#sXt+UcmZ{5yqLkf&C1OJ@Em@o6gunxs zv6BtNMJ6v$658w`I0K;oCTJksfhssbl5aDMC==KrAfIeD5Lbe8KxS>8AQ^)qFd3x9 zLdFY4aPtAVK2(E2PMD`~1VwQ30;L8NZD6xpy= zP5H@txE}!}v?gES`2eQB@V*1ln}zr#KsvQ1M+rOt(t49Gs4H!rAUFdg2;tNTcR)A~ zB;__oh%zyOWgbWhY@R312j*;kAejSUG{|Hiq;=%`5T*zy9)WRGHtQ%u)K3N(`AT&Y zSZ47Bb%MH+E(1~d$zm5+)g8+{VETj=I8-*juoeQFyIIdxijk3XawDtu Date: Fri, 17 Mar 2023 20:47:24 +0100 Subject: [PATCH 039/187] Updated export code --- ...titlementManagementAccessPackageAssignmentPolicy.psm1 | 1 + ...FT_AADEntitlementManagementConnectedOrganization.psm1 | 1 + .../MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 | 1 + .../MSFT_IntuneASRRulesPolicyWindows10.psm1 | 7 ++++--- ...SFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 | 9 +++++---- ...urfaceReductionRulesPolicyWindows10ConfigManager.psm1 | 1 + ...neExploitProtectionPolicyWindows10SettingCatalog.psm1 | 9 +++++---- ...MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 | 9 +++++---- ...indowUpdateForBusinessRingUpdateProfileWindows10.psm1 | 1 + ...wsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 | 1 + 10 files changed, 25 insertions(+), 15 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 index 1cb0179505..b795a5d69f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 @@ -701,6 +701,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ id = $config.id + DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 index 6abfe87c47..ebfcf07762 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 @@ -640,6 +640,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ id = $config.id + DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 index 140bbce145..6121f90ed4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 @@ -1376,6 +1376,7 @@ function Export-TargetResource Write-Host " |---[$i/$($roles.Count)] $($role.DisplayName)" -NoNewline $Params = @{ Id = $role.Id + DisplayName = $role.DisplayName ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 index ce056587a0..3eb855efa4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 @@ -684,7 +684,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -697,7 +697,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -706,7 +706,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } @@ -804,6 +804,7 @@ function Export-TargetResource $params = @{ Identity = $policy.Id + DisplayName = $policy.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 index 6be393b359..9c7978b149 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 @@ -1277,7 +1277,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -1290,7 +1290,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -1299,7 +1299,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } @@ -1407,6 +1407,7 @@ function Export-TargetResource $params = @{ Identity = $policy.id + DisplayName = $policy.Name TemplateId = $policy.templateReference.templateId Ensure = 'Present' Credential = $Credential @@ -1471,7 +1472,7 @@ function Export-TargetResource Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 index 2e47bdd4cc..98bb2d1feb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 @@ -808,6 +808,7 @@ function Export-TargetResource $params = @{ Identity = $policy.id + DisplayName = $policy.Name Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 index ad04565067..181face5ba 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 @@ -90,7 +90,7 @@ function Get-TargetResource if ($null -eq $policy) { Write-Verbose -Message "No Endpoint Protection Attack Surface Protection rules Policy {$Identity} was found" - $policy = Get-MgDeviceManagementConfigurationPolicy | Where-Object -FilterScript { $_.Name -eq "$DisplayName" -and $_.templateReference.TemplateId -eq "$templateReferenceId" } -ErrorAction silentlyContinue + $policy = Get-MgDeviceManagementConfigurationPolicy | Where-Object -FilterScript { $_.Name -eq "$DisplayName" -and $_.templateReference.TemplateId -eq "$templateReferenceId" } -ErrorAction silentlyContinue } if ($null -eq $policy) @@ -460,7 +460,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -473,7 +473,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -482,7 +482,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } @@ -578,6 +578,7 @@ function Export-TargetResource $params = @{ Identity = $policy.id + DisplayName = $policy.Name Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 index 440e48f88a..5b5b273b3d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 @@ -183,7 +183,7 @@ function Get-TargetResource if ($null -eq $policy) { Write-Verbose -Message "No Endpoint Protection Attack Surface Protection rules Policy {$Identity} was found" - $policy = Get-MgDeviceManagementConfigurationPolicy | Where-Object -FilterScript { $_.Name -eq "$DisplayName" -and $_.templateReference.TemplateId -eq "$templateReferenceId" } -ErrorAction silentlyContinue + $policy = Get-MgDeviceManagementConfigurationPolicy | Where-Object -FilterScript { $_.Name -eq "$DisplayName" -and $_.templateReference.TemplateId -eq "$templateReferenceId" } -ErrorAction silentlyContinue } if ($null -eq $policy) @@ -733,7 +733,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -746,7 +746,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -755,7 +755,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } } @@ -853,6 +853,7 @@ function Export-TargetResource $params = @{ Identity = $policy.id + DisplayName = $policy.Name Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 index e3334fc603..a7a14891e0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 @@ -1085,6 +1085,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id + DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 index 19fb14f335..d179490b2f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 @@ -538,6 +538,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id + DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId From 84b1dc9ac49bc61577ee2066efda225aa8acc45a Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Sun, 19 Mar 2023 21:40:54 +0100 Subject: [PATCH 040/187] Updated changelog and added removal of ID parameter check in Test method --- CHANGELOG.md | 21 +++++++- .../MSFT_AADAdministrativeUnit.psm1 | 42 +++++++-------- .../MSFT_AADAdministrativeUnit.schema.mof | 4 +- .../MSFT_AADConditionalAccessPolicy.psm1 | 18 +++---- ...MSFT_AADConditionalAccessPolicy.schema.mof | 4 +- ...AADEntitlementManagementAccessPackage.psm1 | 24 ++++----- ...nagementAccessPackageAssignmentPolicy.psm1 | 24 ++++----- ...ntAccessPackageAssignmentPolicy.schema.mof | 2 +- ...tlementManagementAccessPackageCatalog.psm1 | 31 ++++++----- ...tManagementAccessPackageCatalog.schema.mof | 4 +- ...anagementAccessPackageCatalogResource.psm1 | 29 +++++------ ...entAccessPackageCatalogResource.schema.mof | 2 +- ...lementManagementConnectedOrganization.psm1 | 30 +++++------ ...ManagementConnectedOrganization.schema.mof | 2 +- .../MSFT_AADRoleSetting.psm1 | 2 - .../MSFT_IntuneASRRulesPolicyWindows10.psm1 | 12 ++--- ...T_IntuneASRRulesPolicyWindows10.schema.mof | Bin 16446 -> 16656 bytes ...usPolicyWindows10SettingCatalog.schema.mof | Bin 32600 -> 33050 bytes .../MSFT_IntuneAppProtectionPolicyiOS.psm1 | 4 +- ...tionRulesPolicyWindows10ConfigManager.psm1 | 25 ++++----- ...lesPolicyWindows10ConfigManager.schema.mof | Bin 16108 -> 16324 bytes ...ationPolicyAndroidDeviceAdministrator.psm1 | 25 ++++----- ...olicyAndroidDeviceAdministrator.schema.mof | 2 +- ...ConfigurationPolicyAndroidDeviceOwner.psm1 | 24 ++++----- ...urationPolicyAndroidDeviceOwner.schema.mof | 2 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 26 +++++----- ...nPolicyAndroidOpenSourceProject.schema.mof | 2 +- ..._IntuneDeviceConfigurationPolicyMacOS.psm1 | 25 ++++----- ...eDeviceConfigurationPolicyMacOS.schema.mof | 2 +- ...FT_IntuneDeviceConfigurationPolicyiOS.psm1 | 26 +++++----- ...uneDeviceConfigurationPolicyiOS.schema.mof | 2 +- ...otectionPolicyWindows10SettingCatalog.psm1 | 13 ++--- ...ationPolicyAndroidDeviceAdministrator.psm1 | 29 ++++++----- ...olicyAndroidDeviceAdministrator.schema.mof | 2 +- ...ionPolicyAndroidEntrepriseDeviceOwner.psm1 | 25 ++++----- ...icyAndroidEntrepriseDeviceOwner.schema.mof | 2 +- ...ionPolicyAndroidEntrepriseWorkProfile.psm1 | 25 ++++----- ...icyAndroidEntrepriseWorkProfile.schema.mof | 2 +- ...WifiConfigurationPolicyAndroidForWork.psm1 | 25 ++++----- ...nfigurationPolicyAndroidForWork.schema.mof | 2 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 25 ++++----- ...nPolicyAndroidOpenSourceProject.schema.mof | 2 +- ...MSFT_IntuneWifiConfigurationPolicyIOS.psm1 | 25 ++++----- ...ntuneWifiConfigurationPolicyIOS.schema.mof | 2 +- ...FT_IntuneWifiConfigurationPolicyMacOS.psm1 | 25 ++++----- ...uneWifiConfigurationPolicyMacOS.schema.mof | 2 +- ...ntuneWifiConfigurationPolicyWindows10.psm1 | 25 ++++----- ...ifiConfigurationPolicyWindows10.schema.mof | 2 +- ...ForBusinessRingUpdateProfileWindows10.psm1 | 49 +++++++++--------- ...nProtectionPolicyWindows10MdmEnrolled.psm1 | 1 + ...BusinessFeatureUpdateProfileWindows10.psm1 | 37 ++++++------- 51 files changed, 380 insertions(+), 356 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3dd4987936..c4c248f1e7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,14 +1,33 @@ # Change log for Microsoft365DSC - # UNRELEASED +* AADAdministrativeUnit, AADConditionalAccessPolicy, AADEntitlementManagementAccessPackage, + AADEntitlementManagementAccessPackageAssignmentPolicy, AADEntitlementManagementAccessPackageCatalog, + AADEntitlementManagementAccessPackageCatalogResource, AADEntitlementManagementAccessPackageCatalogResource, + AADEntitlementManagementConnectedOrganization, AADRoleSetting, + IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator, IntuneDeviceConfigurationPolicyAndroidDeviceOwner, + IntuneDeviceConfigurationPolicyAndroidOpenSourceProject, IntuneDeviceConfigurationPolicyMacOS, + IntuneDeviceConfigurationPolicyiOS, IntuneExploitProtectionPolicyWindows10SettingCatalog, + IntuneWifiConfigurationPolicyAndroidDeviceAdministrator, IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner, + IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile, IntuneWifiConfigurationPolicyAndroidForWork, + IntuneWifiConfigurationPolicyAndroidOpenSourceProject, IntuneWifiConfigurationPolicyIOS, + IntuneWifiConfigurationPolicyMacOS, IntuneWifiConfigurationPolicyWindows10, + IntuneWindowUpdateForBusinessRingUpdateProfileWindows10, IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10, + IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled, IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required * EXOIRMConfiguration * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) +* EXOPerimeterConfiguration + * [BREAKING CHANGE] Setting Id as Key parameter * EXOResourceConfiguration * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) +* IntuneAntivirusPolicyWindows10SettingCatalog, IntuneASRRulesPolicyWindows10, + IntuneAppProtectionPolicyiOS, IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager, + IntuneSettingCatalogASRRulesPolicyWindows10, + * [BREAKING CHANGE] Setting Identity as Key parameter and DisplayName as Required * IntuneWindowsAutopilotDeploymentProfileAzureADJoined * Initial release FIXES [#2605](https://github.com/microsoft/Microsoft365DSC/issues/2605) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 3e4e9b54ba..0ec886d97a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -5,22 +5,22 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Description, + $Id, [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] - [validateset('Public', 'HiddenMembership')] [System.String] - $Visibility, + $Description, [Parameter()] + [validateset('Public', 'HiddenMembership')] [System.String] - $Id, + $Visibility, [Parameter()] [validateset('Assigned', 'Dynamic')] @@ -43,10 +43,9 @@ function Get-TargetResource [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $ScopedRoleMembers, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', @@ -253,22 +252,22 @@ function Set-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Description, + $Id, [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] - [validateset('Public', 'HiddenMembership')] [System.String] - $Visibility, + $Description, [Parameter()] + [validateset('Public', 'HiddenMembership')] [System.String] - $Id, + $Visibility, [Parameter()] [validateset('Assigned', 'Dynamic')] @@ -291,9 +290,9 @@ function Set-TargetResource [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $ScopedRoleMembers, - #endregion - [Parameter(Mandatory = $true)] + + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', @@ -744,21 +743,22 @@ function Test-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Description, + $Id, [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] - [validateset('Public', 'HiddenMembership')] [System.String] - $Visibility, + $Description, [Parameter()] + [validateset('Public', 'HiddenMembership')] [System.String] - $Id, + $Visibility, [Parameter()] [validateset('Assigned', 'Dynamic')] @@ -781,10 +781,9 @@ function Test-TargetResource [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $ScopedRoleMembers, - #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', @@ -867,6 +866,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null # Visibility is currently not returned by Get-TargetResource $ValuesToCheck.Remove('Visibility') | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof index bdb24ef69d..a476c1d911 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof @@ -16,8 +16,8 @@ class MSFT_MicrosoftGraphScopedRoleMembership [ClassVersion("1.0.0.0"), FriendlyName("AADAdministrativeUnit")] class MSFT_AADAdministrativeUnit : OMI_BaseResource { - [Key, Description("DisplayName of the Administrative Unit")] String DisplayName; - [Write, Description("Object-Id of the Administrative Unit")] String Id; + [Key, Description("Object-Id of the Administrative Unit")] String Id; + [Required, Description("DisplayName of the Administrative Unit")] String DisplayName; [Write, Description("Description of the Administrative Unit")] String Description; [Write, Description("Visibility of the Administrative Unit. Specify HiddenMembership if members of the AU are hidden")] String Visibility; [Write, Description("Specify membership type. Possible values are Assigned and Dynamic. Note that the functionality is currently in preview.")] String MembershipType; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index ba92ae59d5..455c081988 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -6,11 +6,11 @@ function Get-TargetResource ( [Parameter(Mandatory = $true)] [System.String] - $DisplayName, + $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Id, + $DisplayName, [Parameter()] [System.String] @@ -653,11 +653,11 @@ function Set-TargetResource ( [Parameter(Mandatory = $true)] [System.String] - $DisplayName, + $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Id, + $DisplayName, [Parameter()] [System.String] @@ -1521,11 +1521,11 @@ function Test-TargetResource ( [Parameter(Mandatory = $true)] [System.String] - $DisplayName, + $Id, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Id, + $DisplayName, [Parameter()] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof index e2877f13e3..f07de8dcca 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof @@ -1,8 +1,8 @@ [ClassVersion("1.0.0.0"), FriendlyName("AADConditionalAccessPolicy")] class MSFT_AADConditionalAccessPolicy : OMI_BaseResource { - [Key, Description("DisplayName of the AAD CA Policy")] String DisplayName; - [Write, Description("Specifies the GUID for the Policy.")] String Id; + [Key, Description("Specifies the GUID for the Policy.")] String Id; + [Required, Description("DisplayName of the AAD CA Policy")] String DisplayName; [Write, Description("Specifies the State of the Policy."), ValueMap{"disabled","enabled","enabledForReportingButNotEnforced"}, Values{"disabled","enabled","enabledForReportingButNotEnforced"}] String State; [Write, Description("Cloud Apps in scope of the Policy.")] String IncludeApplications[]; [Write, Description("Cloud Apps out of scope of the Policy.")] String ExcludeApplications[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 index fba64fda86..3342a32696 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 @@ -9,6 +9,10 @@ function Get-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogId, @@ -17,10 +21,6 @@ function Get-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsHidden, @@ -208,6 +208,10 @@ function Set-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogId, @@ -216,10 +220,6 @@ function Set-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsHidden, @@ -676,6 +676,10 @@ function Test-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogId, @@ -684,10 +688,6 @@ function Test-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsHidden, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 index b795a5d69f..fcae2a395e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1 @@ -8,6 +8,10 @@ function Get-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $AccessPackageId, @@ -24,10 +28,6 @@ function Get-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Int32] $DurationInDays, @@ -315,6 +315,10 @@ function Set-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $AccessPackageId, @@ -331,10 +335,6 @@ function Set-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Int32] $DurationInDays, @@ -484,6 +484,10 @@ function Test-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $AccessPackageId, @@ -500,10 +504,6 @@ function Test-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Int32] $DurationInDays, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof index e4aecf5d08..121fb2dde6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof @@ -120,11 +120,11 @@ class MSFT_MicrosoftGraphcustomextensionendpointconfiguration class MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy : OMI_BaseResource { [Key, Description("Id of the access package assignment policy.")] String Id; + [Required, Description("The display name of the policy.")] String DisplayName; [Write, Description("Identifier of the access package.")] String AccessPackageId; [Write, Description("Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews are not required."), EmbeddedInstance("MSFT_MicrosoftGraphassignmentreviewsettings")] String AccessReviewSettings; [Write, Description("Indicates whether a user can extend the access package assignment duration after approval.")] Boolean CanExtend; [Write, Description("The description of the policy.")] String Description; - [Required, Description("The display name of the policy.")] String DisplayName; [Write, Description("The number of days in which assignments from this policy last until they are expired.")] UInt32 DurationInDays; [Write, Description("The expiration date for assignments created in this policy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z")] String ExpirationDateTime; [Write, Description("Questions that are posed to the requestor."), EmbeddedInstance("MSFT_MicrosoftGraphaccesspackagequestion")] String Questions[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 index 765ef5c2a8..f598123654 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1 @@ -8,6 +8,10 @@ function Get-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogStatus, @@ -21,10 +25,6 @@ function Get-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsExternallyVisible, @@ -150,11 +150,14 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter(Mandatory = $true)] [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogStatus, @@ -168,10 +171,6 @@ function Set-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsExternallyVisible, @@ -289,11 +288,14 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter(Mandatory = $true)] [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogStatus, @@ -307,10 +309,6 @@ function Test-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsExternallyVisible, @@ -373,9 +371,10 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" if ($testResult) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof index 23f6dd298c..965bb2071c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof @@ -1,13 +1,11 @@ - - [ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackageCatalog")] class MSFT_AADEntitlementManagementAccessPackageCatalog : OMI_BaseResource { [Key, Description("The id of the access package catalog.")] String Id; + [Required, Description("The display name of the access package catalog.")] String DisplayName; [Write, Description("Has the value Published if the access packages are available for management.")] String CatalogStatus; [Write, Description("One of UserManaged or ServiceDefault."), ValueMap{"UserManaged","ServiceDefault"}, Values{"UserManaged","ServiceDefault"}] String CatalogType; [Write, Description("The description of the access package catalog.")] String Description; - [Required, Description("The display name of the access package catalog.")] String DisplayName; [Write, Description("Whether the access packages in this catalog can be requested by users outside of the tenant.")] Boolean IsExternallyVisible; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 index f56aff76b8..b3027f35d2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.psm1 @@ -9,6 +9,10 @@ function Get-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogId, @@ -29,10 +33,6 @@ function Get-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsPendingOnboarding, @@ -152,6 +152,7 @@ function Get-TargetResource } $hashAttributes += $hashAttribute } + $results = [ordered]@{ Id = $Id CatalogId = $CatalogId @@ -174,7 +175,6 @@ function Get-TargetResource ManagedIdentity = $ManagedIdentity.IsPresent } - return [System.Collections.Hashtable] $results } catch @@ -199,6 +199,10 @@ function Set-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogId, @@ -219,10 +223,6 @@ function Set-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsPendingOnboarding, @@ -349,9 +349,7 @@ function Set-TargetResource } #region resource generator code New-MgEntitlementManagementAccessPackageResourceRequest @resourceRequest - #endregion - } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -445,6 +443,10 @@ function Test-TargetResource [System.String] $Id, + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.String] $CatalogId, @@ -465,10 +467,6 @@ function Test-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.Boolean] $IsPendingOnboarding, @@ -574,6 +572,7 @@ function Test-TargetResource $ValuesToCheck.Remove('AddedBy') | Out-Null $ValuesToCheck.Remove('AddedOn') | Out-Null $ValuesToCheck.Remove('IsPendingOnboarding') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof index ef0fec69e8..9fe9523d1c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalogResource/MSFT_AADEntitlementManagementAccessPackageCatalogResource.schema.mof @@ -61,12 +61,12 @@ class MSFT_MicrosoftGraphaccessPackageAnswerChoice class MSFT_AADEntitlementManagementAccessPackageCatalogResource : OMI_BaseResource { [Key, Description("Id of the access package catalog resource.")] String Id; + [Required, Description("The display name of the resource, such as the application name, group name or site name.")] String DisplayName; [Write, Description("The unique ID of the access package catalog.")] String CatalogId; [Write, Description("The name of the user or application that first added this resource. Read-only.")] String AddedBy; [Write, Description("The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.")] String AddedOn; [Write, Description("Contains information about the attributes to be collected from the requestor and sent to the resource application."), EmbeddedInstance("MSFT_MicrosoftGraphaccesspackageresourceattribute")] String Attributes[]; [Write, Description("A description for the resource.")] String Description; - [Required, Description("The display name of the resource, such as the application name, group name or site name.")] String DisplayName; [Write, Description("True if the resource is not yet available for assignment. Read-only.")] Boolean IsPendingOnboarding; [Write, Description("The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group.")] String OriginId; [Write, Description("The type of the resource in the origin system.")] String OriginSystem; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 index ebfcf07762..bfb4c14b64 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 @@ -8,14 +8,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $IdentitySources, @@ -172,7 +172,6 @@ function Get-TargetResource $getIdentitySources = $sources } - $results = @{ Id = $getValue.id Description = $getValue.description @@ -213,14 +212,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $IdentitySources, @@ -416,14 +415,11 @@ function Set-TargetResource -DirectoryObjectId $sponsor } #endregion - } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing a new Entitlement Management Connected Organization {$($currentInstance.Id)}" Remove-MgEntitlementManagementConnectedOrganization -ConnectedOrganizationId $currentInstance.Id - - } } @@ -437,14 +433,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $IdentitySources, @@ -537,7 +533,6 @@ function Test-TargetResource } $ValuesToCheck.Remove($key) | Out-Null - } } @@ -545,6 +540,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof index 58f8fe2a5c..896f8e2c64 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.schema.mof @@ -14,8 +14,8 @@ class MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource class MSFT_AADEntitlementManagementConnectedOrganization : OMI_BaseResource { [Key, Description("The Id of the Connected organization object.")] String Id; - [Write, Description("The description of the connected organization.")] String Description; [Required, Description("The display name of the connected organization.")] String DisplayName; + [Write, Description("The description of the connected organization.")] String Description; [Write, Description("The identity sources in this connected organization."), EmbeddedInstance("MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource")] String IdentitySources[]; [Write, Description("The state of a connected organization defines whether assignment policies with requestor scope type AllConfiguredConnectedOrganizationSubjects are applicable or not."), ValueMap{"configured","proposed","unknownFutureValue"}, Values{"configured","proposed","unknownFutureValue"}] String State; [Write, Description("Collection of objectID of extenal sponsors. the sponsor can be a user or a group.")] String ExternalSponsors[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 index 6121f90ed4..f49577f6f1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 @@ -1059,8 +1059,6 @@ function Set-TargetResource -UnifiedRoleManagementPolicyRuleId $role.id ` -BodyParameter $params ` -ErrorAction Stop - - } catch { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 index 3eb855efa4..2a49ccb586 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 @@ -4,7 +4,7 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter(Mandatory = $True)] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -112,7 +112,7 @@ function Get-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', @@ -245,7 +245,7 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter(Mandatory = $True)] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -353,7 +353,7 @@ function Set-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', @@ -492,7 +492,7 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter(Mandatory = $True)] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -600,7 +600,7 @@ function Test-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.schema.mof index 6c282667ce2a61b70578afab09ad82c2d0845d0f..e8085c4b848c9b3e847b34ce0fbdc325775d3767 100644 GIT binary patch delta 433 zcmdnjz&N3aal$rc1qOx58-)!wKAFST>-Tuc(aWjJRE{I=NTM;X>;71V{8TG0Im6CdJox*LvVjTv(SS` u2wFXd2~JMnW|^#Jy#vnYu=xOEZ&tDug80?Y&YO`H7&YL?(Ve`)ei{HTPJTiF delta 317 zcmbQx#JI14al*FAQ#gz^zUyNF(G%YZY(BzzjuFJ3e2V=DklwX9gp-A7a~wAZUZBCZ*+O6gh~u=`KwD>93iz~(KJp9W@3&QZDtH+PP*14voWW)n3Hi24N@8$gVJ&C9f( zK^>&K3oLL(?-AqXEd~P2K%U)Z4ihV|2C!{Y%ox16iYpb;3unHV4vNw i-UFsj*n9vhcws99QlPh4&t8g=k#lk*tM=q7hiL$pG<=N! diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof index 479f950c0bf9414e041b9092afbe224f97827793..00904b2f5de4edbfabb5e90f2cae8c8466a0bffb 100644 GIT binary patch delta 1049 zcmY*XUuaTs6jocdnfAwMZA?p7$T0t017|TCtC-YgQY^<>R=3)UESohM&Mc&dD2T95 z48Xbp5?E3aF@m6n2zPI}+M&Vtwu22M^6lY9BH9sU1Zs?L>)`M983x!c1LlS)9IAHGjeS8}*%f0J zj9Z>C0C9^A&vz9m;YQxNmjQUU`;T}E%-eK~eC((YuIxB1ab-sk)7$_RI8nW4Q6*n9 z0v30b)U%#RyxnafDxCGSNQ%78jvw}o)`L<#@(G1hNOPUY?YBzZSGG) z0F*+TFf-cvKhXw>vwr9e#hASm3bFeM4pA^KHqp#aNKRo*sGa*x9Z(rIpyR?4i$(po zT8kR?=7`GDwQ(3Ny>b@F60k zIu{@IAX3sp52H9^$dDK^Bt)X8xI~CZ4-zr<6d@sf=etxsopXM_-#O>^9lmTvGB??? z0vLAByUL`E;`2%)mbZOml*7{YGLJ=!)}E6fTlWEy^{X6^A+<9HMnHQt?qE34@RNbF zC5LL$AhpT3uq$XGbGzeKva~nE(Am-`38A?!N$_j@aUf!KBoEG5!udnIW1=B}>Gm|I z!WzapbfJNgTS0dx@1zwa_b&#~+SAa}xd(R~brI@;gt8&xi({sUFV$~k6IYJgxgelp z;-s6D3Kl&Di6|I%G{fqtbs=l(3Xx2Mwk{Wb@lBCb#+mMGR~7=;Z+)2?9 z9$(j~Mt?jaZ6V&!R;b+AgnVBH^qZeKr+_Qgic^C{YhHS&#`3?CtdJ!gdv3|X8|H?I zvP`0UXHB5w7&CVl{}=D?m3hJMogcX`p*N*bC1YWf?#BO-G*%R`RA+z_TM!bL1Rj7T78<%vj#K8_%p^1eA_)_CCENj1?Z0`S zC==Kgpc@@G{}bnfar`$&Ncq7zlSA~BHjBt=zyusOSIPIGni`>a1TL^SPPqoA)PJ*@ z+9tRR&_x29wKVP^3-E0Y(}Ebb`Jwi8h|EK6-OZ15)gXqz93Eld1D4&q(C{E!+2kJM zYp{Tr++%VJ%68nm#PkMS(dK35GH}l1Hx|3#Ixbl5fwQ++eSonyU$7Q}X)xR@U@OJQ P3XBSHRO(I+vzrD0Zy%B= delta 301 zcmX?7|E6}rw#idCj5faOV*$|<-wA9!!g`Jo#GZVL{RoiWwK;^dg=zCWZVtxHZ+H|y zQd*O3_}+o&%~AXAm7KhxkOO}#0%JbPdN`FJVEUM$h?5f%QWsm7`L?g5H{@6 z=>R)vbCI4JMCUsLACR=u<|d;W#>FfqjFVYRY$m&zp4cp6CdLGDwuKDDAImIvf&DYV hY7dyMvHk#7FvmuSaq|{i4@O4L$&IYqllAPU0RVtMbzlGh diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 index 8bd5000c45..98b4674903 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Identity, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AppsBlockClipboardSharing, @@ -424,14 +424,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AppsBlockClipboardSharing, @@ -824,14 +824,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AppsBlockClipboardSharing, @@ -1139,6 +1139,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof index 0959b4b07a..82b822512a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.schema.mof @@ -21,8 +21,8 @@ class MSFT_MicrosoftGraphapplistitem class MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Block clipboard sharing between apps (Samsung KNOX Standard 4.0+).")] Boolean AppsBlockClipboardSharing; [Write, Description("Block copy and paste functionality.")] Boolean AppsBlockCopyPaste; [Write, Description("Block YouTube (Samsung KNOX Standard 4.0+).")] Boolean AppsBlockYouTube; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 index 154f2d0b8f..a698022ef5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AccountsBlockModification, @@ -869,14 +869,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AccountsBlockModification, @@ -1606,14 +1606,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AccountsBlockModification, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof index cf73c6fcac..3bceab1f93 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.schema.mof @@ -84,8 +84,8 @@ class MSFT_MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod class MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner : OMI_BaseResource { [Key, Description("The Id of the policy.")] String Id; - [Write, Description("The description of the policy.")] String Description; [Required, Description("The display name of hte policy.")] String DisplayName; + [Write, Description("The description of the policy.")] String Description; [Write, Description("Block modification of accounts. Only supported on Dedicated devices.")] Boolean AccountsBlockModification; [Write, Description("When allowed, users can enable the 'unknown sources' setting to install apps from sources other than the Google Play Store.")] Boolean AppsAllowInstallFromUnknownSources; [Write, Description("Devices check for app updates daily. The default behavior is to let device users decide. They'll be able to set their preferences in the managed Google Play app."), ValueMap{"notConfigured","userChoice","never","wiFiOnly","always"}, Values{"notConfigured","userChoice","never","wiFiOnly","always"}] String AppsAutoUpdatePolicy; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 index 2ae8ed21ff..0c547707f6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AppsBlockInstallFromUnknownSources, @@ -222,14 +222,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AppsBlockInstallFromUnknownSources, @@ -473,14 +473,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AppsBlockInstallFromUnknownSources, @@ -639,6 +639,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" @@ -891,7 +892,6 @@ function Get-M365DSCDRGComplexTypeToString -isArray:$true ` -CIMInstanceName $CIMInstanceName ` -Whitespace ' ' - } if ([string]::IsNullOrEmpty($currentProperty)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof index a867422190..bf6ea6e768 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Prevent applications from unknown sources.")] Boolean AppsBlockInstallFromUnknownSources; [Write, Description("Prevent bluetooth configuration.")] Boolean BluetoothBlockConfiguration; [Write, Description("Prevents using Bluetooth on devices.")] Boolean BluetoothBlocked; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index b2207e4c51..62166aba7a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AddingGameCenterFriendsBlocked, @@ -455,14 +455,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AddingGameCenterFriendsBlocked, @@ -889,14 +889,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AddingGameCenterFriendsBlocked, @@ -1237,6 +1237,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof index 675c812cdd..dfb9bb6515 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof @@ -59,8 +59,8 @@ class MSFT_MicrosoftGraphmacosappleeventreceiver class MSFT_IntuneDeviceConfigurationPolicyMacOS : OMI_BaseResource { [Key, Description("")] String Id; - [Write, Description("")] String Description; [Required, Description("")] String DisplayName; + [Write, Description("")] String Description; [Write, Description("")] Boolean AddingGameCenterFriendsBlocked; [Write, Description("")] Boolean AirDropBlocked; [Write, Description("Blocks users from unlocking their Mac with Apple Watch.")] Boolean AppleWatchBlockAutoUnlock; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 index 83d2ba5fad..7d61a42be8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AccountBlockModification, @@ -1102,14 +1102,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AccountBlockModification, @@ -2037,14 +2037,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $AccountBlockModification, @@ -2885,6 +2885,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" @@ -2961,7 +2962,6 @@ function Export-TargetResource try { - #region resource generator code [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` -ErrorAction Stop -All:$true | Where-Object ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof index 78cce20f3f..1a6a9421e4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.schema.mof @@ -82,8 +82,8 @@ class MSFT_MicrosoftGraphiosnetworkusagerule class MSFT_IntuneDeviceConfigurationPolicyIOS : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Indicates whether or not to allow account modification when the device is in supervised mode.")] Boolean AccountBlockModification; [Write, Description("Activation Lock makes it harder for a lost or stolen device to be reactivated.")] Boolean ActivationLockAllowWhenSupervised; [Write, Description("Indicates whether or not to allow AirDrop when the device is in supervised mode.")] Boolean AirDropBlocked; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 index 181face5ba..d93346bee9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 @@ -4,7 +4,7 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter(Mandatory = $True)] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -28,7 +28,7 @@ function Get-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = $true, @@ -191,7 +191,7 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter(Mandatory = $True)] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -215,7 +215,7 @@ function Set-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = $true, @@ -358,7 +358,7 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter(Mandatory = $True)] + [Parameter(Mandatory = $true)] [System.String] $Identity, @@ -382,7 +382,7 @@ function Test-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = $true, @@ -435,6 +435,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Identity') | Out-Null if ($CurrentValues.Ensure -eq 'Absent') { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 index 7143dd488a..9fd22114ca 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -177,14 +177,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -393,14 +393,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -524,9 +524,10 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof index e380df3ac8..f805671d7c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator : OMI_BaseResource { [Key, Description("Id of the Intune Policy.")] String Id; - [Write, Description("Description of the Intune Policy.")] String Description; [Required, Description("Display name of the Intune Policy.")] String DisplayName; + [Write, Description("Description of the Intune Policy.")] String Description; [Write, Description("Connect automatically.")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 index 71e7a84345..043ebbf8d6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -212,14 +212,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -456,14 +456,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -615,6 +615,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof index 1e48dac488..5991811e4f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner : OMI_BaseResource { [Key, Description("Id of the Intune policy")] String Id; - [Write, Description("Description of the Intune policy")] String Description; [Required, Description("Disaply name of the Intune policy")] String DisplayName; + [Write, Description("Description of the Intune policy")] String Description; [Write, Description("If the network is in range, automatically connect.")] Boolean ConnectAutomatically; [Write, Description("Don't show this Wi-Fi network on an end-user's device in the list of available networks. The SSID will not be broadcasted.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 index 747392f233..b0cad95c9b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -176,14 +176,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -391,14 +391,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -521,6 +521,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof index b4d905deb6..0002c7f327 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Connect automatically.")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 index c9c830ec39..e8b71073d8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -176,14 +176,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -391,14 +391,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -521,6 +521,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof index 339532ca23..3180b02f68 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyAndroidForWork : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 index 2b64a5ec29..f4e4d7a442 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -186,14 +186,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -409,14 +409,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -547,6 +547,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof index f6db025c0e..7cde3d4be4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Connect automatically to the network.")] Boolean ConnectAutomatically; [Write, Description("Define if the network should be connected if hidden.")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Define the network name.")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 index 52f4776961..2f33cae9c8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -207,14 +207,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -447,14 +447,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -602,6 +602,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof index 8cd1c94f97..80b861f7ce 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyIOS : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Disable the MAC address randomization.")] Boolean DisableMacAddressRandomization; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 index 1bf5416850..a621c74d12 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -202,14 +202,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -438,14 +438,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -589,6 +589,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof index 05caa16920..befed6c8e4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyMacOS : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; [Write, Description("Network name")] String NetworkName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 index 8bfa808b8e..7b05cbfb49 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 @@ -9,14 +9,14 @@ function Get-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -218,14 +218,14 @@ function Set-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -467,14 +467,14 @@ function Test-TargetResource [System.String] $Id, - [Parameter()] - [System.String] - $Description, - [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Boolean] $ConnectAutomatically, @@ -631,6 +631,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof index 7501e91c5d..966ecac18c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.schema.mof @@ -12,8 +12,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments class MSFT_IntuneWifiConfigurationPolicyWindows10 : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; - [Write, Description("Description of the Intune policy.")] String Description; [Required, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; [Write, Description("Connect automatically")] Boolean ConnectAutomatically; [Write, Description("Connect to preferred network")] Boolean ConnectToPreferredNetwork; [Write, Description("Connect when network name is hidden")] Boolean ConnectWhenNetworkNameIsHidden; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 index a7a14891e0..f697b893fa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 @@ -5,6 +5,14 @@ function Get-TargetResource param ( #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.Boolean] $AllowWindows11Upgrade, @@ -154,14 +162,6 @@ function Get-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - [Parameter(Mandatory = $true)] - [System.String] - $Id, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -450,6 +450,14 @@ function Set-TargetResource param ( #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.Boolean] $AllowWindows11Upgrade, @@ -599,14 +607,6 @@ function Set-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - [Parameter(Mandatory = $true)] - [System.String] - $Id, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -747,6 +747,14 @@ function Test-TargetResource param ( #region resource generator code + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + [Parameter()] [System.Boolean] $AllowWindows11Upgrade, @@ -896,14 +904,6 @@ function Test-TargetResource [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - - [Parameter(Mandatory = $true)] - [System.String] - $Id, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -990,6 +990,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 index 3e58a03d1f..cdce75a210 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 @@ -819,6 +819,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 index d179490b2f..6ca810bc24 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 @@ -5,14 +5,18 @@ function Get-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Description, + $Id, [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.String] $FeatureUpdateVersion, @@ -21,10 +25,6 @@ function Get-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $RolloutSettings, - [Parameter(Mandatory = $true)] - [System.String] - $Id, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -176,14 +176,18 @@ function Set-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Description, + $Id, [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.String] $FeatureUpdateVersion, @@ -192,10 +196,6 @@ function Set-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $RolloutSettings, - [Parameter(Mandatory = $true)] - [System.String] - $Id, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -339,14 +339,18 @@ function Test-TargetResource param ( #region resource generator code - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Description, + $Id, [Parameter(Mandatory = $true)] [System.String] $DisplayName, + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.String] $FeatureUpdateVersion, @@ -355,10 +359,6 @@ function Test-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $RolloutSettings, - [Parameter(Mandatory = $true)] - [System.String] - $Id, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -445,6 +445,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck.Remove('Id') | Out-Null Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" From db6dc80da875ba51dff803c9027e9f7be85f2554 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Sun, 19 Mar 2023 21:53:19 +0100 Subject: [PATCH 041/187] Updated examples --- .../1-CreateNewAdministrativeUnit.ps1 | 1 + .../1-ConfigureAADConditionalAccessPolicy.ps1 | 75 ++++++++++--------- 2 files changed, 39 insertions(+), 37 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-CreateNewAdministrativeUnit.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-CreateNewAdministrativeUnit.ps1 index 3601ae86d0..0881426df3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-CreateNewAdministrativeUnit.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-CreateNewAdministrativeUnit.ps1 @@ -18,6 +18,7 @@ Configuration Example { AADAdministrativeUnit 'TestUnit' { + Id = '49a843c7-e80c-4bae-8819-825656a108f2' DisplayName = 'Test-Unit' MembershipRule = "(user.country -eq `"Canada`")" MembershipRuleProcessingState = 'On' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 index c6d0512b0e..b18eed404e 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 @@ -16,43 +16,44 @@ Configuration Example { AADConditionalAccessPolicy 'Allin-example' { - BuiltInControls = @("Mfa", "CompliantDevice", "DomainJoinedDevice", "ApprovedApplication", "CompliantApplication") - ClientAppTypes = @("ExchangeActiveSync", "Browser", "MobileAppsAndDesktopClients", "Other") - CloudAppSecurityIsEnabled = $True - CloudAppSecurityType = "MonitorOnly" - DisplayName = "Allin-example" - ExcludeApplications = @("803ee9ca-3f7f-4824-bd6e-0b99d720c35c", "00000012-0000-0000-c000-000000000000", "00000007-0000-0000-c000-000000000000", "Office365") - ExcludeDevices = @("Compliant", "DomainJoined") - ExcludeGroups = @() - ExcludeLocations = @("Blocked Countries") - ExcludePlatforms = @("Windows", "WindowsPhone", "MacOS") - ExcludeRoles = @("Company Administrator", "Application Administrator", "Application Developer", "Cloud Application Administrator", "Cloud Device Administrator") - ExcludeUsers = @("admin@contoso.com", "AAdmin@contoso.com", "CAAdmin@contoso.com", "AllanD@contoso.com", "AlexW@contoso.com", "GuestsOrExternalUsers") - ExcludeExternalTenantsMembers = @(); - ExcludeExternalTenantsMembershipKind = "all"; - ExcludeGuestOrExternalUserTypes = @("internalGuest","b2bCollaborationMember"); - GrantControlOperator = "OR" - IncludeApplications = @("All") - IncludeDevices = @("All") - IncludeGroups = @() - IncludeLocations = @("AllTrusted") - IncludePlatforms = @("Android", "IOS") - IncludeRoles = @("Compliance Administrator") - IncludeUserActions = @() - IncludeUsers = @("Alexw@contoso.com") - IncludeExternalTenantsMembers = @("11111111-1111-1111-1111-111111111111"); - IncludeExternalTenantsMembershipKind = "enumerated"; - IncludeGuestOrExternalUserTypes = @("b2bCollaborationGuest"); - PersistentBrowserIsEnabled = $false - PersistentBrowserMode = "" - SignInFrequencyIsEnabled = $True - SignInFrequencyType = "Hours" - SignInFrequencyValue = 5 - SignInRiskLevels = @("High", "Medium") - State = "disabled" - UserRiskLevels = @("High", "Medium") - Ensure = "Present" - Credential = $credsGlobalAdmin + Id = '4b0bb08f-85ab-4a12-a12c-06114b6ac6df' + DisplayName = 'Allin-example' + BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') + ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') + CloudAppSecurityIsEnabled = $true + CloudAppSecurityType = 'MonitorOnly' + ExcludeApplications = @('803ee9ca-3f7f-4824-bd6e-0b99d720c35c', '00000012-0000-0000-c000-000000000000', '00000007-0000-0000-c000-000000000000', 'Office365') + ExcludeDevices = @('Compliant', 'DomainJoined') + ExcludeGroups = @() + ExcludeLocations = @('Blocked Countries') + ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') + ExcludeRoles = @('Company Administrator', 'Application Administrator', 'Application Developer', 'Cloud Application Administrator', 'Cloud Device Administrator') + ExcludeUsers = @('admin@contoso.com', 'AAdmin@contoso.com', 'CAAdmin@contoso.com', 'AllanD@contoso.com', 'AlexW@contoso.com', 'GuestsOrExternalUsers') + ExcludeExternalTenantsMembers = @() + ExcludeExternalTenantsMembershipKind = 'all' + ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') + GrantControlOperator = 'OR' + IncludeApplications = @('All') + IncludeDevices = @('All') + IncludeGroups = @() + IncludeLocations = @('AllTrusted') + IncludePlatforms = @('Android', 'IOS') + IncludeRoles = @('Compliance Administrator') + IncludeUserActions = @() + IncludeUsers = @('Alexw@contoso.com') + IncludeExternalTenantsMembers = @('11111111-1111-1111-1111-111111111111') + IncludeExternalTenantsMembershipKind = 'enumerated' + IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest') + PersistentBrowserIsEnabled = $false + PersistentBrowserMode = '' + SignInFrequencyIsEnabled = $true + SignInFrequencyType = 'Hours' + SignInFrequencyValue = 5 + SignInRiskLevels = @('High', 'Medium') + State = 'disabled' + UserRiskLevels = @('High', 'Medium') + Ensure = 'Present' + Credential = $credsGlobalAdmin } } } From f49c8811a6fb2edfc445f253160ea610bacd41c5 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 27 Mar 2023 18:19:57 +0200 Subject: [PATCH 042/187] Updated EXOPerimeterConfiguration --- CHANGELOG.md | 3 ++- .../MSFT_EXOPerimeterConfiguration.psm1 | 20 +++++++++++-------- .../MSFT_EXOPerimeterConfiguration.schema.mof | 2 +- 3 files changed, 15 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c4c248f1e7..b094edcc74 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,7 +20,8 @@ * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) * EXOPerimeterConfiguration - * [BREAKING CHANGE] Setting Id as Key parameter + * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance + FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) * EXOResourceConfiguration * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 index 26bb0a2157..f50cec3f75 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 @@ -6,7 +6,8 @@ function Get-TargetResource ( [Parameter(Mandatory = $true)] [System.String] - $Identity, + [ValidateSet('Yes')] + $IsSingleInstance, [Parameter()] [System.String[]] @@ -84,7 +85,7 @@ function Get-TargetResource } $result = @{ - Identity = $PerimeterConfiguration.Identity + IsSingleInstance = 'Yes' GatewayIPAddresses = $PerimeterConfiguration.GatewayIPAddresses Credential = $Credential Ensure = 'Present' @@ -119,7 +120,8 @@ function Set-TargetResource ( [Parameter(Mandatory = $true)] [System.String] - $Identity, + [ValidateSet('Yes')] + $IsSingleInstance, [Parameter()] [System.String[]] @@ -184,7 +186,6 @@ function Set-TargetResource $PerimeterConfigurationParams.Remove('CertificatePath') | Out-Null $PerimeterConfigurationParams.Remove('CertificatePassword') | Out-Null $PerimeterConfigurationParams.Remove('ManagedIdentity') | Out-Null - $PerimeterConfigurationParams.Remove('Identity') | Out-Null if (('Present' -eq $Ensure ) -and ($Null -ne $PerimeterConfigurationParams)) { @@ -201,7 +202,8 @@ function Test-TargetResource ( [Parameter(Mandatory = $true)] [System.String] - $Identity, + [ValidateSet('Yes')] + $IsSingleInstance, [Parameter()] [System.String[]] @@ -284,9 +286,10 @@ function Export-TargetResource [OutputType([System.String])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] - $Identity, + [ValidateSet('Yes')] + $IsSingleInstance, [Parameter()] [System.String[]] @@ -352,7 +355,7 @@ function Export-TargetResource Write-Host " |---[1/1] $($PerimeterConfiguration.Identity)" -NoNewline $Params = @{ - Identity = $PerimeterConfiguration.Identity + IsSingleInstance = 'Yes' Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId @@ -389,4 +392,5 @@ function Export-TargetResource return '' } } + Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.schema.mof index 31b7879ac0..3424adf579 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("EXOPerimeterConfiguration")] class MSFT_EXOPerimeterConfiguration : OMI_BaseResource { - [Key, Description("The Identity parameter specifies the Perimeter Configuration policy that you want to modify.")] String Identity; + [Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; [Write, Description("Use the GatewayIPAddresses parameter to create or modify a list of gateway server IP addresses to add to IP safelists.")] String GatewayIPAddresses[]; [Write, Description("Specifies if this Outbound connector should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; From 0c38fcd99d0ce619d04c7805d17b01b0f4f1bc40 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 27 Mar 2023 18:22:52 +0200 Subject: [PATCH 043/187] Updated examples and tests --- .../MSFT_EXOPerimeterConfiguration.psm1 | 14 -------------- .../1-ConfigurePerimeterConfiguration.ps1 | 8 ++++---- ...osoft365DSC.EXOPerimeterConfiguration.Tests.ps1 | 4 ++-- 3 files changed, 6 insertions(+), 20 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 index f50cec3f75..c41f722f31 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 @@ -286,20 +286,6 @@ function Export-TargetResource [OutputType([System.String])] param ( - [Parameter(Mandatory = $true)] - [System.String] - [ValidateSet('Yes')] - $IsSingleInstance, - - [Parameter()] - [System.String[]] - $GatewayIPAddresses, - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - [Parameter()] [System.Management.Automation.PSCredential] $Credential, diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOPerimeterConfiguration/1-ConfigurePerimeterConfiguration.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOPerimeterConfiguration/1-ConfigurePerimeterConfiguration.ps1 index 6e97e371e7..547160b0a4 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOPerimeterConfiguration/1-ConfigurePerimeterConfiguration.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOPerimeterConfiguration/1-ConfigurePerimeterConfiguration.ps1 @@ -17,10 +17,10 @@ Configuration Example { EXOPerimeterConfiguration 'ConfigurePerimeterConfiguration' { - Identity = "Global" - GatewayIPAddresses = "123.0.0.1" - Ensure = "Present" - Credential = $credsGlobalAdmin + IsSingleInstance = 'Yes' + GatewayIPAddresses = '123.0.0.1' + Ensure = 'Present' + Credential = $credsGlobalAdmin } } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOPerimeterConfiguration.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOPerimeterConfiguration.Tests.ps1 index c7cb6ec90d..53b6cb98c0 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOPerimeterConfiguration.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOPerimeterConfiguration.Tests.ps1 @@ -51,7 +51,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential Ensure = 'Present' GatewayIPAddresses = @('127.0.0.1') - Identity = 'Tenant Perimeter Settings' + IsSingleInstance = 'Yes' } Mock -CommandName Get-PerimeterConfig -MockWith { @@ -80,7 +80,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential Ensure = 'Present' GatewayIPAddresses = @('127.0.0.1') - Identity = 'Tenant Perimeter Settings' + IsSingleInstance = 'Yes' } Mock -CommandName Get-PerimeterConfig -MockWith { From 5c52ca692149a737d600c375b9c9bea189acbb74 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 27 Mar 2023 19:05:31 +0200 Subject: [PATCH 044/187] Fixed unit test --- .../MSFT_EXOPerimeterConfiguration.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 index c41f722f31..38e289dbb1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPerimeterConfiguration/MSFT_EXOPerimeterConfiguration.psm1 @@ -186,6 +186,7 @@ function Set-TargetResource $PerimeterConfigurationParams.Remove('CertificatePath') | Out-Null $PerimeterConfigurationParams.Remove('CertificatePassword') | Out-Null $PerimeterConfigurationParams.Remove('ManagedIdentity') | Out-Null + $PerimeterConfigurationParams.Remove('IsSingleInstance') | Out-Null if (('Present' -eq $Ensure ) -and ($Null -ne $PerimeterConfigurationParams)) { From a66ccb6e68e700722afb1544969ddaeae12ed253 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 27 Mar 2023 13:51:40 -0400 Subject: [PATCH 045/187] Major Release Blog --- .../blog/april-2023-major-release copy.md | 87 +++++++++++++++++++ docs/docs/blog/index.md | 4 + docs/mkdocs.yml | 2 +- 3 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 docs/docs/blog/april-2023-major-release copy.md create mode 100644 docs/docs/blog/index.md diff --git a/docs/docs/blog/april-2023-major-release copy.md b/docs/docs/blog/april-2023-major-release copy.md new file mode 100644 index 0000000000..aab7f67301 --- /dev/null +++ b/docs/docs/blog/april-2023-major-release copy.md @@ -0,0 +1,87 @@ +# Microsoft365DSC – October 2022 Major Release (version 1.22.1005.1) + +As defined by our [Breaking Changes Policy](https://microsoft365dsc.com/concepts/breaking-changes/), twice a year we allow for breaking changes to be deployed as part of a release. Our next major release, scheduled to go out on April 5th 2023, will include several breaking changes and will be labeled version 1.23.405.1. This article provides details on the breaking changes that will be included as part of our April 2023 Major release. + +## IntuneDeviceEntollmentPlatformRestriction ([#2431](https://github.com/microsoft/Microsoft365DSC/pull/2431)) +As part of the April 2023 major release, this resource is being re-written almost entirely to account for new properties. The recommendation is to stop using old instances of it and start fresh by using this new updated version. One option would be to use the **Export-M365DSCConfiguration** cmdlet and target only this resource. Then, replace the existing instances in your configurations with the newly extracted content. + +## Primary Keys of Multiple Resources ([#2968](https://github.com/microsoft/Microsoft365DSC/pull/2968)) +We have modified the logic of all the resources below to ensure we have a primary key defined. In most cases we have makred the Identity or DisplayName properties as now being mandatory. While we don't believe this change will have a major impact on most existing configuration since they probably alreadfy defined these properties, there is a small chance that customers omitted to include them. The recomendation in this case is to ensure you add the new required properties to your resources. Resources impacted are: + +* AADAdministrativeUnit +* AADConditionalAccessPolicy +* AADEntitlementManagementAccessPackage +* AADEntitlementManagementAccessPackageAssignmentPolicy +* AADEntitlementManagementAccessPackageCatalog +* AADEntitlementManagementAccessPackageCatalogResource +* AADEntitlementManagementAccessPackageCatalogResource +* AADEntitlementManagementConnectedOrganization +* AADRoleSetting +* IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator +* IntuneDeviceConfigurationPolicyAndroidDeviceOwner +* IntuneDeviceConfigurationPolicyAndroidOpenSourceProject +* IntuneDeviceConfigurationPolicyMacOS +* IntuneDeviceConfigurationPolicyiOS +* IntuneExploitProtectionPolicyWindows10SettingCatalog +* IntuneWifiConfigurationPolicyAndroidDeviceAdministrator +* IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner +* IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile +* IntuneWifiConfigurationPolicyAndroidForWork +* IntuneWifiConfigurationPolicyAndroidOpenSourceProject +* IntuneWifiConfigurationPolicyIOS, +* IntuneWifiConfigurationPolicyMacOS +* IntuneWifiConfigurationPolicyWindows10 +* IntuneWindowUpdateForBusinessRingUpdateProfileWindows10 +* IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 +* IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled +* IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 + +## IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager ([#3003](https://github.com/microsoft/Microsoft365DSC/pull/3003)) +As part of this release, we are changing the DisplayName parameter to be required. Current configurations should make sure to include this parameter to avoid any conflicts when upgrading. + +## Removal of Deprecated Parameters ([#3040](https://github.com/microsoft/Microsoft365DSC/pull/3040)) +We are removing parameters that have been deprecated from various resources as part of this major update. As a reminder, parameters that become deprecated on Microsoft 365 are being marked as deprecated in Microsoft365DSC until the next major release. In the past, using these parameters would have resulted in a warning letting the users know that they are using a deprecated parameter and that it would simply be ignored. Starting with this release, using these deprecated parameters will generate an error. It is recommended to scan existing configurations and remove deprecated parameters. The following resources have deprecated parameters that have been removed as part of this release, along with the parameters that have been removed: + +* AADApplication + * Oauth2RequirePostResponse +* AADConditionalAccessPolicy + * IncludeDevices + * ExcludeDevices +* AADUser + * PreferredDataLocation +* EXOAntiPhishPolicy + * EnableAntispoofEnforcement + * TargetedDomainProtectionAction +* EXOHostedContentFilterPolicy + * EndUserSpamNotificationCustomFromAddress + * EndUserSpamNotificationCustomFromName +* EXOMalwareFilterPolicy + * Action + * CustomAlertText + * EnableExternalSenderNotifications + * EnableInternalSenderNotifications +* EXOOrganizationConfig + * AllowPlusAddressInRecipients +* EXOSaveLinksPolicy + * DoNotAllowClickThrough + * DoNotTrackUserClicks + * IsEnabled +* EXOSharedMailbox + * Aliases +* EXOTransportRule + * ExceptIfMessageContainsAllDataClassifications + * IncidentReportOriginalMail + * MessageContainsAllDataClassifications +* SCSensitivityLabel + * Disabled + * ApplyContentMarkingFooterFontName + * ApplyContentMarkingHeaderFontName + * ApplyWaterMarkingFontName + * EncryptionAipTemplateScopes +* SPOTenantSettings + * RequireAcceptingAccountMatchInvitedAccount +* TeamsMeetingPolicy + * RecordingStorageMode + +## TeamsGroupPolicyAssignment ([#3057](https://github.com/microsoft/Microsoft365DSC/pull/3057)) + diff --git a/docs/docs/blog/index.md b/docs/docs/blog/index.md new file mode 100644 index 0000000000..ad0d6f5612 --- /dev/null +++ b/docs/docs/blog/index.md @@ -0,0 +1,4 @@ +# Blog Posts + +* [April 2023 Major Release](https://microsoft365dsc.com/blogs/april-2023-major-release.md) +* [October 2022 Major Release](https://microsoft365dsc.com/blogs/october-2022-major-release.md) diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 181760e990..392dba6d60 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -5,7 +5,7 @@ nav: - 'Introduction': 'index.md' - 'What is Microsoft365DSC?': 'home/what-is-M365DSC.md' - Blog: - - 'October 2022 - Major Release': 'blog/october-2022-major-release.md' + - 'Blog Posts': 'blog/index.md' - User Guide: - 'Get Started': - 'Introduction': 'user-guide/get-started/introduction.md' From e6150eee09d5078cf6b9a8d28cdcd849b259cc4c Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 27 Mar 2023 13:57:22 -0400 Subject: [PATCH 046/187] FIXES #3072 --- CHANGELOG.md | 5 ++++- .../DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 | 12 ++++++------ .../MSFT_AADGroup/MSFT_AADGroup.schema.mof | 4 ++-- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 88aec801ca..a23ae8ec35 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,11 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.23.405.1 +* AADGroup + * Changed the SecurityEnabled and MailEnabled parameters to become mandatory. + FIXES [#3072](https://github.com/microsoft/Microsoft365DSC/issues/3072) * EXOIRMConfiguration * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 655f0026e3..e3de484347 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -45,11 +45,11 @@ function Get-TargetResource [System.String] $MembershipRuleProcessingState, - [Parameter()] + [Parameter(Mandatory = $true)] [System.Boolean] $SecurityEnabled, - [Parameter()] + [Parameter(Mandatory = $true)] [System.Boolean] $MailEnabled, @@ -308,11 +308,11 @@ function Set-TargetResource [System.String] $MembershipRuleProcessingState, - [Parameter()] + [Parameter(Mandatory = $true)] [System.Boolean] $SecurityEnabled, - [Parameter()] + [Parameter(Mandatory = $true)] [System.Boolean] $MailEnabled, @@ -824,11 +824,11 @@ function Test-TargetResource [System.String] $MembershipRuleProcessingState, - [Parameter()] + [Parameter(Mandatory = $true)] [System.Boolean] $SecurityEnabled, - [Parameter()] + [Parameter(Mandatory = $true)] [System.Boolean] $MailEnabled, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.schema.mof index c9a76cf899..a6656d12bb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.schema.mof @@ -18,8 +18,8 @@ class MSFT_AADGroup : OMI_BaseResource [Write, Description("Specifies that the group is a dynamic group. To create a dynamic group, specify a value of DynamicMembership.")] String GroupTypes[]; [Write, Description("Specifies the membership rule for a dynamic group.")] String MembershipRule; [Write, Description("Specifies the rule processing state. The acceptable values for this parameter are: On. Process the group rule or Paused. Stop processing the group rule."), ValueMap{"On","Paused"}, Values{"On","Paused"}] String MembershipRuleProcessingState; - [Write, Description("Specifies whether the group is security enabled. For security groups, this value must be $True.")] Boolean SecurityEnabled; - [Write, Description("Specifies whether this group is mail enabled. Currently, you cannot create mail enabled groups in Azure AD.")] Boolean MailEnabled; + [Required, Description("Specifies whether the group is security enabled. For security groups, this value must be $True.")] Boolean SecurityEnabled; + [Required, Description("Specifies whether this group is mail enabled. Currently, you cannot create mail enabled groups in Azure AD.")] Boolean MailEnabled; [Write, Description("Specifies whether this group can be assigned a role. Only available when creating a group and can't be modified after group is created.")] Boolean IsAssignableToRole; [Write, Description("DisplayName values for the roles that the group is assigned to.")] String AssignedToRole[]; [Write, Description("This parameter determines the visibility of the group's content and members list."), ValueMap{"Public","Private","HiddenMembership"}, Values{"Public","Private","HiddenMembership"}] String Visibility; From e30db1e08fad4d60c604696806ae17c5602dc2cc Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 27 Mar 2023 14:00:31 -0400 Subject: [PATCH 047/187] Update april-2023-major-release copy.md --- docs/docs/blog/april-2023-major-release copy.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/docs/blog/april-2023-major-release copy.md b/docs/docs/blog/april-2023-major-release copy.md index aab7f67301..7e4538f30b 100644 --- a/docs/docs/blog/april-2023-major-release copy.md +++ b/docs/docs/blog/april-2023-major-release copy.md @@ -85,3 +85,5 @@ We are removing parameters that have been deprecated from various resources as p ## TeamsGroupPolicyAssignment ([#3057](https://github.com/microsoft/Microsoft365DSC/pull/3057)) +## AADGroup - Added SecurityEnabled and MailEnabled as Mandatory Parameters ([#3077](https://github.com/microsoft/Microsoft365DSC/pull/3077)) +We've updated the AADGroup resource to enforce the MailEnabled and SecurityEnabled parameters as mandatory. Omitting these parameters was throwing error since they were required by the Microsoft Graph API associated with it. To update existing configurations, simply make sure that every instances of the AADGroup resource includes both the MailEnabled and SecurityEnabled parameters. From 5a53155a2f769911a5210417043236612f7c246f Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 27 Mar 2023 18:09:16 +0000 Subject: [PATCH 048/187] Updated Resources and Cmdlet documentation pages --- .../azure-ad/AADAdministrativeUnit.md | 5 +- .../azure-ad/AADConditionalAccessPolicy.md | 79 ++++++++++--------- .../AADEntitlementManagementAccessPackage.md | 4 +- ...ManagementAccessPackageAssignmentPolicy.md | 2 +- ...titlementManagementAccessPackageCatalog.md | 4 +- ...tManagementAccessPackageCatalogResource.md | 4 +- ...itlementManagementConnectedOrganization.md | 2 +- .../docs/resources/azure-ad/AADRoleSetting.md | 2 +- .../exchange/EXOPerimeterConfiguration.md | 10 +-- .../intune/IntuneASRRulesPolicyWindows10.md | 2 +- ...eAntivirusPolicyWindows10SettingCatalog.md | 2 +- .../intune/IntuneAppProtectionPolicyiOS.md | 5 +- ...uctionRulesPolicyWindows10ConfigManager.md | 2 +- ...urationPolicyAndroidDeviceAdministrator.md | 4 +- ...ceConfigurationPolicyAndroidDeviceOwner.md | 4 +- ...igurationPolicyAndroidOpenSourceProject.md | 4 +- .../IntuneDeviceConfigurationPolicyMacOS.md | 4 +- .../IntuneDeviceConfigurationPolicyiOS.md | 5 +- ...ProtectionPolicyWindows10SettingCatalog.md | 2 +- ...neSettingCatalogASRRulesPolicyWindows10.md | 2 +- ...urationPolicyAndroidDeviceAdministrator.md | 4 +- ...ationPolicyAndroidEntrepriseDeviceOwner.md | 4 +- ...ationPolicyAndroidEntrepriseWorkProfile.md | 4 +- ...neWifiConfigurationPolicyAndroidForWork.md | 4 +- ...igurationPolicyAndroidOpenSourceProject.md | 4 +- .../IntuneWifiConfigurationPolicyIOS.md | 4 +- .../IntuneWifiConfigurationPolicyMacOS.md | 4 +- .../IntuneWifiConfigurationPolicyWindows10.md | 4 +- ...teForBusinessRingUpdateProfileWindows10.md | 4 +- ...ionProtectionPolicyWindows10MdmEnrolled.md | 4 +- ...orBusinessFeatureUpdateProfileWindows10.md | 4 +- 31 files changed, 98 insertions(+), 94 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md index f1e0f5e4ee..8c52a0beac 100644 --- a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md +++ b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md @@ -4,8 +4,8 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **DisplayName** | Key | String | DisplayName of the Administrative Unit | | -| **Id** | Write | String | Object-Id of the Administrative Unit | | +| **Id** | Key | String | Object-Id of the Administrative Unit | | +| **DisplayName** | Required | String | DisplayName of the Administrative Unit | | | **Description** | Write | String | Description of the Administrative Unit | | | **Visibility** | Write | String | Visibility of the Administrative Unit. Specify HiddenMembership if members of the AU are hidden | | | **MembershipType** | Write | String | Specify membership type. Possible values are Assigned and Dynamic. Note that the functionality is currently in preview. | | @@ -93,6 +93,7 @@ Configuration Example { AADAdministrativeUnit 'TestUnit' { + Id = '49a843c7-e80c-4bae-8819-825656a108f2' DisplayName = 'Test-Unit' MembershipRule = "(user.country -eq `"Canada`")" MembershipRuleProcessingState = 'On' diff --git a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md index 5c9d030111..495f6d55ef 100644 --- a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md +++ b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md @@ -4,8 +4,8 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **DisplayName** | Key | String | DisplayName of the AAD CA Policy | | -| **Id** | Write | String | Specifies the GUID for the Policy. | | +| **Id** | Key | String | Specifies the GUID for the Policy. | | +| **DisplayName** | Required | String | DisplayName of the AAD CA Policy | | | **State** | Write | String | Specifies the State of the Policy. | `disabled`, `enabled`, `enabledForReportingButNotEnforced` | | **IncludeApplications** | Write | StringArray[] | Cloud Apps in scope of the Policy. | | | **ExcludeApplications** | Write | StringArray[] | Cloud Apps out of scope of the Policy. | | @@ -104,43 +104,44 @@ Configuration Example { AADConditionalAccessPolicy 'Allin-example' { - BuiltInControls = @("Mfa", "CompliantDevice", "DomainJoinedDevice", "ApprovedApplication", "CompliantApplication") - ClientAppTypes = @("ExchangeActiveSync", "Browser", "MobileAppsAndDesktopClients", "Other") - CloudAppSecurityIsEnabled = $True - CloudAppSecurityType = "MonitorOnly" - DisplayName = "Allin-example" - ExcludeApplications = @("803ee9ca-3f7f-4824-bd6e-0b99d720c35c", "00000012-0000-0000-c000-000000000000", "00000007-0000-0000-c000-000000000000", "Office365") - ExcludeDevices = @("Compliant", "DomainJoined") - ExcludeGroups = @() - ExcludeLocations = @("Blocked Countries") - ExcludePlatforms = @("Windows", "WindowsPhone", "MacOS") - ExcludeRoles = @("Company Administrator", "Application Administrator", "Application Developer", "Cloud Application Administrator", "Cloud Device Administrator") - ExcludeUsers = @("admin@contoso.com", "AAdmin@contoso.com", "CAAdmin@contoso.com", "AllanD@contoso.com", "AlexW@contoso.com", "GuestsOrExternalUsers") - ExcludeExternalTenantsMembers = @(); - ExcludeExternalTenantsMembershipKind = "all"; - ExcludeGuestOrExternalUserTypes = @("internalGuest","b2bCollaborationMember"); - GrantControlOperator = "OR" - IncludeApplications = @("All") - IncludeDevices = @("All") - IncludeGroups = @() - IncludeLocations = @("AllTrusted") - IncludePlatforms = @("Android", "IOS") - IncludeRoles = @("Compliance Administrator") - IncludeUserActions = @() - IncludeUsers = @("Alexw@contoso.com") - IncludeExternalTenantsMembers = @("11111111-1111-1111-1111-111111111111"); - IncludeExternalTenantsMembershipKind = "enumerated"; - IncludeGuestOrExternalUserTypes = @("b2bCollaborationGuest"); - PersistentBrowserIsEnabled = $false - PersistentBrowserMode = "" - SignInFrequencyIsEnabled = $True - SignInFrequencyType = "Hours" - SignInFrequencyValue = 5 - SignInRiskLevels = @("High", "Medium") - State = "disabled" - UserRiskLevels = @("High", "Medium") - Ensure = "Present" - Credential = $credsGlobalAdmin + Id = '4b0bb08f-85ab-4a12-a12c-06114b6ac6df' + DisplayName = 'Allin-example' + BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') + ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') + CloudAppSecurityIsEnabled = $true + CloudAppSecurityType = 'MonitorOnly' + ExcludeApplications = @('803ee9ca-3f7f-4824-bd6e-0b99d720c35c', '00000012-0000-0000-c000-000000000000', '00000007-0000-0000-c000-000000000000', 'Office365') + ExcludeDevices = @('Compliant', 'DomainJoined') + ExcludeGroups = @() + ExcludeLocations = @('Blocked Countries') + ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') + ExcludeRoles = @('Company Administrator', 'Application Administrator', 'Application Developer', 'Cloud Application Administrator', 'Cloud Device Administrator') + ExcludeUsers = @('admin@contoso.com', 'AAdmin@contoso.com', 'CAAdmin@contoso.com', 'AllanD@contoso.com', 'AlexW@contoso.com', 'GuestsOrExternalUsers') + ExcludeExternalTenantsMembers = @() + ExcludeExternalTenantsMembershipKind = 'all' + ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') + GrantControlOperator = 'OR' + IncludeApplications = @('All') + IncludeDevices = @('All') + IncludeGroups = @() + IncludeLocations = @('AllTrusted') + IncludePlatforms = @('Android', 'IOS') + IncludeRoles = @('Compliance Administrator') + IncludeUserActions = @() + IncludeUsers = @('Alexw@contoso.com') + IncludeExternalTenantsMembers = @('11111111-1111-1111-1111-111111111111') + IncludeExternalTenantsMembershipKind = 'enumerated' + IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest') + PersistentBrowserIsEnabled = $false + PersistentBrowserMode = '' + SignInFrequencyIsEnabled = $true + SignInFrequencyType = 'Hours' + SignInFrequencyValue = 5 + SignInRiskLevels = @('High', 'Medium') + State = 'disabled' + UserRiskLevels = @('High', 'Medium') + Ensure = 'Present' + Credential = $credsGlobalAdmin } } } diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md index 72e7b52a86..5a50e370ca 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md @@ -4,10 +4,10 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | The Id of the access package. | | +| **Id** | Key | String | The Id of the access package. | | +| **DisplayName** | Required | String | The display name of the access package. | | | **CatalogId** | Write | String | Identifier of the access package catalog referencing this access package. | | | **Description** | Write | String | The description of the access package. | | -| **DisplayName** | Write | String | The display name of the access package. | | | **IsHidden** | Write | Boolean | Whether the access package is hidden from the requestor. | | | **IsRoleScopesVisible** | Write | Boolean | Indicates whether role scopes are visible. | | | **AccessPackageResourceRoleScopes** | Write | MSFT_AccessPackageResourceRoleScope[] | The resources and roles included in the access package. | | diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageAssignmentPolicy.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageAssignmentPolicy.md index f3b022cbf1..e7aced4c4e 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageAssignmentPolicy.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageAssignmentPolicy.md @@ -5,11 +5,11 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Id** | Key | String | Id of the access package assignment policy. | | +| **DisplayName** | Required | String | The display name of the policy. | | | **AccessPackageId** | Write | String | Identifier of the access package. | | | **AccessReviewSettings** | Write | MSFT_MicrosoftGraphassignmentreviewsettings | Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews are not required. | | | **CanExtend** | Write | Boolean | Indicates whether a user can extend the access package assignment duration after approval. | | | **Description** | Write | String | The description of the policy. | | -| **DisplayName** | Write | String | The display name of the policy. | | | **DurationInDays** | Write | UInt32 | The number of days in which assignments from this policy last until they are expired. | | | **ExpirationDateTime** | Write | String | The expiration date for assignments created in this policy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z | | | **Questions** | Write | MSFT_MicrosoftGraphaccesspackagequestion[] | Questions that are posed to the requestor. | | diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md index 8442bbe269..db7d0691b2 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md @@ -4,11 +4,11 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | The id of the access package catalog. | | +| **Id** | Key | String | The id of the access package catalog. | | +| **DisplayName** | Required | String | The display name of the access package catalog. | | | **CatalogStatus** | Write | String | Has the value Published if the access packages are available for management. | | | **CatalogType** | Write | String | One of UserManaged or ServiceDefault. | `UserManaged`, `ServiceDefault` | | **Description** | Write | String | The description of the access package catalog. | | -| **DisplayName** | Write | String | The display name of the access package catalog. | | | **IsExternallyVisible** | Write | Boolean | Whether the access packages in this catalog can be requested by users outside of the tenant. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Intune Admin | | diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalogResource.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalogResource.md index 396544053e..4777c8b0d5 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalogResource.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalogResource.md @@ -4,13 +4,13 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | Id of the access package catalog resource. | | +| **Id** | Key | String | Id of the access package catalog resource. | | +| **DisplayName** | Required | String | The display name of the resource, such as the application name, group name or site name. | | | **CatalogId** | Write | String | The unique ID of the access package catalog. | | | **AddedBy** | Write | String | The name of the user or application that first added this resource. Read-only. | | | **AddedOn** | Write | String | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. | | | **Attributes** | Write | MSFT_MicrosoftGraphaccesspackageresourceattribute[] | Contains information about the attributes to be collected from the requestor and sent to the resource application. | | | **Description** | Write | String | A description for the resource. | | -| **DisplayName** | Write | String | The display name of the resource, such as the application name, group name or site name. | | | **IsPendingOnboarding** | Write | Boolean | True if the resource is not yet available for assignment. Read-only. | | | **OriginId** | Write | String | The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group. | | | **OriginSystem** | Write | String | The type of the resource in the origin system. | | diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementConnectedOrganization.md b/docs/docs/resources/azure-ad/AADEntitlementManagementConnectedOrganization.md index c8b8230b15..7a25dec62b 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementConnectedOrganization.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementConnectedOrganization.md @@ -5,8 +5,8 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Id** | Key | String | The Id of the Connected organization object. | | +| **DisplayName** | Required | String | The display name of the connected organization. | | | **Description** | Write | String | The description of the connected organization. | | -| **DisplayName** | Write | String | The display name of the connected organization. | | | **IdentitySources** | Write | MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource[] | The identity sources in this connected organization. | | | **State** | Write | String | The state of a connected organization defines whether assignment policies with requestor scope type AllConfiguredConnectedOrganizationSubjects are applicable or not. | `configured`, `proposed`, `unknownFutureValue` | | **ExternalSponsors** | Write | StringArray[] | Collection of objectID of extenal sponsors. the sponsor can be a user or a group. | | diff --git a/docs/docs/resources/azure-ad/AADRoleSetting.md b/docs/docs/resources/azure-ad/AADRoleSetting.md index e670d090dd..74a47d631d 100644 --- a/docs/docs/resources/azure-ad/AADRoleSetting.md +++ b/docs/docs/resources/azure-ad/AADRoleSetting.md @@ -5,7 +5,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Id** | Key | String | Specifies the RoleId. | | -| **Displayname** | Write | String | RuleDefinition Displayname | | +| **Displayname** | Required | String | RuleDefinition Displayname | | | **ActivationMaxDuration** | Write | String | Activation maximum duration (hours). | | | **ActivationReqJustification** | Write | Boolean | Require justification on activation (True/False) | | | **ActivationReqTicket** | Write | Boolean | Require ticket information on activation (True/False) | | diff --git a/docs/docs/resources/exchange/EXOPerimeterConfiguration.md b/docs/docs/resources/exchange/EXOPerimeterConfiguration.md index 759a9a0668..1c293dc09b 100644 --- a/docs/docs/resources/exchange/EXOPerimeterConfiguration.md +++ b/docs/docs/resources/exchange/EXOPerimeterConfiguration.md @@ -4,7 +4,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Identity** | Write | String | The Identity parameter specifies the Perimeter Configuration policy that you want to modify. | | +| **IsSingleInstance** | Key | String | Only valid value is 'Yes'. | `Yes` | | **GatewayIPAddresses** | Write | StringArray[] | Use the GatewayIPAddresses parameter to create or modify a list of gateway server IP addresses to add to IP safelists. | | | **Ensure** | Write | String | Specifies if this Outbound connector should exist. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | @@ -55,10 +55,10 @@ Configuration Example { EXOPerimeterConfiguration 'ConfigurePerimeterConfiguration' { - Identity = "Global" - GatewayIPAddresses = "123.0.0.1" - Ensure = "Present" - Credential = $credsGlobalAdmin + IsSingleInstance = 'Yes' + GatewayIPAddresses = '123.0.0.1' + Ensure = 'Present' + Credential = $credsGlobalAdmin } } } diff --git a/docs/docs/resources/intune/IntuneASRRulesPolicyWindows10.md b/docs/docs/resources/intune/IntuneASRRulesPolicyWindows10.md index 464400ce81..bf071da343 100644 --- a/docs/docs/resources/intune/IntuneASRRulesPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneASRRulesPolicyWindows10.md @@ -5,7 +5,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Identity** | Key | String | Identity of the endpoint protection attack surface protection rules policy for Windows 10. | | -| **DisplayName** | Write | String | Display name of the endpoint protection attack surface protection rules policy for Windows 10. | | +| **DisplayName** | Required | String | Display name of the endpoint protection attack surface protection rules policy for Windows 10. | | | **Description** | Write | String | Description of the endpoint protection attack surface protection rules policy for Windows 10. | | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Assignments of the Intune Policy. | | | **ProcessCreationType** | Write | String | This rule blocks processes created through PsExec and WMI from running. | `userDefined`, `block`, `auditMode`, `warn`, `disable` | diff --git a/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md b/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md index 710c624dc6..9bb2266b78 100644 --- a/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md +++ b/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md @@ -5,7 +5,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Identity** | Key | String | Identity of the endpoint protection policy for Windows 10. | | -| **DisplayName** | Write | String | Display name of the endpoint protection policy for Windows 10. | | +| **DisplayName** | Required | String | Display name of the endpoint protection policy for Windows 10. | | | **Description** | Write | String | Description of the endpoint protection policy for Windows 10. | | | **tamperprotection** | Write | String | Allows or disallows scanning of archives. (0: enable feature. 1: disable feature) | `0`, `1` | | **disableaccountprotectionui** | Write | String | Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | diff --git a/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md b/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md index 69b1cf98dd..ded7317cb4 100644 --- a/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md +++ b/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md @@ -4,8 +4,8 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Identity** | Write | String | Identity of the iOS App Protection Policy. | | -| **DisplayName** | Write | String | Display name of the iOS App Protection Policy. | | +| **Identity** | Key | String | Identity of the iOS App Protection Policy. | | +| **DisplayName** | Required | String | Display name of the iOS App Protection Policy. | | | **Description** | Write | String | Description of the iOS App Protection Policy. | | | **PeriodOfflineBeforeAccessCheck** | Write | String | The period after which access is checked when the device is not connected to the internet. | | | **PeriodOnlineBeforeAccessCheck** | Write | String | The period after which access is checked when the device is connected to the internet. | | @@ -115,6 +115,7 @@ Configuration Example { IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' { + Identity = '1352a41f-bd32-4ee3-b227-2f11b17b8614' DisplayName = 'My DSC iOS App Protection Policy' AllowedDataStorageLocations = @('sharePoint') AllowedInboundDataTransferSources = 'managedApps' diff --git a/docs/docs/resources/intune/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.md b/docs/docs/resources/intune/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.md index 53508d6a17..54dd05c3b6 100644 --- a/docs/docs/resources/intune/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.md +++ b/docs/docs/resources/intune/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.md @@ -5,7 +5,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Identity** | Key | String | Identity of the endpoint protection attack surface protection rules policy for Windows 10. | | -| **DisplayName** | Write | String | Display name of the endpoint protection attack surface protection rules policy for Windows 10. | | +| **DisplayName** | Required | String | Display name of the endpoint protection attack surface protection rules policy for Windows 10. | | | **Description** | Write | String | Description of the endpoint protection attack surface protection rules policy for Windows 10. | | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Assignments of the endpoint protection attack surface protection rules policy for Windows 10. | | | **AttackSurfaceReductionOnlyExclusions** | Write | StringArray[] | Exclude files and paths from attack surface reduction rules | | diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.md index b5bff42be7..266df5ebc5 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | Id of the Intune policy. | | +| **Id** | Key | String | Id of the Intune policy. | | +| **DisplayName** | Required | String | Display name of the Intune policy. | | | **Description** | Write | String | Description of the Intune policy. | | -| **DisplayName** | Write | String | Display name of the Intune policy. | | | **AppsBlockClipboardSharing** | Write | Boolean | Block clipboard sharing between apps (Samsung KNOX Standard 4.0+). | | | **AppsBlockCopyPaste** | Write | Boolean | Block copy and paste functionality. | | | **AppsBlockYouTube** | Write | Boolean | Block YouTube (Samsung KNOX Standard 4.0+). | | diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceOwner.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceOwner.md index ce211df516..59a62ae7a7 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceOwner.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceOwner.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | The Id of the policy. | | +| **Id** | Key | String | The Id of the policy. | | +| **DisplayName** | Required | String | The display name of hte policy. | | | **Description** | Write | String | The description of the policy. | | -| **DisplayName** | Write | String | The display name of hte policy. | | | **AccountsBlockModification** | Write | Boolean | Block modification of accounts. Only supported on Dedicated devices. | | | **AppsAllowInstallFromUnknownSources** | Write | Boolean | When allowed, users can enable the 'unknown sources' setting to install apps from sources other than the Google Play Store. | | | **AppsAutoUpdatePolicy** | Write | String | Devices check for app updates daily. The default behavior is to let device users decide. They'll be able to set their preferences in the managed Google Play app. | `notConfigured`, `userChoice`, `never`, `wiFiOnly`, `always` | diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.md index 9f4ca7bd5a..eee85e7f5a 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | Id of the Intune policy. | | +| **Id** | Key | String | Id of the Intune policy. | | +| **DisplayName** | Required | String | Display name of the Intune policy. | | | **Description** | Write | String | Description of the Intune policy. | | -| **DisplayName** | Write | String | Display name of the Intune policy. | | | **AppsBlockInstallFromUnknownSources** | Write | Boolean | Prevent applications from unknown sources. | | | **BluetoothBlockConfiguration** | Write | Boolean | Prevent bluetooth configuration. | | | **BluetoothBlocked** | Write | Boolean | Prevents using Bluetooth on devices. | | diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md index 15c458e67c..78e1f6dbaf 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | | | +| **Id** | Key | String | | | +| **DisplayName** | Required | String | | | | **Description** | Write | String | | | -| **DisplayName** | Write | String | | | | **AddingGameCenterFriendsBlocked** | Write | Boolean | | | | **AirDropBlocked** | Write | Boolean | | | | **AppleWatchBlockAutoUnlock** | Write | Boolean | Blocks users from unlocking their Mac with Apple Watch. | | diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyiOS.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyiOS.md index 5298d9b540..8331decd50 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyiOS.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyiOS.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | Id of the Intune policy. | | +| **Id** | Key | String | Id of the Intune policy. | | +| **DisplayName** | Required | String | Display name of the Intune policy. | | | **Description** | Write | String | Description of the Intune policy. | | -| **DisplayName** | Write | String | Display name of the Intune policy. | | | **AccountBlockModification** | Write | Boolean | Indicates whether or not to allow account modification when the device is in supervised mode. | | | **ActivationLockAllowWhenSupervised** | Write | Boolean | Activation Lock makes it harder for a lost or stolen device to be reactivated. | | | **AirDropBlocked** | Write | Boolean | Indicates whether or not to allow AirDrop when the device is in supervised mode. | | @@ -369,6 +369,7 @@ Configuration Example { IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' { + Id = '901c99e3-6429-4f02-851f-54b49a53f103' DisplayName = 'iOS DSC Policy' AccountBlockModification = $False ActivationLockAllowWhenSupervised = $False diff --git a/docs/docs/resources/intune/IntuneExploitProtectionPolicyWindows10SettingCatalog.md b/docs/docs/resources/intune/IntuneExploitProtectionPolicyWindows10SettingCatalog.md index 84b61f6ec9..1c5a3570b8 100644 --- a/docs/docs/resources/intune/IntuneExploitProtectionPolicyWindows10SettingCatalog.md +++ b/docs/docs/resources/intune/IntuneExploitProtectionPolicyWindows10SettingCatalog.md @@ -5,7 +5,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Identity** | Key | String | Identity of the endpoint protection policy. | | -| **DisplayName** | Write | String | Display name of the endpoint protection policy. | | +| **DisplayName** | Required | String | Display name of the endpoint protection policy. | | | **Description** | Write | String | Description of the endpoint protection. | | | **ExploitProtectionSettings** | Write | String | Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. | | | **disallowexploitprotectionoverride** | Write | String | Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center.values 0:disable, 1:enable | `0`, `1` | diff --git a/docs/docs/resources/intune/IntuneSettingCatalogASRRulesPolicyWindows10.md b/docs/docs/resources/intune/IntuneSettingCatalogASRRulesPolicyWindows10.md index 2f452d0079..e19f165b9f 100644 --- a/docs/docs/resources/intune/IntuneSettingCatalogASRRulesPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneSettingCatalogASRRulesPolicyWindows10.md @@ -5,7 +5,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Identity** | Key | String | Identity of the endpoint protection attack surface protection rules policy for Windows 10. | | -| **DisplayName** | Write | String | Display name of the endpoint protection attack surface protection rules policy for Windows 10. | | +| **DisplayName** | Required | String | Display name of the endpoint protection attack surface protection rules policy for Windows 10. | | | **Description** | Write | String | Description of the endpoint protection attack surface protection rules policy for Windows 10. | | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Assignments of the endpoint protection. | | | **AttackSurfaceReductionOnlyExclusions** | Write | StringArray[] | Exclude files and paths from attack surface reduction rules | | diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.md index 712b2a9054..8acfd3b003 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | Id of the Intune Policy. | | +| **Id** | Key | String | Id of the Intune Policy. | | +| **DisplayName** | Required | String | Display name of the Intune Policy. | | | **Description** | Write | String | Description of the Intune Policy. | | -| **DisplayName** | Write | String | Display name of the Intune Policy. | | | **ConnectAutomatically** | Write | Boolean | Connect automatically. | | | **ConnectWhenNetworkNameIsHidden** | Write | Boolean | Connect when network name is hidden. | | | **NetworkName** | Write | String | Network name. | | diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.md index f164ee5e8d..15406e633b 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | Id of the Intune policy | | +| **Id** | Key | String | Id of the Intune policy | | +| **DisplayName** | Required | String | Disaply name of the Intune policy | | | **Description** | Write | String | Description of the Intune policy | | -| **DisplayName** | Write | String | Disaply name of the Intune policy | | | **ConnectAutomatically** | Write | Boolean | If the network is in range, automatically connect. | | | **ConnectWhenNetworkNameIsHidden** | Write | Boolean | Don't show this Wi-Fi network on an end-user's device in the list of available networks. The SSID will not be broadcasted. | | | **NetworkName** | Write | String | Network name. | | diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.md index 0280e31797..55b0fc04a7 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | Id of the Intune policy. | | +| **Id** | Key | String | Id of the Intune policy. | | +| **DisplayName** | Required | String | Display name of the Intune policy. | | | **Description** | Write | String | Description of the Intune policy. | | -| **DisplayName** | Write | String | Display name of the Intune policy. | | | **ConnectAutomatically** | Write | Boolean | Connect automatically. | | | **ConnectWhenNetworkNameIsHidden** | Write | Boolean | Connect when network name is hidden. | | | **NetworkName** | Write | String | Network name. | | diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidForWork.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidForWork.md index 61f7cedf37..b67c99d13d 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidForWork.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidForWork.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | Id of the Intune policy. | | +| **Id** | Key | String | Id of the Intune policy. | | +| **DisplayName** | Required | String | Display name of the Intune policy. | | | **Description** | Write | String | Description of the Intune policy. | | -| **DisplayName** | Write | String | Display name of the Intune policy. | | | **ConnectAutomatically** | Write | Boolean | Connect automatically | | | **ConnectWhenNetworkNameIsHidden** | Write | Boolean | Connect when network name is hidden | | | **NetworkName** | Write | String | Network name | | diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidOpenSourceProject.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidOpenSourceProject.md index 654853a723..98f1d7c54c 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidOpenSourceProject.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidOpenSourceProject.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | Id of the Intune policy. | | +| **Id** | Key | String | Id of the Intune policy. | | +| **DisplayName** | Required | String | Display name of the Intune policy. | | | **Description** | Write | String | Description of the Intune policy. | | -| **DisplayName** | Write | String | Display name of the Intune policy. | | | **ConnectAutomatically** | Write | Boolean | Connect automatically to the network. | | | **ConnectWhenNetworkNameIsHidden** | Write | Boolean | Define if the network should be connected if hidden. | | | **NetworkName** | Write | String | Define the network name. | | diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyIOS.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyIOS.md index 719eeb416b..fd12a11a96 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyIOS.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyIOS.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | Id of the Intune policy. | | +| **Id** | Key | String | Id of the Intune policy. | | +| **DisplayName** | Required | String | Display name of the Intune policy. | | | **Description** | Write | String | Description of the Intune policy. | | -| **DisplayName** | Write | String | Display name of the Intune policy. | | | **ConnectAutomatically** | Write | Boolean | Connect automatically | | | **ConnectWhenNetworkNameIsHidden** | Write | Boolean | Connect when network name is hidden | | | **DisableMacAddressRandomization** | Write | Boolean | Disable the MAC address randomization. | | diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyMacOS.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyMacOS.md index a908967649..1f3262d800 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyMacOS.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyMacOS.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | Id of the Intune policy. | | +| **Id** | Key | String | Id of the Intune policy. | | +| **DisplayName** | Required | String | Display name of the Intune policy. | | | **Description** | Write | String | Description of the Intune policy. | | -| **DisplayName** | Write | String | Display name of the Intune policy. | | | **ConnectAutomatically** | Write | Boolean | Connect automatically | | | **ConnectWhenNetworkNameIsHidden** | Write | Boolean | Connect when network name is hidden | | | **NetworkName** | Write | String | Network name | | diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyWindows10.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyWindows10.md index 1a066d504e..0bdcb3ac75 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyWindows10.md @@ -4,9 +4,9 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Id** | Write | String | Id of the Intune policy. | | +| **Id** | Key | String | Id of the Intune policy. | | +| **DisplayName** | Required | String | Display name of the Intune policy. | | | **Description** | Write | String | Description of the Intune policy. | | -| **DisplayName** | Write | String | Display name of the Intune policy. | | | **ConnectAutomatically** | Write | Boolean | Connect automatically | | | **ConnectToPreferredNetwork** | Write | Boolean | Connect to preferred network | | | **ConnectWhenNetworkNameIsHidden** | Write | Boolean | Connect when network name is hidden | | diff --git a/docs/docs/resources/intune/IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.md b/docs/docs/resources/intune/IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.md index 8948e2a935..58aaeddaa6 100644 --- a/docs/docs/resources/intune/IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.md +++ b/docs/docs/resources/intune/IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.md @@ -4,6 +4,8 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | +| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **DisplayName** | Required | String | Admin provided name of the device configuration. | | | **AllowWindows11Upgrade** | Write | Boolean | When TRUE, allows eligible Windows 10 devices to upgrade to Windows 11. When FALSE, implies the device stays on the existing operating system. Returned by default. Query parameters are not supported. | | | **AutomaticUpdateMode** | Write | String | The Automatic Update Mode. Possible values are: UserDefined, NotifyDownload, AutoInstallAtMaintenanceTime, AutoInstallAndRebootAtMaintenanceTime, AutoInstallAndRebootAtScheduledTime, AutoInstallAndRebootWithoutEndUserControl, WindowsDefault. UserDefined is the default value, no intent. Returned by default. Query parameters are not supported. Possible values are: userDefined, notifyDownload, autoInstallAtMaintenanceTime, autoInstallAndRebootAtMaintenanceTime, autoInstallAndRebootAtScheduledTime, autoInstallAndRebootWithoutEndUserControl, windowsDefault. | `userDefined`, `notifyDownload`, `autoInstallAtMaintenanceTime`, `autoInstallAndRebootAtMaintenanceTime`, `autoInstallAndRebootAtScheduledTime`, `autoInstallAndRebootWithoutEndUserControl`, `windowsDefault` | | **AutoRestartNotificationDismissal** | Write | String | Specify the method by which the auto-restart required notification is dismissed. Possible values are: NotConfigured, Automatic, User. Returned by default. Query parameters are not supported. Possible values are: notConfigured, automatic, user, unknownFutureValue. | `notConfigured`, `automatic`, `user`, `unknownFutureValue` | @@ -39,8 +41,6 @@ | **UserPauseAccess** | Write | String | Specifies whether to enable end user�s access to pause software updates. Possible values are: NotConfigured, Enabled, Disabled. Returned by default. Query parameters are not supported. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | | **UserWindowsUpdateScanAccess** | Write | String | Specifies whether to disable user�s access to scan Windows Update. Possible values are: NotConfigured, Enabled, Disabled. Returned by default. Query parameters are not supported. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | | **Description** | Write | String | Admin provided description of the Device Configuration. | | -| **DisplayName** | Write | String | Admin provided name of the device configuration. | | -| **Id** | Key | String | The unique identifier for an entity. Read-only. | | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Admin | | diff --git a/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md b/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md index 2ece55e92f..c0b9f43afc 100644 --- a/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md +++ b/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md @@ -4,6 +4,8 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | +| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **DisplayName** | Required | String | Policy display name. | | | **AzureRightsManagementServicesAllowed** | Write | Boolean | Specifies whether to allow Azure RMS encryption for WIP | | | **DataRecoveryCertificate** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionDataRecoveryCertificate | Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent(DRA) certificate for encrypting file system(EFS) | | | **EnforcementLevel** | Write | String | WIP enforcement level.See the Enum definition for supported values. Possible values are: noProtection, encryptAndAuditOnly, encryptAuditAndPrompt, encryptAuditAndBlock. | `noProtection`, `encryptAndAuditOnly`, `encryptAuditAndPrompt`, `encryptAuditAndBlock` | @@ -26,8 +28,6 @@ | **RightsManagementServicesTemplateId** | Write | String | TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access | | | **SmbAutoEncryptedFileExtensions** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[] | Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary | | | **Description** | Write | String | The policy's description. | | -| **DisplayName** | Write | String | Policy display name. | | -| **Id** | Write | String | The unique identifier for an entity. Read-only. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | diff --git a/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.md b/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.md index 198d6f0ee6..21eeaccb5d 100644 --- a/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.md +++ b/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.md @@ -4,11 +4,11 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | +| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **DisplayName** | Required | String | The display name of the profile. | | | **Description** | Write | String | The description of the profile which is specified by the user. | | -| **DisplayName** | Write | String | The display name of the profile. | | | **FeatureUpdateVersion** | Write | String | The feature update version that will be deployed to the devices targeted by this profile. The version could be any supported version for example 1709, 1803 or 1809 and so on. | | | **RolloutSettings** | Write | MSFT_MicrosoftGraphwindowsUpdateRolloutSettings | The windows update rollout settings, including offer start date time, offer end date time, and days between each set of offers. | | -| **Id** | Key | String | The unique identifier for an entity. Read-only. | | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Admin | | From 095ea69ace72cc24b4d764526dd7607d90458581 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 27 Mar 2023 14:35:58 -0400 Subject: [PATCH 049/187] Update april-2023-major-release copy.md --- docs/docs/blog/april-2023-major-release copy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/blog/april-2023-major-release copy.md b/docs/docs/blog/april-2023-major-release copy.md index 7e4538f30b..5b1d9ac75c 100644 --- a/docs/docs/blog/april-2023-major-release copy.md +++ b/docs/docs/blog/april-2023-major-release copy.md @@ -86,4 +86,4 @@ We are removing parameters that have been deprecated from various resources as p ## TeamsGroupPolicyAssignment ([#3057](https://github.com/microsoft/Microsoft365DSC/pull/3057)) ## AADGroup - Added SecurityEnabled and MailEnabled as Mandatory Parameters ([#3077](https://github.com/microsoft/Microsoft365DSC/pull/3077)) -We've updated the AADGroup resource to enforce the MailEnabled and SecurityEnabled parameters as mandatory. Omitting these parameters was throwing error since they were required by the Microsoft Graph API associated with it. To update existing configurations, simply make sure that every instances of the AADGroup resource includes both the MailEnabled and SecurityEnabled parameters. +We've updated the AADGroup resource to enforce the MailEnabled and SecurityEnabled parameters as mandatory. Omitting these parameters was throwing an error since they were required by the Microsoft Graph API associated with it. To update existing configurations, simply make sure that every instances of the AADGroup resource includes both the MailEnabled and SecurityEnabled parameters. From 609e34ac744b31e6b9636019733ebd77b8160ade Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 27 Mar 2023 20:50:37 +0200 Subject: [PATCH 050/187] Corrected example --- .../1-ConfigureAADConditionalAccessPolicy.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 index e1f53a533c..d28e1bc7d3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 @@ -23,7 +23,6 @@ Configuration Example ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') CloudAppSecurityIsEnabled = $True CloudAppSecurityType = 'MonitorOnly' - DisplayName = 'Allin-example' ExcludeApplications = @('803ee9ca-3f7f-4824-bd6e-0b99d720c35c', '00000012-0000-0000-c000-000000000000', '00000007-0000-0000-c000-000000000000', 'Office365') ExcludeGroups = @() ExcludeLocations = @('Blocked Countries') From 2fa77b3e71fbbcd5902c7acaf66b03169d0be370 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 27 Mar 2023 19:56:15 +0000 Subject: [PATCH 051/187] Updated Resources and Cmdlet documentation pages --- .../docs/resources/azure-ad/AADApplication.md | 1 - .../azure-ad/AADConditionalAccessPolicy.md | 9 +-- docs/docs/resources/azure-ad/AADUser.md | 1 - .../resources/exchange/EXOAntiPhishPolicy.md | 2 - .../exchange/EXOHostedContentFilterPolicy.md | 2 - .../exchange/EXOMalwareFilterPolicy.md | 4 -- .../exchange/EXOOrganizationConfig.md | 1 - .../resources/exchange/EXOSafeLinksPolicy.md | 14 ++-- .../resources/exchange/EXOSharedMailbox.md | 1 - .../resources/exchange/EXOTransportRule.md | 3 - .../security-compliance/SCSensitivityLabel.md | 69 +++++++++---------- .../resources/sharepoint/SPOTenantSettings.md | 1 - .../resources/teams/TeamsMeetingPolicy.md | 1 - 13 files changed, 38 insertions(+), 71 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADApplication.md b/docs/docs/resources/azure-ad/AADApplication.md index b54d24510a..e10f4b4797 100644 --- a/docs/docs/resources/azure-ad/AADApplication.md +++ b/docs/docs/resources/azure-ad/AADApplication.md @@ -13,7 +13,6 @@ | **IdentifierUris** | Write | StringArray[] | User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain. | | | **KnownClientApplications** | Write | StringArray[] | Client applications that are tied to this resource application. | | | **LogoutURL** | Write | String | The logout url for this application. | | -| **Oauth2RequirePostResponse** | Write | Boolean | Set this to true if an Oauth2 post response is required. | | | **PublicClient** | Write | Boolean | Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false. | | | **ReplyURLs** | Write | StringArray[] | Specifies the URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to. | | | **Owners** | Write | StringArray[] | UPN or ObjectID values of the app's owners. | | diff --git a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md index 495f6d55ef..d30d07345a 100644 --- a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md +++ b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md @@ -26,8 +26,6 @@ | **ExcludePlatforms** | Write | StringArray[] | Client Device Platforms out of scope of the Policy. | | | **IncludeLocations** | Write | StringArray[] | AAD Named Locations in scope of the Policy. | | | **ExcludeLocations** | Write | StringArray[] | AAD Named Locations out of scope of the Policy. | | -| **IncludeDevices** | Write | StringArray[] | Client Device Compliance states in scope of the Policy. | | -| **ExcludeDevices** | Write | StringArray[] | Client Device Compliance states out of scope of the Policy. | | | **DeviceFilterMode** | Write | String | Client Device Filter mode of the Policy. | `include`, `exclude` | | **DeviceFilterRule** | Write | String | Client Device Filter rule of the Policy. | | | **UserRiskLevels** | Write | StringArray[] | AAD Identity Protection User Risk Levels in scope of the Policy. | | @@ -93,7 +91,8 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { - param( + param + ( [Parameter(Mandatory = $true)] [PSCredential] $credsGlobalAdmin @@ -108,10 +107,9 @@ Configuration Example DisplayName = 'Allin-example' BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') - CloudAppSecurityIsEnabled = $true + CloudAppSecurityIsEnabled = $True CloudAppSecurityType = 'MonitorOnly' ExcludeApplications = @('803ee9ca-3f7f-4824-bd6e-0b99d720c35c', '00000012-0000-0000-c000-000000000000', '00000007-0000-0000-c000-000000000000', 'Office365') - ExcludeDevices = @('Compliant', 'DomainJoined') ExcludeGroups = @() ExcludeLocations = @('Blocked Countries') ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') @@ -122,7 +120,6 @@ Configuration Example ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') GrantControlOperator = 'OR' IncludeApplications = @('All') - IncludeDevices = @('All') IncludeGroups = @() IncludeLocations = @('AllTrusted') IncludePlatforms = @('Android', 'IOS') diff --git a/docs/docs/resources/azure-ad/AADUser.md b/docs/docs/resources/azure-ad/AADUser.md index 0140be56b3..41da535e54 100644 --- a/docs/docs/resources/azure-ad/AADUser.md +++ b/docs/docs/resources/azure-ad/AADUser.md @@ -22,7 +22,6 @@ | **PasswordPolicies** | Write | String | Specifies password policies for the user. | | | **PhoneNumber** | Write | String | The Phone Number of the user | | | **PostalCode** | Write | String | The Postal Code of the user | | -| **PreferredDataLocation** | Write | String | The Prefered location to store data of the user | | | **PreferredLanguage** | Write | String | The Prefered Language of the user | | | **State** | Write | String | Specifies the state or province where the user is located | | | **StreetAddress** | Write | String | Specifies the street address of the user | | diff --git a/docs/docs/resources/exchange/EXOAntiPhishPolicy.md b/docs/docs/resources/exchange/EXOAntiPhishPolicy.md index ab07fd9845..e2c4770cea 100644 --- a/docs/docs/resources/exchange/EXOAntiPhishPolicy.md +++ b/docs/docs/resources/exchange/EXOAntiPhishPolicy.md @@ -9,11 +9,9 @@ | **AdminDisplayName** | Write | String | The AdminDisplayName parameter specifies a description for the policy. | | | **PhishThresholdLevel** | Write | String | The PhishThresholdLevel parameter specifies the tolerance level that's used by machine learning in the handling of phishing messages. | `1`, `2`, `3`, `4` | | **AuthenticationFailAction** | Write | String | The AuthenticationFailAction parameter specifies the action to take when the message fails composite authentication. | `MoveToJmf`, `Quarantine` | -| **TargetedDomainProtectionAction** | Write | String | The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages for the domains specified by the TargetedDomainsToProtect parameter. | `BccMessage`, `Delete`, `MoveToJmf`, `NoAction`, `Quarantine`, `Redirect` | | **TargetedUserProtectionAction** | Write | String | The TargetedUserProtectionAction parameter specifies the action to take on detected user impersonation messages for the users specified by the TargetedUsersToProtect parameter. | `BccMessage`, `Delete`, `MoveToJmf`, `NoAction`, `Quarantine`, `Redirect` | | **Enabled** | Write | Boolean | Specify if this policy should be enabled. Default is $true. | | | **EnableFirstContactSafetyTips** | Write | Boolean | The EnableFirstContactSafetyTips parameter specifies whether to enable or disable the safety tip that's shown when recipients first receive an email from a sender or do not often receive email from a sender. | | -| **EnableAntispoofEnforcement** | Write | Boolean | DEPRECATED. | | | **EnableMailboxIntelligence** | Write | Boolean | The EnableMailboxIntelligence parameter specifies whether to enable or disable mailbox intelligence (the first contact graph) in domain and user impersonation protection. | | | **EnableMailboxIntelligenceProtection** | Write | Boolean | The EnableMailboxIntelligenceProtection specifies whether to enable or disable enhanced impersonation results based on each user's individual sender map. This intelligence allows Microsoft 365 to customize user impersonation detection and better handle false positives. | | | **EnableOrganizationDomainsProtection** | Write | Boolean | The EnableOrganizationDomainsProtection parameter specifies whether to enable domain impersonation protection for all registered domains in the Office 365 organization. | | diff --git a/docs/docs/resources/exchange/EXOHostedContentFilterPolicy.md b/docs/docs/resources/exchange/EXOHostedContentFilterPolicy.md index c5d1a65a65..17cd427a9a 100644 --- a/docs/docs/resources/exchange/EXOHostedContentFilterPolicy.md +++ b/docs/docs/resources/exchange/EXOHostedContentFilterPolicy.md @@ -18,8 +18,6 @@ | **EnableEndUserSpamNotifications** | Write | Boolean | The EnableEndUserSpamNotification parameter enables for disables sending end-user spam quarantine notification messages. Valid input for this parameter is $true or $false. The default value is $false. | | | **EnableLanguageBlockList** | Write | Boolean | The EnableLanguageBlockList parameter enables or disables blocking email messages that are written in specific languages, regardless of the message contents. Valid input for this parameter is $true or $false. The default value is $false. | | | **EnableRegionBlockList** | Write | Boolean | The EnableRegionBlockList parameter enables or disables blocking email messages that are sent from specific countries or regions, regardless of the message contents. Valid input for this parameter is $true or $false. The default value is $false. | | -| **EndUserSpamNotificationCustomFromAddress** | Write | String | This parameter has been deprecated and is no longer used. The EndUserSpamNotificationCustomFromAddress parameter specifies a custom From address for end-user spam notification messages. Valid input for this parameter is an SMTP email address or an empty string. | | -| **EndUserSpamNotificationCustomFromName** | Write | String | This parameter has been deprecated and is no longer used. The EndUserSpamNotificationCustomFromName parameter specifies a custom display name in the From field for end-user spam notification messages. | | | **EndUserSpamNotificationCustomSubject** | Write | String | The EndUserSpamNotificationCustomSubject parameter specifies a custom subject for end-user spam notification messages. | | | **EndUserSpamNotificationFrequency** | Write | UInt32 | The EndUserSpamNotificationFrequency parameter specifies the repeat interval in days that end-user spam notification messages are sent. Valid input for this parameter is an integer between 1 and 15. The default value is 3. | | | **EndUserSpamNotificationLanguage** | Write | String | The EndUserSpamNotificationLanguage parameter specifies the language of end-user spam notification messages. The default value is Default. This means the default language of end-user spam notification messages is the default language of the cloud-based organization. | `Default`, `English`, `French`, `German`, `Italian`, `Japanese`, `Spanish`, `Korean`, `Portuguese`, `Russian`, `ChineseSimplified`, `ChineseTraditional`, `Amharic`, `Arabic`, `Bulgarian`, `BengaliIndia`, `Catalan`, `Czech`, `Cyrillic`, `Danish`, `Greek`, `Estonian`, `Basque`, `Farsi`, `Finnish`, `Filipino`, `Galician`, `Gujarati`, `Hebrew`, `Hindi`, `Croatian`, `Hungarian`, `Indonesian`, `Icelandic`, `Kazakh`, `Kannada`, `Lithuanian`, `Latvian`, `Malayalam`, `Marathi`, `Malay`, `Dutch`, `NorwegianNynorsk`, `Norwegian`, `Oriya`, `Polish`, `PortuguesePortugal`, `Romanian`, `Slovak`, `Slovenian`, `SerbianCyrillic`, `Serbian`, `Swedish`, `Swahili`, `Tamil`, `Telugu`, `Thai`, `Turkish`, `Ukrainian`, `Urdu`, `Vietnamese` | diff --git a/docs/docs/resources/exchange/EXOMalwareFilterPolicy.md b/docs/docs/resources/exchange/EXOMalwareFilterPolicy.md index 672b97077c..e1f5cd804a 100644 --- a/docs/docs/resources/exchange/EXOMalwareFilterPolicy.md +++ b/docs/docs/resources/exchange/EXOMalwareFilterPolicy.md @@ -5,9 +5,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Identity** | Key | String | The Identity parameter specifies the MalwareFilterPolicy you want to modify. | | -| **Action** | Write | String | DEPRECATED | `DeleteMessage`, `DeleteAttachmentAndUseDefaultAlert`, `DeleteAttachmentAndUseCustomAlert` | | **AdminDisplayName** | Write | String | The AdminDisplayName parameter specifies a description for the policy. If the value contains spaces, enclose the value in quotation marks. | | -| **CustomAlertText** | Write | String | The CustomAlertText parameter specifies the custom text to use in the replacement attachment named Malware Alert Text.txt. If the value contains spaces, enclose the value in quotation marks. | | | **CustomExternalBody** | Write | String | The CustomExternalBody parameter specifies the body of the custom notification message for malware detections in messages from external senders. If the value contains spaces, enclose the value in quotation marks. | | | **CustomExternalSubject** | Write | String | The CustomExternalSubject parameter specifies the subject of the custom notification message for malware detections in messages from external senders. If the value contains spaces, enclose the value in quotation marks. | | | **CustomFromAddress** | Write | String | The CustomFromAddress parameter specifies the From address of the custom notification message for malware detections in messages from internal or external senders. | | @@ -16,10 +14,8 @@ | **CustomInternalSubject** | Write | String | The CustomInternalSubject parameter specifies the subject of the custom notification message for malware detections in messages from internal senders. If the value contains spaces, enclose the value in quotation marks. | | | **CustomNotifications** | Write | Boolean | The CustomNotifications parameter enables or disables custom notification messages for malware detections in messages from internal or external senders. Valid values are: $true, $false. | | | **EnableExternalSenderAdminNotifications** | Write | Boolean | The EnableExternalSenderAdminNotifications parameter enables or disables sending malware detection notification messages to an administrator for messages from external senders. Valid values are: $true, $false. | | -| **EnableExternalSenderNotifications** | Write | Boolean | DEPRECATED | | | **EnableFileFilter** | Write | Boolean | The EnableFileFilter parameter enables or disables common attachment blocking - also known as the Common Attachment Types Filter.Valid values are: $true, $false. | | | **EnableInternalSenderAdminNotifications** | Write | Boolean | The EnableInternalSenderAdminNotifications parameter enables or disables sending malware detection notification messages to an administrator for messages from internal senders. Valid values are: $true, $false. | | -| **EnableInternalSenderNotifications** | Write | Boolean | DEPRECATED | | | **ExternalSenderAdminAddress** | Write | String | The ExternalSenderAdminAddress parameter specifies the email address of the administrator who will receive notification messages for malware detections in messages from external senders. | | | **FileTypeAction** | Write | String | The FileTypeAction parameter specifies what's done to messages that contain one or more attachments where the file extension is included in the FileTypes parameter (common attachment blocking). Valid values are Quarantine and Reject. The default value is Reject. | `Quarantine`, `Reject` | | **FileTypes** | Write | StringArray[] | The FileTypes parameter specifies the file types that are automatically blocked by common attachment blocking (also known as the Common Attachment Types Filter), regardless of content. | | diff --git a/docs/docs/resources/exchange/EXOOrganizationConfig.md b/docs/docs/resources/exchange/EXOOrganizationConfig.md index ccd4ff2ab8..81b0bc205a 100644 --- a/docs/docs/resources/exchange/EXOOrganizationConfig.md +++ b/docs/docs/resources/exchange/EXOOrganizationConfig.md @@ -9,7 +9,6 @@ | **ActivityBasedAuthenticationTimeoutInterval** | Write | String | The ActivityBasedAuthenticationTimeoutInterval parameter specifies the time span for logoff. You enter this value as a time span: hh:mm:ss where hh = hours, mm = minutes and ss = seconds. Valid values for this parameter are from 00:05:00 to 08:00:00 (5 minutes to 8 hours). The default value is 06:00:00 (6 hours). | | | **ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled** | Write | Boolean | The ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled parameter specifies whether to keep single sign-on enabled. The default value is $true. | | | **AppsForOfficeEnabled** | Write | Boolean | The AppsForOfficeEnabled parameter specifies whether to enable apps for Outlook features. By default, the parameter is set to $true. If the flag is set to $false, no new apps can be activated for any user in the organization. | | -| **AllowPlusAddressInRecipients** | Write | Boolean | DEPRECATED | | | **AsyncSendEnabled** | Write | Boolean | The AsyncSendEnabled parameter specifies whether to enable or disable async send in Outlook on the web. | | | **AuditDisabled** | Write | Boolean | The AuditDisabled parameter specifies whether to disable or enable mailbox auditing for the organization. | | | **AutodiscoverPartialDirSync** | Write | Boolean | Setting this parameter to $true will cause unknown users to be redirected to the on-premises endpoint and will allow on-premises users to discover their mailbox automatically. | | diff --git a/docs/docs/resources/exchange/EXOSafeLinksPolicy.md b/docs/docs/resources/exchange/EXOSafeLinksPolicy.md index 90d7b71f7d..60430d1e65 100644 --- a/docs/docs/resources/exchange/EXOSafeLinksPolicy.md +++ b/docs/docs/resources/exchange/EXOSafeLinksPolicy.md @@ -10,16 +10,13 @@ | **AllowClickThrough** | Write | Boolean | The AllowClickThrough parameter specifies whether to allow users to click through to the original URL on warning pages. | | | **CustomNotificationText** | Write | String | The custom notification text specifies the customized notification text to show to users. | | | **DeliverMessageAfterScan** | Write | Boolean | The DeliverMessageAfterScan parameter specifies whether to deliver email messages only after Safe Links scanning is complete. Valid values are: $true: Wait until Safe Links scanning is complete before delivering the message. $false: If Safe Links scanning can't complete, deliver the message anyway. This is the default value. | | -| **DoNotAllowClickThrough** | Write | Boolean | DEPRECATED | | | **DoNotRewriteUrls** | Write | StringArray[] | The DoNotRewriteUrls parameter specifies a URL that's skipped by Safe Links scanning. You can specify multiple values separated by commas. | | -| **DoNotTrackUserClicks** | Write | Boolean | DEPRECATED | | | **EnableForInternalSenders** | Write | Boolean | The EnableForInternalSenders parameter specifies whether the Safe Links policy is applied to messages sent between internal senders and internal recipients within the same Exchange Online organization. | | | **EnableOrganizationBranding** | Write | Boolean | The EnableOrganizationBranding parameter specifies whether your organization's logo is displayed on Safe Links warning and notification pages. | | | **EnableSafeLinksForOffice** | Write | Boolean | The EnableSafeLinksForOffice parameter specifies whether to enable Safe Links protection for supported Office desktop, mobile, or web apps. | | | **EnableSafeLinksForTeams** | Write | Boolean | The EnableSafeLinksForTeams parameter specifies whether Safe Links is enabled for Microsoft Teams. Valid values are: $true: Safe Links is enabled for Teams. If a protected user clicks a malicious link in a Teams conversation, group chat, or from channels, a warning page will appear in the default web browser. $false: Safe Links isn't enabled for Teams. This is the default value. | | | **EnableSafeLinksForEmail** | Write | Boolean | The EnableSafeLinksForEmail parameter specifies whether to enable Safe Links protection for email messages. Valid values are: $true: Safe Links is enabled for email. When a user clicks a link in an email, the link is checked by Safe Links. If the link is found to be malicious, a warning page appears in the default web browser. $false: Safe Links isn't enabled for email. This is the default value. | | | **DisableUrlRewrite** | Write | Boolean | The DisableUrlRewrite parameter specifies whether to rewrite (wrap) URLs in email messages. Valid values are: $true: URLs in messages are not rewritten, but messages are still scanned by Safe Links prior to delivery. Time of click checks on links are done using the Safe Links API in supported Outlook clients (currently, Outlook for Windows and Outlook for Mac). Typically, we don't recommend using this value. $false: URLs in messages are rewritten. API checks still occur on unwrapped URLs in supported clients if the user is in a valid Safe Links policy. This is the default value. | | -| **IsEnabled** | Write | Boolean | DEPRECATED | | | **ScanUrls** | Write | Boolean | The ScanUrls parameter specifies whether to enable or disable the scanning of links in email messages. Valid values are: $true: Scanning links in email messages is enabled. $false: Scanning links in email messages is disabled. This is the default value. | | | **TrackClicks** | Write | Boolean | The TrackClicks parameter specifies whether to track user clicks related to Safe Links protection of links. | | | **UseTranslatedNotificationText** | Write | Boolean | The UseTranslatedNotificationText specifies whether to use Microsoft Translator to automatically localize the custom notification text that you specified with the CustomNotificationText parameter. | | @@ -72,18 +69,15 @@ Configuration Example { EXOSafeLinksPolicy 'ConfigureSafeLinksPolicy' { - Identity = "Marketing Block URL" - AdminDisplayName = "Marketing Block URL" - CustomNotificationText = "Blocked URLs for Marketing" + Identity = 'Marketing Block URL' + AdminDisplayName = 'Marketing Block URL' + CustomNotificationText = 'Blocked URLs for Marketing' DeliverMessageAfterScan = $True - DoNotAllowClickThrough = $True - DoNotTrackUserClicks = $True EnableOrganizationBranding = $True EnableSafeLinksForTeams = $True - IsEnabled = $True ScanUrls = $True UseTranslatedNotificationText = $True - Ensure = "Present" + Ensure = 'Present' Credential = $credsGlobalAdmin } } diff --git a/docs/docs/resources/exchange/EXOSharedMailbox.md b/docs/docs/resources/exchange/EXOSharedMailbox.md index a4fc1b6de3..164d55b7cc 100644 --- a/docs/docs/resources/exchange/EXOSharedMailbox.md +++ b/docs/docs/resources/exchange/EXOSharedMailbox.md @@ -7,7 +7,6 @@ | **DisplayName** | Key | String | The display name of the Shared Mailbox | | | **PrimarySMTPAddress** | Write | String | The primary email address of the Shared Mailbox | | | **Alias** | Write | String | The alias of the Shared Mailbox | | -| **Aliases** | Write | StringArray[] | DEPRECATED | | | **EmailAddresses** | Write | StringArray[] | The EmailAddresses parameter specifies all the email addresses (proxy addresses) for the Shared Mailbox | | | **Ensure** | Write | String | Present ensures the group exists, absent ensures it is removed | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | diff --git a/docs/docs/resources/exchange/EXOTransportRule.md b/docs/docs/resources/exchange/EXOTransportRule.md index 48d5f0650d..eb1dc62556 100644 --- a/docs/docs/resources/exchange/EXOTransportRule.md +++ b/docs/docs/resources/exchange/EXOTransportRule.md @@ -82,7 +82,6 @@ | **ExceptIfManagerAddresses** | Write | StringArray[] | The ExceptIfManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter. | | | **ExceptIfManagerForEvaluatedUser** | Write | String | The ExceptIfManagerForEvaluatedUser parameter specifies an exception that looks for users in the Manager attribute of senders or recipients. | | | **ExceptIfMessageTypeMatches** | Write | String | The ExceptIfMessageTypeMatches parameter specifies an exception that looks for messages of the specified type. | `OOF`, `AutoForward`, `Encrypted`, `Calendaring`, `PermissionControlled`, `Voicemail`, `Signed`, `ApprovalRequest`, `ReadReceipt` | -| **ExceptIfMessageContainsAllDataClassifications** | Write | StringArray[] | DEPRECATED | | | **ExceptIfMessageContainsDataClassifications** | Write | StringArray[] | The ExceptIfMessageContainsDataClassifications parameter specifies an exception that looks for sensitive information types in the body of messages, and in any attachments. | | | **ExceptIfMessageSizeOver** | Write | String | The ExceptIfMessageSizeOver parameter specifies an exception that looks for messages larger than the specified size. | | | **ExceptIfRecipientADAttributeContainsWords** | Write | StringArray[] | The ExceptIfRecipientADAttributeContainsWords parameter specifies an exception that looks for words in the Active Directory attributes of recipients. | | @@ -122,10 +121,8 @@ | **HeaderMatchesMessageHeader** | Write | String | The HeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the HeaderMatchesPatterns parameter. | | | **HeaderMatchesPatterns** | Write | StringArray[] | The HeaderMatchesPatterns parameter specifies a condition that looks for text patterns in a header field by using regular expressions. | | | **IncidentReportContent** | Write | StringArray[] | The IncidentReportContent parameter specifies the message properties that are included in the incident report that's generated when a message violates a DLP policy. | | -| **IncidentReportOriginalMail** | Write | String | DEPRECATED | | | **ManagerAddresses** | Write | StringArray[] | The ManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter. | | | **ManagerForEvaluatedUser** | Write | String | The ManagerForEvaluatedUser parameter specifies a condition that looks for users in the Manager attribute of senders or recipients. | `Recipient`, `Sender` | -| **MessageContainsAllDataClassifications** | Write | StringArray[] | DEPRECATED | | | **MessageContainsDataClassifications** | Write | StringArray[] | The MessageContainsDataClassifications parameter specifies a condition that looks for sensitive information types in the body of messages, and in any attachments. | | | **MessageSizeOver** | Write | String | The MessageSizeOver parameter specifies a condition that looks for messages larger than the specified size. The size includes the message and all attachments. | | | **MessageTypeMatches** | Write | String | The MessageTypeMatches parameter specifies a condition that looks for messages of the specified type. | `OOF`, `AutoForward`, `Encrypted`, `Calendaring`, `PermissionControlled`, `Voicemail`, `Signed`, `ApprovalRequest`, `ReadReceipt` | diff --git a/docs/docs/resources/security-compliance/SCSensitivityLabel.md b/docs/docs/resources/security-compliance/SCSensitivityLabel.md index 85403f13ff..fce968321f 100644 --- a/docs/docs/resources/security-compliance/SCSensitivityLabel.md +++ b/docs/docs/resources/security-compliance/SCSensitivityLabel.md @@ -17,25 +17,21 @@ | **ApplyContentMarkingFooterAlignment** | Write | String | The ApplyContentMarkingFooterAlignment parameter specifies the footer alignment. | `Left`, `Center`, `Right` | | **ApplyContentMarkingFooterEnabled** | Write | Boolean | The ApplyContentMarkingFooterEnabled parameter specifies whether to enable or disable the sensitivity label. | | | **ApplyContentMarkingFooterFontColor** | Write | String | The ApplyContentMarkingFooterFontColor parameter specifies the color of the footer text. This parameter accepts a hexadecimal color code value in the format #xxxxxx. The default value is #000000. | | -| **ApplyContentMarkingFooterFontName** | Write | String | DEPRECATED | | | **ApplyContentMarkingFooterFontSize** | Write | SInt32 | The ApplyContentMarkingFooterFontSize parameter specifies the font size (in points) of the footer text. | | | **ApplyContentMarkingFooterMargin** | Write | SInt32 | The ApplyContentMarkingFooterMargin parameter specifies the size (in points) of the footer margin. | | | **ApplyContentMarkingFooterText** | Write | String | The ApplyContentMarkingFooterText parameter specifies the footer text. If the value contains spaces, enclose the value in quotation marks. | | | **ApplyContentMarkingHeaderAlignment** | Write | String | The ApplyContentMarkingHeaderAlignment parameter specifies the header alignment. | `Left`, `Center`, `Right` | | **ApplyContentMarkingHeaderEnabled** | Write | Boolean | The ApplyContentMarkingHeaderEnabled parameter enables or disables the Apply Content Marking Header action for the label. | | | **ApplyContentMarkingHeaderFontColor** | Write | String | The ApplyContentMarkingHeaderFontColor parameter specifies the color of the header text. This parameter accepts a hexadecimal color code value in the format #xxxxxx. The default value is #000000. | | -| **ApplyContentMarkingHeaderFontName** | Write | String | DEPRECATED | | | **ApplyContentMarkingHeaderFontSize** | Write | SInt32 | The ApplyContentMarkingHeaderFontSize parameter specifies the font size (in points) of the header text. | | | **ApplyContentMarkingHeaderMargin** | Write | SInt32 | The ApplyContentMarkingHeaderMargin parameter specifies the size (in points) of the header margin. | | | **ApplyContentMarkingHeaderText** | Write | String | The ApplyContentMarkingHeaderText parameter specifies the header text. If the value contains spaces, enclose the value in quotation marks. | | | **ApplyWaterMarkingEnabled** | Write | Boolean | The ApplyWaterMarkingEnabled parameter enables or disables the Apply Watermarking Header action for the label. | | | **ApplyWaterMarkingFontColor** | Write | String | The ApplyWaterMarkingFontColor parameter specifies the color of the watermark text. This parameter accepts a hexadecimal color code value in the format #xxxxxx. | | -| **ApplyWaterMarkingFontName** | Write | String | DEPRECATED | | | **ApplyWaterMarkingFontSize** | Write | SInt32 | The ApplyWaterMarkingFontSize parameter specifies the font size (in points) of the watermark text. | | | **ApplyWaterMarkingLayout** | Write | String | The ApplyWaterMarkingAlignment parameter specifies the watermark alignment. | `Horizontal`, `Diagonal` | | **ApplyWaterMarkingText** | Write | String | The ApplyWaterMarkingText parameter specifies the watermark text. If the value contains spaces, enclose the value in quotation marks. | | | **ContentType** | Write | StringArray[] | The ContentType parameter specifies where the sensitivity label can be applied. | `File, Email`, `Site, UnifiedGroup`, `PurviewAssets`, `Teamwork`, `SchematizedData` | -| **EncryptionAipTemplateScopes** | Write | String | DEPRECATED | | | **EncryptionContentExpiredOnDateInDaysOrNever** | Write | String | The EncryptionContentExpiredOnDateInDaysOrNever parameter specifies when the encrypted content expires. Valid values are integer or never. | | | **EncryptionDoNotForward** | Write | Boolean | The EncryptionDoNotForward parameter specifies whether the Do Not Forward template is applied. | | | **EncryptionEncryptOnly** | Write | Boolean | The EncryptionEncryptOnly parameter specifies whether the encrypt-only template is applied. | | @@ -129,67 +125,64 @@ Configuration Example { SCSensitivityLabel 'ConfigureSensitivityLabel' { - Name = "DemoLabel" - Comment = "Demo Label comment" - ToolTip = "Demo tool tip" - DisplayName = "Demo Label" - ApplyContentMarkingFooterAlignment = "Center" + Name = 'DemoLabel' + Comment = 'Demo Label comment' + ToolTip = 'Demo tool tip' + DisplayName = 'Demo Label' + ApplyContentMarkingFooterAlignment = 'Center' ApplyContentMarkingFooterEnabled = $true - ApplyContentMarkingFooterFontColor = "#FF0000" - ApplyContentMarkingFooterFontName = "calibri" + ApplyContentMarkingFooterFontColor = '#FF0000' ApplyContentMarkingFooterFontSize = 10 ApplyContentMarkingFooterMargin = 5 - ApplyContentMarkingFooterText = "Demo footer text" - ApplyContentMarkingHeaderAlignment = "Center" + ApplyContentMarkingFooterText = 'Demo footer text' + ApplyContentMarkingHeaderAlignment = 'Center' ApplyContentMarkingHeaderEnabled = $true - ApplyContentMarkingHeaderFontColor = "#FF0000" - ApplyContentMarkingHeaderFontName = "calibri" + ApplyContentMarkingHeaderFontColor = '#FF0000' ApplyContentMarkingHeaderFontSize = 10 ApplyContentMarkingHeaderMargin = 5 - ApplyContentMarkingHeaderText = "demo header text" + ApplyContentMarkingHeaderText = 'demo header text' ApplyWaterMarkingEnabled = $true - ApplyWaterMarkingFontColor = "#FF0000" - ApplyWaterMarkingFontName = "calibri" + ApplyWaterMarkingFontColor = '#FF0000' ApplyWaterMarkingFontSize = 10 - ApplyWaterMarkingLayout = "Diagonal" - ApplyWaterMarkingText = "demo watermark" + ApplyWaterMarkingLayout = 'Diagonal' + ApplyWaterMarkingText = 'demo watermark' SiteAndGroupProtectionAllowAccessToGuestUsers = $true SiteAndGroupProtectionAllowEmailFromGuestUsers = $true SiteAndGroupProtectionAllowFullAccess = $true SiteAndGroupProtectionAllowLimitedAccess = $true SiteAndGroupProtectionBlockAccess = $true SiteAndGroupProtectionEnabled = $true - SiteAndGroupProtectionPrivacy = "Private" + SiteAndGroupProtectionPrivacy = 'Private' LocaleSettings = @( MSFT_SCLabelLocaleSettings { - LocaleKey = "DisplayName" - LabelSettings = @( + LocaleKey = 'DisplayName' + LabelSettings = @( MSFT_SCLabelSetting { - Key = "en-us" - Value = "English Display Names" + Key = 'en-us' + Value = 'English Display Names' } MSFT_SCLabelSetting { - Key = "fr-fr" + Key = 'fr-fr' Value = "Nom da'ffichage francais" } ) } MSFT_SCLabelLocaleSettings { - LocaleKey = "StopColor" - LabelSettings = @( + LocaleKey = 'StopColor' + LabelSettings = @( MSFT_SCLabelSetting { - Key = "en-us" - Value = "RedGreen" + Key = 'en-us' + Value = 'RedGreen' } MSFT_SCLabelSetting { - Key = "fr-fr" - Value = "Rouge" + Key = 'fr-fr' + Value = 'Rouge' } ) } @@ -197,17 +190,17 @@ Configuration Example AdvancedSettings = @( MSFT_SCLabelSetting { - Key = "AllowedLevel" - Value = @("Sensitive", "Classified") + Key = 'AllowedLevel' + Value = @('Sensitive', 'Classified') } MSFT_SCLabelSetting { - Key = "LabelStatus" - Value = "Enabled" + Key = 'LabelStatus' + Value = 'Enabled' } ) - ParentId = "Personal" - Ensure = "Present" + ParentId = 'Personal' + Ensure = 'Present' Credential = $credsGlobalAdmin } } diff --git a/docs/docs/resources/sharepoint/SPOTenantSettings.md b/docs/docs/resources/sharepoint/SPOTenantSettings.md index a9697cd2d8..4178c3b516 100644 --- a/docs/docs/resources/sharepoint/SPOTenantSettings.md +++ b/docs/docs/resources/sharepoint/SPOTenantSettings.md @@ -10,7 +10,6 @@ | **SearchResolveExactEmailOrUPN** | Write | Boolean | Removes the search capability from People Picker. Note, recently resolved names will still appear in the list until browser cache is cleared or expired. | | | **OfficeClientADALDisabled** | Write | Boolean | When set to true this will disable the ability to use Modern Authentication that leverages ADAL across the tenant. | | | **LegacyAuthProtocolsEnabled** | Write | Boolean | Setting this parameter prevents Office clients using non-modern authentication protocols from accessing SharePoint Online resources. | | -| **RequireAcceptingAccountMatchInvitedAccount** | Write | Boolean | DEPRECATED | | | **SignInAccelerationDomain** | Write | String | Specifies the home realm discovery value to be sent to Azure Active Directory (AAD) during the user sign-in process. | | | **UsePersistentCookiesForExplorerView** | Write | Boolean | Lets SharePoint issue a special cookie that will allow this feature to work even when Keep Me Signed In is not selected. | | | **UserVoiceForFeedbackEnabled** | Write | Boolean | Allow feedback via UserVoice. | | diff --git a/docs/docs/resources/teams/TeamsMeetingPolicy.md b/docs/docs/resources/teams/TeamsMeetingPolicy.md index 277176ead5..829283b2a5 100644 --- a/docs/docs/resources/teams/TeamsMeetingPolicy.md +++ b/docs/docs/resources/teams/TeamsMeetingPolicy.md @@ -24,7 +24,6 @@ | **AllowCloudRecording** | Write | Boolean | Determines whether cloud recording is allowed in a user's meetings. Set this to TRUE to allow the user to be able to record meetings. Set this to FALSE to prohibit the user from recording meetings. | | | **AllowRecordingStorageOutsideRegion** | Write | Boolean | Determines whether cloud recording can be stored out of region for go-local tenants where recording is not yet enabled. | | | **DesignatedPresenterRoleMode** | Write | String | Determines if users can change the default value of the Who can present? setting in Meeting options in the Teams client. This policy setting affects all meetings, including Meet Now meetings. | `OrganizerOnlyUserOverride`, `EveryoneInCompanyUserOverride`, `EveryoneUserOverride` | -| **RecordingStorageMode** | Write | String | DEPRECATED | `Stream`, `OneDriveForBusiness` | | **AllowOutlookAddIn** | Write | Boolean | Determines whether a user can schedule Teams Meetings in Outlook desktop client. Set this to TRUE to allow the user to be able to schedule Teams meetings in Outlook client. Set this to FALSE to prohibit a user from scheduling Teams meeting in Outlook client. | | | **AllowPowerPointSharing** | Write | Boolean | Determines whether Powerpoint sharing is allowed in a user's meetings. Set this to TRUE to allow. Set this to FALSE to prohibit. | | | **AllowParticipantGiveRequestControl** | Write | Boolean | Determines whether participants can request or give control of screen sharing during meetings scheduled by this user. Set this to TRUE to allow the user to be able to give or request control. Set this to FALSE to prohibit the user from giving, requesting control in a meeting. | | From 176fea44bcf0e872a9269d88b2f013a149a9c87d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 27 Mar 2023 15:59:18 -0400 Subject: [PATCH 052/187] Fixes Unit Tests --- .../Microsoft365DSC.AADGroup.Tests.ps1 | 25 ++++++++++++++++--- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 index 947164bef1..7c1b7b4044 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 @@ -206,6 +206,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ID = '12345-12345-12345-12345' Description = 'Microsoft DSC Group' SecurityEnabled = $True + MailEnabled = $True GroupTypes = @() MailNickname = 'M365DSC' MemberOf = 'DSCMemberOfGroup' @@ -224,6 +225,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ID = '12345-12345-12345-12345' Description = 'Microsoft DSC Group' SecurityEnabled = $True + MailEnabled = $true MailNickname = 'M365DSC' GroupTypes = @() } @@ -243,7 +245,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Description = 'Microsoft DSC MemberOf Group' SecurityEnabled = $True GroupTypes = @() - MailEnabled = $False + MailEnabled = $True MailNickname = 'M365DSCM' } # Set-TargetResource expects data-type of answer to contain 'group' @@ -270,6 +272,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ID = '12345-12345-12345-12345' Description = 'Microsoft DSC Group' SecurityEnabled = $True + MailEnabled = $True GroupTypes = @() MailNickname = 'M365DSC' IsAssignableToRole = $true @@ -289,6 +292,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ID = '12345-12345-12345-12345' Description = 'Microsoft DSC Group' SecurityEnabled = $True + MailEnabled = $true GroupTypes = @() MailNickname = 'M365DSC' IsAssignableToRole = $true @@ -369,6 +373,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ID = '12345-12345-12345-12345' Description = 'Microsoft DSC Group' SecurityEnabled = $True + MailEnabled = $true GroupTypes = @() MailNickname = 'M365DSC' MemberOf = 'DSCMemberOfGroup' @@ -386,6 +391,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ID = '12345-12345-12345-12345' Description = 'Microsoft DSC Group' SecurityEnabled = $True + MailEnabled = $true MailNickname = 'M365DSC' GroupTypes = @() } @@ -396,6 +402,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ID = '67890-67890-67890-67890' Description = 'Microsoft DSC MemberOf Group' SecurityEnabled = $True + MailEnabled = $true GroupTypes = @() MailNickname = 'M365DSCM' } @@ -428,6 +435,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ID = '12345-12345-12345-12345' Description = 'Microsoft DSC Group' SecurityEnabled = $True + MailEnabled = $true GroupTypes = @() MailNickname = 'M365DSC' IsAssignableToRole = $true @@ -447,6 +455,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ID = '12345-12345-12345-12345' Description = 'Microsoft DSC Group' SecurityEnabled = $True + MailEnabled = $true GroupTypes = @() MailNickname = 'M365DSC' IsAssignableToRole = $true @@ -486,6 +495,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ID = '12345-12345-12345-12345' Description = 'Microsoft DSC Group' SecurityEnabled = $True + MailEnabled = $true GroupTypes = @() MailNickname = 'M365DSC' IsAssignableToRole = $true @@ -505,6 +515,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ID = '12345-12345-12345-12345' Description = 'Microsoft DSC Group' SecurityEnabled = $True + MailEnabled = $true GroupTypes = @() MailNickname = 'M365DSC' IsAssignableToRole = $true @@ -559,9 +570,15 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgGroup -MockWith { return @{ - DisplayName = 'Test Team' - ID = '12345-12345-12345-12345' - MailNickname = 'testteam' + DisplayName = 'DSCGroup' + ID = '12345-12345-12345-12345' + Description = 'Microsoft DSC Group' + SecurityEnabled = $True + MailEnabled = $False + GroupTypes = @("Unified") + MailNickname = 'M365DSC' + IsAssignableToRole = $true + Ensure = 'Present' } } } From 98359fcad7201dc7e07f636b557da9ac9102ff7f Mon Sep 17 00:00:00 2001 From: Markus Gruber <26838358+GruberMarkus@users.noreply.github.com> Date: Tue, 28 Mar 2023 08:13:27 +0200 Subject: [PATCH 053/187] fix: Progress bar "Scanning dependencies" stays on screen sometimes. Make sure it is no longer displayed. --- Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index db6b4984f3..3227b6fa4d 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -2592,7 +2592,8 @@ function Test-M365DSCDependenciesForNewVersions foreach ($dependency in $dependencies) { - Write-Progress -Activity 'Scanning Dependencies' -PercentComplete ($i / $dependencies.Count * 100) + + -Activity 'Scanning Dependencies' -PercentComplete ($i / $dependencies.Count * 100) try { $moduleInGallery = Find-Module $dependency.ModuleName @@ -2614,6 +2615,9 @@ function Test-M365DSCDependenciesForNewVersions } $i++ } + + # The progress bar seems to hang sometimes. Make sure it is no longer displayed. + Write-Progress -Activity 'Scanning Dependencies' -Completed } <# @@ -2688,6 +2692,9 @@ function Update-M365DSCDependencies } $i++ } + + # The progress bar seems to hang sometimes. Make sure it is no longer displayed. + Write-Progress -Activity 'Scanning Dependencies' -Completed if ($ValidateOnly) { From d0d0a6e265f2e16fac036c5d5a76ebca43a0f51d Mon Sep 17 00:00:00 2001 From: Markus Gruber <26838358+GruberMarkus@users.noreply.github.com> Date: Tue, 28 Mar 2023 09:23:50 +0200 Subject: [PATCH 054/187] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 68c78c5849..2a6d8e8b46 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -75,6 +75,7 @@ * Added a QA check to test for the presence of a Key parameter and fixes resources where this was not the case. FIXES [#2925](https://github.com/microsoft/Microsoft365DSC/issues/2925) + * Added a fix making sure that the progress bar "Scanning dependencies" is no longer displayed after the operation is completed. # 1.23.322.1 From fde3b673805313befb960969d45fa38cef999e75 Mon Sep 17 00:00:00 2001 From: Markus Gruber <26838358+GruberMarkus@users.noreply.github.com> Date: Tue, 28 Mar 2023 09:28:47 +0200 Subject: [PATCH 055/187] Update M365DSCUtil.psm1 --- Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 3227b6fa4d..2a3fe15325 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -2593,7 +2593,7 @@ function Test-M365DSCDependenciesForNewVersions foreach ($dependency in $dependencies) { - -Activity 'Scanning Dependencies' -PercentComplete ($i / $dependencies.Count * 100) + Write-Progress -Activity 'Scanning Dependencies' -PercentComplete ($i / $dependencies.Count * 100) try { $moduleInGallery = Find-Module $dependency.ModuleName From b346c26a930a3f1d8f83290d3617063e6054c562 Mon Sep 17 00:00:00 2001 From: Markus Gruber <26838358+GruberMarkus@users.noreply.github.com> Date: Tue, 28 Mar 2023 09:30:26 +0200 Subject: [PATCH 056/187] Update M365DSCUtil.psm1 --- Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 | 1 - 1 file changed, 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 2a3fe15325..1bd1b51ab4 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -2592,7 +2592,6 @@ function Test-M365DSCDependenciesForNewVersions foreach ($dependency in $dependencies) { - Write-Progress -Activity 'Scanning Dependencies' -PercentComplete ($i / $dependencies.Count * 100) try { From 116901fa3036648fb0044879b8a4083a4efc0176 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Tue, 28 Mar 2023 09:18:26 +0100 Subject: [PATCH 057/187] fix schema --- ...lesPolicyWindows10ConfigManager.schema.mof | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.schema.mof index e69de29bb2..2748e05fc9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.schema.mof @@ -0,0 +1,45 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager")] +class MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager : OMI_BaseResource +{ + [Key, Description("Identity of the endpoint protection attack surface protection rules policy for Windows 10.")] String Identity; + [Required, Description("Display name of the endpoint protection attack surface protection rules policy for Windows 10.")] String DisplayName; + [Write, Description("Description of the endpoint protection attack surface protection rules policy for Windows 10.")] String Description; + [Write, Description("Assignments of the endpoint protection attack surface protection rules policy for Windows 10."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Exclude files and paths from attack surface reduction rules")] String AttackSurfaceReductionOnlyExclusions[]; + [Write, Description("This rule prevents an application from writing a vulnerable signed driver to disk."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockAbuseOfExploitedVulnerableSignedDrivers; + [Write, Description("This rule prevents attacks by blocking Adobe Reader from creating processes."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockAdobeReaderFromCreatingChildProcesses; + [Write, Description("This rule blocks Office apps from creating child processes. Office apps include Word, Excel, PowerPoint, OneNote, and Access."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockAllOfficeApplicationsFromCreatingChildProcesses; + [Write, Description("This rule helps prevent credential stealing by locking down Local Security Authority Subsystem Service (LSASS)."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem; + [Write, Description("This rule blocks the following file types from launching from email opened within the Microsoft Outlook application, or Outlook.com and other popular webmail providers."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockExecutableContentFromEmailClientAndWebmail; + [Write, Description("This rule blocks executable files that don't meet a prevalence, age, or trusted list criteria, such as .exe, .dll, or .scr, from launching."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion; + [Write, Description("This rule detects suspicious properties within an obfuscated script."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockExecutionOfPotentiallyObfuscatedScripts; + [Write, Description("This rule prevents scripts from launching potentially malicious downloaded content."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent; + [Write, Description("This rule prevents Office apps, including Word, Excel, and PowerPoint, from creating potentially malicious executable content, by blocking malicious code from being written to disk."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockOfficeApplicationsFromCreatingExecutableContent; + [Write, Description("This rule blocks code injection attempts from Office apps into other processes."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses; + [Write, Description("This rule prevents Outlook from creating child processes, while still allowing legitimate Outlook functions."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockOfficeCommunicationAppFromCreatingChildProcesses; + [Write, Description("This rule prevents malware from abusing WMI to attain persistence on a device."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockPersistenceThroughWMIEventSubscription; + [Write, Description("This rule blocks processes created through PsExec and WMI from running."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockProcessCreationsFromPSExecAndWMICommands; + [Write, Description("With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockUntrustedUnsignedProcessesThatRunFromUSB; + [Write, Description("This rule prevents VBA macros from calling Win32 APIs."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String BlockWin32APICallsFromOfficeMacros; + [Write, Description("This rule provides an extra layer of protection against ransomware."), ValueMap{"off", "block","audit", "warn"}, Values{"off", "block","audit", "warn"}] String UseAdvancedProtectionAgainstRansomware; + [Write, Description("List of additional folders that need to be protected")] String ControlledFolderAccessProtectedFolders[]; + [Write, Description("List of apps that have access to protected folders.")] String ControlledFolderAccessAllowedApplications[]; + [Write, Description("This rule enable Controlled folder access which protects your data by checking apps against a list of known, trusted apps.values 0:disable, 1:enable, 2:audit"), ValueMap{"0", "1","2"}, Values{"0", "1","2"}] String EnableControlledFolderAccess; + [Write, Description("Present ensures the policy exists, absent ensures it is removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; From e8a226003b6498e64e5c7814342f02c1f78a4232 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 28 Mar 2023 07:14:48 -0400 Subject: [PATCH 058/187] Update 3-ConfigureAADGroups.ps1 --- .../Examples/Resources/AADGroup/3-ConfigureAADGroups.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-ConfigureAADGroups.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-ConfigureAADGroups.ps1 index be2e268fd7..0b02520295 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-ConfigureAADGroups.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-ConfigureAADGroups.ps1 @@ -19,6 +19,7 @@ Configuration Example DisplayName = "DSCGroup" Description = "Microsoft DSC Group" SecurityEnabled = $True + MailEnabled = $False GroupTypes = @() MailNickname = "M365DSCG" Ensure = "Present" @@ -29,6 +30,7 @@ Configuration Example DisplayName = "DSCMemberGroup" Description = "Microsoft DSC Editor" SecurityEnabled = $True + MailEnabled = $False GroupTypes = @() MailNickname = "M365DSCMG" Ensure = "Present" From 091483256688a545f398065068d5b20d37308697 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 28 Mar 2023 08:04:13 -0400 Subject: [PATCH 059/187] Update MSFT_AADGroup.psm1 --- .../DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index e3de484347..8ac3ff3db4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -1033,6 +1033,8 @@ function Export-TargetResource ApplicationSecret = $ApplicationSecret DisplayName = $group.DisplayName MailNickName = $group.MailNickName + SecurityEnabled = $true + MailEnabled = $true Id = $group.Id ApplicationId = $ApplicationId TenantId = $TenantId From 055b49d498ca9c2028150c7897418ec4614cb010 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Tue, 28 Mar 2023 15:33:21 +0200 Subject: [PATCH 060/187] Fixed #3075 --- CHANGELOG.md | 12 ++ .../MSFT_SCLabelPolicy.psm1 | 45 +++++++- .../MSFT_SCRetentionCompliancePolicy.psm1 | 106 ++++++++++-------- .../MSFT_SCRetentionComplianceRule.psm1 | 33 +++++- .../Modules/M365DSCReverse.psm1 | 4 +- 5 files changed, 147 insertions(+), 53 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 68c78c5849..0983881604 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -59,9 +59,21 @@ * IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined * Initial release FIXES [#2605](https://github.com/microsoft/Microsoft365DSC/issues/2605) +* SCLabelPolicy + * Fixed the collection of new and set parameters to ensure the correct values are passed to the New/Set cmdlets. + FIXES [#3075](https://github.com/microsoft/Microsoft365DSC/issues/3075) * SCSensitivityLabel * [BREAKING CHANGE] Remove deprecated parameters Disabled, ApplyContentMarkingFooterFontName, ApplyContentMarkingHeaderFontName, ApplyWaterMarkingFontName and EncryptionAipTemplateScopes +* SCRetentionCompliancePolicy + * Fixed the collection of new and set parameters to ensure the correct values are passed to the New/Set cmdlets. + FIXES [#3075](https://github.com/microsoft/Microsoft365DSC/issues/3075) +* SCRetentionComplianceRule + * Fixed the collection of new and set parameters to ensure the correct values are passed to the New/Set cmdlets. + FIXES [#3075](https://github.com/microsoft/Microsoft365DSC/issues/3075) +* SPOApp + * Fixed issue in the Export where an error was displayed in Verbose mode when Credentials were specified + and the apps were not exported. * SPOTenantSettings * [BREAKING CHANGE] Remove deprecated parameter RequireAcceptingAccountMatchInvitedAccount * TeamsMeetingPolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 index cb3b7383b5..6e393272ed 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 @@ -327,7 +327,6 @@ function Set-TargetResource $CreationParams['AdvancedSettings'] = $advanced } #Remove parameters not used in New-LabelPolicy - $CreationParams.Remove('Credential') | Out-Null $CreationParams.Remove('Ensure') | Out-Null $CreationParams.Remove('AddLabels') | Out-Null $CreationParams.Remove('AddExchangeLocation') | Out-Null @@ -339,6 +338,17 @@ function Set-TargetResource $CreationParams.Remove('RemoveExchangeLocationException') | Out-Null $CreationParams.Remove('RemoveModernGroupLocation') | Out-Null $CreationParams.Remove('RemoveModernGroupLocationException') | Out-Null + + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + Write-Verbose "Creating new Sensitivity label policy '$Name'." try @@ -360,7 +370,6 @@ function Set-TargetResource $SetParams['AdvancedSettings'] = $advanced } #Remove unused parameters for Set-Label cmdlet - $SetParams.Remove('Credential') | Out-Null $SetParams.Remove('Ensure') | Out-Null $SetParams.Remove('Name') | Out-Null $SetParams.Remove('ExchangeLocationException') | Out-Null @@ -369,6 +378,16 @@ function Set-TargetResource $SetParams.Remove('ModernGroupLocation') | Out-Null $SetParams.Remove('ModernGroupLocationException') | Out-Null + # Remove authentication parameters + $SetParams.Remove('Credential') | Out-Null + $SetParams.Remove('ApplicationId') | Out-Null + $SetParams.Remove('TenantId') | Out-Null + $SetParams.Remove('CertificatePath') | Out-Null + $SetParams.Remove('CertificatePassword') | Out-Null + $SetParams.Remove('CertificateThumbprint') | Out-Null + $SetParams.Remove('ManagedIdentity') | Out-Null + $SetParams.Remove('ApplicationSecret') | Out-Null + Set-LabelPolicy @SetParams -Identity $Name } catch @@ -386,7 +405,6 @@ function Set-TargetResource $SetParams['AdvancedSettings'] = $advanced } #Remove unused parameters for Set-Label cmdlet - $SetParams.Remove('Credential') | Out-Null $SetParams.Remove('Ensure') | Out-Null $SetParams.Remove('Name') | Out-Null $SetParams.Remove('ExchangeLocationException') | Out-Null @@ -395,6 +413,16 @@ function Set-TargetResource $SetParams.Remove('ModernGroupLocation') | Out-Null $SetParams.Remove('ModernGroupLocationException') | Out-Null + # Remove authentication parameters + $SetParams.Remove('Credential') | Out-Null + $SetParams.Remove('ApplicationId') | Out-Null + $SetParams.Remove('TenantId') | Out-Null + $SetParams.Remove('CertificatePath') | Out-Null + $SetParams.Remove('CertificatePassword') | Out-Null + $SetParams.Remove('CertificateThumbprint') | Out-Null + $SetParams.Remove('ManagedIdentity') | Out-Null + $SetParams.Remove('ApplicationSecret') | Out-Null + try { Set-LabelPolicy @SetParams -Identity $Name @@ -543,7 +571,6 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('AddLabels') | Out-Null $ValuesToCheck.Remove('AddExchangeLocation') | Out-Null $ValuesToCheck.Remove('AddExchangeLocationException') | Out-Null @@ -555,6 +582,16 @@ function Test-TargetResource $ValuesToCheck.Remove('RemoveModernGroupLocation') | Out-Null $ValuesToCheck.Remove('RemoveModernGroupLocationException') | Out-Null + # Remove authentication parameters + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + if ($null -ne $AdvancedSettings) { $TestAdvancedSettings = Test-AdvancedSettings -DesiredProperty $AdvancedSettings -CurrentProperty $CurrentValues.AdvancedSettings diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 index 759f524a93..c47f710aff 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 @@ -431,7 +431,6 @@ function Set-TargetResource if ($null -eq $TeamsChannelLocation -and $null -eq $TeamsChatLocation) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') $CreationParams.Remove('Name') $CreationParams.Add('Identity', $Name) @@ -441,6 +440,16 @@ function Set-TargetResource $CreationParams.Remove('TeamsChatLocationException') $CreationParams.Remove('DynamicScopeLocation') + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + if ($CurrentPolicy.Ensure -eq 'Present') { # Exchange Location is specified or already existing, we need to determine @@ -449,14 +458,14 @@ function Set-TargetResource $null -ne $ExchangeLocation) { $ToBeRemoved = $CurrentPolicy.ExchangeLocation | ` - Where-Object { $ExchangeLocation -NotContains $_ } + Where-Object { $ExchangeLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveExchangeLocation', $ToBeRemoved) } $ToBeAdded = $ExchangeLocation | ` - Where-Object { $CurrentPolicy.ExchangeLocation -NotContains $_ } + Where-Object { $CurrentPolicy.ExchangeLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddExchangeLocation', $ToBeAdded) @@ -471,14 +480,14 @@ function Set-TargetResource $null -ne $ExchangeLocationException) { $ToBeRemoved = $CurrentPolicy.ExchangeLocationException | ` - Where-Object { $ExchangeLocationException -NotContains $_ } + Where-Object { $ExchangeLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveExchangeLocationException', $ToBeRemoved) } $ToBeAdded = $ExchangeLocationException | ` - Where-Object { $CurrentPolicy.ExchangeLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.ExchangeLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddExchangeLocationException', $ToBeAdded) @@ -492,14 +501,14 @@ function Set-TargetResource $null -ne $ModernGroupLocation) { $ToBeRemoved = $CurrentPolicy.ModernGroupLocation | ` - Where-Object { $ModernGroupLocation -NotContains $_ } + Where-Object { $ModernGroupLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveModernGroupLocation', $ToBeRemoved) } $ToBeAdded = $ModernGroupLocation | ` - Where-Object { $CurrentPolicy.ModernGroupLocation -NotContains $_ } + Where-Object { $CurrentPolicy.ModernGroupLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddModernGroupLocation', $ToBeAdded) @@ -513,14 +522,14 @@ function Set-TargetResource $null -ne $ModernGroupLocationException) { $ToBeRemoved = $CurrentPolicy.ModernGroupLocationException | ` - Where-Object { $ModernGroupLocationException -NotContains $_ } + Where-Object { $ModernGroupLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveModernGroupLocationException', $ToBeRemoved) } $ToBeAdded = $ModernGroupLocationException | ` - Where-Object { $CurrentPolicy.ModernGroupLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.ModernGroupLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddModernGroupLocationException', $ToBeAdded) @@ -534,14 +543,14 @@ function Set-TargetResource $null -ne $OneDriveLocation) { $ToBeRemoved = $CurrentPolicy.OneDriveLocation | ` - Where-Object { $OneDriveLocation -NotContains $_ } + Where-Object { $OneDriveLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveOneDriveLocation', $ToBeRemoved) } $ToBeAdded = $OneDriveLocation | ` - Where-Object { $CurrentPolicy.OneDriveLocation -NotContains $_ } + Where-Object { $CurrentPolicy.OneDriveLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddOneDriveLocation', $ToBeAdded) @@ -555,14 +564,14 @@ function Set-TargetResource $null -ne $OneDriveLocationException) { $ToBeRemoved = $CurrentPolicy.OneDriveLocationException | ` - Where-Object { $OneDriveLocationException -NotContains $_ } + Where-Object { $OneDriveLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveOneDriveLocationException', $ToBeRemoved) } $ToBeAdded = $OneDriveLocationException | ` - Where-Object { $CurrentPolicy.OneDriveLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.OneDriveLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddOneDriveLocationException', $ToBeAdded) @@ -576,14 +585,14 @@ function Set-TargetResource $null -ne $PublicFolderLocation) { $ToBeRemoved = $CurrentPolicy.PublicFolderLocation | ` - Where-Object { $PublicFolderLocation -NotContains $_ } + Where-Object { $PublicFolderLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemovePublicFolderLocation', $ToBeRemoved) } $ToBeAdded = $PublicFolderLocation | ` - Where-Object { $CurrentPolicy.PublicFolderLocation -NotContains $_ } + Where-Object { $CurrentPolicy.PublicFolderLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddPublicFolderLocation', $ToBeAdded) @@ -597,14 +606,14 @@ function Set-TargetResource $null -ne $SharePointLocation) { $ToBeRemoved = $CurrentPolicy.SharePointLocation | ` - Where-Object { $SharePointLocation -NotContains $_ } + Where-Object { $SharePointLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveSharePointLocation', $ToBeRemoved) } $ToBeAdded = $SharePointLocation | ` - Where-Object { $CurrentPolicy.SharePointLocation -NotContains $_ } + Where-Object { $CurrentPolicy.SharePointLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddSharePointLocation', $ToBeAdded) @@ -618,14 +627,14 @@ function Set-TargetResource $null -ne $SharePointLocationException) { $ToBeRemoved = $CurrentPolicy.SharePointLocationException | ` - Where-Object { $SharePointLocationException -NotContains $_ } + Where-Object { $SharePointLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveSharePointLocationException', $ToBeRemoved) } $ToBeAdded = $SharePointLocationException | ` - Where-Object { $CurrentPolicy.SharePointLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.SharePointLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddSharePointLocationException', $ToBeAdded) @@ -639,14 +648,14 @@ function Set-TargetResource $null -ne $SkypeLocation) { $ToBeRemoved = $CurrentPolicy.SkypeLocation | ` - Where-Object { $SkypeLocation -NotContains $_ } + Where-Object { $SkypeLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveSkypeLocation', $ToBeRemoved) } $ToBeAdded = $SkypeLocation | ` - Where-Object { $CurrentPolicy.SkypeLocation -NotContains $_ } + Where-Object { $CurrentPolicy.SkypeLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddSkypeLocation', $ToBeAdded) @@ -660,14 +669,14 @@ function Set-TargetResource $null -ne $SkypeLocationException) { $ToBeRemoved = $CurrentPolicy.SkypeLocationException | ` - Where-Object { $SkypeLocationException -NotContains $_ } + Where-Object { $SkypeLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveSkypeLocationException', $ToBeRemoved) } $ToBeAdded = $SkypeLocationException | ` - Where-Object { $CurrentPolicy.SkypeLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.SkypeLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddSkypeLocationException', $ToBeAdded) @@ -681,10 +690,10 @@ function Set-TargetResource $isTeamsBased = $true Write-Verbose -Message "Policy $Name is a Teams Policy" $CreationParams = @{ - Identity = $Name - Comment = $Comment - Enabled = $Enabled - RestrictiveRetention = $RestrictiveRetention + Identity = $Name + Comment = $Comment + Enabled = $Enabled + RestrictiveRetention = $RestrictiveRetention } if ($null -ne $TeamsChannelLocation) @@ -710,7 +719,7 @@ function Set-TargetResource $null -ne $TeamsChatLocation) { $ToBeRemoved = $CurrentPolicy.TeamsChatLocation | ` - Where-Object { $TeamsChatLocation -NotContains $_ } + Where-Object { $TeamsChatLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { Write-Verbose -Message 'Adding the RemoveTeamsChatLocation property.' @@ -718,7 +727,7 @@ function Set-TargetResource } $ToBeAdded = $TeamsChatLocation | ` - Where-Object { $CurrentPolicy.TeamsChatLocation -NotContains $_ } + Where-Object { $CurrentPolicy.TeamsChatLocation -NotContains $_ } if ($null -ne $ToBeAdded) { Write-Verbose -Message 'Adding the AddTeamsChatLocation property.' @@ -732,7 +741,7 @@ function Set-TargetResource $null -ne $TeamsChatLocationException) { $ToBeRemoved = $CurrentPolicy.TeamsChatLocationException | ` - Where-Object { $TeamsChatLocationException -NotContains $_ } + Where-Object { $TeamsChatLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { Write-Verbose -Message 'Adding the RemoveTeamsChatLocationException property.' @@ -740,7 +749,7 @@ function Set-TargetResource } $ToBeAdded = $TeamsChatLocationException | ` - Where-Object { $CurrentPolicy.TeamsChatLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.TeamsChatLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { Write-Verbose -Message 'Adding the AddTeamsChatLocationException property.' @@ -754,7 +763,7 @@ function Set-TargetResource $null -ne $TeamsChannelLocation) { $ToBeRemoved = $CurrentPolicy.TeamsChannelLocation | ` - Where-Object { $TeamsChannelLocation -NotContains $_ } + Where-Object { $TeamsChannelLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { Write-Verbose -Message 'Adding the RemoveTeamsChannelLocation property.' @@ -762,7 +771,7 @@ function Set-TargetResource } $ToBeAdded = $TeamsChannelLocation | ` - Where-Object { $CurrentPolicy.TeamsChannelLocation -NotContains $_ } + Where-Object { $CurrentPolicy.TeamsChannelLocation -NotContains $_ } if ($null -ne $ToBeAdded) { Write-Verbose -Message 'Adding the AddTeamsChannelLocation property.' @@ -776,7 +785,7 @@ function Set-TargetResource $null -ne $TeamsChannelLocationException) { $ToBeRemoved = $CurrentPolicy.TeamsChannelChannelLocationException | ` - Where-Object { $TeamsChannelLocationException -NotContains $_ } + Where-Object { $TeamsChannelLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { Write-Verbose -Message 'Adding the RemoveTeamsChannelLocationException property.' @@ -784,7 +793,7 @@ function Set-TargetResource } $ToBeAdded = $TeamsChannelLocationException | ` - Where-Object { $CurrentPolicy.TeamsChannelLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.TeamsChannelLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { Write-Verbose -Message 'Adding the AddTeamsChannelLocationException property.' @@ -794,22 +803,22 @@ function Set-TargetResource } if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentPolicy.Ensure)) { - $CreationParams.Add("Name", $Name) - $CreationParams.Remove("Identity") | Out-Null + $CreationParams.Add('Name', $Name) + $CreationParams.Remove('Identity') | Out-Null Write-Verbose -Message "Creating new Retention Compliance Policy $Name with values: $(Convert-M365DscHashtableToString -Hashtable $CreationParams)" New-RetentionCompliancePolicy @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentPolicy.Ensure)) { # Remove Teams specific parameters - $CreationParams.Remove("TeamsChatLocationException") | Out-Null - $CreationParams.Remove("TeamsChannelLocationException") | Out-Null - $CreationParams.Remove("TeamsChannelLocation") | Out-Null - $CreationParams.Remove("TeamsChatLocation") | Out-Null + $CreationParams.Remove('TeamsChatLocationException') | Out-Null + $CreationParams.Remove('TeamsChannelLocationException') | Out-Null + $CreationParams.Remove('TeamsChannelLocation') | Out-Null + $CreationParams.Remove('TeamsChatLocation') | Out-Null if ($isTeamsBased) { - $CreationParams.Remove("RestrictiveRetention") | Out-Null + $CreationParams.Remove('RestrictiveRetention') | Out-Null } Write-Verbose "Updating Policy with values: $(Convert-M365DscHashtableToString -Hashtable $CreationParams)" @@ -824,7 +833,7 @@ function Set-TargetResource } catch { - if ($_.Exception.Message -like "*are being deployed. Once deployed, additional actions can be performed*") + if ($_.Exception.Message -like '*are being deployed. Once deployed, additional actions can be performed*') { Write-Verbose -Message "The policy has pending changes being deployed. Waiting 30 seconds for a maximum of 300 seconds (5 minutes). Total time waited so far {$($retries * 30) seconds}" Start-Sleep -Seconds 30 @@ -979,7 +988,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -1075,7 +1093,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 index cd4d8c434f..f04c0d9b71 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 @@ -255,9 +255,18 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentRule.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + Write-Verbose -Message 'Checking to see if the policy is a Teams based one.' $RuleObject = Get-RetentionComplianceRule -Identity $Name ` -ErrorAction SilentlyContinue @@ -302,12 +311,21 @@ function Set-TargetResource elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentRule.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') $CreationParams.Remove('Name') $CreationParams.Add('Identity', $Name) $CreationParams.Remove('Policy') + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + Write-Verbose -Message 'Checking to see if the policy is a Teams based one.' $RuleObject = Get-RetentionComplianceRule -Identity $Name ` -ErrorAction SilentlyContinue @@ -360,7 +378,7 @@ function Set-TargetResource } catch { - if ($_.Exception.Message -like "*are being deployed. Once deployed, additional actions can be performed*") + if ($_.Exception.Message -like '*are being deployed. Once deployed, additional actions can be performed*') { Write-Verbose -Message "The associated policy has pending changes being deployed. Waiting 30 seconds for a maximum of 300 seconds (5 minutes). Total time waited so far {$($retries * 30) seconds}" Start-Sleep -Seconds 30 @@ -472,7 +490,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1 index 82d2aed6fb..fef9688c7e 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReverse.psm1 @@ -554,7 +554,7 @@ function Start-M365DSCConfigurationExtract } 'ApplicationSecret' { - $applicationSecretValue = New-Object System.Management.Automation.PSCredential ('ApplicationSecret', (ConvertTo-SecureString $ApplicationSecret -AsPlainText -Force)); + $applicationSecretValue = New-Object System.Management.Automation.PSCredential ('ApplicationSecret', (ConvertTo-SecureString $ApplicationSecret -AsPlainText -Force)) $parameters.Add('ApplicationSecret', $applicationSecretValue) } { $_ -in 'Credentials', 'CredentialsWithApplicationId' } @@ -743,7 +743,7 @@ function Start-M365DSCConfigurationExtract $Components.Contains('SPOApp')) -or $AllComponents -or ($null -ne $Workloads -and $Workloads.Contains('SPO'))) { - if ($ConnectionMode -eq 'credential') + if ($AuthMethods -Contains 'Credentials') { $filesToDownload = Get-AllSPOPackages -Credential $Credential } From 90c447b4c5612232f053d62f67995951b70f7b36 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 28 Mar 2023 09:39:13 -0400 Subject: [PATCH 061/187] Renamed --- ...ril-2023-major-release copy.md => april-2023-major-release.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/docs/blog/{april-2023-major-release copy.md => april-2023-major-release.md} (100%) diff --git a/docs/docs/blog/april-2023-major-release copy.md b/docs/docs/blog/april-2023-major-release.md similarity index 100% rename from docs/docs/blog/april-2023-major-release copy.md rename to docs/docs/blog/april-2023-major-release.md From de480f7a06cbd25f9f8047c05ce930c2a4731755 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 28 Mar 2023 10:04:34 -0400 Subject: [PATCH 062/187] Update april-2023-major-release.md --- docs/docs/blog/april-2023-major-release.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index 5b1d9ac75c..b7e8dccb12 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -36,6 +36,9 @@ We have modified the logic of all the resources below to ensure we have a primar * IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled * IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 +## Removed the Identity Parameters from EXOIRMConfiguration, EXOResourceConfiguraton & IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows 10 +The Identity parameter, which was the primary key for the resources listed, has been replaced by the IsSingleInstance parameter. This is because there could only ever be one instance of these resources on the tenants and in order to align with other tenant-wide resources, the IsSingleInstance parameter needs to be present. This parameter only ever accepts a value of 'Yes' and its sole purpose is to ensure there isn't more than one instance of the given resource per configuration file. + ## IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager ([#3003](https://github.com/microsoft/Microsoft365DSC/pull/3003)) As part of this release, we are changing the DisplayName parameter to be required. Current configurations should make sure to include this parameter to avoid any conflicts when upgrading. @@ -83,7 +86,5 @@ We are removing parameters that have been deprecated from various resources as p * TeamsMeetingPolicy * RecordingStorageMode -## TeamsGroupPolicyAssignment ([#3057](https://github.com/microsoft/Microsoft365DSC/pull/3057)) - ## AADGroup - Added SecurityEnabled and MailEnabled as Mandatory Parameters ([#3077](https://github.com/microsoft/Microsoft365DSC/pull/3077)) We've updated the AADGroup resource to enforce the MailEnabled and SecurityEnabled parameters as mandatory. Omitting these parameters was throwing an error since they were required by the Microsoft Graph API associated with it. To update existing configurations, simply make sure that every instances of the AADGroup resource includes both the MailEnabled and SecurityEnabled parameters. From 3a85b5732708c49a6a268369bfc4d712f8a94111 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 28 Mar 2023 12:11:29 -0400 Subject: [PATCH 063/187] Updates --- .../Microsoft365DSC/Modules/M365DSCUtil.psm1 | 29 ++++++++++++++++++- .../M365DSCResourceGenerator.psm1 | 2 -- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index db6b4984f3..c90b89a874 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -3062,7 +3062,34 @@ function Get-M365DSCExportContentForResource # Ensure the string properties are properly formatted; $Results = Format-M365DSCString -Properties $Results ` -ResourceName $ResourceName - $content = " $ResourceName " + (New-Guid).ToString() + "`r`n" + + $primaryKey = "" + if ($Results.ContainsKey('IsSingleInstance')) + { + $primaryKey = "" + } + elseif ($Results.ContainsKey('DisplayName')) + { + $primaryKey = $Results.DisplayName + } + elseif ($Results.ContainsKey('Identity')) + { + $primaryKey = $Results.Identity + } + elseif ($Results.ContainsKey('Id')) + { + $primaryKey = $Results.Id + } + elseif ($Results.ContainsKey('Name')) + { + $primaryKey = $Results.Name + } + $instanceName = $ResourceName + if (-not [System.String]::IsNullOrEmpty($primaryKey)) + { + $instanceName += "-$primaryKey" + } + $content = " $ResourceName '$instanceName'`r`n" $content += " {`r`n" $partialContent = Get-DSCBlock -Params $Results -ModulePath $ModulePath # Test for both Credentials and CredentialsWithApplicationId diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index 3d9f86d560..2fb1f46eb1 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -201,8 +201,6 @@ function New-M365DSCResource } $parameterInformation = $parameterInformation | Where-Object -FilterScript {$_.Name -notin $ParametersToSkip} - - $script:DiscoveredComplexTypes = @() [Array]$CimInstances = $parameterInformation | Where-Object -FilterScript { $_.IsComplexType } From f60f2b9434db70f86374f9f2b22c612dc96549d8 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 28 Mar 2023 12:12:37 -0400 Subject: [PATCH 064/187] Fixes Extraction of the Members Property --- CHANGELOG.md | 2 ++ .../MSFT_AADAdministrativeUnit.psm1 | 5 +++-- .../MSFT_AADAdministrativeUnit.schema.mof | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 68c78c5849..a686eac8fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* AADAdministrativeUnit + * Fixes extraction of the Members property. * AADAdministrativeUnit, AADConditionalAccessPolicy, AADEntitlementManagementAccessPackage, AADEntitlementManagementAccessPackageAssignmentPolicy, AADEntitlementManagementAccessPackageCatalog, AADEntitlementManagementAccessPackageCatalogResource, AADEntitlementManagementAccessPackageCatalogResource, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 0ec886d97a..964e6cd876 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -1000,7 +1000,7 @@ function Export-TargetResource if ($null -ne $Results.Members) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.Members) ` - -CIMInstanceName MicrosoftGraphIdentity + -CIMInstanceName MicrosoftGraphMember $Results.Members = $complexTypeStringResult if ([String]::IsNullOrEmpty($complexTypeStringResult)) @@ -1025,6 +1025,7 @@ function Export-TargetResource if ($null -ne $Results.Members) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Members' -IsCIMArray $true + $currentDSCBlock = $currentDSCBlock.Replace(",`r`n",'').Replace("`");`r`n", ");`r`n") } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -1311,7 +1312,7 @@ function Get-M365DSCDRGComplexTypeToString } $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') - $currentProperty += "MSFT_$CIMInstanceName{`r`n" + $currentProperty += "MSFT_$CIMInstanceName { `r`n" $IndentLevel++ $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof index a476c1d911..039f2ae884 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof @@ -1,5 +1,5 @@ [ClassVersion("1.0.0")] -class MSFT_MicrosoftGraphIdentity +class MSFT_MicrosoftGraphMember { [Write, Description("Identity of member. For users, specify a UserPrincipalName. For groups and devices, specify DisplayName")] String Identity; [Write, Description("Specify User, Group or Device to interpret the identity. Can be ServicePrincipal in ScopedRoleMembers"), ValueMap{"User", "Group", "Device", "ServicePrincipal"}, Values{"User", "Group", "Device", "ServicePrincipal"}] String Type; @@ -8,7 +8,7 @@ class MSFT_MicrosoftGraphIdentity class MSFT_MicrosoftGraphScopedRoleMembership { [Write, Description("Name of the Azure AD Role that is assigned. See https://learn.microsoft.com/en-us/azure/active-directory/roles/admin-units-assign-roles#roles-that-can-be-assigned-with-administrative-unit-scope")] String RoleName; - [Write, Description("Member that is assigned the scoped role"), EmbeddedInstance("MSFT_MicrosoftGraphIdentity")] String RoleMemberInfo; + [Write, Description("Member that is assigned the scoped role"), EmbeddedInstance("MSFT_MicrosoftGraphMember")] String RoleMemberInfo; // [Write, Description("Identity of member. For users, specify a UserPrincipalName. For groups and SPNs, specify the DisplayName")] String Identity; // [Write, Description("Specify User, Group or ServicePrincipal to interpret the Identity")] String Type; }; From a68de381275ffc65c1b696c24168e08d251cee5e Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 28 Mar 2023 12:13:16 -0400 Subject: [PATCH 065/187] Update Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 --- ...crosoft365DSC.AADAdministrativeUnit.Tests.ps1 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 index a1e94681f2..ce2b821163 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 @@ -83,7 +83,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = 'FakeStringValue1' Id = 'FakeStringValue1' Members = @( - (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ + (New-CimInstance -ClassName MSFT_MicrosoftGraphMember -Property @{ Type = 'User' Identity = 'john.smith@contoso.com' } -ClientOnly) @@ -128,7 +128,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = 'FakeStringValue2' Id = 'FakeStringValue2' Members = @( - (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ + (New-CimInstance -ClassName MSFT_MicrosoftGraphMember -Property @{ Type = 'User' Identity = 'john.smith@contoso.com' } -ClientOnly) @@ -172,7 +172,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = 'DSCAU' Id = 'DSCAU' Members = @( - (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ + (New-CimInstance -ClassName MSFT_MicrosoftGraphMember -Property @{ Identity = 'John.Doe@mytenant.com' Type = 'User' } -ClientOnly) @@ -180,7 +180,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ScopedRoleMembers = @( (New-CimInstance -ClassName MSFT_MicrosoftGraphScopedRoleMembership -Property @{ RoleName = 'User Administrator' - RoleMemberInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ + RoleMemberInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphMember -Property @{ Identity = 'John.Doe@mytenant.com' Type = 'User' } -ClientOnly) @@ -263,7 +263,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = 'DSCAU2' Id = 'DSCAU2' Members = @( - (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ + (New-CimInstance -ClassName MSFT_MicrosoftGraphMember -Property @{ Identity = 'John.Doe@mytenant.com' Type = 'User' } -ClientOnly) @@ -271,7 +271,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ScopedRoleMembers = @( (New-CimInstance -ClassName MSFT_MicrosoftGraphScopedRoleMembership -Property @{ RoleName = 'User Administrator' - RoleMemberInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ + RoleMemberInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphMember -Property @{ Identity = 'John.Doe@mytenant.com' Type = 'User' } -ClientOnly) @@ -354,7 +354,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = 'DSCAU' Id = 'DSCAU' Members = @( - (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ + (New-CimInstance -ClassName MSFT_MicrosoftGraphMember -Property @{ Identity = 'John.Doe@mytenant.com' Type = 'User' } -ClientOnly) @@ -362,7 +362,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ScopedRoleMembers = @( (New-CimInstance -ClassName MSFT_MicrosoftGraphScopedRoleMembership -Property @{ RoleName = 'User Administrator' - RoleMemberInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphIdentity -Property @{ + RoleMemberInfo = (New-CimInstance -ClassName MSFT_MicrosoftGraphMember -Property @{ Identity = 'John.Doe@mytenant.com' Type = 'User' } -ClientOnly) From a65fc189667318175f98e6506438488cd411ee2f Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 28 Mar 2023 17:15:31 +0000 Subject: [PATCH 066/187] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/azure-ad/AADAdministrativeUnit.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md index 8c52a0beac..ef7304459b 100644 --- a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md +++ b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md @@ -21,7 +21,7 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | -### MSFT_MicrosoftGraphIdentity +### MSFT_MicrosoftGraphMember #### Parameters @@ -37,7 +37,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **RoleName** | Write | String | Name of the Azure AD Role that is assigned. See https://learn.microsoft.com/en-us/azure/active-directory/roles/admin-units-assign-roles#roles-that-can-be-assigned-with-administrative-unit-scope | | -| **RoleMemberInfo** | Write | MSFT_MicrosoftGraphIdentity | Member that is assigned the scoped role | | +| **RoleMemberInfo** | Write | MSFT_MicrosoftGraphMember | Member that is assigned the scoped role | | ## Description From c2b6c6227b3203c2ff85712712f1bcd40ca7417f Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 28 Mar 2023 13:31:58 -0400 Subject: [PATCH 067/187] Fixes for apostrophes in names. --- Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index c90b89a874..a1fa1c1787 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -3089,7 +3089,7 @@ function Get-M365DSCExportContentForResource { $instanceName += "-$primaryKey" } - $content = " $ResourceName '$instanceName'`r`n" + $content = " $ResourceName `"$instanceName`"`r`n" $content += " {`r`n" $partialContent = Get-DSCBlock -Params $Results -ModulePath $ModulePath # Test for both Credentials and CredentialsWithApplicationId From 2dc8312770a4329ad5ac7729578005ef1952e58c Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 28 Mar 2023 16:07:47 -0400 Subject: [PATCH 068/187] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f80a8d5c47..e3ffadfbd3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# 1.23.405.1 +# UNRELEASED * AADGroup * Changed the SecurityEnabled and MailEnabled parameters to become mandatory. From cd1b52e51f4ed04691096e0938be79e0b8ec0694 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 28 Mar 2023 20:34:49 +0000 Subject: [PATCH 069/187] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/azure-ad/AADGroup.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADGroup.md b/docs/docs/resources/azure-ad/AADGroup.md index 52da08a567..307bc835b3 100644 --- a/docs/docs/resources/azure-ad/AADGroup.md +++ b/docs/docs/resources/azure-ad/AADGroup.md @@ -14,8 +14,8 @@ | **GroupTypes** | Write | StringArray[] | Specifies that the group is a dynamic group. To create a dynamic group, specify a value of DynamicMembership. | | | **MembershipRule** | Write | String | Specifies the membership rule for a dynamic group. | | | **MembershipRuleProcessingState** | Write | String | Specifies the rule processing state. The acceptable values for this parameter are: On. Process the group rule or Paused. Stop processing the group rule. | `On`, `Paused` | -| **SecurityEnabled** | Write | Boolean | Specifies whether the group is security enabled. For security groups, this value must be $True. | | -| **MailEnabled** | Write | Boolean | Specifies whether this group is mail enabled. Currently, you cannot create mail enabled groups in Azure AD. | | +| **SecurityEnabled** | Required | Boolean | Specifies whether the group is security enabled. For security groups, this value must be $True. | | +| **MailEnabled** | Required | Boolean | Specifies whether this group is mail enabled. Currently, you cannot create mail enabled groups in Azure AD. | | | **IsAssignableToRole** | Write | Boolean | Specifies whether this group can be assigned a role. Only available when creating a group and can't be modified after group is created. | | | **AssignedToRole** | Write | StringArray[] | DisplayName values for the roles that the group is assigned to. | | | **Visibility** | Write | String | This parameter determines the visibility of the group's content and members list. | `Public`, `Private`, `HiddenMembership` | @@ -158,6 +158,7 @@ Configuration Example DisplayName = "DSCGroup" Description = "Microsoft DSC Group" SecurityEnabled = $True + MailEnabled = $False GroupTypes = @() MailNickname = "M365DSCG" Ensure = "Present" @@ -168,6 +169,7 @@ Configuration Example DisplayName = "DSCMemberGroup" Description = "Microsoft DSC Editor" SecurityEnabled = $True + MailEnabled = $False GroupTypes = @() MailNickname = "M365DSCMG" Ensure = "Present" From 975931fe4d9d841e0963946a9737a2fbd7df2b1e Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 28 Mar 2023 17:33:14 -0400 Subject: [PATCH 070/187] Update CHANGELOG.md --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a686eac8fb..e77083e148 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -77,6 +77,8 @@ * Added a QA check to test for the presence of a Key parameter and fixes resources where this was not the case. FIXES [#2925](https://github.com/microsoft/Microsoft365DSC/issues/2925) + * Major changes to the export process where resource instances will now be assigned a meaningful nam + that will follow the ResourceName-PrimaryKey convention. # 1.23.322.1 From c92be7c9a0d9a33bd4b141f38291ae3d13038820 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 29 Mar 2023 09:59:02 -0400 Subject: [PATCH 071/187] Update index.md --- docs/docs/blog/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/blog/index.md b/docs/docs/blog/index.md index ad0d6f5612..874daf120c 100644 --- a/docs/docs/blog/index.md +++ b/docs/docs/blog/index.md @@ -1,4 +1,4 @@ # Blog Posts -* [April 2023 Major Release](https://microsoft365dsc.com/blogs/april-2023-major-release.md) -* [October 2022 Major Release](https://microsoft365dsc.com/blogs/october-2022-major-release.md) +* [April 2023 Major Release](https://microsoft365dsc.com/blog/april-2023-major-release.md) +* [October 2022 Major Release](https://microsoft365dsc.com/blog/october-2022-major-release.md) From a6c2bee3b868395a155c1767a5d972a9ba651694 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 29 Mar 2023 10:01:57 -0400 Subject: [PATCH 072/187] Update index.md --- docs/docs/blog/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/blog/index.md b/docs/docs/blog/index.md index 874daf120c..67a358c0da 100644 --- a/docs/docs/blog/index.md +++ b/docs/docs/blog/index.md @@ -1,4 +1,4 @@ # Blog Posts -* [April 2023 Major Release](https://microsoft365dsc.com/blog/april-2023-major-release.md) -* [October 2022 Major Release](https://microsoft365dsc.com/blog/october-2022-major-release.md) +* [April 2023 Major Release](https://microsoft365dsc.com/blog/april-2023-major-release/index.html) +* [October 2022 Major Release](https://microsoft365dsc.com/blog/october-2022-major-release/index.html) From 84a0a131ab91ea81cdc6b70e5e52364f84074917 Mon Sep 17 00:00:00 2001 From: Chris Hill <53898223+Borgquite@users.noreply.github.com> Date: Wed, 29 Mar 2023 16:09:09 +0100 Subject: [PATCH 073/187] Remove GroupTypes defaulting to Unified - #3073 --- .../DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 8ac3ff3db4..47e5b15092 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -34,7 +34,7 @@ function Get-TargetResource [Parameter()] [System.String[]] - $GroupTypes = @('Unified'), + $GroupTypes, [Parameter()] [System.String] @@ -402,10 +402,6 @@ function Set-TargetResource Write-Verbose -Message 'Cannot set mailenabled to false if GroupTypes is set to Unified when creating group.' throw 'Cannot set mailenabled to false if GroupTypes is set to Unified when creating a group.' } - if (-not $GroupTypes -and $currentParameters.GroupTypes -eq $null) - { - $currentParameters.Add('GroupTypes', @('Unified')) - } $currentValuesToCheck = @() if ($currentGroup.AssignedLicenses.Length -gt 0) From e08b49279c6f5e4ba68d42487f1e40b2e3427ca8 Mon Sep 17 00:00:00 2001 From: Chris Hill <53898223+Borgquite@users.noreply.github.com> Date: Wed, 29 Mar 2023 16:23:40 +0100 Subject: [PATCH 074/187] Update CHANGELOG.md --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f0a698066b..648e66fe5e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,8 @@ * AADGroup * Changed the SecurityEnabled and MailEnabled parameters to become mandatory. FIXES [#3072](https://github.com/microsoft/Microsoft365DSC/issues/3072) + * Stopped GroupTypes defaulting to 'Unified' to allow creation of Security groups. + FIXES [#3073](https://github.com/microsoft/Microsoft365DSC/issues/3073) * AADUser * [BREAKING CHANGE] Remove deprecated parameter PreferredDataLocation* EXOAntiPhishPolicy * [BREAKING CHANGE] Remove deprecated parameters EnableAntispoofEnforcement and From 455d7c4c53ccc791651ec76bf2eb19c75ef366d6 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 29 Mar 2023 13:03:30 -0400 Subject: [PATCH 075/187] Updates --- .../Modules/M365DSCLogEngine.psm1 | 39 +++++++++++++++++++ .../Microsoft365DSC/Modules/M365DSCUtil.psm1 | 11 ++++-- 2 files changed, 47 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 index e61021c1dd..ca64bc02be 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 @@ -675,6 +675,45 @@ function Assert-M365DSCIsNonInteractiveShell return $true } +<# +.Description +This function retrieves the name of the last resource instance being processed in the log files. + +.Functionality +Private +#> +function Get-M365DSCCurrentResourceInstanceNameFromLogs +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter()] + [System.String] + $ResourceName + ) + + try + { + $allEvents = Get-WinEvent -LogName "Microsoft-windows-dsc/operational" -MaxEvents 25 + foreach ($event in $allEvents) + { + $message = $event.Message + $stringToFind = "Resource execution sequence :: [$ResourceName]" + $start = $message.IndexOf($stringToFind) + if ($start -ge 0) + { + $end = $message.IndexOf(".", $start) + return $message.Substring($start + 31, $end-($start + 31)) + } + } + } + catch + { + Write-Verbose -Message $_ + } + return $null +} + Export-ModuleMember -Function @( 'Add-M365DSCEvent', 'Export-M365DSCDiagnosticData', diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index c9cc25084a..364c7e227b 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -855,6 +855,11 @@ function Test-M365DSCParameterState if ($returnValue -eq $false) { + $currentInstanceName = Get-M365DSCCurrentResourceInstanceNameFromLogs -ResourceName $Source + if ([System.String]::IsNullOrEMpty($currentInstanceName)) + { + $currentInstanceName = $Source + } $EventMessage = "`r`n" $EventMessage += " `r`n" @@ -905,7 +910,7 @@ function Test-M365DSCParameterState $EventMessage += '' Add-M365DSCEvent -Message $EventMessage -EventType 'Drift' -EntryType 'Warning' ` - -EventID 1 -Source $Source + -EventID 1 -Source $currentInstanceName } #region Telemetry @@ -2614,7 +2619,7 @@ function Test-M365DSCDependenciesForNewVersions } $i++ } - + # The progress bar seems to hang sometimes. Make sure it is no longer displayed. Write-Progress -Activity 'Scanning Dependencies' -Completed } @@ -2691,7 +2696,7 @@ function Update-M365DSCDependencies } $i++ } - + # The progress bar seems to hang sometimes. Make sure it is no longer displayed. Write-Progress -Activity 'Scanning Dependencies' -Completed From c394c8ac614d614c8ca69146f89f4f516459072b Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 29 Mar 2023 13:35:46 -0400 Subject: [PATCH 076/187] Fixes #2981 --- CHANGELOG.md | 3 ++- Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 | 6 +++--- Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f0a698066b..ce7e9958d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -97,7 +97,8 @@ * Major changes to the export process where resource instances will now be assigned a meaningful nam that will follow the ResourceName-PrimaryKey convention. * Added a fix making sure that the progress bar "Scanning dependencies" is no longer displayed after the operation is completed. - + * Changed configuration drift reporting to event log to include the instance name as the source. + FIXES [#2981](https://github.com/microsoft/Microsoft365DSC/issues/2981) # 1.23.322.1 diff --git a/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 index ca64bc02be..8a26608e57 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 @@ -691,14 +691,13 @@ function Get-M365DSCCurrentResourceInstanceNameFromLogs [System.String] $ResourceName ) - try { - $allEvents = Get-WinEvent -LogName "Microsoft-windows-dsc/operational" -MaxEvents 25 + $allEvents = Get-WinEvent -LogName "Microsoft-windows-dsc/operational" -MaxEvents 10 foreach ($event in $allEvents) { $message = $event.Message - $stringToFind = "Resource execution sequence :: [$ResourceName]" + $stringToFind = "Resource execution sequence :: [$($ResourceName.Split('_')[1])]" $start = $message.IndexOf($stringToFind) if ($start -ge 0) { @@ -717,6 +716,7 @@ function Get-M365DSCCurrentResourceInstanceNameFromLogs Export-ModuleMember -Function @( 'Add-M365DSCEvent', 'Export-M365DSCDiagnosticData', + 'Get-M365DSCCurrentResourceInstanceNameFromLogs', 'New-M365DSCLogEntry', 'Get-M365DSCNotificationEndPointRegistration', 'New-M365DSCNotificationEndPointRegistration', diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 364c7e227b..525aa027d7 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -861,7 +861,7 @@ function Test-M365DSCParameterState $currentInstanceName = $Source } $EventMessage = "`r`n" - $EventMessage += " `r`n" + $EventMessage += " `r`n" $EventMessage += " `r`n" foreach ($key in $DriftedParameters.Keys) From 70106dd4225600fa3c358ace04b17c330ec4ea53 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 29 Mar 2023 14:26:52 -0400 Subject: [PATCH 077/187] Add files via upload --- docs/docs/Images/April2023MR-EventViewer.png | Bin 0 -> 19615 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 docs/docs/Images/April2023MR-EventViewer.png diff --git a/docs/docs/Images/April2023MR-EventViewer.png b/docs/docs/Images/April2023MR-EventViewer.png new file mode 100644 index 0000000000000000000000000000000000000000..ccd7e53868903609f830718beb0ee46fae217db1 GIT binary patch literal 19615 zcmeIa2~<V|NGY%40iTj*=uKK zuWx?eoO9*TElZQb2TmOTfk1~%Z~SBf0)6QU0*QV3&DX%5Z|{D51N;*UwlVn;RNW^t z2fX;w`v;33Kp+D4;I`XW!0Y|@Za4;mK(g_Be_~knswW6!e%bV=AM7GrmnNehd(cs% zTQKaE6%%Yp31>uO+Dm8P*YEf1pszgo+nooMo|K>d{;DQt@#|l~zwSPHeB;1Z-$;M^ z%@^r^&-v-cJNr_<_58;BH_c9|1)q#x)a#&s-~Zlo#?`Cy)_2z&FYBDO2;P+ITW_hT z@LdQO?!0DZ>u}oV?Hxk<`TJzo4MKC70s(sP2miK838HGb&mlG%B8QfaEk-Xqose6FD+n>BcsAWXlavd%~1Pa#XLD*QQ31 zPj!B5|(sy_;f!Sa#chDtslTS_U;J`>gA;dTu1PFs2(lP zZGzrr=dA3%0d21}Y@g(>2C9xw4vu%qRKz2VSD~)bev8BDr>u~DF9?M1`ec(F?6o~v zr8NdUgs4&bWBky5M#uJVUG7_oG?St=3+t@1r~CFUG8DpycqDqBAz%&du6{S`GwHq~ zA(Kd9P@!NpNA83{UNPsHXpw&h-?cY9&hRvo!mo2lj8B+NxIo3$&k;l~;Cb{E%oBH3 zJZJP_exL}E$c9FbMdC0=75~}c1RUwqq2tcz;d4??RopzXH}Ylc1!+}*xak=99FLO7 zC^x#Zo$Wh;zM?5&^^(4pq_yP}hlO^-C1v-jKh`f0^0a%jA^j>cu#w2y@3(%Le>`Hh zsG0teZ=0H>%d8FTXm@Kj#efxct&a8$tY_QUY(ZexCb#wmdX}IfBAvoGjTqI0>52@X zC+nMoM|!aX?VZ~{`=RfQOLach>{?a;!V}+h$oSsGB*=qFk)%ag9)B zTJcIj-`I-)Tdk7gyP1@`-}Ud`I~ikmUfXq1LP14w`C9YmFGRkxKeBf=WgqEvrj-}k^8GlvUe>9>gV%1&lYqblm zXi=z6@T|G(zPPYJtXNHQAhxqA0fDYvq@q7}f9CnmiT}-iF+Q*{X=P<)+dh}C8yMEu z&M{U!2fO;zV-CBCg*9W0wmT)LXWb3H0Qnp5Y-uNXKg+A@4c<>#D=Kep3Z*db0yn2- z-?~sFadSkPadvWZdn-OPQB2R8)5MvX%-c4N6q=yd@2@Re?Y;=fMH}`@8MQfVZbT@d zeZBxqL~U!_J2tQHAZj|q)#tHZ%_Du+bll}*X?Iv(jk=Xjy#+m{uaUOX*7{%qv)Ucl zj+xxp3qvE-mF-dNn>CWaA=0Dv@$|KmAW*5dUd(KR#fcSrk<0)Uh)h3=1>P1q+VyGg@k-GG6eYmgOWY;-vi*D_kT>CjCok^t#F5 zR$usAd~c*k6hxEKz!=!3ANcx+@GFEANX=i+Q|lhO>o*ABbulw&iRn9= zn1kNT#E>7NZWFfL%V!~;9NBg)1G%o~5#TQ8rsEXnXZQK^`O86Q&SQ*94cb|SXoHuH z6JhUvjI}e@cGc}S%%YR6=r&p4C~D0^G0=E#SZtUiibjWy=ZP`4^*jeLi$>KIq`!%b z8LCHL($Z%%>Ac=kqt#)(J+Fs<-WORlN?qCUkG(9{S?x?S0Np9c_=OZo(PIpW#_V`1;*~DsFz&Pp|#b@MNNvKwVvpv zgC4e<#&S=7bOz{rgOs?@{dHh~}z@$cv( z5Bl?==3Q%@tx$uCk1IsRAbU;V+@ugPgic=4th+r5X05g6j z?a)2xi+-+3{GBwCa$Ca`6#>Me(TjWW>5hzli^Y+hB~p$96}kN$OcnAcGbMi- zAZ#WL?Z}H23`JIDK0t3ucy1VN$A9k7wb$Y39f3ovv0>1>oomG`Bdz`H-b9H!44gjM zXD>MtZEZ!)h3E#YPIu`~Bq8Y4Y!d*;%va`0JU33np2kDCPe>n6c&r!+y+6O};a;#+ zI~^u^jeR|pxx19QY-?r8H`<|m9(2fu<+(ap!XE70McA)Pfj}=&Y5@*=JS2E(f$59G1Kw2>BJ%#gQ&|!f?Fd{TV&E#=9k)NRfU^G zyXr1Dl1j0SJT5Vw;O?ehtSqmY)MYC|we*{IwdH5qfo*9=(hXo+35(4O)vflGyYlGo zrFR7|PCf5cbs#Pwt2Wki={eL-X)}@%cm&x~2H&*7^;Zq49_!0GrG!hS2Ha0Vc1g3d zL2n-tmu-#tM#~SD%Ia6wrYf)=%rKo*qdxYxPcpWhRT)~QQ|MjM_BW$j>rwRYT6BDS zX!m8~n+*L!@l>hvG6f1GADN<6yDU@83dr{wZ_Wt@o*z#R_PQB z3-R@XXzi%n^)#lTHyny~$OUW-dbx`VfM>7t@^;c1kAVOMli8pP1|)UcJBFNmP*}j=gB8K@w-7k zlIY19O)ST(*%v=BU6gW1;6}Dh})R!%}a17k|-T@(Qlk?Mt>Bq zT}w8~5Wzf0Lry07yDWte4dIBMSOF1Qtq5eUHVJ}P3>$Uf9M%Al*tO(6YEKp%+c-Gh zVMu5vKp|zT3Da)Qj%^8}jnusjSoS?G=9qrgK?CrG>wo z8rzW8aA;j?=1jxV)48KYDQutRn)TlL@1odoDH`WonAZ2&B`rcJVnl&|T_{{nGvq4=hY znWS5uB5Nz1?cCCJ&6umelp_|UU``(8-TjgBjoG(IY)%0-9@%+{k`0Q>DH|krXQ}Ed z(5IqJlhEsh>(P@xjJj0{CMR3Xn)qB>$q8R882AS7iO#90 z<>@8}eD!Iw9DBD(GYkR3$R$w`BQ_~?yG>VIZvoQnf(^~^04x0{s73?l-|ANh!^!V{ z6kaljwhIfT7d6x>i$)~3GDx~vxE+C$eb`1z(E6*8)C$x?HwlDX#MNM9a1=byIk>%Q zS;}~RmM$p`gWF$s8)h*Tqju+v*d{)m09I}deE87zd)h5WVNFPn7H#SZ{hl-ad3j*F zJqY9_W|D0@r=se?K7pS9ZF|}Z{A7wj^>TzIpE2QiF{1_y z)de*T5~m1)M$B~QX*JXG%7)tP{4nQhh9%VO&@ugT>gM|`zjHa^$4K{OJ$)68u1X8g z+mtP9;i6NLBvJ{1z2FQsMwuX8xc&}2S6o{O>u>F8goW}Ye#_D-2sG~Sp4=^QavQE_QCih$S@fVgXr-T|fD(P(BglNsC^rwapBY`f?+9KRPeI?qGR~rJ zfXZtY8s;?@xfrabY^Pu={SjL@T7&4vdd4Vg#wyB7QhXK#>m}SXFP`()y0->qPK9Ca zf)|)6;7%-yMF>_}DCpu>T*9U$ROCly`d;!H^;X*4+SWOqLki#q+736|ur^}ahw6i* z#9Lsv_p!934z#7<%`We^){l$37riZ)lVcms3@#nX7cHXE?1NbVf|{V=ULVUM)66Z9 z%kS64Dd-?i$i?l9ykzi>E&5y{Qr-nRx}VXQQipo~;p% z{*clJ3N5TYQGEuKt`Ax6ogj@{Z(`DvRCkRo1#ic#>mk0+iD4O=;pMSAj1YSd_!-1d zcC7bp50pic?0DM7S88&|37Mwf-MeLU&kAD~8a(DFn)KtyVN1TDLtP)@FFw0a4F;u~ z3nED$bB71~FXlS-W z;qGkKps0UWM`CI^s%`sOCU*OyME6v@92N1BM(DSVN%{ix&g+4+YG-rUl2h!LAkaK? zcP-76#gA3RL+UsSu(a{zHf=mm=G^%%WvAjg@E;KhMz`{cyG>%Jay-UCPYCv38f4Z%q1fd(Z4)+pU54a&o3`u=1U!bM^k`x*CdtROAr0hPl+b2!N3|$Wr&zDGO9~9VRK1_>$D{ zrFn`7N>vGeM;IhZL+b!Hbhjk-CU5&ScBX!yEZP7unXsy!7_SaXNMRQ;R9tCt30=g$ z=Y`8~-jcI*AF4vOCUixhclLuck-AKL^hcjzMnvSwh>1t&sU8v4fiGBM(VF%jMh#QB70v8RXr5onjq_rzrR|i+Bx)=IU7R6RF z$tV*q5B~1~$W)Y|D$N!^!dJfpq__P}kcx|%ugp?x0&Y_n=^@Hek>n>=q~jS0A)8*% z<+zc*nuiKS%(NnLa1UZ+aTkF`nzb)oswC2%R5_~bX#8>k!FShz2*f~Ymb`4lcqzH7 zm@2IrKw7`W>rHKHS^nFc3TNPV>ER{n95?tA02{4CS1aX&8B~aIBz3wh43zAd9@-2+ z=<~$0X_3!Pzt|B+{|1JHe`pu36;xSoL?yA8&I%Zn5%v<}?oH*&atN~v^G6Y8U5h0~ zyh@eh4S8%ZA!*->TsVEPw+CQ-8E^^0BZijvs7@IyFVQZuXY z7uE*?hDnpTI^K+L{XUVjvjBWM1tcCKXnadzSCy1Zrn$bxQ%qBJ(M3r64w)(;vBtmr zRlVJ}ys}HVSjYByXMMZN*tI1$=bK~c>TY15N=dv4+^qJG&ni`Jr#4~Hc7jRF4|6jr z_v1rKl5s~H`n_~ArES-5)r*&v5TLQ?4jaFB?>nWJ;mUNfLG+kaDLDsQP!yh0@xfEM zyj6FRrWZ@7)6w4fR=w&Kd4pRVbPutBubwp-kr5QZo{EgP8j(oENK-DVdLSKlzC))| zhssz`n6FrcX5~3Q2vyZ2+ux1eQN%;ctX*y2M{AZx0+adr9J!k;fJAcEI)k8m`a@l)GYxwVxR&#z89%89<^(ewh{|Oj3 zE}XOKelJ|=`+{$S=1g#Tk7HUdK)|gC6)UjQ`nV*Wasokwnn}`ID+r3;S!VWP$t8d4eq&LUL%wm`}3Qa$l($!u|*A*12KE=X2WjyAfyD5#1$ER12nEhsgy zhF7Hs>u6Xdw1j%pbCaEbqKhV%xC zdnn}=p%Gg&?b(q%e1*`e=6a6u%DvbU$Y>jCe%Bq})!w=8`e+FOOR&R@)#w1NHW%FF(e>@8DQO zDEY>QH9-orXjjn82~?HEbYRjRG~_Dsw8-DV}?zLu0EGOJ!{^NW7TJBtN z02BZl;W{^VAlQCJI=A%f9gs?I3RU<}PFp zWr23Na}SJx_V1+y05*>^QBJv$Ge3SRmiLZpBVMcqMecBG`BzPft(M;;eI_&S)iI=1 z>DBtDD-Nns$6ETk%dnFd5s9jv0M_ociBcNbjKst_`#cKr;5RB%?EcE5sA;jd(ga9+PlRm9DMjz+BT2rNPoD8Q1C6EckeDw}3ru+zA zL4JgiQok>`aCxILREbPcmLtbput`n!ZHRD;RyaO>Aa*J+`U`pZi%d-_x1_*=ti!rS?QOCAr zD!Zf~kg&w5csDc$nIjHbJQk&jTsT?G8bxVo`42^F``bqXd4qErJx`cvo_FQEFsbMD z@_i;lS-9@3T2iak`)EH?E&4uO9kem*s0|6~4zgK_JuJ+&iyhOy8BATXS%NHIfRM%C zx{NP$)9R1!p6p1ek0xX*ihyt^AKh1vv}3v30*r41EJ{J>)je@L{MYqV?uU1W=fl|R zTTPV~!Hj3%C;+msB6D_mzP{(GonG7Q;E2z^1VoJUtfoKPmn(%&x`yL;PBN!TsI*2t^l>y3MgBqVqDOJQ=oSf_DRoUES z6*Umf2JF1c3R+(e9BV;a5y#ek_BZh#Z!=5E(|hudGP3>6`>)(Lpw($qZlKD`utGZF zcDJi?vCV3_7Wq~gw?fbIrmqaX91c{3aHVf7aZ6*-4flab#=7}IHWo8;GnZpiqJ4xOQ~&yUAZ`qe7y)T0@b{e z4-GCy-ut3g61Dlb3)#CxY=$2z%YxBMDcAv>D&TfkAKVoWln&8{{ph*WIjBAk#c28 z*3b~v1+@9(NufS4_8HlO8?0k)>^pCY+ptfy9rj1O=GbM_UCc6p=zvv^OP@1nu--lr z7pTyZYf|6-r^6B2FqHF=bvWApWz|pg?z8wjxBgyIdvOQz$?EE86K-Q*S_sLYm~}x0 z^er?`YAo&p`SdN9d6rKVSXbU-u{SvF7boi-W?oNW7M)dqvV0C-bt3?&+5g+`tIu*# zEMxRV@1`7fw<9zCqlH=9qf-s;R6%i2#ri?`%P==Op7hXG`$pcvIGoT7FNID}Y*sJ1 zS^8!}U8N*~?QpTrb&;N-cb<*_NwI&|FFMcN7@bW&(!3(ew(XQ3JNHoFI!~h#T=L0~xa_dG)c7|RylDJN% z7m)@|rW}6a>M(^4I827Il319`TY}>JaTuvlGW?^j>I6|GB;=*-q6jMHgi1m`M7p@Jy0uz zvq!v_)2?ZluwM>z)_U){>Vz$O93LX4?8#amu0h}y^*YDZ-mE({Je?l5X*!OrzW}yk zJL>x>B|KP7uLbghP%=N#o`246SgxB-W&CVv!;hjhOS0g{CE)GHE_9pLJGWLE97{xg zWwdgo?>R;%^bo9kttnI>_Ohz5N(jGlg#T`!^fMXydVV@FXgQY~`P0n$gI-|HjGvw3 z3%92fPOlQzI}(hVn0Ljgn_szZ9XoL4CaX*<`IM0)zC++>x~lVDrc7rc z_n_MTa@T$*tEz)wybbs(BXPv)_4g|UReZNmW~4Jm45as9%4|I9;oOz5JPc-heF~EW zC=qjf+TIgv)P5T**TH(6}t!_gRt-A~e?d~1gJyY+Xhprlg(kyTjwb^zpuuemH z983#4m|ffIMt1Pz%Pm`64MyT+ov}{qSL|rZT|wpR`#^WH7j@`FYfPdAAlm;yQU-@l zo*s1WE4Z&+I*uFSZ~%0=dq4IAVcOAvr-7?TSWD@$T>_o&R$B!Rd_Lvn*TmiCqthFNSMfAfKB zBXWhgWcMvM*Aa1537$sV_2`K{4CFc2(ht4_L!RaOfip z8|Ey{6=T``1^D5R%pInCcg=@>7_|pY+@KpzYC_2PvC+{#3q*>@stHO+ZkKy;6_=*Y zICW5}p>|=6<}m(eBS~c0mAHYo^^5e$8bk}SGdBy3vUor`^RLN6anRfBN!xC_Hj@G< zKx_i+#qDMU{`HeK>9GbUL50#F%o!k9eREIWXZ`U1ypVyg)ZKv0H-XVjR+N@bKO2ho zu5wm)v-C;l-K+ks-qBUjNb(@-ICmAAbfUs}HKwP*aiSs1&ZUS!oeo=cbXH#8iW)s$ zyE^~)$$WvkI%u@)dT2k(RreG?+Z_xrIOjck#5+qxv=KTN5c0L>wL&_MpO^jSCJ#)P zec>ss)_l6ISy|pnwny-V6jsYWeIi8c@qK^6L%<91!pdmngn@TGhP0od9y&Kzw6ne4 z8lo%v$+|GLzRluO!}CO8t`(eItJs^%+dc3|WYB{Xr%nJ6^pbZckF~k|H7MN!xQ@@E z-KTmTrul~jLgQa}8V3K6>@rL)dKd#D++Mp^cU@XFjbo%5EfL}&n8{rPl)SyBUGZ6k zt8M<6pWP;G%@&L<)e<*tjsp@M&|YGEk*({(+mRa?LiXDpYn^-RHH%{;2SBUK=z5{z z=?jqC|7F1~T3LR?N^(PGzT__g65Gq|gN-*aaFmJ_B*S5=-7U5pjSKwQ)OI6^7Ug?; zGXf`2*wle0Y9By@k!=#4JALE25}?rw>#hu%hB<{G^z)l2=KD`nt^t)jb|VkwAd*|BEYw9&Qn+A!5r+aiEHVtMp85i!0le&wyJYdkXvPo`f+%fgW-Q$cdF ztv^gwXB!%&)!((0UcZKw?4Kv(mAODtN|bYb#nl`iI+nOGt*eBi;CoJ-pC2xj&Tq(c zkDIR7I|AGsu`3ATs836^8J4G|CX893_a1qFqfX)_T1hEv^f>R)1_t14wFjd;as5Sl zqOo=e5X9HDQfGR>F}6v$h8LsxD{r)%4c{)kMz(~%Sq+x2mFbmDZEv#g(AH_aS}E7P zVH0Us{S}}V=@JoRiCuPzazkV(#n9MLis{`;NwdxaJD`VYPFBPzc~q6;q(s8E%7sa1z}7=l24Cjho@D(3wUj?T@>!QkD}^%m*- zgKwO_mYB1YSCaS7>kYcBUHsv>uY`>ioUpBipTD0bemU$?TYG&WEj`W2fjFC)WPKI~ z=JlThRh;v%iXk?kpotDyI1EEWSx{}2&!4HE|>gm?Q4lII}QNw`+SKr4~ zgS>5sYei~)YjFqP*NzKl+>Zw_X_$?QwLW${dvnZjte&7a+4a?&iV78#XOM-PnhydL zDlHG*#HzA`@KC2*rv8gath^r0B5jBI)VxaNO{88JZuKE9ecQiw+$`+5c7CNdr=3}xSFB+Xu)?hn2X1keGK=A(GT9a1&7M>iJm?}rZ$as)hR<+7CGaX!JW z)jU1op2dzaIQx>mbb#p7g^Sr$P?)xKeR zD?OmDF+jVl@n$`)YiYEO2%X>prM?Givkhh&Ov6VqtW6T^-y?jv_kXn|0H>9j? z9R{hr0j}dyJO{mXnIriEG7Qk-y#9qhuke4-i1s?Z^ZL(f(B6K3`)C%Mfs^+LeQ&H2 z&5zXCAdGt=SBn5bW3R2=k%r^59oNRDol(@+X}~{JiPpg5!ey zW2~e8<1L#)08;!{Yk9YniIUr`tSj+av%~5!WmFDrP8`(ml(>w2e`VsnNdb-A9gR2q zz9LbT+7#W#`S!`s2`$n_J~FwGxxz7d*;hhuNgeIAh7;u$uk>sLRzyR{YVW0tw~Sc| zm=cD$q6u6pc0fkGJ;0ijziKO*&lXp^@F$lbiaN&b{9HHkzK_p|fG5l0{}Z9cO|Lx4 zfU*|$9SUi$5BP%#E)bw5EIPLFsJ_UZHw2ER9ZwwZuc>;xabf-h@d3&m1@LVzG3&05 z?BF>|G%)}NXdi8ubCFzeW=cT`wtGqxUE7-~5uz6~zI;1qd*YF@NpO5oKsD~8#SzuN zRZxQ3>~gUPG2)rFq$MYwyE-m`@ zdP3paLUuz5iuxg4t39t%;1qom7d$AVL?CRp{zVAFJRlHMLMN5=YwFmTXz+I9`L+iY_wyXsKdZ{% z@Ug4u>-MQy-Sf3QJ&XPA8~G^r_2&qQZ76Eu`s(S!>1P24qobvDOV#N-ThG2`zufbc z_}paG0B%8o>Q; z;FN+k>P^@)8F%MYVQI_L^*=OSZ2LiH{n5&s-}OkzvJ1s#Xiw8(TI$U3LiWPbvd63ox;Kl6Qws$cAa@%VXD60;v0mt%zwS0Q8- zko^os1Jf5+_Wbh4ZXN0gYl&p*Q&#mEKoF<)J^ytBvtfnN?rHjhW%K8j9+K>oNrwbR zqr6xrBKq)H^Kd@p`F~UC;apFKqhH?55kEyND5nQ22gnc5y}Igvnz|dZXDYvGodEp(y;jf;~c z`EkFks||pWZt5JRKj(GO<#4EA)@eU;=HnNHC}p}Cd#myI9lgPY(P~d1ER{u=OT$Zt zw?<@3%F9{gJ~ungmlFpY{`iD;&TGtW`}; zKhKX$36L1Kp^_i(2eQwa+jf8%g!@3;6FFDggW4__T=742Q$FCNexY7YWp*P<>yu+H zzTDu3!6(ODxrD3S+tD|GWA3RF-1R>?=B&PzRmB}8cLpoWOAopz5ezLTU!AwkSs3G- z!Z_ajK3gNZpt3C~zx@=peya%r<=epha6}G%&8hwvTT`;#p&%0gHMf+{Cb{s7M#_}_ zK58`vGI#Ofjext>%fiL6%60p+y4s3{({-FA?p?F&cyG*2%tG_UH!($NBm z+tKeR^DM0diMxQ?w{{9pBN@oUTiJ@iG*52fhnRM#`Qf34{Y!d(AV~0-z?VAv_>)17 zV0hs_803Jp24;Vl;slI>ptYVC>uEqKu*!Jmk~Z~BM(~P1^Dc+^CMk5Nh*W#l7GW0T z>#w^|fXZ5vcx%ma!z}exGt22U{o01KkV6X``1#ZoILj$I`QDM2miY@lPw68yoLLym z_WjE1&4|Sbs=#MeRNliXnlAUrEzW#=k|zeb?9Cs(1X&qS0Oa5`K`?+{45c8CmFv8! z)SdZ+b-I0F12NP4^}C2${q3vyMrm~ueQWH>0Q1e_qN$%S&gz~h+a`$Mf%=`6ngu$n zvrM|Me`ARNom96|UWS)NWT?s0N_=FP$K{+&P3uSIZ0*I*JATS_&C`#bDmKVg@<67h zQLVZ<8oOfjQ(1szULVXw9_KHemvks2);7xSC1=s?a>NIIt-A0+K`HbQD6HIilG~V; zbRD>N9nMy7GMYNayv)$3+XCsFAIAPR7s?jNd)Gb{Q9{L$V_!e^e_eU8`;D!5T|0}1cTeq;%`j||*ZYS=@_+9^+dKcg0w-xzQLKY2 zYBpBqa#uR5=}Ml zSxP(vuhhrFJ+6m=w`pEuCCn%t96&FbZ$2E8mPr&VE$M46d+H2$1o((iPT^YjtaYYs zYFcK4%0yP&EW=fgC|Ca>u(WbAk!=T5TraPT1y>^rPMye73}|f?4PG15cAi~szE;?f zZ6Y3Ut3j!xzaQYohQ1cPg#*yA=&k4=$-a|1T zZk;1tlPp;!uavADxprTUjDZ4WS=$7 z)x;Wxp)j^56f2|4)QLC8xek$4P6=z72bdMsz575f)qrTOMZ;6|(!i-KZ*NaJxjf{= ziNb~#3VamL&pxW6+i`4U{I{`SN}bD+#-V7RwRc};DhWQGOdQYTB10((Hri;t8YbN` z2Kllkbzcr`f8O2u|V4&x5+Y5;W{I#=EHy$R3XgXuemufBms8b={2A|D<~ z65jxf-hyDA?j>bdpMd;JfYZFiaHFIxO&jN21e4lFJlGN|(#&rDLEyraOB|8C)-`RI znvk|X*nMLZN{EP%A!b2)lzb(|sq=uz=9B$(fAEi;FXDqARQ9gfY?VQ!8q%?ppjPN) z0tepSJKa86I1Q{OJ>KxioYGJ4B>skR@P2FumP{0TX{lKrEyo`mP?(5tj99p!qY-{( z+;0w#H$xX_C`f zcKEor&6K}|;oee7HDpft}7!W^HL)t}SR)Xv!$Xt&rB|4_PG zLk{z%2aEujlr$Kj`*4G+ezcoUaHF~Ux?&_W;#Uqn%XFhpmi~`{l5}{749wjoP?Crn z`PtO|lk?~3>@N@RN^lN1X0eObYzb=q>R>E8g3v74Pl?IuLbaH7LCUL?{VBQiUDLVv zc;snme4kXAq2lpylAbqK#J7{hA_e#~cRUg*FHx?&eUit9<+UpDQllb4j)@uVVntpyBg^Es3 zo`?T6YC7@OK&x@^vHg@ol9;^tp&9+Sz(3p3%e9wm;UCgFA7_EYgPpVfe*z@eHMQ?4 z)zzO^TL^qw^jC`^LbZ@XpQI3EkN9KTzktfJfBVUiHM)ZM4koSU-+Xbty6nY+SA|9fqXve3-*0X8cZ|->%I2JF#C4@^H2Vq c{b>iC6L~PwdIuY^*Ui+}@~7$_@BID$0tlLDoB#j- literal 0 HcmV?d00001 From d6924e4efd40284d11cf55fb15d31b85e2708188 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 29 Mar 2023 14:35:41 -0400 Subject: [PATCH 078/187] Update april-2023-major-release.md --- docs/docs/blog/april-2023-major-release.md | 53 ++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index b7e8dccb12..62f36df427 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -88,3 +88,56 @@ We are removing parameters that have been deprecated from various resources as p ## AADGroup - Added SecurityEnabled and MailEnabled as Mandatory Parameters ([#3077](https://github.com/microsoft/Microsoft365DSC/pull/3077)) We've updated the AADGroup resource to enforce the MailEnabled and SecurityEnabled parameters as mandatory. Omitting these parameters was throwing an error since they were required by the Microsoft Graph API associated with it. To update existing configurations, simply make sure that every instances of the AADGroup resource includes both the MailEnabled and SecurityEnabled parameters. + +## Export - Resource Instance Logical Naming ([#3087](https://github.com/microsoft/Microsoft365DSC/pull/3087)) +In order to make it easier for folks to follow the execution process of the Start-DSCConfiguration cmdlet and to keep the exported configuration files cleaner, we've changed the extraction logic to provide meaningful names to the extracted components. In the past, every instance extracted used to be assigned a GUID as its instance name. Starting with this release, extracted resources will be named based on the following logic: + +
    +
  • If the resource implements the **IsSingleInstance** property, the resource instance's will simply take the resource's name. E.g., + ``` + SPOTenantSettings 'SPOTenantSettings' + { + ... + } + ``` +
    • +
  • Otherwise, the resource will always be named following the "[ResourceName]-[PrimaryKey]" pattern. E.g., + ``` + TeamsMeetingPolicy 'TeamsMeetingPolicy-MyPolicy' + { + DisplayName = 'MyPolicy' + ... + } + ``` + The primary key will always give priority to the following properties in order: + * DisplayName + * Identity + * Id + * Name + This means that if a resource instance defines both DisplayName and Id, that the DisplayName value will be used to name the instance. +
    • +
+ +## Logging Improvements to Include the Instance Name ([#3091](https://github.com/microsoft/Microsoft365DSC/pull/3091)) +Starting with this version of M365DSC, drift events logged in Event Viewer will include the Instance name as their source instead of just the full resource's name. +![image](https://raw.githubusercontent.com/microsoft/Microsoft365DSC/Dev/docs/docs/Images/April2023MR-EventViewer.png) +In addition to this, the M365DSCEvent XML content will now include an additional property for the ConfigurationDrift element that will be named **InstanceName** and will contain the resource's instance name. E.g., + +``` + + + + 192.226.137.107/12192.226.137.106/12 + + + + #microsoft.graph.ipNamedLocation + Nik's Laptop + 192.226.137.106/12 + True + Present + System.Management.Automation.PSCredential + True + + +``` From 76e9dd84ddb9ff1901c0b0e7b693850ba65ee1a3 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 29 Mar 2023 14:36:13 -0400 Subject: [PATCH 079/187] Update april-2023-major-release.md --- docs/docs/blog/april-2023-major-release.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index 62f36df427..37075a44b5 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -1,6 +1,6 @@ # Microsoft365DSC – October 2022 Major Release (version 1.22.1005.1) -As defined by our [Breaking Changes Policy](https://microsoft365dsc.com/concepts/breaking-changes/), twice a year we allow for breaking changes to be deployed as part of a release. Our next major release, scheduled to go out on April 5th 2023, will include several breaking changes and will be labeled version 1.23.405.1. This article provides details on the breaking changes that will be included as part of our April 2023 Major release. +As defined by our [Breaking Changes Policy](https://microsoft365dsc.com/concepts/breaking-changes/), twice a year we allow for breaking changes to be deployed as part of a release. Our next major release, scheduled to go out on April 5th 2023, will include several breaking changes and will be labeled version 1.23.405.1. This article provides details on the breaking changes and other important updates that will be included as part of our April 2023 Major release. ## IntuneDeviceEntollmentPlatformRestriction ([#2431](https://github.com/microsoft/Microsoft365DSC/pull/2431)) As part of the April 2023 major release, this resource is being re-written almost entirely to account for new properties. The recommendation is to stop using old instances of it and start fresh by using this new updated version. One option would be to use the **Export-M365DSCConfiguration** cmdlet and target only this resource. Then, replace the existing instances in your configurations with the newly extracted content. From 83c3f4862ffbdb12ba4647a46d97af157fdc8b03 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 29 Mar 2023 18:55:39 +0000 Subject: [PATCH 080/187] Updated Resources and Cmdlet documentation pages --- .../azure-ad/AADAdministrativeUnit.md | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md index ef7304459b..f1c05a2a84 100644 --- a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md +++ b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md @@ -105,3 +105,65 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsGlobalAdmin + ) + + Import-DscResource -ModuleName Microsoft365DSC + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsGlobalAdmin + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADGroup 'TestGroup' + { + DisplayName = 'TestGroup' + MailNickname = 'TestGroup' + SecurityEnabled = $true + MailEnabled = $false + IsAssignableToRole = $true + Ensure = "Present" + Credential = $credsGlobalAdmin + } + AADAdministrativeUnit 'TestUnit' + { + DisplayName = 'Test-Unit' + ScopedRoleMembers = @( + MSFT_MicrosoftGraphScopedRoleMembership + { + RoleName = "User Administrator" + RoleMemberInfo = MSFT_MicrosoftGraphIdentity + { + Identity = "TestGroup" + Type = "Group" + } + } + ) + Ensure = 'Present' + Credential = $credsGlobalAdmin + DependsOn = "[AADGroup]TestGroup" + } + } +} +``` + From 3792ba238190d72f96537a441a7fbf2753487638 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 29 Mar 2023 15:04:11 -0400 Subject: [PATCH 081/187] Update april-2023-major-release.md --- docs/docs/blog/april-2023-major-release.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index 37075a44b5..be268a4e70 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -92,16 +92,15 @@ We've updated the AADGroup resource to enforce the MailEnabled and SecurityEnabl ## Export - Resource Instance Logical Naming ([#3087](https://github.com/microsoft/Microsoft365DSC/pull/3087)) In order to make it easier for folks to follow the execution process of the Start-DSCConfiguration cmdlet and to keep the exported configuration files cleaner, we've changed the extraction logic to provide meaningful names to the extracted components. In the past, every instance extracted used to be assigned a GUID as its instance name. Starting with this release, extracted resources will be named based on the following logic: -
    -
  • If the resource implements the **IsSingleInstance** property, the resource instance's will simply take the resource's name. E.g., +1. If the resource implements the **IsSingleInstance** property, the resource instance's will simply take the resource's name. E.g., ``` SPOTenantSettings 'SPOTenantSettings' { ... } ``` -
    • -
  • Otherwise, the resource will always be named following the "[ResourceName]-[PrimaryKey]" pattern. E.g., + +2.Otherwise, the resource will always be named following the "[ResourceName]-[PrimaryKey]" pattern. E.g., ``` TeamsMeetingPolicy 'TeamsMeetingPolicy-MyPolicy' { @@ -115,8 +114,6 @@ In order to make it easier for folks to follow the execution process of the Star * Id * Name This means that if a resource instance defines both DisplayName and Id, that the DisplayName value will be used to name the instance. -
    • -
## Logging Improvements to Include the Instance Name ([#3091](https://github.com/microsoft/Microsoft365DSC/pull/3091)) Starting with this version of M365DSC, drift events logged in Event Viewer will include the Instance name as their source instead of just the full resource's name. From c8ae011f1ec2bbd361b40df519b7e04b2e1b6f6a Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 29 Mar 2023 15:11:52 -0400 Subject: [PATCH 082/187] Update april-2023-major-release.md --- docs/docs/blog/april-2023-major-release.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index be268a4e70..e93cda74b1 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -122,7 +122,7 @@ In addition to this, the M365DSCEvent XML content will now include an additional ``` - + 192.226.137.107/12192.226.137.106/12 From 424ab8d5ecb6d13c85dc815cc85fb7f8fe40a260 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 30 Mar 2023 11:02:38 +0100 Subject: [PATCH 083/187] Fix AADAdministrativeUnit example Fix issue with example which is currently making the Unit Testing fail --- .../2-CreateNewAdministrativeUnit.ps1 | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 index d09f4fdecc..b1ac3d9df3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 @@ -3,17 +3,6 @@ This example is used to test new resources and showcase the usage of new resourc It is not meant to use as a production baseline. #> -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsGlobalAdmin - ) - - Import-DscResource -ModuleName Microsoft365DSC - Configuration Example { param From 16e5249ccf73cad3372b4e5b1bc88c83dfa511b9 Mon Sep 17 00:00:00 2001 From: Adrian Date: Thu, 30 Mar 2023 13:18:39 +0200 Subject: [PATCH 084/187] Update april-2023-major-release.md typo in IntuneDeviceEn_t_ollmentPlatformRestriction --- docs/docs/blog/april-2023-major-release.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index e93cda74b1..16edd84c46 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -2,7 +2,7 @@ As defined by our [Breaking Changes Policy](https://microsoft365dsc.com/concepts/breaking-changes/), twice a year we allow for breaking changes to be deployed as part of a release. Our next major release, scheduled to go out on April 5th 2023, will include several breaking changes and will be labeled version 1.23.405.1. This article provides details on the breaking changes and other important updates that will be included as part of our April 2023 Major release. -## IntuneDeviceEntollmentPlatformRestriction ([#2431](https://github.com/microsoft/Microsoft365DSC/pull/2431)) +## IntuneDeviceEnrollmentPlatformRestriction ([#2431](https://github.com/microsoft/Microsoft365DSC/pull/2431)) As part of the April 2023 major release, this resource is being re-written almost entirely to account for new properties. The recommendation is to stop using old instances of it and start fresh by using this new updated version. One option would be to use the **Export-M365DSCConfiguration** cmdlet and target only this resource. Then, replace the existing instances in your configurations with the newly extracted content. ## Primary Keys of Multiple Resources ([#2968](https://github.com/microsoft/Microsoft365DSC/pull/2968)) From 4ec581577b5dc93a0502cb1d90c93a18e973184a Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 30 Mar 2023 15:09:05 +0100 Subject: [PATCH 085/187] Add mandatory Id field Add mandatory Id field --- .../AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 index b1ac3d9df3..308bafe5f5 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 @@ -18,6 +18,7 @@ Configuration Example { AADGroup 'TestGroup' { + Id = '4b8bbe0f-2d9c-4a82-9f40-9e1717987102' DisplayName = 'TestGroup' MailNickname = 'TestGroup' SecurityEnabled = $true From afaa51a5d003df00551eaa071365ed825658192f Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 30 Mar 2023 10:13:18 -0400 Subject: [PATCH 086/187] Logging Fixes --- CHANGELOG.md | 2 +- .../Modules/M365DSCLogEngine.psm1 | 67 +++++++++++------- .../Modules/M365DSCTelemetryEngine.psm1 | 1 + .../Microsoft365DSC/Modules/M365DSCUtil.psm1 | 62 +++++++++++----- docs/docs/Images/April2023MR-EventViewer.png | Bin 19615 -> 60477 bytes docs/docs/blog/april-2023-major-release.md | 25 ++----- 6 files changed, 93 insertions(+), 64 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ce7e9958d2..358e97642a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -97,7 +97,7 @@ * Major changes to the export process where resource instances will now be assigned a meaningful nam that will follow the ResourceName-PrimaryKey convention. * Added a fix making sure that the progress bar "Scanning dependencies" is no longer displayed after the operation is completed. - * Changed configuration drift reporting to event log to include the instance name as the source. + * Added a new Set-M365DSCLoggingOption function to enable logging information about non-drifted resources in Event Viewer. FIXES [#2981](https://github.com/microsoft/Microsoft365DSC/issues/2981) # 1.23.322.1 diff --git a/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 index 8a26608e57..a675ab252a 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 @@ -180,7 +180,7 @@ function Add-M365DSCEvent [Parameter()] [System.String] - [ValidateSet('Drift', 'Error', 'Warning')] + [ValidateSet('Drift', 'Error', 'Warning', 'NonDrift')] $EventType, [Parameter()] @@ -448,7 +448,7 @@ function New-M365DSCNotificationEndPointRegistration [Parameter(Mandatory = $true)] [System.String] - [ValidateSet('Drift', 'Error', 'Warning')] + [ValidateSet('Drift', 'Error', 'Warning', 'NonDrift')] $EventType ) @@ -498,7 +498,7 @@ function Remove-M365DSCNotificationEndPointRegistration [Parameter(Mandatory = $true)] [System.String] - [ValidateSet('Drift', 'Error', 'Warning')] + [ValidateSet('Drift', 'Error', 'Warning', 'NonDrift')] $EventType ) @@ -550,7 +550,7 @@ function Get-M365DSCNotificationEndPointRegistration [Parameter()] [System.String] - [ValidateSet('Drift', 'Error', 'Warning')] + [ValidateSet('Drift', 'Error', 'Warning', 'NonDrift')] $EventType ) @@ -606,7 +606,7 @@ function Send-M365DSCNotificationEndPointMessage [Parameter()] [System.String] - [ValidateSet('Drift', 'Error', 'Warning')] + [ValidateSet('Drift', 'Error', 'Warning', 'NonDrift')] $EventType ) @@ -677,48 +677,63 @@ function Assert-M365DSCIsNonInteractiveShell <# .Description -This function retrieves the name of the last resource instance being processed in the log files. +This function configures the option for logging events into the Event Log. + +.Parameter IncludeNonDrifted +Determines whether or not we should log information about resource's instances that don't have drifts. .Functionality -Private +Public #> -function Get-M365DSCCurrentResourceInstanceNameFromLogs +function Set-M365DSCLoggingOption { [CmdletBinding()] - [OutputType([System.String])] param( [Parameter()] - [System.String] - $ResourceName + [System.Boolean] + $IncludeNonDrifted ) + + if ($null -ne $IncludeNonDrifted) + { + [System.Environment]::SetEnvironmentVariable('M365DSCEventLogIncludeNonDrifted', $IncludeNonDrifted, ` + [System.EnvironmentVariableTarget]::Machine) + } +} + +<# +.Description +This function returns information about the option for logging events into the Event Log. + +.Functionality +Public +#> +function Get-M365DSCLoggingOption +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param() + try { - $allEvents = Get-WinEvent -LogName "Microsoft-windows-dsc/operational" -MaxEvents 10 - foreach ($event in $allEvents) - { - $message = $event.Message - $stringToFind = "Resource execution sequence :: [$($ResourceName.Split('_')[1])]" - $start = $message.IndexOf($stringToFind) - if ($start -ge 0) - { - $end = $message.IndexOf(".", $start) - return $message.Substring($start + 31, $end-($start + 31)) - } + return @{ + IncludeNonDrifted = [Boolean]([System.Environment]::GetEnvironmentVariable('M365DSCEventLogIncludeNonDrifted', ` + [System.EnvironmentVariableTarget]::Machine)) } } catch { - Write-Verbose -Message $_ + throw $_ } - return $null } Export-ModuleMember -Function @( 'Add-M365DSCEvent', 'Export-M365DSCDiagnosticData', - 'Get-M365DSCCurrentResourceInstanceNameFromLogs', + 'Get-M365DSCLoggingOption', 'New-M365DSCLogEntry', 'Get-M365DSCNotificationEndPointRegistration', 'New-M365DSCNotificationEndPointRegistration', - 'Remove-M365DSCNotificationEndPointRegistration' + 'Remove-M365DSCNotificationEndPointRegistration', + 'Set-M365DSCLoggingOption' ) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 index 10d6f2767d..168b0fc893 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 @@ -286,6 +286,7 @@ Public function Get-M365DSCTelemetryOption { [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] param() try diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 525aa027d7..b5fee1cf58 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -853,17 +853,23 @@ function Test-M365DSCParameterState } } + $includeNonDriftsInformation = $false + try + { + $includeNonDriftsInformation = [System.Environment]::GetEnvironmentVariable('M365DSCEventLogIncludeNonDrifted', ` + [System.EnvironmentVariableTarget]::Machine) + } + catch + { + Write-Verbose -Message $_ + } if ($returnValue -eq $false) { - $currentInstanceName = Get-M365DSCCurrentResourceInstanceNameFromLogs -ResourceName $Source - if ([System.String]::IsNullOrEMpty($currentInstanceName)) - { - $currentInstanceName = $Source - } - $EventMessage = "`r`n" - $EventMessage += " `r`n" + $EventMessage = [System.Text.StringBuilder]::New() + $EventMessage.Append("`r`n") | Out-Null + $EventMessage.Append(" `r`n") | Out-Null - $EventMessage += " `r`n" + $EventMessage.Append(" `r`n") | Out-Null foreach ($key in $DriftedParameters.Keys) { Write-Verbose -Message "Detected Drifted Parameter [$Source]$key" @@ -885,7 +891,7 @@ function Test-M365DSCParameterState $driftedData.Add('Tenant', $TenantName) Add-M365DSCTelemetryEvent -Type 'DriftInfo' -Data $driftedData #endregion - $EventMessage += " " + $DriftedParameters.$key + "`r`n" + $EventMessage.Append(" " + $DriftedParameters.$key + "`r`n") | Out-Null } #region Telemetry @@ -894,9 +900,9 @@ function Test-M365DSCParameterState $data.Add('Tenant', $TenantName) #endregion - $EventMessage += " `r`n" - $EventMessage += " `r`n" - $EventMessage += " `r`n" + $EventMessage.Append(" `r`n") | Out-Null + $EventMessage.Append(" `r`n") | Out-Null + $EventMessage.Append(" `r`n") | Out-Null foreach ($Key in $DesiredValues.Keys) { $Value = $DesiredValues.$Key @@ -904,14 +910,36 @@ function Test-M365DSCParameterState { $Value = "`$null" } - $EventMessage += " $Value`r`n" + $EventMessage.Append(" $Value`r`n") | Out-Null } - $EventMessage += " `r`n" - $EventMessage += '' + $EventMessage.Append(" `r`n") | Out-Null + $EventMessage.Append('') | Out-Null - Add-M365DSCEvent -Message $EventMessage -EventType 'Drift' -EntryType 'Warning' ` - -EventID 1 -Source $currentInstanceName + Add-M365DSCEvent -Message $EventMessage.ToString() -EventType 'Drift' -EntryType 'Warning' ` + -EventID 1 -Source $Source + } + elseif ($includeNonDriftsInformation -eq $true) + { + # Include details about non-drifted resources. + $EventMessage = [System.Text.StringBuilder]::New() + $EventMessage.Append("`r`n") | Out-Null + $EventMessage.Append(" `r`n") | Out-Null + $EventMessage.Append(" `r`n") | Out-Null + foreach ($Key in $DesiredValues.Keys) + { + $Value = $DesiredValues.$Key + if ([System.String]::IsNullOrEmpty($Value)) + { + $Value = "`$null" + } + $EventMessage.Append(" $Value`r`n") | Out-Null + } + $EventMessage.Append(" `r`n") | Out-Null + $EventMessage.Append('') | Out-Null + Add-M365DSCEvent -Message $EventMessage.ToString() -EventType 'NonDrift' -EntryType 'Information' ` + -EventID 2 -Source $Source } + $Global:M365DSCIncludeNonDriftsInEventLog | Out-File 'C:\dsc\result.txt' #region Telemetry Add-M365DSCTelemetryEvent -Data $data diff --git a/docs/docs/Images/April2023MR-EventViewer.png b/docs/docs/Images/April2023MR-EventViewer.png index ccd7e53868903609f830718beb0ee46fae217db1..5c37cf7907fef29a24c4c8090dcc37d14cb5b7b5 100644 GIT binary patch literal 60477 zcma&NcUV(t*FMUOqrNk!jH03Iz(FCz4(;FDXmyVBZjQ*C zJ8VlC1gS1>^V_d=HO+9m&s)*6^Xkzt$M)~LM*q7Ej|*uMU~eH=IrZLk_K*J7IbXYj zidnTP^SOoGT7)cr;4D=`c`PC?BB7|H?rNR;e56##?)SrxGY2kexpsxm`wsk26Y#p~ zUF-B7u(Maa5-LO^)=KJ7)yUMXR(mc5J@jmwm_Ixsd%s#lY)o0yYZTwx8xfaoxDE}8A3RZ1z=+VcxzHKu<*ODY!2)X zqmNO+ZbjR0VsR6!90)T9#qzCX)7F9OD&(>Xz!+AEtz`o8j%6v@(fwpBDo3jcM4@w=5lv6(eI?M^WBxdp9=>#QyHA zNllRpUDh*%&k8Pl14PJeju3!R2{3YKkAvvN3>F!O^*YaIp`SgKU#Bf2USduNG_Ost=aZQ(^IcYxLFp(9f3gT`?aD1 z3og(!xm&RXQ3U@XeIz{y83c&2>kq@w6_cHi{jHC6wPn(n7-A@WTE)6-7?e(LY3~SJ zJPTnaxZC=5C)sYH`;j|JH5fb6MI^03LS4J&g25r+L*aZ^a_v%(B~(PlBfd z@VYaQgV4nkXPc+3r`rL&QI!q?(#_cPogielNubLJ1#cG#+RXx_!vi#!jM_KW zXT@G?7z~0dWK;iT^{if46J(t==*aV5s6uWA5t-d+}X;8RrZnmryrDKH5V!E8Y88zm2;sKcgcmFXkh{%!@3bNWK$_GZ1v;51C!x8WC6Lf(9W;Ge z<$L@>qPj?Y5op2k{r-WsLktrq-AQrCW%}WM4PJTyVmYV(2DPO?(~V9~H&x%bNRE&3 zB5BAv^?x^t4H-uG0rCtXtyT2XtnLkqE~bV{2Tyv|O#3t+E%sj9!4O%Pvh5<<(58bz z!5e{q4%P`6SbwHQ(A3k2^fZHezi0flzJD0U5G%;|x!DruZB`hLSx`i7m@N;7Z9sd_ zT(_rFC15$sZM8aUW^J;@0p6-mIO*<>t#R7VBn3=8Z5L4wzIG@@14f(YUo_BU%&&e@ zX)qLJev7zEm5+t?0OFKw25)@PGTr2oG;3ZM{&Z=U2Hit8VchR|{h^eNcFpPv7@bSU zA)glFSUnZFIg@mVq*IM9d3~oz0CE2n*WnGaUv1ZXgQbtf$KwhGfBbk90U^fa(0f$6>M}T)< z?WdJHMQTMHgYL8=nONk`3sCS7Zzom)LaP+157OApM?;tt0re$jKM3C9;Ju3lY53-I z^|%X z!0dlqdi40u5$uG;X!}}iRKET1q@J(;&q&`WWoB`@85U)xYhqH5{Cd6raxGcQ*r~U_ zzC2j0{2lRgn(UNJ+EppnrPln8u*_&&d@pBef6{9?s>}=R*;f=Tq`INOFA4*N5#I9q zUuvAP)L$Dpr>9#{h1`Za&IGLFW>NEBKXss_b|iI~mF(o4L*rlClzZxX8>sz=-+X*N zpHn1hlxx~8Uv3^7_p@;4{bOoj-f?XmbBE%}(C}!C9xeiZ==s{0p*WgN)Iq5rNpjCef?#*Z{6efcGI=6CuBL(_hEI65hOjS21s8-qic=Q0KcB6=@cQ zXHn+DABygMNKXgP^^0om`_ z%uT>GY|py%KKCu$_RPY^t*015zoBu=54Nz8W?AOO;SBiTSG#YjO`u^d+YmV)&ttbmWy4O|?0hoA%$`DjnSZZ`*ac!906t!Or3E$2iQt$; zxN~8h$EK0}EKN314$MLap2oDIiPTxN=Bz6*(86db%lA>{&NNSNtCZ?#zsu~IdBZXpDA@aB1;iN>l(>gp%>^Ds3UBy+<$ z-sT{ZJ0~m@A;3X_nDYg^mBVn0@>fCs*^`lvblPquey7G|afh9x8AKFmb}0`35t<_q zOA#@Y6g146JJl}By*$n(^SF_*8We9)IC}$8zmiF=z3px~Jg>v}3O`Jw68D(p9(c~575S?_Bia~NjC9Tt*?2XPlKCm|Phr@?hP zC0O3`!;zFbJ(<$e_f`WHf3B_+Qw3SyNtoP#ZSi)RNVs_xecF0EaAS?rtpkEj#oS0_ zAQ3BPoimu<&pi1NIXUAfj`@)`4IZQ4_R*u@mW!fWDoCn|NhTweD?PH4#A(avyD{?$ z24WVV>ejFkpjt9GCY_xeF+~s8s^5?fLNK1&22-FCqR8}nV4qcv;g_XiL}ZbM-cD88 zv35IEVjy$ll*al_WfC_`2tsQnb@QvAk(MDKKi055px`rM{Zkd2Qr^30&f$!p1(Fwg zxK(b`weuX|=gBGie3@3au?VxJS%N~i0!U)Q;ri(e@afZmCo$P3fn80dYXV6z(waWI z&$Z~9n-p*2PM+KbZZ|3OY=PsRO?^Ko_XPkCK^s%G4(%}juJFQ_So8Dqa}daJ&Wz4QiGxtKSyB+~*Bp z%*Q{ug)T5G%kUrkeaHbV#Qh#+f6eRKJJ@+x+j=vI8F8xB#t^wo4B0~4Zez5K&Y$&X zMr84Q=e#9kX+^}GS1oth0ODjlfb^;-z2Y&$ zw~mD}x@|S-Q+{Ujp_s78(Alt{^+!vZGn0n(b6i$k?ATNK(I6CkOai-IfY=_FgJ*j5 z!@2ZsTCq3bq{KZRh7N>K7rG{hVz*$Ws4@o0)~ef{_fHE*2b^ZL($yEf{MZT#0&Rxz zw#h+|ZSdjNt!WB2S>1fSZLs>#zb08c;($)#j7G?YZ28fqN0!&E#>#SPO25f~Gr|Op z;GpzbJo$$2oOJ|QJ$RnL5?umm4lWzQ`q9?)fdTc?t*x!iPOh%Hso|JOxOpOX46lT@ zqRtB8cG0|$l%Vf!=Q{Gb5zg1(-#cd8S%+gj=xo$dXayO;aMCwCm_8OrHzQ*fy5(Wz zC`OqOixw)RN#)0j+-Y7sEz$GYO#S<0TwdQyYu^FAg>Xag#;1NFvyaG$%8hUt(4)3xUF#f25T)g9msMjSf4VcxJx zxTtdsbXL>n31F8^GZ#h1r8`sSJK`?Vr-O)tgT^(J)2`~&b4LyhT3K0r_`M(6=SSO^ zW|b#ldJI#h?XF38=k@vQw%c-(+(ko4W}4g)kQ!y(aGcsv4v}VsWqC9Ya@E=$KR7a^ z$lS4RguCszIn$K1c=~X2UMqL2{nTMBBU(ftWIIgsDL1Z_ z8`rEi-DC~OI59W$pyT4ORK&hsV;(s%2e)wctPoXtMFi6I*a;AGS;N*Y4D1W~&! zemwxh#JJ;SIkoMrtt54lDw0)$WTAOGIBq7Hk$J<}iPN-M!rEX)>uCn-^4vK^8=R_o z9P6MVnDr%`VCQ;mX|h`JiqoAJubO9gR6im|h(|l?dc_MvZd`>h-YfcRJ`S9oxk(g# zWMyF`EyQXjB8VbM$l27suUiqZ+d|#tM5zTAz+K8h&L2B{h_~#=qY2g^#v+zK5|JzW zT5TM0klR{{5Tz4PEJ8ngJ|0qDaD^FmF^VI%&g$VBhHki{c(X_G*2p!AP)U!&Xusg{R=whtqsxGnGz5P}pnWA~-$Tp`^@lfgvqo7=xhbQvp zyLnVxZq_cbB!rRTj6%KYljteA0@^HwTuEZ;BpwR027^fmGCe3z!?*CftcZEYckIo3 z8CPX(6Q{k%;6B76tb_vzO^#u53Vsq0R(flfMH%nr2wRZ_p&SP@Zc9#7ld-Lu5N}W+ zZL%iAx1k>m-S9)PMwNYCTwRyP`w_GVAaDp_mb8Cl)}h?H3C)!B_H;_KA+HYw9Ua;Z z#lB*C*)o&OZ23bc+^Kg;>(}>a1@aA#YL#ACvj3qo+e9!JjN2ON=d8`~FakqHINnc6=b3vf zrsb@F#zu|J*0691^B!`=5|19%1?;c$a#91ZN{eYf8?S59^^VA_$tsk~`D3q`fi@P8 zWOUY3&?#OlBBv<+&ls}l)CGgM5&d=Qhl-2?L$D&|R%(MFT6dEp z&v!`BZWOVK@L4vPA-5foAvZ-}s1Wm-mxFfGg}Cs7bef9wr)+vZ zZ!`0w)c=TF3l3;~d5s4aRo&R}+8rO#fW+;RO0oX|j9(oi@qR+t7)QTzu;O@bDYZ-( z%pz|bG3DygBm2xH0x}sNM}9M|NaKO`VfomJNDhmx^ZUM>J%m~TKPqy0|6Qr|=A6&| z<=Cs&|39<0k6(6YqjJ{#v2$#a_D_Dx!_lD(AC!qSdayrQqp9*~n8r*!3Uun{ObO9I zSZ8N~Uhk(`d;p(gk9MaM&zyR;z8ZiIO%Q_7H+J^2gJZjMB@R#)=evInNVQ8DTTPrK ztIxevFi_)|%Lgue-{c}8Up89xf^0=HeviCYIcngiPyXCq8KHL*Ow#mQz|iZzx*rsT8mjgwWDIq*pRh^B$FOGK6{4rBc7?1=F89>K?UHj4XK_dS<;~7f-m+_?TF`jY~ zhK0A!-HiiL)V!6!Ci8w26F1Jsa*G0GCRC@xC*(`MUhexXDW8z}rLR>)q^#zX+i zvxdM;IB=K+5MkJ@esqHq5OFifug|D-WDU;yx#>&7$*pfK%uW-$Jx7^@w@pU|#l(u^ zRWO2KZ5n)&&GlF1ODdHmQbHF~yX7+6N^w2seRUMHF4v zTo-W%#b5sTu3^JP%HkzW{jrJFG+alO6YgbCrQt2Z&ea?0nvacjf)x&l>kDd{{6U1p zRmwgZQY#q!@Re?po1?aOOsk_7P_z){5DNQcb(z!j9YqUWE=Sf;CU{Ibky#{+r40O_ zDb38L84jq1g%`lT0CZT@b@wga;4|3o^`d=)SL6x58!+U2a*Tb9Gi+OjXCO@3AQnb}MzpzIRG^QsnV=#fDj0ZSK z@CJjVzS9kYwbh_DhjrGunM0B794ad>XA&A4HLh@FJx;1W6d>6>t95q8P~lNqMo|li zQDs(do&Sn=*FF2g4m<)BFf~b<>m#5w&QCH?D?*e?=34*1$i(S3E!pF9uTH*v<5HzN zWN)>FaDP2&rHZlwm#Nk!7)ITktLPR=DfeC3y(ZD?FLq79*#ElTtMcsh%cSQ~D8f1H z@Uddg|6Yu$k^NF_W-fuC+K7&(5_QQYF8!l5>>*ip=%RcavdDksfKg$Hkib#ksN8|7sQ#qT~5DsB^# zwTLgs`*rM=y616#S<$Ol7Ku~Q_HSny->w-*0!Rk!QLDP=2{x_$Cm0$!-I__d6xSg+ zweA;En2*CY_i&1PLQ!pP6|z0=Sm3wL6((-K!nZdztkMa76Osa~RXy?zhJ3;L7-sdR z3X(IB#9Ig};jx=^)M>&*dig~n_ckh!8bI8g<5B!VZ2Dbk`lUk?QX4w_Mi$9An^ z09QU))9?OcCcf(DL6}wR!vdn)A^EsYBNXl25#(${A8Q5`$}r*Wa$;F6N+j+G5wjM6 zPK@z_1bg*pI(;^|p}n{tTS`q6p%dMl9yt!;LA;2GA?z1RA>h~E&}D2_bPB*yO&;23 zB<+MPn*>z%DJDM4fkUk}KNwH~FBaWfv&!QN5$ITY>*Kv;@!9DY>#YSW=OrQ5W^KD_ zNGNKR3668t8S{O*9P>X|2F>LU{p~-aXJe{G5}j7ZEhpZX8;}sCZ;~UQ7Wj4AvRk2s z5QRet2Wkksmr;as2l#}=fVxA3`uv6c`dF#wXR_r45=f6BOfYJymJ}kg9cf_X9|Q3t zBU#=86ByR6ps0t*5A=0SgLZZPwn<{1kg#rvO?^pFYN#E5Atn#A&&zoT0I^XDuR>!^ zNDyhBhPx$wS!n;ewYLf?z71`Z=!`eT>1l4N2w|8Qd6$l%yi=F;-B0N$;V*1{Rc<8C z?{P6>C4}8Jm5uQVXQi?v_SP8g=*oe#Y$e)k%3js6F>$dUTC7Psk!0oDIbvpu@u2Lq>hb90 z;1%TCKakkz@W63~?^uv$p-hgv@;EJRGc=-a4sbkYHY#Zi$ zPu(uE>CpStx-*8Chm;q@_YqCZO{o}+CVNJJ2vkY{)x-mp#%&j+Bd;7)ADut)iqrHD zG#z$lUNi1x*FYoXM4(VFRnj4GBCUBsG&5Idr}1<;RrMaiIO7 z?IIIeZ4|II`1=lM>{`{80LX)d?tb=CgeG%&E|w_cm&pq4=Qcy2L?Q>zTPsk6QWkPc zluUGn)m#m1qSznC8GjU$7NbZafXf|lDyE3;AJbA}sn>hvWPV-l>C*Rg5N2%x$zcCN z)MTWfk=vip@OeSoy7@?VQU7K#e5P9kPOLyNxV)_-xsYw4*_Xcq(Mf+L7qM~)+U`E1 zC9juJwBugz<&2@tH>c?0{krP2or)J@?f|z1lxGO#DM`Cr6cYolUrIo3ennCVLOeFA zVJ(Tsi$t=XTVlD|DSlHieP|$du@|21ukw)qu*yCNkL?U$jmtkOp79y8RI|^s32BcJ zG5uM*b$4|nuLo?`O>f*nPqBh{yB&u;xAT7ae5>qlWN3>;@d4>>!d>~>?#&~z>ncMh zBc7|CCVqz3|JwLRD>+l#!u_huYLX8j#VB1tHb(zi_isWDcE>z!(Y8UvZ8DL^W0P?l zBu1uNJX#U2vd1C%YK0d0OAg{k&0exoE_GnN1 z(MSw}97M$MK(=Y#cpgWtfgDPXYUZmx$v|5$1>CM$5zr#PDkmWgBNgxU4(kT=vBcUu zNooMnGEB&aJ|;!06$bVmEB(cSw>wXa7Hb=!m+DmsF}^YG55M9o#f%`@^|V+RpEdg5 z!~&;^3IzMASX=)1@!q~mh`Kw?!}l^CfXQE6ltz!+;8U}ee;Wn3PJk?c1a8SKOj7$9 z6NN6Cz z`6o@Vt{6FrRxhLQVuM0GysE)Vbmv&e>(a=no>>*#X4$qYryeq5W+ZuLEJ*6OYB z{C%oQv&9cYRaOG5aoVu%EJ)3}%}y0j=fd$HWcEq{{-7bn=?`){U$ULGJz60oNt1In z7P`ofyyD5i1zJLP^TW(|`5w5yMQ<)6o@ek%UbxZpBJa5_57Wt;yr|6-h}A#KQTaXj z@DNU>;Jl}(#U!u2%go)n7J8uZRVNZ<8@J3$-LyVxHyKYnl!0GX(U5Fd4p^!8cQF~> zkidCLG$#d zAkNnW6thbR3)h>l57b&u!v;KZH;`xboGoU&XiU7wlX)udC8)5AKDPLZy`jN@4aP>E zF-z2VdSLhH>oW(0^|16&HV?_Rv}ifQ7o)pnIRj@qjWK!Z*VR*bzkOyR8=qB`%a-Bo z9tCzihac#!DLqmdz%#R#<{0BDz6{rrRx`A0@feRFQJ81=H?#WfR{V{o)wfQzxi1OIe9CbSEo|<*8Nviu|2K&RrK;?^$ zf`w4K(|`v7xM<&n1T!1o&dc(d9@ow!E*L+tDJKh{HFne8$10?B~_z^b5i$a6|~>#SKg~M zEf>EgFprbctt@wXTV!zLZP4v=A-{Z9;kEe^5 z=YP2k={>s=oKyO3@-D4Fg|305K?eF;u*{Vr?>g66;X(IrO8-V~&V4m!q@}YCFQ#u$ z29MmyH-s}cxo83GW*$Y)Rwik}9<6$lvIlwr^MlAq3|RCB;n1DoSGwzW9O zOvL#GVHNFaC`OF>=e6U$`ytz-0SMVYQ55IL$k|b{k)~-`Z8m#c8*WC9p}GUfhSCWj?7k8&B>>9#Fr1BEF|lL7OP6%tedBSPH1imTBo8? z8GrQt;d5+EH6pmp+HvGA0!p;bvrX&LH(-l|Y*Qaff&T_W;d%4diSk=z=5of5hOx z^@#uilq8b|eM9CI61!`nY#4_*d0bmIBc4m?M{Pp5>@6~D$b?Je1@nXvG)o@Q47q~` z))5vEJn^&0-u`8FHcBq0e5f{%7rjS7l^!dpTlw^((}a}nHwrW%(SbIy`Lq4OZD*a+ zkGEH6h{5#aGB>}n|G!xfnN96a;tUQB020A@a8MmgNK}8kkMXaJR30I%E}Kr2<*{D$~0_2BUJ!Lx)R!D{Ij>y8VMx z#<6=J@>ach<5GxqNVj^0hF`1h@5)fx)5?JiPwzW z6?n?mXjQi}YRT*7HLUPBt5P`T4q9XOcEyAOO}3*?p6X zoXw3$_uo*+lofnpk-n$yMs@R~vDHC6InG!s?t^zfgydd;U@7#4G}Sx8$Q&|v!4kPq zSwFxleM@S;`ZrV`Jht-{{gr31hw8A!f|=8o~^9cPqo(H8J?E! zYk59?I`)8+mHMIlfYjvS_CTfXpclg>$|tKH&nm<(odbnHI>E|%tv3`3aZQ67yPO;3 z&&2^2ryEDBR){{73S&%N-ZRxoASRy0=%Ki8+tsPzkPp=y+xlX4_)t?3(xloJOjY5r zJCPF2$w%$D@HJsQ361UC2nc&d+vtO%>iJ`RpLb-4}_;໻S}1FV57-b+km6lD99tGzp*`}^efGaf#n3kmfsFK{rFGq{ zn3DeKu5zPa{!0VT-$gcW31T|>ty_&7;TA~%!rnLx0&?b+DL;%CeVshTONg@JQexrT z{AP$1DcfC&jBC_*d?%`gBOm|pj)W-ZkF@Nal|g@bo2-YZWXpK%YrGO7lGALc>PYI# zpe4l}I~>;Z(Dn;s9l6UOa>;m&&Bg-}0+Sn?Gpvnz+x*V?8%L85aB*HHiV_{X5vbo_ zZAJQEx`M0Hg$OsDf~n>YT0qX0VTyQg=eUgB!+dyJ@dM_o9vsY_*jeRm0kLrJi><}T z^G&{DYYL9IjeBRi)4;0NAOLPUccj}ub;3P zjGd2NGwS`T-`~`K_Ru?61>db=S=f8QoL>|Dx_fInc>i<*fH98#Qx3pT9 zw7!8Rz`BzhXunA=m|M40V2;~8c33i0Id)i2PcO=?u%^`E@ne$DqZJ$~e=>sxd(8_{ zQoc~KtrMDOqVy}x&7 zin;l1Usp)4`ek19<u(<6OHQ#z6B!vq=&B_#RY%5HPlqWls&eK?x3A=N zxp8^~jtVi{&A@3~pp|ntTHGa+0e3LYncG*-`)~CP&qI`U4T<7EEgW3ZBm2c)*z|=5I;XSgdaRF_2t{@`dHcA7wh^b@vhfZ4TNjzcuR}U`kw?DhOAFO zrX5fdA#)S^#lDN)RxSu2(W&%`NdC*d_79F?^YujJEcDf`78Gb<^YO9)6xSPvWLO#Z zS&MO5QCml5U#^|RnPS&YGNOACreak0g887qPtdM`Zn=q&117R{Yex^sa1wCW4JH>k%ToUV@}U=t;i-Cg zF#-i0X70e}7oBVc(>B&B`mjLXFc|_LQ$QnZtD9m(z>cdjj~0Pe&U&ETgj8a^cMyd2 zxI?nMoPOS_gE_bOMA&#`=JjqdVcJniAzyhL8OFVMmtUkLh>>Y5nR#Nftc3yr4mG>VvR6s2vJO^a zZ9iDfP?U74O)OTl_!O9>R3_?fpP^120B>MdH-Jplp%b)YVf6tS2TO&nTP?|~jg^)9 z;roC_jZWO`-X0qh7myEVkVhdB_z85z_2sE?C85gdPa=1n($hiu@LT$x`9V)W4(E%+ zLnSH^?jjg}8C;19)go8bW_VsfWiWR&zy9E}fUjhQ#!CvVHrhrF0N=DTzgpWLTHx=%V}ip&>!+%tFLo#e^w{%+8c6x+h;sp2n}vMmV#*SmhPNH{pHqdj@`P?@ppDrYvPU<)*A@8bXii$!w!v486T5y5Y8I;v|t2SaqpY zztd#?{=H9LngQ@DsUmTx8;+s!t_G{+`mPqM4+o8A1Sv87DMr*5r*?PT{b&I1_w?&i zO%!ai#+%f^I}f5O`&3C!e^k40aLx{e*wA`0ihf>gdjyTxF+p*Au%Tue8&92Ki>D;` z{9I4*>f3lTzpUzT|4fLI<+F?L;L$3%Uefy9*#Ardd4rtM$=0Dvn&NnS@C&WO-n=D8 zJhz)9uuJRghg+w{`6}&7){Z{9)Nhh5U=3uopWO9@<~l{>8ZI_S+E3j`jchdC3m%@Df{-pI9@X*jhv zi9>ZP*S!EdEpp+y9A9H(2PoTj;2@tz<|r|mA#-lB?GK>P>%s)&d0XN;b_hU9`e6W-if)lU`)l$a$P%4Jxrtc5GtuljwpDC$TD#y+ z>zZ$?T@ZfjX?mTuSqRBo*= z^(r(29Z$`XVK9B-$>XB7s)jjueu)>wVErTfIp(A8kdNYS+WEaCWwPfG zTR$e8odf2$jJT{-euyzmF;>yL`|5a@`I;m1T)69Br_%Z~1`&Raxl2jMu|O9`qW- zXC{`(Enm4oRU_{SneSd%HDo?HTUMan-fAGu*@k%`+%^>^sbBg*gL#?Bd3-8ZS4Tzl zq-9SPRgu&6%2Yqb%=F|1=;PJsd66`w)ISErBwynyw~f#AeCDJWd#6 zERM<{p%YOXtMe2sHSb^3irBO@{&TbS`#QB#Ufm|xWCm$76P&H=J^oP~`ev8Yg?W_- zhpK0XCk%kPF7?*7orsI12|tf1z3nLOiWO3|9W61j#pUm8k2+=J`+^IgA4heognF~6 zu+z}#`FMBAi2w3k>bo^(c~crDDMBCFl{ zp{Ur9=TL>`@3w9DyHO$sA=CI2udaFayR|fr(c~M~9;S|_lQSlM8;=UkipD-U`t z*{a^a#8X5wQ^-MiLp@_~3S2n!ElTlZpwFec{GUR6B#;JzxgN4Fd$V5rI@CkdJ0Zg> z!LL)irZ_w^2R!`%Uwy|{tV_2w@}6q<=&`EDMT+fxrkef(pXPg=GJ*>Nh#z9=8Vo`( zHV@_~L+(+zPQ}T?{)FQ;qzv8d`X<_&#jJgkH0cE%LrHYf?urX6PXd3YO=m9!K8c4_ zhkgBHJxF8Y9RDN5t}VrO{uz$x^3t}elBRi5rcc&#bMAN#xGJaaWdJ2qpD=7DZUV+f zS!4uDth*0hNLp#Q6HrpMysc;P#ydv&lI`A9c6GgPF`ulOFUH(<`24|s*>pR1v{5fA z^Q30wUmh)5@tJ>LjjO&_5MLBp(GgKQyp_}asW;uK&^3F)S$$jw%*QM1KS z-zg#5?Aw;o!M5`O?-z4JWwF_38M0gHQik=peLvfBYxNNmMO})s%d)3pJ)kGWSeenq zrH$^Du7JUto__bx-*>R*&C~~WN2^8j{l9}1)(g@c4ZH^7wKMF@G&*W{!zXg$Hw`Fz z`$^YA{zsX?tEh`rRPwyy3?vOmp1WRoLb#&t<>)@IpgV1%2~=i`YS363MST4gPH|s zlgsFMe|vZNH<>B=ftvos86V3{PSn=y9&%M*alDyGnUS7-c`7n~?~pZ~t{f;!(m5Mm zUgm5g$r#-25)&Bzlz!=;!i4`w`?-`X81bQ)X<@DbLUF|A-edg0$dHn;ytU_+F8 zy$M*{e1?U!)QS4133#RDcNy|+vc|Rw(mrj!g)0kd}eoW-#HNlW8}fD+~Q2%CEY=?eQ&6QuAV=y;Zswbc8S9nn*@PVJ^5GPBK>$h*Jc*M{c>8#?G;z5BH(PhK@Y zelQnsf>inDtkiL5QxZ^H`tkBOm?jK^VrN{V1f<(3-?b0{p7Ddk0nK9*pAB3|lJ1oi z3AfJWd*l^D@9Mi%i+V071k|pb1Xa5kbVM))EY`z2(u&oawysEQX?^Vv0LpSC5hLLr zRgyr>n~JNI{jC|%!l@5nak~Q}Z!TY5KE!sqz5ien@VFAl5Oz5eHf9qT-e&pGBqGlv z!=NxFDH2odkFLLKdM?cz-(%jA+bJfqpj|ZMlWe%Dwk`-BlXX%ws0>>VDEcTd6SmYk!6q>)DRa^ZZt@G?PGX%*&Xi|#aquKup0 zhr&Ky*EE^eLR+r{8^s&mF>a4Ko9BnQ!>+dUMwt7Wnw;<6J$i!`GaS0#Dew$h4cOA* zL+2iv&qTW^X4<(9-6}Dr9gyrYRyk{NLGaZGT=-abme*IYw^utl1fv^96~vQ$KPJc( zjq8f<`1SVrGt?Nh#wuyGiv{19x(iYBdipDu0GISI{e5nI@pQHH`_ZkhV5!*xd`nrI zQSC3z#D7L=WcC!B3=`&7n*Db8+#~bHAd@LaNgWSSHJ6QR-#9+s;=Ue(QXXbFz};Gh z`1$4ATC%pX0Z>HJ3AHGiNLRd<;h1Lv9~(}82e=zIt+*iLX$!>>rsfdin$r62$38H& zpI^w-VU%WxWqWhm>5a|PY2|-ixPCB4H|+4Eh5JJ#SsHbD zoo2VK9XidbS_`2RCA~kcJDRFJagWY5P+MtD?Jz6R9k`b{FhBUFxb>3e&G{W^@#$Ba zdHHgWz^SPBw6C~NO3NQl+Q5ty7LKL4#fNfQaJa#sPl*1#6ZEXMCZ#M%gR~(3VoloU z&(k&!U3Jt+mlMcU9XYZly+BY})DDqSb;wyUv|Q$_pqm0U3$OMN_ihAFT!AkQN*4BYuEyJ3kuz<r3oGs%Lx{?3-{8=Ow_kSGfyO^??Fg8=TqOAa3N^6ymsoEwuzO?LjGsT zwb_dVS5ZpLo#qCYV;MxBiJH5DR%#ly`ZV2Q$yVvXdvX*(_o!X#Hw~vXDs1k)CuifcOG{3wL z1S;Vo<0|8y<)7MpQY=;_f~$Tn7vkQ64a`UQGL~I!74jrm69bB$cfxx;2SOZl)$mcv z6qDN()pI#wTX+fAz&)Kdo}XZk=_&liui{^koq-JxHS#oNK}QgOs7}(WTyoC(+(4~q ze+tJF(zOwhnciz1cl;FypGCSNs(vq~YWuyAiWK{_RVNN9tG%-VAd@=*gpDCg9!AJMztd3L#+J%Bk|6;jG=~x;CDz2}5&@Pxu!+&yH zHlT@X{wL#pIJof9aZ9I5b>bG?of0r01pt_o+bggO4F)W$VmWQXR@Q3jgBy?sCSdEx z;ioouwZi4_qNDM{+rP{1geF(i=2W<)3X1oh^mXYnGE1vigYV6JO+Xn!8$5E;;kT&b z6Xf}{S603?sYvqz_pPvvP?KpfL*Hzb3%#yg&IW3F_}*bP%-y#Yusc=Mn5e`~a4+D5 zYzi>$qpqlKZzZ!dNZy}SonC|Yl3o?2s7bv?*$6LI34LV&)W&P?&QE*u@mYRtP+tcS zPsEXYhr*YKEUbI0{l`{MT8~SwPA%$rmKe$hGSq7~ z>r5{x7q#9JxA3%2_AYUPD9v3-CMNWB#qLMXr1aO#EP<0iAcw^-cj4*?;eUZ_;kNg zs`dA^=!i;J8A6;6w0WKA8u*@Fore1Q7WKfQ!Tj@`y7ZH^!=F!;sQSw*Yxa=uu1MM& z&z+RB5DKc&(y#hGu*#0;dOSF9KPl^}JsOMoyRhlwyUc_9x8{njHm;n?gzkLG?y44} zMyh{}mz!hb_=Is;(D7t`ba5PN7Y}Y%0*fhO9+~<%70+pn*ITSp)RMmb zCF$1m&fQadD0Vd0@-8bC0NR%0p08Z=u}4vh*&|;{LSw^sU+pIdmQ8=R+hm@9a`wgP z#1QkLa;e^PPomftewEAWwR+;X)f7xi==)Ec^8@4d*t&`P_;W-q zuqWunDRJIAhi~T}OJgaDcWB`njd@Q;lUI%qmm`cIcTM=^JRT`R<@}Gp{Mm1!Q#9A5_&@ocV@ZwfWVjL(ftxIxfB=ucm1vg zG+3#(@$_Cs`mEUA&jH;b_?gml<;!3wURiQZ&U?7`mMnN2X+E7>@KF1`Kw5<9)jkiC zwC`0amU%hQ8Op?nxFYmXJPj%zo~hcbDDcMj>Gv!1cu!1(qr{gl7X*tRZs~Op7)2R2 zf%^${V|rR_0p>*PNe{XD?9%eCvys_rCmjdg6koJ-O*=IrNBoff9bIQMTb$!li$4E_H^UU*ldL{o&7Vy*}z%xcoyxPhBn~CU%vO@Ul=Z+*= zS14zxLIT#pi>S$MzG+523a#aWV&~mnH@jy+1p?=!uw^%VhABm`pYH8tbPPs4bE~6E zkEP@m>oVl~100Me89#s#?VY~;r$brgb! zOl+h2=dIztgZD|{-v9f6tkjxAWWC~-LgoIal?tyh zUU6_G6^0{BL+YSWoZeYbe!d83#AbM##rbIZ)yyWbAL!XLauC#sa2tZVn0yH3(yqUi zu+`688*VA9EnBXcmy3G6|5)~zu`&aLk^VeOMB5u1exmWV?-m?wdR1&E}+MY`kr%xCkZ24wgi1~gJ9%Gco)`~e5 z?V?z5T=aYJhn%$0I@MTz>5caSbq~j5=$;vFh04{NXT0;Ziv4^uHU1yE-aDS{E&dV?}Bh(g(+AFGr5Uanp z#{K<1kKgz6ZToNYe!tInopYY+G&slM5nJOi8bMpYF{6ZpdVTsr>9y1w1R}PY!9;H8&{M&@+@Vi3VCtRFh2p zL80(4JgkmJkHxf_CLXkM*0;-Rhpi4%Op(RuW0wR>c}8!TwCydW|K z`)(0qx$dmMr#RG|u((y!m%&ZwqQl^vkzO=+@8isjSDaoTpFykCE`N^OF}RCyjmqO| zo2z#wlAK+Fbh%8LLs=cE6Q0ypdfv2+-t-VKk zecufHoT)C_7|{w@2zC%)-)Mab|!WMCE~2;}DK?B>kO`+Mr$Taj!RH|{WN9A zbGwdlU}<%0VDyP|nGDi#V+&ka)JRh`m!CXG*Y@bX6D5)+wE+e)=^Y{bi zE)%COLiTIB_PGNUZq)^^@^4Sv%eh)T7z~jtQ)tw4sEv6#@-&3Z&7%grlPFOe#p?Y* z@oeJguirbVSqb)cRU%couYrt5c1o&%KfHEqFcGTzDJ2&z`^QDy%E@qOWq@BH#I z3~cp46dY6UQ!VBy#ePX&&&c@wb*IBLhM$c3(evS*2jun*g7~RUrX!^`7N>8Xl5`vF z#SB(ypO2KMCI#ySBsp{;&O(uJ7|vd4QjQHRLEkiwz#zFXuN&oN%+qpbeX>`3*A4V? zIN@*Rn-n8wkN;|-efoV*j_Cb zN{Jz9LJPXdaQ|UoCk3n>?XF8s7vEz7wuTuu2eP6vX&ANCVmY2(I>0N1{11OVzpMXu z9&a>(b0>NpfBRlvLrnoayp2n?lsu(7u!Z|+9yy_~N{4V#`47p;dR&JNc9aY(7A&v#1Q{wF zn-;`&ky$~+t@YE6J+nB?rnsJZUKKb-A|UUE{wT_yOE6r~aphR)?HI1Gb;1WUm$4S5 z5Xd0bc>3EQD!6?tkY*hUvSUb)7 zDJ9(}``<@U|8-!8K0u;%{$o6#Zb7H9cR3HS%Ic5Z{T=k4l^Bqn&v&3dSP`z{^kBDu z5bwggn3t}2tteCe>S9Z2_wreRk_z$c(f>qOby>bqI2TxAtZMdNx`H~FETK{}I0A1_ z9kMS! z{nGrX5&@lP5VI!aJ?ICP5N(B3;rj%JG|xtI8Z0_!7#moL4X`^GL zy1mLII$GatUPTttGJg(49dO^yLMY4+Pa3&=^UY$OwBnfDs8Rdi_Hd^M;Rv;wD0_tS z(5=sCWi{fO9cf2#4!8w_E5#XOP8Y%DGBeU}Y;>5Kx}BIY_O-yxA-29I89K@b;5Sj3 zDpn|kRg`WZHO&EfJVn8-Ad$hu^8}m^n$H@*F7?F6%rs3(2V{OSBDvoJn#Z`-{2ScD zG=oPaNBQO;wD)s?WuYdUpb;^tYF_L613QfVbUQTk`Te7;0=Lh=hZil`N|=QT>-Pz5 zgW-&n8WUfB`sx7%aFW{MoISsLW5u^+VR2R?!6 ztL<<21$@R9ALw{~G5gZUc125iRdlCJzkqdeO@G)pS$wJdceJS2_WG+yW{mNiS zl0(7>uRos#1ne?kRi4VqvJC@N*1tM*jA7&$hH1UVvvhTEOw=d`ZWgd`fCWV~`l8FP zU-I3kb?2DS@8@?Qhk{DC)+E}_7H>W2fdB50XxJGk!K3VoO?S#4HZ3=sH_yaxRVOVY z9i1At_i2d8nM$6rr=-*YREij!t8hqfM>{Re+(*VCZ^ek&@p44=i|=$3cw=+D0Qs8o z6x?^QxDxKHs%1@+oAlMlY~F;h*2nkM4=fdmReAaPT`V5d=s0ILxKM*f0J2Zw{^vcx zG^ot!{%3Jornw&R?srTXg}y+V@+z7muA;ODJ>>p~a{luR4+rZ=r8Pm~nqxy;gtd`& z^2NLkZTGuP$uWO8-ZMjf3;)qr*SAtwmJw0%Lk7GxQ#x#H+U9bM-CLVGM5od=9?zxg zg#m&IW!~*wai{TPZhw+hhe(Ntf<%;JggDP@m@i^o~Ny5Zv1OIQ&9H{CY=XJ zKeMF#7l;MpKc>%peh`|{X_|A#j_Qm$Cz9CT+Q6z3a;S z7h8C^;=}J~Rw_{p?=Dm+^u&~xHkirwoLk>GYW3sCF|+8sk5XckY?(3y?mzsz&eN13vO^$9q+z_z=Bq z=Nd-mQ=H7Ivy5V*&65i>o+fQLHFOIUI^a4nNitEpnTK!su5PxKw6f4nu#cPFElE79 zT?og!fQ?YBd+VFlWx0UO^G&5SXoij7i}*&`Vk1)KoGV0yclekZ4xI;NYRrUU#5@Od zO2M;R7a$>G8ic0G+XB8xE085j>1*&W7vY%?%vE_+qxQ^YrcJYb?kXZ;?<6qt>ujsm z2hM};H{?N!Ds1CyMpr*OD`#s3gBcWM=yJ0*aGh&SossZt%Aokt5VOV>ko!e?-K``{ z*Q~0PyGT|EDyJ3Nx|h-8is8?Wg6)WC{gz%6gHEu zg-;ILz0|!hxMjZgh{ff{1>jr+Q52MfA*Vz4L8NOJfzwFP+4tYx{SBv`7Vkwa&cVQ1 zCft<*wO?A>oU1|Gc8tFWvZ(R`MX8d^U^gx;)n6*U8;YxgE-q@mbpWeKy|=Naph3vu z)XbmY<*@QAieZ6!aW$pk@H9)`^9J$rRVFr>=S*RwgE6rQ;M`6(d9h*r69afcU~;TY zBD^=V)XDa-k9+cHudIY%bd4v+BFD5O>bUSily3=D*d$|@FHLgIx5Y7CCp>g_AOM>!8iws3WoNmo7}I>Q&&=)2i&d! z(Tn^gqWFuOziSW6eALxOX77#1M%w<@0QC~0l+xcBA*Lcos7kB@mvR3(yxKrL(Pc>^ z&QCR9DB(omeW+Zlo+8#R&n%Fki`K6@}_lPInjid5A2=D#Xy5P^wPCE1zzv z>yl3Btcymak#%8;6-GQJShFjGS~G}qHqhloK0_nlcoL|)KRD?Vup>Yoz5^tp?9dA> zssH8)SZM-FqUWc5C`jbh_50E1ghHA+{|b^uV~_^fUKlukBHZ z)uL({hwjFQ?&(!KtC6?{8R|;yFd$W_<=_M)wt|K608$Eh`fpOPAygNE6#|1u`cpo@ z$%}>dvgv{3%^H*0hUj$%6Xzx)abHtE`?VA#+#xggOK1%xLG@h2vat(cF$^hYGhn8# z%NCFrVXH6X;si<5RnJISGSF}hNJT=mXOpwR!dt(>2+lnAI7NO0d}BHVXdF>d`4B

PhY5&%pCYLapZKF z6_AjjY`Lj=3kWvp#kJ20x|;VIb%)$K(2sW62q!SGT`~KLN_Dq+45TONhpN^NuJgW} z>fgIpT0+t>3DpYG3uHCQF@imDAa$Cur@a)?YEa|F|$~jZTXTd#^Per7R1kNM11JSU6eXhjG7nZSem&7E9peVbNZIdh5u+)_l4F- z;GD55zWe%yhYLGzyOYq&wMw-g1hc>Y*CM^{TY-UQ64&m>_0P9oEAx5>8~q{z0Px1|yUnaOQwzC^UM9yDtdhbRzE z3y+YEs2w=47k`_LXl8y}><3WY$Go9AK^o=1A=)e@JZlhj-yt&IayPmONn$9KA~Gzw z@B(yGPf z3UqgKG|0JpK{qCBw8ZYbk@xaJ6H%Zg=FrbYaEKCh$u)T6H2}K7)%JXoR~m~f1`nwmrnMauefjEj_rRxxkxty+4V z`m;H}8idVp+xpUtDj?*S_!E|RhY7T|xIba>CIhE%BYr_!sG4%Rr{j}p$F)DTE=r0vDOUBAz#8_1gA zY;Wzp;4BDQ5|F{dh8$Ls9JPr>@0lg;FPpJ$i0w8Em2ha1`8HvYn<@)|iHnkS#e(rM ze;5#?Xv@mu10uldB(q+20@Z6aC3~{@cTKt+JE)lGeDRk1(`DEyLbqhy%2h}uDFQn7 zG*$ANV#@N8@wzw6F(g{(k@bT@$2Gk?@SN1mV_H*n#KYm^=r2NBY{OM|)n1iXxUqRL z;Q;N!#T)yK9PvIe6&`uTr2^BVL%jZaYXDDNlFa+Q$*e$Z9BsK~SgW3llZE@?cX)9j;etn}@^7O|G3&mv zc@E64jRbrUz_dE4e**JV^ya{VV`q~K_fe_xDY|PhHeZa>*A(q;=EiN^Rint?u*l;= zoVS6IuLV8+xo1hNbx;-MwQd+$WDHneU4{CeaBvtT^tK)N^%g=hgJ*c_hpVqG?X2;< zp=zdT^ll<6(*U`$=!-VKTCiVGj=X9VezWHfOjfp2r0Paf52c`9Y(g(YmyP=42 zZbsh>P^Ke31#TUMgSWQ_M1!!o>EsW0Si8Fj{q))s&JwkHuORtBYAHs!mo(8 zfxL?WI?W@AA(oyb$EctcH#_T$6a6hLIk*}71fPyWA{>m zTPk>YC)R}=d=|)5kRs*6eJ8F;K{~4=Qct{JPiu$GYju8HvvQ}M(<|>wNK&HzZ5QBN zK3^U*T?^3+RXdPcc1kgCC9b=%URAmp7vVD$W41Sc_|>wUnDu79f0(iPF@zo1wA@cd z=@x_uE=4NGmM2GBx>h^xXZdKA&?^1d^~}Q>6M4GLGaVGH;6*{SVe#GWc(-h9Ww}AT z`|ZY34~?uA_S}`?d1RH2f?1zi)&j)jMl_@0FoWP|mSU7uX}Fr+iHbY*OzSZs%;J)(l?Fl9Y#$P|B*I-7CL$-~(6WY)#sbZgkcD+S}S`Ga2O zm~Hys4Ogx$SV=LP7q!6T^fWu_csgf&^;JSHsD9>c!5#r(}Oun(=j6{JgS- z9vZp=$&ikkBK|9NFC?&}j$dd?NkKHKBFcC;_JNA^qXWjKN^nj0X-)O5ozV?c`C-F~ zFxl$=e3goNpiv8do}c}IW5Wrmp&2l{Vs>-t6tR*~mHa}J4{u>r_XUi6oxh~9|xAulBu8TJ}jUq0= z6JLau^eiBD={}==am~ypt%+#9Z|Xfowbq<~mErO~pzB@wV0x^o+$xrPphDe1`wp~! zTl9#ex5q7)0*n4^WSacUa&>eYa!T1bhxBHa56G9LkMs|u`Q8mYI^R@c0~$9s>$OEgI=``$wSu0NYWO1ELEvS zpx@m<)&;y}nn)gI*bqC2%4Sp}!=S~%als`@|4p!)5(fb561}PEGRd!{<1^UtzNzjm zO0+D$qTg{TFn%`BTFa@pG=Ec@hjU*~k+_fz$ZyErWE@M0sFgwkZ%d6U?gg*nQ?vWB znVfSa=EbNY7FcfP5N%a4<;y&-K`h<68a>uq02-}oY3Q$i7|FjXKquS3$Cj-#oRrWU z*BX#2=eAX#AjGd-?MF2OBr3&@kVeZ8*bLvukT61fRrWn3``k+6ubLh zdAMgH0Z3;Bna`klIyEOr{}4BO(90?M%Om|dHq|?F1&|mQ`{Ic^{B8qufcM(!*5JBd z0o#)3U`TXOFlI0cLR~2AU4US+pDCB?0Me92|3v?eqMEGKOfRwEmn+`d9Md%5(d{`k z3g=}crQcnohwunMtFR_KHT$-3?Pa$9o}zDnz1)+kN>?ARS#q-6g(MtH`Ia}XZYMuO zMxksoH5rOQP#T(U`!bZ*UAUkAxI4_D&plOv1004sS77paID%H2*K7uDF;!n+a=0XG zBy^=>g5PHYWT$X6AWY zN@)u3xf`9BwbR`E=R5avJz>*Sz^xIrGNE@IcAM6Wb@gz#Ck9B$2CR|guRh*tpU}gM z%I*vq=t|9mUH>EV#V##%+D(*vJO!OlATw-T=q_fZb@Q3BVt5p8t7lD#bN|c4^g-&% zgl983*N&2gT`!=K8_%WhKLf(P^XP-$O>aE&oH)3l_%n>(qKCGsoEh)2A`MSgx!Tyw z@P%&iaeBAkCcBT$s%_wo`TT@J^jBw|T(7}H)_=-YYPZKq7z-|JmO+dOhB^hwEY*3fL#p|=7`)dZA!S*)0pGp#> z_Lex0KlC>#jUcdh@NiA0SFG9>tAi59T?EZ(;KmtOhmc&#e)xtgpZj!hHxO3)%zvgc zn@`bs^XoOmfsI`tj>;S)u2st8ZFyoF=S5r55U4ZWwkQ8_G9ifH-TG*sMd2VLP@#U~ zJ6h5E$J+Ga`1Y8q*-h9m_8x1|CA{m*=M~2+S{pu(6HCwy3jx3;O6Br%U_V4-pyD#ki1l z72V(g%%N@Q?)TX;QESS`^c$OTKxEnD@yyH8752UXq)55uLv81 z(4QT-)|=C5It^QhDX#_e)ZX{C?};|!wlsarnR_4Q6xIR1Pw*NRFML3+==ZTusEGFe z&s^)#A`P$YH2EI`R|Wt{(W{^6z=z3-M`VqOxM{g>$@N*=u+v9b5r9Y}z+oo|KutmZB?qI`~a>*Q-Ve^1pV%MVV{ zA%XijS|ihwb!1lZQX^}niCJFV{3kALUHP3MHM!ZV#knDkBo=1ooBrQ^J5WxWS9yc5 zg+NVd18K-@WDu$ne3%Dt(H`U|q%c_f|w7bIC&PVy!~@#vXeajQ)-295Yi> zbrmcSgZxf}P?UQeZzP!v{q6K9T^S)EM%jAJ=b&ITYvBA>QHk;47Hj(f7QFtr7#%)h zrQ6!b7Vqo3k(!I*YgI#&1OzbQ1ikycI%IBJ0j=gBPHAHl@oEWwI9VkOoVll>a+>4+ zZP|T1Fwp2hLYt*X^urrPHA2x3cR%Ng4viPBgcvT{j#OIv8Sm$P+`b)FqTY1d)-C&; z55E>v;Adn*?us6y*>F%=JC4@~$u=L?GUlqS1vU@uH+ zFAJR&lwU4AtLAlU`FFv^CDhrbA1MOdXrNGlCfVkWT6K4Qv%r}nyQhQ7)gjpq6YHRT z)8EV<1w%AXzW2~y`$7lsFdTF(+Bs}1B_F5n0h|_r*!Gh5tkI`rP~vDZU{&i>D7T|a zhSTO%Sqvco2ZC;;XoQ$e*-NJy@9PZ;Ppd7W41&o93>oF;kD4sIn~EZ>o5NxjL~@K4 zw(g-*+pUQGHLt;UPho~LuFhA0%K^}Tx-yzyUhfyydLJ|hy<@EKxz|}-6H~+jq2_6L z%hew%9|^=`S2&KS?VqMNdn5>na#~wB z{F+1IU4b@z=$)x5egVMJ32V>@KK+S2LWtJEUrn*YY_4XXcx3jW6l5^`mSbS38aO77 z+bddMl8~~E*eK`p_2^FE(OIH1#+MFd^zywwJ<&gwcc;)xn_m`aZmzUns7 z;mDs9u2CxZld)iT0xLPI z#~A20QJH~^;bsG$@*#ggi35Nj)(zdUr;}hGB+VbbBW0_ZKwH zTbRyA>FN1^?6JzOHD?t)^biTJL2fTgn1c20?#^w3Q7E*=Mq5a~& zQvcO(Kx_lZbJHAQZ;c$FZ1%8NqjmRdRH*-T2Q~Sv)p0w(Q?qmdLGljiMA^us$TVkF zy9&HtGgH}DIX(p>t0W{Sr6|QTzZGaQ_;QLEb#-+lrhJ)lal^R@wUV}E*~l|8^thXn zXbkrd50A9u9xmAkAFPeF7X1Dd7@Ot?r+$VrH(+zN7>xuuAQYC_p9%Pf%h{+keG|{v zn4sKK_lfgzwSib1_F;8N>2>*Cai!l!dQF}%!{b`Z5BP?^kN`i*X{By7pB}@%y2&Dh zs#R0_U*!@}IFFl3#3H%;(obN-C>QD%d6r8~4WIOi*}FujWS9e;)k;1MQ~j`Sh8Yv2 z4`_#5grqXxhU*1H3=4r)vF;D*a!8TQ8*RoeTTHBGX3ASA#k;TzNZ|}_0kDgHl93>9 zRr1Rz&;36I_-9H{Rp^$R-f{Bgy z%|44*KS1pG8l{SfbMr0jir&u6rEm|FJFOviH%{HqRJe>3VG0 zGOZiP=RIJy(xwr3ItL>Gi9}#bz{^D?Y=Yh!et^Og`!PWHROZo9T^@odu&6f$D9~N6 zPMQ50ldM_62pdp6^D|3tD+clY)O1h4h}SK}3pG#+baf7l{wC+V^;*;#uxTw&EA15qxzZBJk* zdcmt-YbZcp=%%m!*<5i{t`Mz#kLM7pYeE%FKBd)7z1Q}pplm#ID3y;)IC8Q3=wHLJZEJWX+K!K9fvDb3G2}EEB^~u z!v@YGTp;N50+~$~9lOuq3$=`E~6-6 z_&OUs)4afJQWwICr{&Fg>!&=r+4hQ2d)5nkHw#1AwczOmDHkl{a*)SbKT;wYbEO&wWh^s=i1H>&iLZMbU1QD3w{ zl$<~#R^r$bxSt7LOSCx4b}i0Srx;*$XouA^H{PD+7gtP%&Sg&h2;lcYDZxm~ zj`)nyr-$3~7VpR)pR5nnpx;+7e_wSb z)hZz!`h~QJAPP2SvC5Kn6YK@?+Vf2{7vvY_W9B4LhaNW zrprFhI*oy6Ru4{;a3tVl*aEv8s}R;tS}V%7bn_@Hh1|J{;kx+UDA2;8uPXo)4C|mU7YW?3hKf@wpEC8<|z4f@yaoL-HRpb;EDM+ zS^R_ZVIIZHfMum~WP(31_!vD={p{}AsyTC@!)!$m#-zeS;isj!Vu4TeJBWHDGCY|Y z)#AfF3~=s%+fvlrFJwKW$YN!oD62l~ zkPP$==&KeR7`TM4ezZDhA#1nxUEsYw2`hv=eibJ%ZBhv_Ny4pB>p4d9%GLzC_7i39)%L#}^23c@~Q=UD=j9*H{~h$WA{P!caIqTi9w2^5>`5+7rf5WXS+@76bluL4f^7Jo1xh5u9<{wX9@k1|!`i$iqhr2W17yRcP-@$#Q@ zD$RW{L@JgLtdq8rN`6S8_Gm0M9x5-@au~vewubFDR90V$wKNRfq4taeiiLPMFk8B& zXaJ>~if0gT3j~Q+-CTuGzYya*;^pO{(IJ8v$gh}r{AG6xze_0y{v7XtQtVvVGzL^P zR&CG>pGm{lhsO@N^kiGrW^Bm0xQFx!*6M}volX+F!rA)CoCEO7Saov(Tu~A)6Q!*# z>KZ-@eT+_L4BXtM<>1x{|CD8Str|U1yHxtyrzAM9bEkz{huaQqB!D(- zMR;wNI3BJcPW3JgSV|S5Q(tI7+Js^9o8rpd_wn)+qg6X7n-@{ydL2q3b`@l?$$GkZ z#p!k~1Y?SSz{+h^nIxjFJGl^ijH~}{bmlQ{XQ>h#qLa7u1p@bGg2b&Qn$3Be!~WC4 z9G7{LQeAniDOo0fr3Ylp>fAb;L3s2T5hC|(0g}nhz2H^wpf0Tcqd%8huez(~(lsx5 zXm=Rv0{Lj$(xvD^a`Z_+h5o32osrhR$iwYD2G*l-hw$M0wAsCgZ*PO<=LErQlYpDb zhMWN(fIDnVq|&JotNEEl-kEc|jMw55Ivqi|&EI_$E(BU)y>`BR;b=UIwA$_Jse@R2 zFQ$EvW$iPt9<|7?5#lk07NKdOD(2S?UYv#A zY`av*Vj&&d5RjC+&WcQXs(#+s9893E%a49K9QC06K=?Abnc%WC3Naa#?JiV;ZMgU{ zjEXAs>{9QQl)u?K1dKH-QyHxre@{$Jre4PwuWc9%Y_}Ev6dsX7J_EAcckJBiIgAP_ zqW&1JS>)LQ_QDb$R)tx18x@`j;#Gg0N?h+8%`7bcWE4GLg;?M-`@X;_PaQ}w9)Hnk z!#!Vm9!$BD@twCN!892o7308n@UnM`(6hlqfzA(bP4i89NR~!JIHT6$$j!Rx+z^V) zI-mjy0!jk_vJsS$#VzkGC}VZ;ivUoR#aS-C)bVxd`pFJQifR|bvK5KgUP266hEoAa zR5c^s6m+Iq8!zD$E*Y&;T$y3)6aA2ayafNJP)w{esX*>wX`6;$mwI-S`VQ%^jIHGj z$-riv8TN@$L3A^w=!j7QXC<>54&hw81D|#UKXEG!=Y=`9aKv4KXG>;gGnFie>o2ve z5kip#xph&S^E#K@mJf#9)(gksYOVgI=}6%1Jr`?#03m0-ngXP6%Xd#+w9HUwUIy8t z)$@R4v|J=R{Y;F=#ve?kj4jUENe&2)4qA6BntR^q?PNfWIL1xuTw?Q?{MYe7g>Tb< zck_aR!Cv@bw87rIG1bLmKWN5PCiLnP?af}*F7$~O#Z zXUXpT`g3adInRB)nc}^MYO=RVb4n*YV1Iw8dvht*-_}~pE%c`SUl@b@8CJDYgK3l! zzBF4(qp^l$!P2(@>HGo&aXo$L7j5m@F5BbjMyY1Vu$JX%Nj4@J#6v^+M{cBh^*ea} z>h3h7gKHgyiqCtT0p1Ey>y~U?@DF-o#pPY0t|xISBCXoK0spS10NLd)mK-UaL+jg=at_>>_xqp*kt@M&*|A~>0-{B`=4xUQu;%@4%qZze|-}9Vz=I*ZXeijD4uo_!WUl7nG!uZLGIq>ipEFmH6s zpOeU_Lk9S|V}qqaC?)>&Q@>O(A&knpGjgMee=8&;!2OtUrR@3%;qU>Or06qr95z5I zQ-8YI#-c`Cv3&otT@p95qyIGsFC_bn^tH+^(&-le#v3KUi&DIItVV?KdB?ZUy?PM( z#X6}RJTZ_zI*@XkEv?IqVA@ELGQqsBEEt{WPnI2g_}%jX@@7C3>Gx|W7&o9)^C-2* zgfyFvk6y&!-U*2~5FAkADr@`DKCh@C{v{6LQn;2H`FHY$kZ0)98uUN_1MocWfrMOg zpQ1IzGjL*}siDC*<&&FT)2|(VC3oZ%j`3=zz88O-w-5dC?SW^-=pYmo_3^qV9{lsh z4cy(ijvF!9(YXH)&!9wOCm>|maCc*8itRy^euxPgP%A&&c;?kQcLel5Vh4SP^3Sk{ zt&5|+^@*j+<41E$T2xwz?_ti-qRPHD`FAPJ8)-Yse`sYa|Jt$DAx?zsFAzMBqa6tvO8GlmaPX^2P#~=RUfQtp1l>&VRl93K zu0_Fdp;tt)MjaJv`~#Y`Ib&|)Ob=_u{RTw;!XfSItaghWHR4qj|KYz%UPV+MDAFIbBe zNChnLO>_AUgrI57(0>L2n-iq2P&1=n6Mi_v7}+6ypdfw1#VfH()aG?6a-4CEzxS)L zrDE!}?7KoqnBKP*og*7v3MebPiGP-yRV6@T)PWybCO=Sa5Jco7 zg1w8TGEY%fCI#?ChV)v$X)WN!$B*E#Yk`%(w;46R4Y|U5s#aJe$Q(oB0SUS8E0-5< z&O(*&O`s0~=fYLZkJOuG8hvAUwBGw*B1!KE?0yD|srog4o8V9K3jp{p_E4Ev%mi4= zwP*dbo9+T4qqN)ZmqR{RoCc(%OS)1erHh{Mot1~%sHHdZRVzl*!4^Egld*_js2caUm zoI7mB{pM}p?D^b>oWZ2FI3KSrVDdIpWZLK++kp;FuVc07-3RV4 z>3JS@R=EKHgE$ZglvfGkRgm2It;mM5H#qm<>4`CZ+af+yKL@Kj*AmQlj@gYNz;QNT zg0b1sd=!u!DAlled-=5hH3|4*`s~K8q;z~2uiT;13kY@Rf*>9K*&+#IsB zO;zN&c>5nbH<*Zvo5q+LTyw68+RrrApRVld>p1K!?RtUjB!~+>Yv8<9fDut@8Iu)9nfptip^>Pb_y^ zXwCPlpfF9N_6nJ#4kJP^_vfZuO8LNzF*KVH3l8z zWa2{jVT0x7Qyrj2!7D8*}b&~oqvib|JQJ}&h!eiucGDZrGteh zw_KN#WUM^?$^9wNC@X`@Rxy!4%m20Jv$OFGBpV{%;&yxv>Se`$cux7ap|e>cB^WBD zC=b+_MW58C$N38fcd}87=(($DFz%P&>g51^$+WPgSdiRZ|w^Rg(Xx%K-Z$;`ZD_83SYyZ zM=KY~iq6tgL|{ePGD%k!l!~h%u@JWXxHduCEfQ!`hhb8i{ftCf&_-AN(@Tp8iyq$Rn79uAkg8Op;lj>TS(W9(dQyEkrDxNAD-LS3yF#2bSzC5$!;> zdSXN^cNYt6tKdI*TKv;Bra;tk2Oa)pN*YH@B5T5q#H7{ zrh5XK{%_^xCA4^#SBPfZE+0p>&W1}CkCo8jBjj9o_1x`#@f8N@Len{k_6p##C&D>P z8kCYwg#j|i@ zvLS}|E5;yg>nPp7$FAqV+uja#twEjvNfhWL9mQ_nljoed;R%>nQ(6k8+KtWwB$@aR zY_lRR^<_D#_e&C(znwC`o>I5ag;299x~UFl;6bP#G(EY>9~Wbn+B8>7&?lJlv3mA$ z6EIBT67?ZW!Dj)GT>$eUt{&g|cAwg6ZZISRgnCrpMn8QgB433JG1N);g_TqepEMl* z>wX-4>$?FFiOVgAT;R}NykuVkb4L;eYu&D=+iV{*gtry?`R!cYWqFQL6%{rPhpK+y zZZBXz@o8;5Bs!#JBX9|l=b9m=4cXA1_0DR^(Fi!gof)zC)6htnC;Vt=ZY)7wBGaHq zV0_wQuhJGRMJIO4A9NPP_XaX;s0(x+WGS5cukESy%I7Ka;K zP)AbqC`-Swso5!85LoUf+w>t|gZ|_^2n5~nt?3sS$!~Xe%Ot$v?OO8BE)+N53IcZ1 z04Pq4f+%#Ls(s2e+4i|u_-+J3p2t10cRgN@<4eCTrmZMY6lr@hq@Gi&PW+Bm`T$gl0hN-SYDNaP z-v+Klsgt96t#p+&tz;Vy7NZL8LuHT4(q2DZ3?t^uCtaX%p7(x^9KkRyn7r7a?XOz( zPbEgamXa8;W&fSS%Yc?C)ofm;`49hlWO2YBQ(}P%+&uKx+>( zl#;EmwFFFlVWaT#rY33v_a*wfU)}>Nm;1q%!++&wngZ6wU*B~`$`PO)hkGnlu=&o~ z?cWL~iG2_dC$IX-BtA)PyF!#{)0uwe)AD6y99nF)=Wstm)hdUl3)5J2C^)^O0-4e+ zo^OjD6A7@zjFNQ(bL+~+wSzCCKcR}~U)T-iX#Q)@LuQK?c(2(+q6rZ ziGhhO2+pniRL4m$3!=zq?FB;o>=5*#l8oZ4Bw4br;kM z;_GuB>&6|>z<8d;GbiHzFvGf%9Oy%h`hXb$Y%~%%VCnNw`q61F2S|X7H`hzfHL|eT zf7#$D+QLH|EmUe4s^aH@>OK@c`I0lwyOC|s@{Aa#`*x(OJkunzazHIPryICZZ3X!A zjhK<4s3HgGzH@qx@Gj@tvV?8k8#N{DZq~aZ=7(LCtXdZ=xGo|hVAI_!J#8;En_rT= zOA5%m>Vw;7IYJi&p)~cwbGtFX6TQG4+~pirP_~`6*{bPTu$;xIo9u%f#B{IZ~P*Su<*>4DIgn84~(-ON_LJ#8Dz zhr2*n&M9%o?)v{zGa_aeEj)+~c1u7?^x;)hN_l4q4s4KeT?Pb^3S~&@CdEYiCvqRrC{~ zX-we|(VStqRSqH_^-B?`nm69e6Mi6Ty*q9K$35Ga3O=A@haOY0p%W8Riv%Q)FTasu zpcD16squ(1aeAYJ0bh=PKI#0c7xb=IIAm&o+YJ6Vf2H&I+s9W^miRHPdH9=ADl|5` z+$s*IEX{t&p?VA-GcbEE({{-vr{DrYzO(kxvZ!TRDC{CIan}Eh)nKtIanRMicJh9X zT)aY3MI)VAmh);-|${aoGr$Y{c+Mu-$yZ4qsn<7ed&0?zz=E@|V@GOxU za`#`pq!(cNCVS6t2b;#Ontq(aC`Tf>09m%9jJN_%?AuNy2OD@Vj8vOPHZ&#c=6GFv z!ww<&?)|W#DV)ac0rAC9D^hLy#(F9r7#aw8a}(EnV|0oQm{I2*w^fq%B(D3NYXrN2 zEnq4uJCEolJ3c?&$HOYbqM+}t%C%)1?S7qK;w{P8a2?1)`n)qjev?e5NYitw#Fo#g z$ncyBsp1`6f2L93r2Ir}=8pe}iUe=7h=mM9k@>3!#ClHn&_lqPdthKQ*R9?X^f=RK z&V{4J?-K8y`UI6QNit3=yD6ivp!r#CJY(+$fl9Z4F*OM3Eb5?Tbe$<1ou0p*T4f5P zf1NmTvzy^ZkLq4D6HE@v<{ppL=LWI&KkuZM!N+ndFl;@z;o+mI;$(P$9C0-8HgD7n zDR1h9~S^n{t<=hvPZt-?&qdXjcQeI%w|Wk<(ifYM(hRc z%=saGCmNT4WpfRh;xs}OGWN;$jB<`)DH3u7@%?JVTJAd_NCXW zylWW<-D~jdA>>iW(Pr%(p=FkCDqU(z#BoyNss88|Kt!2TuzmsjQ=2u2{+^E99WTo5 z_?&Ai(0xiQqBluM=L_yQsIdIoimUv2ON;tiLS+wP4-IJgh!5I}w|+TNC{g^mK2r_AMZ2SNuRG5UWFz$#eGnz21*B6#8l)Qp z1r8R#N_fzlvKHraT|Jc9u?9Ezh&o$PVV~%+>rN>3i#u8`y z0`TJLukHC}gKf7}JapKNRzg1vkKU>x9?@)SVf6&c3*cZ-)P%#|@hKH_!18!eZSEf1 z(L^!ZqfjFQ82``4!RIqa*|^!uwPZ-918tUz)Z7y-L?yIn^@nznW>S)7kU%M96w&)^ z|9mDdvjp61L5dZu2S=ECd0z`wP}OTxP71S<$&2W>%Q6d+{omex5EQX2*DE1V%{|3S zOr)<#ql2Lax!~yQh$aR%v8nYLH<07ObdO~X&s(PLp3PcJ(|fm1bu zLPVU{ygxzQ!aee=SgroOhv?susR@-R$FT{8^!KIle=B$pSSs!f+I}ktSLQ5hvJHMV zE}@FwFF2I_Qi^>bPL%geJc3qO9fyPWXEadBQ2^NJDR7FwlW6r{nx-oQM&JkT|HzNJ z|Cg9A+$}8@N}3eY-q*Fz0JbN&3c(Hh;%jx|4bY@GUh_Mzcm*<%<4Q48>eOK_lgQ7dyMkds3rdKovLIxVCrT zId7@IcDewxFx{JVxrJ}^-dfvwB=cDU@xDn#L7;u7H4qc{Xjus#oR9x#!0ww~0ui1= z!}8wZ9oP&2NvilyU=!f`ubTjPz8jEAPy;C59m7PF(5z$p0Msp7=K?c-_Vi7nnzM`- zq1+d?96sZks&^uKFEE|DQ`;Naa9>whq*}>#nC?kLt$T26X;qo?nAnmt6g__2;IkWgwM)Nn~l{)_Dp_8%m>ivj)&t(?&mnR zY%a{S=32FgZ{elS%`upN++(htNtx-Zw9@;frGLg=(jN2XRRIR1k)G}0&^r|;Y@gIR zW$Cau%c4wH;Q5`R64nS_GRbN3X`~pIH+AY6R^)c3USmGZvL${w&PgBXvP*4b;YFbk znd>&pyk=KBQ(LE|260S3lMWruE{&pJ{g>K~zrz|Zz?^i08F@^Pn+0Im%K{ll3ncXD@MpbC=+TRJ^Wa1`F&(0}hmtTl2x>(a_*k(O+MT08`hx+ z*4k?YvUB;k^-j=?KV;Y|R%G$pTEi(!C#K-e?yqen%kh892AYBSBkwa)Hu2}nkF1ue zOw26y-IX0|Fs4YB8_u{=q^84fz@0B@Yh<_3YS?C4D5_)BGe3i{zH@AtXR?_C*!_FYA_G`WD9vj;R+WOZ-J zCjKu=Hdb(OKNne;)047E`Nt*0DF)HUuey&jLK|h9WS%y@^#Dc9dV$Pddh?`zhrXJIb?qG37`y)~Cq2Qovb)pweT{W&&3EPhFyAOuVxl?^p zy=lj=7)fU>CX5o{3!Jl*cm{oCDcD+hGYe5FAvJ{stxi>jr8V#P>mQy!;wvQ@%+|QH zb8?ad)VD9tnqrO>=k?kcKf8^}CBbNaI9JB@*>MyLawHTw7fp{3$h>LXzOcRk^CYLL z{;lx&WA-0@tNxm4>&8SAKa4!>FU6!u)*RCS+vVqS(aYJw>LWkQb&9rt%5$%h8#SDR zi;R?XPF?FAv&Y%+}OOF-dM z)gLB`o|Lx0s*eK$3DR8KIAt=DqKeUz&Gdpld%gfYs0iPprLXk2DG-OmB{`^NSI^Ko zYpyv7(m|zv-X|nSx9Te9AA+fYyp{KE4t7|(N}cAg!rgiYHE-(ssp(XO)8YKg(hQ#; zXESzo{417uuU+Te%_OuYBfZ!~W1?6=^vK%g2g;pmJf&O0Yl+d{O^c`*&`aKjny!P| znH3&3)xv=kK&K#F7U@+Ln^m;wh!*Bp2x;8VNiqrBa;_iOb5`<*jFy#99q$K9$W~zP z_|}s!m&Jm<8m#ncm4ojd!e@fBQ?PWW(cXNKygtX+0B2eb3XV zkd!Lz`OyJdC_Q?@lOL=mZjgZMQnD(|f}ZpqEvTU@SuaHRZSaJv%J$|r5MdE23t*8e z%AsXF!c8F)ss9l2N;%fo%z+J7QV{>dEO$Iset%SO{+m^#j~h<5JPS7oC$ar$F3c@c zbK@$-F-d-S#&Mc$9Bz@RR^sQg&#u>FmlO1;)J=Im`su5p|5?=$479RW?I$EWfN%p% z7PqA*FPt~m=%ik6}CJi3^C}ZN@sFc7R+m8Ww#%qqL zndP`>1pVwiN;LQO&Ma0wQq-U7<^PTrLUg_VBY5Gp^I z);NoF1{gZSRLAB`0lmVx`(m=hiQEY99jf{ZPQ&eAm0COH)S|WA5A7M?nsvcww-McZ<7Rx!)v=_%pf9tl^?c*?dpe8YGoy(=e@-|>ceLrOf9 z<>#m{tyVG*SnA9T+hsgr9mFEv8$t|~X^6ANbmmDe8nv&E`d0}mn{k#ADBQICyCk}7 zW1*(M8nKl`3$Abc&_}v7%wy!!FQehS(s|oVMEY&x0Za-#A#*XgZ{IBPmBa#G58j4R zg7D$@8~!Eq*AjBVl{l?SFY}MIE-F3k_Ed2zUYaMEV|tHs{9zDc7YX3t=Bo!JxO9IFPDI_ZlrkjRpinS3i)lW{v)*o zdLQr$H0JhM#0#iIxxI1^QK>sf20*Dc1|zAfUO#pJcd5;2{ArfTdf}+)iqE`c9hWOR5 zbV;?Bl!HJctLf_oDJ~;T0(iENTM^RcSe(n6{1RR@#ryhRJN=WOKV zFUM9R2;dAOf&%hb(Q31<{X*SBMdzd|fa{BelRW85M#;B$ZiAMeTpTTM74me_r+z8u4e#YumA-L#Fg7Z8Sr=knB9hS>QH44g?@ zs&ESxP=;Ix0;!Ccsk}zcvLV+56DBpFp^1`e(rETTa#^KxO}0LPL28cZ>g26sW7u7G zWA$){nrFtuVcKX&qR$;SG#*AU7e0}6Y-D3A*S8mTKVG%>KC9s2>>f1R_cWNL%rkOI zldsNlO!dkKd5LC3*M?Tu6>XMVyMCm;P??fu#ux>IwBUQ426HF4c@emPPp!&2)FtmxV$n&x3|7Kz++IVjw9lQl^Me|l}U%d9a>;17?p3=qwmfKUriIltF9&w`PSKJIvjulOOIfsn|(%$Zs^vB)G7oHqf%iz%*?}d~$hE9WP zE$VUSPvU|_>Uh0++`1g1ETXg{)XHP7J}+P3YH*XoR4c@ko_KU`*Jh#{$TEfatR0 z9B_RkQoS-hpDz2v72nvo=X`^msKJw@j!my#%+KbFVhh+gx$xfvS1IbyPqz8;+K&y! zdhPUa|K75v@8E*qmaANA!OK-v`FO81gZfHRqZXwL)|sS0P_rEjx!TQgz6MrJu|hb* z{Wen=3-sXF6#xyY8k=H=3{mzTvzS!Tb0+yoz}6h~VuI46k3LCp2P(;j1%F&hj6BXc zk$D0AiR!`^HBfF6lLr_R;AU4SFF6%OSF$JM!kJoZe_e7$dVU~-rzdW}!~5-RZ%wZV z2U&dRj7lZ1aS1r|EX!f*-dm?aB{)Tia2A^T5&!TQ8ozq170q%f$k7G(ae3b#=n|eL zU&oy_mB2tBKEyGAsxfGem1oKX(xP%GVk$qfx8xG#{L0frk^hnl69AHR*~@Cg63b+% z7S|`))7|6WW)PW+ge6jpGEJ_<^{GttX$;7w(|bCX!)IQWOp5RLS$fB6c1f&7hyBhk zJgE*}AB}OaTy93Xb+YpI>rMM5xTOU@SJVsP?hHxtT$fC8oOi4_W@-%JxQ8|CgAZ_O z^aZBoGB!J=q2s6)Umk_^IwMyF<_n6MqbVT~Iu%*BU5nvvbaj%6u@;)VkR(TQD27sj zgI&3~ZZ*AvrHb|(!M{zUPU;tEV{JIj9_54aFxl0r^k9lzf+4mJd}5!AET4OK zl?}% zCAD3z6t7Ym)n3i@7mpOK9n-WA(?>`Nj?1-NQxA??#shflK$`ZeHyCkX|LHY`+}Sfl zv9`%4QqCWNEh=1IR0YW@E&98mIk6ozyHHVPk@=^bju9CI*fvraQKgW5yxJ2~BJs<0| z8ZFAc9!;vX5%i7)-2deW2oCpj-@oxJ798uxErWD$@0H&$rb`p4WWVMLcF1Qn$4OV? z`kCIAI^D<EK&D$;Wr!mry|H?w7H3jrY`g$ujz`rn&Q9+)=||UO zzuJNg=@Tjb5T_JV+RMqAXuIJqqhg(bzbqFy zSa~RwBY4`Fkm_yE1)1g*%}<0g!Mz3VLUq6=f_o0-tfe2caEoK<^$S$$gU5E_zgsuw zJAJf@GU!upW~%Zmou&Ww^zxpL9Va~9!~tfgv2Vyf%` zg~GyOau&&Pd_WIvysCi?B)9vy{CqEUdq+QLmU&pAKMj@CUv3~y=2otS<3eF9@T=oAJ!TniF zoP5byVr6Gq7L||T;B6)eUR1Q=@f!G!vy!+~B@aH)TCF-p1$>x-FD8eZN}Gu-<^6Mi zWI&ecUTlGiRDEIhoV3zRebjxy^oa|KQI&W#0g|_n@F-;oP_;jXykw{L8_1;%DQ}htS_XQa^E+R5RZ`iY1cSZT^fw_^Ivdr;p8_3?5Y{ z5-L3F{`?wkh|BCVk{H(Ve5#$Q*Us4c$*ujZRH4TD^M!*Ap23NqDjSZ2yY$)#jU~;J zzWh-rx30_q1DV4bJ z>ZUbWsDq&@pVPI$%1@h1gD zz^^-M(b6!!qw!o2|M&s*a?)SU_YD71hYEzc+fMbG;-8s?Y?76AQwTgch~3;w#l1?` zjjgJh;dur#xJnIe)iX+dep&gYeF9+==r>Qlzrxoe7W6nujJzdFK`+X+*xsHg%8jXW z$kcCNQ8-zT*e`QXO19TshrtbX*LD8etJQ?R%LlTFJd?er>Q2omK-V#klZ>(Tx@KqH zY{iCQvgnDs+xPyG4<+fB#D&PYUKEXv`*&4cn;1!u(`qKnx4{Y2QwQfL2r5KWQJ>8N zjL9b<_0X_ut=C(6Y$2RT)SZ79g}69qg5J7h#1uQP%}ip1a}xgrc+kX})$!Nv%;H|a zFJpHhjbqDKce0`=^v0ojQB`rQ6*$$X>3jmCCB)nEv+uVllVC%Y`)9a%Y(Ej=uDSv zi2=Gf?KN3S@G0@Sse2akN6R)h<;ww3=O)?IMmX8p(H)J<36^HK^7J-ZWr$XMHu#xP zkveVX!^8A1NF@8r6m((4Ru>9zmv&HGlw&$ev|9S`{c+IKTfr!C-V*5k(f+umriMH$ zR%RBAj{F0U4tMmk=O!0*RP~$KEtx60b-ka5$}9sk;!k#URd4rpNpTgit#^rhHcUG| zjI4S@UGXe$+vQh{!Y4JvlIXmh!^l*H zE&}2%tt>OS3m{;3{5`Y{E2ye7mK`#`CFz`N8~!%%3pzR~LMGxu-?d(SZodXA?k15R z$@6Jwz%CxPf|Kh8<{6|3UP8oV#}Y+?+9_?dys#OWy!adApv}GUODm)Y_NWftnfA+5-GbU zIQlnXHz`3>`t|L=Z>5%vEoZ{tYIw^jeH=PxYFPKv+^8{mSE+6u`Q2QZgz0P}428QI zTdcBq#%U!B%*?4a>)id>$nTCtUw8J0qci=7crq@W?s6@dL&0l9AeKdeBAzNb!I+mn zowcv~ZF;WJUbvL4gcYJI0zIjczMGeZQGwssS#iq&Bm(pIU(mL$+(yMtX+<(v~?6ZgA zq{H9DhCT+J6*V}RJTjCE4KS~pW#fM9$?~mgB}=_h(VC{xo>TwrZlwyAQCdI(dkI>Q zkrs^H$tn=$X6iPszf@a1P0G}~^b7sFk}4}JTQj>-uDA$LBmzypYWNM>paxN`;8u87 zK_wI|dQg}BjIP)y+xcVw)7Ngv*bkT-U{q#!BphI z8FTMp(Xxq6-q9?PM?spXgnnzWa-V>V0Fk_I7Y(!Ts1-ArxV3=H!4Q~S7s^sWL_Q7DLN zTqm{eKhCfE`Q?tPh~Rym=xyT2-j5G_P&+{zEgKtxD7^&)^}8BY*kCBHs8_`?`psFW z5a*=-B(-M~hJe1FzhWAijn+QPD9rG*oh02BK3c3;vE~we|7mV^TV0rgu)U%qRrdMC z&$nF2aZ(T+?%pjrpkt zg4m+PcoW6bWetLpSZ!($Vp}$hnkGcJ_8INvVwMP8;i_{RgBGIWl*1XCeYR_%wg;&9+W9>Q^>GY+x2o%WCQ8Z!-H8lxes;*v+r)iK-z99T$ww0Wf%| z4%VqaX>4S}_9EU@0K#(0?_wTua&lp|k#~>z|h^o;cWVZ14MiT|4mlSv0Z(tfMwmaikl?9;XaKy!6vf*>Lb1=E>ME zLYPJR*3M)zDp-?hfAhF(ZCpUvXS($vA~(vl#_M};E!mvc_}pRo9Buf}{}#QyJulhU zn+L9iwA(}n&*zL_jIodb2}cfl1C}#s(9MdZTw}MB@Z7<3+i!vC;ekGa;I4~`u=CE9 zo1^b!Wh+W&yL)#dM>bPXVjI0Z<1yJ>m-?l3#)5jWp52d^&=Xdau`P~~0to-pAE6u} z!rMlyqd!<_QF9jTM-2)55;_*Jq!~{$N>~l0{YYsv-dS9-b#(#RJb?&GZc z#`R$>g5NaT@8UxN$KYZEAFfRo_0IUODp$PSJxIqK6WZ%v@A$A#ev2|MKU-)XVvI7VNO%_17 zGdynwSp@Z+Gm5@=_i~R>nw`pE%G3A>z`u4T&HegR-<`ux`xIjIHL6<-6o+M8JC1CU zRI@?o8$nniu{hV^^BKTe7XuexA9mhNvP!t9xv29HRNT>A^X_NK#N7zO4M+!*e3Rm} z%n-BnSkc9Z21~omsGxya!}r0FryR(n)L2pyR)JPl&DVctmVptGjz`GRtb%o zj1#cVk4V-K?4L2Bpx^oUxk=w)qL?x>#8W56Q}2I~ixOE?!n%wf4I%b8MH}rSSZGt2&%a|jC3xpR|B}o}Q7y9;63;Ws=o(%FvhT4rxBl2s%a>TzqVmkUz&2`-l zP4MyVP5-!J+j$B2g^)ktAeSpWmU!4J#iq0O#$C7-f`)_TcB4$Joiw>*XSHjb=ewN% zfb(ho*$m1o=ESuHjag~Us>~FC-!@DkcOD>9y@5T+|V|M{^kX&PhR%Pr~qTgt2Wf= zccnUym1)|s4UF_~Oo)*)Y3Z6F2*#);U_P(hQm&Zy?#z2FQJdsZr$vX(u)mzlVv4Qy!bf`t z0JGe8hF#&;Vy=}cwvCnO71%}cTB&-&zuIOI1?f*t=Ji7Q~g$J)BH5zA78B{|P zUjR#Q=X{hWT9q;OG@K}5pHqqxpO$@?gTZAB>yo*OSLjAFzW|pm=Zp>iCvm*h0h^v~ z1kZ}tp;`s9)kvx9qK@LWbRDE}BmctUZ@?6fI6n(-?rhq`Sjwd2iQu864<1sh0QR!>0dKzt4V_~HuMZZTMAFo2oHFS&3^{~TGw;XA085+6*5gN*L;DSZpg|Ho*I0m_2VaQ z>4h&{p0kz=M7mFJ;{FZIkE$&^V%YLii|dTw`%$J9ZBei3Ft^78q7b*a5vIHw;E7 zr8NwG)z|)xle3>lP69aD_!D~GzHOQof8yKKok9>9w7GPcTO_)4-3 z&zI3I?FsGG!l-fCkcylfHbR^@@IQGt?xP!aBNB=CjI3M@mqP6d)_lRrZ_wT+kqf87 z$+Gdcf5_5LknQ%7sSxXp)-0=u9~o$oKKIu5cc5$n|fmDiC<)}ITSkB#J>eW*qav~kRi6e^{n2g?h9#|nTZ*ni)Tgl@jSUA*3DLu>b{ii+2A_)MKnbc7-Mc6mjQmmDTzI3P_o~5 z{FU=XR5x{y0nt7Q%@kj;bCZ2T6xm8o%)>VV94Yp!FU(6eqc$Ny{1U{M{-RdGUIXZp zgY~V+za3i+6Gw+9*2`9^0u-EPe-Nz6Ui3aTA9adq{5a zFWE{hge2*s(P2uQ_+?)Y2>v7|pIR5jmMUGO{OfV<#fxXmsn{nn3KaMjks!0tUJ{Lo z?%)9eL7j`Q1neg*tFObHnoeT)NpwM$V;U8?zo5`_Gg9eE1aq*1zAWq+?Kbh!<*wA(?d6FcO!>8A;IL{1;Gl4aW#n46-`MZ*lq3cBJy6x=c ztu?t3LrB`xPMeDMw(SY`ImR#Dx%cV0V(WGI-`eHT^*w}lb=~~tx9!f|tweN6cgjin zf17hYS$!ZRHK^+jYPKpJljhZ(|E1s>{F$2Y8K9 zd?ZA>0Z6wDb~|=Vb_Bnogj-_5+0er4be2^*-#vb*KYHSd0Ph3$DJu#*FJ$06*P^w( zNk1=rbh2BrdE+7bFdPQQiXK(Nf^-uTQSVAP{u3Lv+PwWA(9owmK7QBsido;%J~v#} zOHLMi;@16nP`-f?Ng_QwF7EV~0t{#Bs7^#OGtajpP%-y`=K=pao(BZ=Z0-g&khG^N zOUKo8h}yzM_$H{MgxFuBw)ErMOnUuvg7_to-sK_^EgjoSW zX6oqEQjL6?1}r9x&aOKlm_53+Ty}jWR|ODL7d#5~t{TXST~f##PtY?A1l@m>Ko{sUxby zuBIr2k4p|2*mlR3%C}VlY;R+7GD)}^W4oJH+(}|bMBBEe5)sK2Wo`?U0>91ik)Zyr z&+ur3e)~~K-5|+z96Jn$6U?!rex-eqotr|*&R@NVsH}6*GTXf&mnLv7yu8cxR%|zx za+|^E%-riDK~%hL1PfEo3IrF^vz= z^`H`f|5Q~<#xECEN92fyk1Z&6iEY9KwOTDfD=dxN5$5}z-M=PfpAzL|r2YpB49@+W z-DT(7lLi`$<^y$D+1t`$Z(`uE`tx%wzLta>7)_W$s=w&BUoCbVY1aY$Mbuhg+wJT^ z_yDDtJ}!CCM?3fS!ZSb^C#`3L?QxpBmi;1+A{dp#f6&xB-wr*Ua5mf1d!HjtJ$`G{ z5%bmko1Q4t+t0GpQO$tN$)c^eMV*??zIdClfH#~9j;oQUIhHHiWW7DdwXpM~zZ3OGmVZu?0X{Za)mLjMFL0N`L(l`b0atBcc>1hwg zo_Uag*7ArkSv~)fetJ{afZ_B0_ezs~&BvA}z936)%{%n@;+y&JzSz~t4z%2cQ2!wi2HLF7^|2zv6V=4uvt7YMyL7LEQx;d6JT z?ozV9zd!Ucs5p?7%|!&Jp%G+tKHMY&D;4TF{Ukg`foba;$k!Rjhck6@%jl+C?(eqf|J8B0Y`ME)rpiFsOPwU-55^Rm9yLgr1 zUhV#v&gMq4ps=Fqy{L?4eL;(taiYJtpVsdtM81t1k4m2-vFBLsdX+vVxZ>Fr0)A_8?k%DxW>paBT>$$|izVKH3gxp~8A#Js}&3jEFb)t_|shR1;a-gI6nGiSY zL(={(m%c;ki_V#&Vf-0Ir$|2#t-A)AVc#g$XoHr8c(?33POR=O8vKOU1L6P@Upyud zK8^YvZ~FGp^G;oauzbT0=8v3%IO#Iu52`*)20ZNedPzkydczb!&ZuTTQkmevAhj=` zGlJkeSr3XpM=Ccn>&Ra-YG$UXh>dhMA|LF3&bLT}HsimDLbOZwUDN2m>L$gjMc_d6 z^$buapbnxm;CYi?5a7&0L1;Dz;xLGWJw?W%Uonn?FiP$62`fHrKqrI&hO69gc7I0P@!PbzW@{)TcoGjx@4=`pO((r za!=GV0m$kuEY&TNEjq^2+DSiR#+0)B+Wp}XTg;q>7|@oT`m_HkBHoF1PY1x|g?E%O zp5lD%Y6G13=0}5R{t~S;SGRwO)*jj9FMny)hhqUXb={Dfb%~iaWhpqo0$n3ki9|21 zCfrWKNcK*jjBe=8wsUkd738@qD+;Gm7t%5+Eg80UW5l38gg+Cpd2-f4WkQ@tZb9E} z@tzvXG#%-YcxXe{k>;A-WiD~s+b1bjF51c#Ry)!Is~)IVNACpadkznz|0|EPH8&6P z&i8-(dqag@y$oI0Ni|#$zumNEvw}Bmo0U}r|66&zz&~(G3z!4-6Odz@cnUSfO$!BY z8hFEhXJdY;-yqASiF+t#MND+VKinN|k{Yej**n9uSvloOzU?&oiwyTt71h1$>#J45 z!o#K8TXGt|KN828^xM6JJ&s~lqAZi5GSh~EuI&G*_t-x&r)YSzpQG67o!2uv5Bam24W{w)=u)5@S&>ro-J@>8G`bka%rui&z!)X z#5t8`9{WEh05AFf4;GUJxiOa2CH_(Yw?n#?{^{?01$r*@cb|J=4QZCUAa9HD+EJ`r zV$tp2X*?a2cp?@V-g6jsLXmn_5yK@uI7M*LT#o~TiMTfqTug}E91C9w9a7z$-~dOZ z;io&m5q_kI-`0hH8*1!RH*_bXTXgk1SqDYA6+M;nARcuuDP!YBDyV*_Q|yZgu?1G8 zdrn|3_HWV@EMXxU0?GlSiA51V6TA1%u{u%cqQB^|QgzuEp!aaw4ssw;apTHNA ziice`!ve19Ig&Eoj7rKw2_q1E-QbZo49&BKiC4K*y6hX z$=n6Rg8o8Suk!z-PN#2!JPv%!Ki?7*KgB%3q@pv6<=s~EG%s{9tT88h>8LfNvGpYZ z@i{hxhN~9OH-`lvCBkbEmW8Pq0S;FMQrDpP_ z#YQjUjqKxN8x@H5V35e^YKMO%HF}|fomf~B{wz289fdXmkuTG8>`2t8-^z(`GKq%W z8@Ypc&QVb^iaEOfJi!FF0L<{fr7r5$?!CYWG1H?&Styc0mf5&O?!^ZzOlh04gYkRR zG3<&3r%Z-_mH8o9c_AtUAD=vtHZB!JMQ+(JM@IyXzv4f4^FABs56XoIMY_ zc4raYvv%}M#)2)&mF^>)CT*R+7P>=+o~wV z8v4hi8r2U1d<2gR~yhUim4>?7)%x=O-E&ZgnykSRi=};23f9?u)Ws)h7CTQ{*~m|w ztvAf|IPYnY;odUo*#g@S|Np>we%Fy7dJpZBbP`3nXzAvW*J4Ye&*?ecX#Fbo9^>_m zvzF-X`WYF89KNTK1@f*@R;(Kva&3qO(e^}Xw44b~Xe9HX zHy+kG0ysY{GcqU9JsNBAYKLu;{tVB1$P8S*dZzCU&k3xbU%b5$y>3sxOGLW6xLSnP zc{sVaxOjNr?j@}8ir+?a6Rqf51~=yy?)dY@lRJ@~Eav-6k?n^E^3}HvcD9O=Q5auq zO3IV32~It2%XWm4*aY6p+uT`1?5xwESJKeScFx~225#MnWbc~Y<;F+$yRojW$-zu! zW2tayn9C$$2s4`q3Vw7-LX2OTJRi`~*No8)SqtnodcUq7S#yqjvDFf;8SzY*GO_>*Wwo1grP;QKzEl4c-xO`)cs~d5TalWXj|3!WqF7 zy*`{aP4@x}tH97|0G3_M+CpzuqZMhrU0q+5H**E$j?nN6*(*>`SbX*_e03R?*t^qkIXJ^6k^4yb_2q0@_-rzmxnk&~Jxp%S!C zZ=&MMwRf0$APA)@gSqqXrt^+3prJv5r$wmpeuDT7PLm&%^yKeWZ2U{cukZ5sy z_m4~kxBkOS11f{{_*3Z6-pnEf=PC5ln5eyYMWL>{0_Sj2qGiv2L-X71%Avhh(Sky! zo5X6oW0{2|pg|+d0_tkpWyl@j!xQcwvM@fQS1awC)?R7n@J43u^&mP1tF;xzFdW8C zsHN*&r5106D%c*_h|nKH=`JX@!4gZ zT6Z50l%C?TbhGR+Mb_Dy*uTjF0F<%l-V?vl8P?DChW~fs_xXPkzuxw?kR-+s0|oX0 z>Y(O)Nt3RxBL*$puGQVr52=<_-lLd37~^kLfC1M3e3VXgKdZo%*?BL0$a45V^WUWp z6+ScG&#RX;gupWlwb6bZGVAC;310=05*RbDY(0``TZi$*Vc7&^M%X;8vpL;fr@hwUn&#)ThSAGt(j2JC3)+fJ7 z`wO-q7@~W0xmN^vb9RvZ@uNTS&cDd71t)fq(G4w;rYG@z=gVL`+F=MU z*`7azmb^;g%9MMv>hPJ+7vdR;E;DT}qNmWnjugGD{c%1odQ%bE*w2(?kR3KMcHDzW zX)iZ+RSbVQivi2OIW2L0nzqB{KK4e>f6?mdu2sB&yX{w&Yw`I53V_gC&z>dim%ddV zsh+rP1+4rw*2s#l=8xoEq;cZ$zQaCMN+yuv58Vk6%DVm+d~CnIwDdcxEJf5K>lF65 z>sNqJp4JLe2lA#d@?dc^=45>}lVRpA(JUG$|7WBJ`?3kI4zE{No=@Z8?Q>|eEyw*V z4Wrkn&a!ARpcKYu&LFCpj0ME6?HTC|PYE_mlhH;D6YCK+9{Y!TZ81PsEu<`;o$*{s zVb;cHES%K-p&6GPeED&fJ*7ypl=EPcgFu@ApS|6qwwZN!=VxgT4?UD?W&pn zG?jv6@J*vl@)quC0nUjbDnRKk+}t!uN#hx1F?Qn^M?ZZHmg+#hB^$Br@5;qsvh-m} z$E7oSl(HuTa9aDXtlIv`mW9i+e+cQ4h5sNuFX%!lB0u)8q2z0Uyy_}T=zvFJo7&bj zkR?`Jz9C2V=yf(m%KhaJk&Ad1*Hihv2T%4P`xgE0vu|v501iKq84?jVRr>$L;VPY% z!ZfuM@7>>2n^xn-SlVM1ZX0t}NEWk_aQJt{l+_F&CTH=zyv-%P)BENYzU_XkllkpB zDjfeaKxEy5{vSk^YU5g&x?6tj8(NBkP^8}TsBs-o1dt~6ERby~i7^+j#^DXt2?|y0 zyBzly>WO0Xc;Md5M(#tWfS+DBQGKh@9o^Na|E>DA#XRQ1>gxz%z0DXmsGQm4Gm(-_ z&uRZStV@B>cVE7bvxsnqp{)P;`e#}~PtY47G#rPd1cd_Vv!zwKx_{{U!GnDM&MM+kT|h4aZmg#pRIgOIKw~O&m^`F zL-`NUf;uA>m@jQxA*2~!u@osma%6&`8pTcNv#WqgmvVF1S0ACEG)#9S*lZKPrR6Fb ziiBb76S53amKl4F^zAh^UuM~_B?YE@4Kv+QD%CkY`-EN_5B$r~hJVmn$GyCP8ejwd zH+e(O**hTbg!@T3C6Dhd^_Ow!`7k1!ppa0_|5n12X6=@q;O+GLwR{88|HXlu;z7>_Z*Ddtg8+I{--BBw#NiS1BLhxaZP(`=halq%nZ^c@4@F z7Bd1Z30QhK44JEcHor6_Ipk4dmsIKE0X9M|Ct?)3y*xCh(4E^>9%GdN2Ua7wY@!tK z8S)QkqIM4iVw|yuaZ5#SSM-k`HrL@74-(&`!AX~2P6KRgbK6~F(JHvxNOhYb}zg>o!a%iqs zAEZ*ipVIj0LANV%uiLdW2m>FQ^n-SMGG?owBqv#Vw*sKCSv{S50QV%gNm+^6`id3r zyR!I4P81~~Sx7~S6qeD)9Ufrj9Y89sTNj_Sl_DQ`$j17BggV<)9wr*NfjaIZk*J?@ zccqGug!E6{O}7l+oUkG)LHz~fHwC>V6WdX2VtH^(G6xE&WWg1DMa6&NI55McR3T=h zAyPDq%V5%IEex{vl3|13){7@vo}C*?-tK~I=V~E)6PC8#^r)uSsCxZF@kO&k zcx1Q5;AAmc=d$OkzsO_rGX0EM7w1IY0@QxnfbIK#8aofKCb~t7D}o|L1kq3wA{}W0 z(tB4xsR~j8Qa%VR3WgerAVnn+2rU)@QJQqbC^do*2vMpOgMdhvB3)YG4WQop?z(TS z_YcgU@+ZAjM>R>%hV$%8 z9{N2e^RCN(I+^}PYHVIjW&Vh}@oV`(_kFJYZ?z{~NjYYkgAqSn*RhzU(5-l?PF08D zw&FaEyX9#{BgRsrWYNx>?fspBO4Q^ffy&ioyNucAL2Iyj#tlyJ{v<00g!FpN0$d`Q zS^ha=Vs+Ncb?y#g_7r9%K>g`>CO7urwN+-=rzGyo97h|?oso2+#pflk$89kg-$>1T z?9Aj!`QUjxQTJr&ldSe0om%zYntwT(72mwV4H(`}7F}WeFF-Wb8@?Iy0TJmd7?k9StzYkZ!8;OiQ2mE5_#kC zMgxQSSKdc1C_gP1U95PwNc#QAajx@p=F{jCH|`|o#%Bz8&;FmO*HktIKPNZXlJN4S zcM&y~#qVZ2S;g*G_2|?2BmqfL&G8X;3;xa-wR}eF${K|j_1?VPeF@kv&)?QBEEwAaT#b{#0WRL zzoW*b{R8j=mt;;_yXm~4D{ReUmLd-{zr&Tm17E9L2EUN2xfndj$h*~L5(ZR@dpTx3 zR~&eJrSye~{{|2QE5XLQOSxR>bs0N~v;TpfViy{sA?bE`Wo>C0Y;G@R1S={d zeT-7MjkCYFgy^5ci1&?wt$Ro=6J|~zz;7cuK5Ctu)D@%|uo;g$%f7@D(*hP*GUKfC z-ihi8^Yx9%Qyf^=thf8LXHY51YX+NW{V+&8_ZXmpZ;Hb}&#}1TO+U%agOZfjdykE4)2M#Z+8QjvXq^D>` zy&Fw4;y0Q8n^v2 zx=&>3RV^=nT>_YwxlqmtbnT?li9iX{-wiljUC>@q>ixMl2H}k?qV$#ir?h+d-1Ao# z`IJ(`*&_@M7uP!h1|bnT!iaS1zL(|jd{pm>fLX$-l(3^H!%7Obv8+QNBRUog4N%08 z{{%z!|Df@GmKGnPri=u2s@AG+g?}FEMM8AAV{K`pPFFCVJUELgH_a0ow_h+s3y_)hkX;2Fi4#9l!PU(ckz%Q! zpa6VK&sIBw51)iaI3%wkzI;@3OZ8ldhTA556hcR2M@KdgHuk*6{n-EjhC=|{K>LSl zi(?Hb8*>Ra*`wYs_mu};5z_}DS_MPF-CsA7q-`YJ;XP}}g*H=GzTEL#E*25&GghxiZfd2_*Q2U_xdMG0%cXzb_icym%rfl#;`?bEm8(*a~xlQlIX zJ$Q0>uWp&q*JqpJp1`XLZ8L~>WV=y>&}P?V{!YhuRq!SN;_*FpWV@h;(Z*s zP4qbaOW8?PRE{N0zIAqys{8Kosf6|uDA8G@z^|0cxm2(HSokxcW~!vi!%Bp7U!aYT zJ?X-_>NMI-R$3w`GVd#)x@hc3J+(}3w_mLchJbiKvgysKu3Wj0d!V21%{?|K8Z z!&)m=aIB5-d)K4GYIy^U z*^q2E7iPh6zizifK_knYkk83uW4}$l5ka>#p^X5fx(M1kbJg%IJ(V9DKW>|BkNz&g z$y==;w(4ghvQhb)qObb6=K;0=kEHYD^L%$xD1CD$Jb5ueQh)`hD_hR)-ZbZDL|zv& zj#eX1Cu)nY`f9}q(l-433?Tb%Bi19IvR(?92_e*B#iv(OJ4iGppTvM8ORp^SneYm% z1RGWx+nT+imQ@WYcLou+R;0s(O(~(T!3l zs=$u_vHdvYAmMCfa>N=Hf5i&uTteSIU{q7`dV*PgD$0LM?4GoGk_M45;G z9vta-?~s%j6#9=U%fd#V=%dcB=Tr+o`?MHN7!Vo{4+_!dwso@?XmrPF3kG`dc$jW4 zEJSF6i5zsSF2N5Me>Gb>v~cUtF+{py&nVxle?2qi)+TjWI<&OTb{0Wm1Io?#Lo#t` zTL#qPmSkkhq>JUIDn?ZxiH5VWGUs=(c*Y_{R z(#fI+55}Inr=rwRzf}}vyCJq_K}pI^!xqcvJcBs*^Ko794@8z<^h6>&#YM9O`uQHi zjj4+gB**dA$x%b`)9;+85qi>*Enxbcx+!j%F5sN(BY}WFsLMRCPbTT=-aXw13rQ(v z-c+1^ZNAe3s+f*8@fzs{%H<8ms)v}k0zVYkQ|20?Gy2T9^`~LnyeC+~o*S3M~c7o?Pcv07CMgbm3S2tT6-cfZpdX&%#*0w!gS$kFo>M&#fUv zACi`w^ZOzR4l|=F|{X7Pj4*tb*|fDO0WO9V#UzJ z?n`R_$ZZeHY}YN}`OfX~_ZlBv)8s2xx-{-5zh}6#MwNJP{AIGPknSJ*i(}0hea#aI^)kIPSdt)?lfI2W&>aBn$b$ z`)O-ZuX`EtgHK5)-v*515<|$Og;Ai(_K;{CP~yPcw`Ifz2&HX*<)l^{uFMBhH{shF z@@t{lNr{Gu=>8Ke>jG4Q=H@|{xWNKO-4(~QAFSgzVW53daQC*0e`|%L1@~On!zni? zdPecwR&wDM6NX>S=fXQ~#uDdp1zrZIo320^@E(M!xDwwUIoUe;E5V z-ee*rq{zy@$?~Ui7*l-WtSm_5$iX|Q*1G3GmOofyj)dm6rQwThWC3bttJ>K!aO8+X zK4T8u2Z+Y9>kD|@EL-+u^cp%ol-JNbl#xcJwx-JT%+fiszM6<@WS!u-yE$iUEUlHv z1uEnMUD)xtj4t92S+WpIVtxVw$f#V!$oGeO)@y*SU8s>cO+3A((@nj@2S37l4A>cv zQjv0RiTYR%Hei~{02NOmplGtPL+=j{-c{w`dvX2+a(>tvq5p$uEFzF&HH8sACBy`WPlnXTfuw|fp1C{T zX0^@9zmq6cYts=7*)&M>oxUeup)$L8r-XuGu(_BMl9R*(r;4_tuHvh}{wd(8Wre^a zo%bU@jC?ceN;@tP0<=PUnt@LYz*xMWcYR6B9}8VV6!-Xc4W%q@c&rg?;@(E?509x( zI2CWT;?vR0TJ(B!P?D)l8Dj2fb?J4-cKPlwab)5h+9>TJUS<#%LIp=lCMm5J@zDq6 zHy$RrR*E|f6iG)y!mg>}->aPIK(b8*jo&fOsnADCZM^Cl7tZd-q zj>RCn2xY264WvAFF<#%pCxW*84u+_E{SX17Qvt)JM1i@(@y8`fEM^Qxd+Aj0VopjO zGz&7HHhs<_A0x)k^e1&;%iB_xHgI+~@l$^B=TAAuSb_N|CY=dCLLf2|(*mKeB%r-8 z5JxkhbvJalw#lHNu=6GE%6+gf>!Yuimp&_smbo<_3-*|x#Re?tn_PV$V=UMbaNtkk zkan-Rao-*bV^Oy2{Z+n8G(R#Cn2e#CBvGDp?q<QmcS|wv%+;9J~fD>*+ zvHX7XFaYBy7T|xa3?G_II|n-j|3~ab#C!_gzHsu5%Iugj59$Tkng_`@kas&NTAQUW z3Yq&Pjx~9@>3fBEY9@Q*@_^BuPNcTmD^LNw?z4ob2;&y+kUC*C?t|;IcB*)wHGIWu zGxVMAzVw2BrSaf@B1PFK?`2fBoBG_6mo~nteG}T=e^q~lXp!)k^{^vl+4U4A%#NSO z&f#WMMzZ`{;#^UBOt~4@*#MQg`B5PG!C%y`wmN43621}}zFs{{t%rpz&+H)sJq1?4 zhZhzN5Rf}39yX8BQgbKfejbOdZ4FRA6+9hq`1+OlW9`N8Q0R8M`eqL=b(pZlLa5o& zAZ+IDt~}k^T_PpUFtA(E__R2cMG=Dqp&+O zyfYE7``wB_o#fq}=yup%dRr2Ggj0d*t-URAAnZhq1sp9C&(b6UE#ol-!Ul47 zb6hH1bQlD%>5X%@4dO8_FAv$eNcl(zplSof7H|trRPH|tVMUTMx1$jt#)CV;6S{wt O$`!q9y2aX#k^cjgX-C8W literal 19615 zcmeIa2~<V|NGY%40iTj*=uKK zuWx?eoO9*TElZQb2TmOTfk1~%Z~SBf0)6QU0*QV3&DX%5Z|{D51N;*UwlVn;RNW^t z2fX;w`v;33Kp+D4;I`XW!0Y|@Za4;mK(g_Be_~knswW6!e%bV=AM7GrmnNehd(cs% zTQKaE6%%Yp31>uO+Dm8P*YEf1pszgo+nooMo|K>d{;DQt@#|l~zwSPHeB;1Z-$;M^ z%@^r^&-v-cJNr_<_58;BH_c9|1)q#x)a#&s-~Zlo#?`Cy)_2z&FYBDO2;P+ITW_hT z@LdQO?!0DZ>u}oV?Hxk<`TJzo4MKC70s(sP2miK838HGb&mlG%B8QfaEk-Xqose6FD+n>BcsAWXlavd%~1Pa#XLD*QQ31 zPj!B5|(sy_;f!Sa#chDtslTS_U;J`>gA;dTu1PFs2(lP zZGzrr=dA3%0d21}Y@g(>2C9xw4vu%qRKz2VSD~)bev8BDr>u~DF9?M1`ec(F?6o~v zr8NdUgs4&bWBky5M#uJVUG7_oG?St=3+t@1r~CFUG8DpycqDqBAz%&du6{S`GwHq~ zA(Kd9P@!NpNA83{UNPsHXpw&h-?cY9&hRvo!mo2lj8B+NxIo3$&k;l~;Cb{E%oBH3 zJZJP_exL}E$c9FbMdC0=75~}c1RUwqq2tcz;d4??RopzXH}Ylc1!+}*xak=99FLO7 zC^x#Zo$Wh;zM?5&^^(4pq_yP}hlO^-C1v-jKh`f0^0a%jA^j>cu#w2y@3(%Le>`Hh zsG0teZ=0H>%d8FTXm@Kj#efxct&a8$tY_QUY(ZexCb#wmdX}IfBAvoGjTqI0>52@X zC+nMoM|!aX?VZ~{`=RfQOLach>{?a;!V}+h$oSsGB*=qFk)%ag9)B zTJcIj-`I-)Tdk7gyP1@`-}Ud`I~ikmUfXq1LP14w`C9YmFGRkxKeBf=WgqEvrj-}k^8GlvUe>9>gV%1&lYqblm zXi=z6@T|G(zPPYJtXNHQAhxqA0fDYvq@q7}f9CnmiT}-iF+Q*{X=P<)+dh}C8yMEu z&M{U!2fO;zV-CBCg*9W0wmT)LXWb3H0Qnp5Y-uNXKg+A@4c<>#D=Kep3Z*db0yn2- z-?~sFadSkPadvWZdn-OPQB2R8)5MvX%-c4N6q=yd@2@Re?Y;=fMH}`@8MQfVZbT@d zeZBxqL~U!_J2tQHAZj|q)#tHZ%_Du+bll}*X?Iv(jk=Xjy#+m{uaUOX*7{%qv)Ucl zj+xxp3qvE-mF-dNn>CWaA=0Dv@$|KmAW*5dUd(KR#fcSrk<0)Uh)h3=1>P1q+VyGg@k-GG6eYmgOWY;-vi*D_kT>CjCok^t#F5 zR$usAd~c*k6hxEKz!=!3ANcx+@GFEANX=i+Q|lhO>o*ABbulw&iRn9= zn1kNT#E>7NZWFfL%V!~;9NBg)1G%o~5#TQ8rsEXnXZQK^`O86Q&SQ*94cb|SXoHuH z6JhUvjI}e@cGc}S%%YR6=r&p4C~D0^G0=E#SZtUiibjWy=ZP`4^*jeLi$>KIq`!%b z8LCHL($Z%%>Ac=kqt#)(J+Fs<-WORlN?qCUkG(9{S?x?S0Np9c_=OZo(PIpW#_V`1;*~DsFz&Pp|#b@MNNvKwVvpv zgC4e<#&S=7bOz{rgOs?@{dHh~}z@$cv( z5Bl?==3Q%@tx$uCk1IsRAbU;V+@ugPgic=4th+r5X05g6j z?a)2xi+-+3{GBwCa$Ca`6#>Me(TjWW>5hzli^Y+hB~p$96}kN$OcnAcGbMi- zAZ#WL?Z}H23`JIDK0t3ucy1VN$A9k7wb$Y39f3ovv0>1>oomG`Bdz`H-b9H!44gjM zXD>MtZEZ!)h3E#YPIu`~Bq8Y4Y!d*;%va`0JU33np2kDCPe>n6c&r!+y+6O};a;#+ zI~^u^jeR|pxx19QY-?r8H`<|m9(2fu<+(ap!XE70McA)Pfj}=&Y5@*=JS2E(f$59G1Kw2>BJ%#gQ&|!f?Fd{TV&E#=9k)NRfU^G zyXr1Dl1j0SJT5Vw;O?ehtSqmY)MYC|we*{IwdH5qfo*9=(hXo+35(4O)vflGyYlGo zrFR7|PCf5cbs#Pwt2Wki={eL-X)}@%cm&x~2H&*7^;Zq49_!0GrG!hS2Ha0Vc1g3d zL2n-tmu-#tM#~SD%Ia6wrYf)=%rKo*qdxYxPcpWhRT)~QQ|MjM_BW$j>rwRYT6BDS zX!m8~n+*L!@l>hvG6f1GADN<6yDU@83dr{wZ_Wt@o*z#R_PQB z3-R@XXzi%n^)#lTHyny~$OUW-dbx`VfM>7t@^;c1kAVOMli8pP1|)UcJBFNmP*}j=gB8K@w-7k zlIY19O)ST(*%v=BU6gW1;6}Dh})R!%}a17k|-T@(Qlk?Mt>Bq zT}w8~5Wzf0Lry07yDWte4dIBMSOF1Qtq5eUHVJ}P3>$Uf9M%Al*tO(6YEKp%+c-Gh zVMu5vKp|zT3Da)Qj%^8}jnusjSoS?G=9qrgK?CrG>wo z8rzW8aA;j?=1jxV)48KYDQutRn)TlL@1odoDH`WonAZ2&B`rcJVnl&|T_{{nGvq4=hY znWS5uB5Nz1?cCCJ&6umelp_|UU``(8-TjgBjoG(IY)%0-9@%+{k`0Q>DH|krXQ}Ed z(5IqJlhEsh>(P@xjJj0{CMR3Xn)qB>$q8R882AS7iO#90 z<>@8}eD!Iw9DBD(GYkR3$R$w`BQ_~?yG>VIZvoQnf(^~^04x0{s73?l-|ANh!^!V{ z6kaljwhIfT7d6x>i$)~3GDx~vxE+C$eb`1z(E6*8)C$x?HwlDX#MNM9a1=byIk>%Q zS;}~RmM$p`gWF$s8)h*Tqju+v*d{)m09I}deE87zd)h5WVNFPn7H#SZ{hl-ad3j*F zJqY9_W|D0@r=se?K7pS9ZF|}Z{A7wj^>TzIpE2QiF{1_y z)de*T5~m1)M$B~QX*JXG%7)tP{4nQhh9%VO&@ugT>gM|`zjHa^$4K{OJ$)68u1X8g z+mtP9;i6NLBvJ{1z2FQsMwuX8xc&}2S6o{O>u>F8goW}Ye#_D-2sG~Sp4=^QavQE_QCih$S@fVgXr-T|fD(P(BglNsC^rwapBY`f?+9KRPeI?qGR~rJ zfXZtY8s;?@xfrabY^Pu={SjL@T7&4vdd4Vg#wyB7QhXK#>m}SXFP`()y0->qPK9Ca zf)|)6;7%-yMF>_}DCpu>T*9U$ROCly`d;!H^;X*4+SWOqLki#q+736|ur^}ahw6i* z#9Lsv_p!934z#7<%`We^){l$37riZ)lVcms3@#nX7cHXE?1NbVf|{V=ULVUM)66Z9 z%kS64Dd-?i$i?l9ykzi>E&5y{Qr-nRx}VXQQipo~;p% z{*clJ3N5TYQGEuKt`Ax6ogj@{Z(`DvRCkRo1#ic#>mk0+iD4O=;pMSAj1YSd_!-1d zcC7bp50pic?0DM7S88&|37Mwf-MeLU&kAD~8a(DFn)KtyVN1TDLtP)@FFw0a4F;u~ z3nED$bB71~FXlS-W z;qGkKps0UWM`CI^s%`sOCU*OyME6v@92N1BM(DSVN%{ix&g+4+YG-rUl2h!LAkaK? zcP-76#gA3RL+UsSu(a{zHf=mm=G^%%WvAjg@E;KhMz`{cyG>%Jay-UCPYCv38f4Z%q1fd(Z4)+pU54a&o3`u=1U!bM^k`x*CdtROAr0hPl+b2!N3|$Wr&zDGO9~9VRK1_>$D{ zrFn`7N>vGeM;IhZL+b!Hbhjk-CU5&ScBX!yEZP7unXsy!7_SaXNMRQ;R9tCt30=g$ z=Y`8~-jcI*AF4vOCUixhclLuck-AKL^hcjzMnvSwh>1t&sU8v4fiGBM(VF%jMh#QB70v8RXr5onjq_rzrR|i+Bx)=IU7R6RF z$tV*q5B~1~$W)Y|D$N!^!dJfpq__P}kcx|%ugp?x0&Y_n=^@Hek>n>=q~jS0A)8*% z<+zc*nuiKS%(NnLa1UZ+aTkF`nzb)oswC2%R5_~bX#8>k!FShz2*f~Ymb`4lcqzH7 zm@2IrKw7`W>rHKHS^nFc3TNPV>ER{n95?tA02{4CS1aX&8B~aIBz3wh43zAd9@-2+ z=<~$0X_3!Pzt|B+{|1JHe`pu36;xSoL?yA8&I%Zn5%v<}?oH*&atN~v^G6Y8U5h0~ zyh@eh4S8%ZA!*->TsVEPw+CQ-8E^^0BZijvs7@IyFVQZuXY z7uE*?hDnpTI^K+L{XUVjvjBWM1tcCKXnadzSCy1Zrn$bxQ%qBJ(M3r64w)(;vBtmr zRlVJ}ys}HVSjYByXMMZN*tI1$=bK~c>TY15N=dv4+^qJG&ni`Jr#4~Hc7jRF4|6jr z_v1rKl5s~H`n_~ArES-5)r*&v5TLQ?4jaFB?>nWJ;mUNfLG+kaDLDsQP!yh0@xfEM zyj6FRrWZ@7)6w4fR=w&Kd4pRVbPutBubwp-kr5QZo{EgP8j(oENK-DVdLSKlzC))| zhssz`n6FrcX5~3Q2vyZ2+ux1eQN%;ctX*y2M{AZx0+adr9J!k;fJAcEI)k8m`a@l)GYxwVxR&#z89%89<^(ewh{|Oj3 zE}XOKelJ|=`+{$S=1g#Tk7HUdK)|gC6)UjQ`nV*Wasokwnn}`ID+r3;S!VWP$t8d4eq&LUL%wm`}3Qa$l($!u|*A*12KE=X2WjyAfyD5#1$ER12nEhsgy zhF7Hs>u6Xdw1j%pbCaEbqKhV%xC zdnn}=p%Gg&?b(q%e1*`e=6a6u%DvbU$Y>jCe%Bq})!w=8`e+FOOR&R@)#w1NHW%FF(e>@8DQO zDEY>QH9-orXjjn82~?HEbYRjRG~_Dsw8-DV}?zLu0EGOJ!{^NW7TJBtN z02BZl;W{^VAlQCJI=A%f9gs?I3RU<}PFp zWr23Na}SJx_V1+y05*>^QBJv$Ge3SRmiLZpBVMcqMecBG`BzPft(M;;eI_&S)iI=1 z>DBtDD-Nns$6ETk%dnFd5s9jv0M_ociBcNbjKst_`#cKr;5RB%?EcE5sA;jd(ga9+PlRm9DMjz+BT2rNPoD8Q1C6EckeDw}3ru+zA zL4JgiQok>`aCxILREbPcmLtbput`n!ZHRD;RyaO>Aa*J+`U`pZi%d-_x1_*=ti!rS?QOCAr zD!Zf~kg&w5csDc$nIjHbJQk&jTsT?G8bxVo`42^F``bqXd4qErJx`cvo_FQEFsbMD z@_i;lS-9@3T2iak`)EH?E&4uO9kem*s0|6~4zgK_JuJ+&iyhOy8BATXS%NHIfRM%C zx{NP$)9R1!p6p1ek0xX*ihyt^AKh1vv}3v30*r41EJ{J>)je@L{MYqV?uU1W=fl|R zTTPV~!Hj3%C;+msB6D_mzP{(GonG7Q;E2z^1VoJUtfoKPmn(%&x`yL;PBN!TsI*2t^l>y3MgBqVqDOJQ=oSf_DRoUES z6*Umf2JF1c3R+(e9BV;a5y#ek_BZh#Z!=5E(|hudGP3>6`>)(Lpw($qZlKD`utGZF zcDJi?vCV3_7Wq~gw?fbIrmqaX91c{3aHVf7aZ6*-4flab#=7}IHWo8;GnZpiqJ4xOQ~&yUAZ`qe7y)T0@b{e z4-GCy-ut3g61Dlb3)#CxY=$2z%YxBMDcAv>D&TfkAKVoWln&8{{ph*WIjBAk#c28 z*3b~v1+@9(NufS4_8HlO8?0k)>^pCY+ptfy9rj1O=GbM_UCc6p=zvv^OP@1nu--lr z7pTyZYf|6-r^6B2FqHF=bvWApWz|pg?z8wjxBgyIdvOQz$?EE86K-Q*S_sLYm~}x0 z^er?`YAo&p`SdN9d6rKVSXbU-u{SvF7boi-W?oNW7M)dqvV0C-bt3?&+5g+`tIu*# zEMxRV@1`7fw<9zCqlH=9qf-s;R6%i2#ri?`%P==Op7hXG`$pcvIGoT7FNID}Y*sJ1 zS^8!}U8N*~?QpTrb&;N-cb<*_NwI&|FFMcN7@bW&(!3(ew(XQ3JNHoFI!~h#T=L0~xa_dG)c7|RylDJN% z7m)@|rW}6a>M(^4I827Il319`TY}>JaTuvlGW?^j>I6|GB;=*-q6jMHgi1m`M7p@Jy0uz zvq!v_)2?ZluwM>z)_U){>Vz$O93LX4?8#amu0h}y^*YDZ-mE({Je?l5X*!OrzW}yk zJL>x>B|KP7uLbghP%=N#o`246SgxB-W&CVv!;hjhOS0g{CE)GHE_9pLJGWLE97{xg zWwdgo?>R;%^bo9kttnI>_Ohz5N(jGlg#T`!^fMXydVV@FXgQY~`P0n$gI-|HjGvw3 z3%92fPOlQzI}(hVn0Ljgn_szZ9XoL4CaX*<`IM0)zC++>x~lVDrc7rc z_n_MTa@T$*tEz)wybbs(BXPv)_4g|UReZNmW~4Jm45as9%4|I9;oOz5JPc-heF~EW zC=qjf+TIgv)P5T**TH(6}t!_gRt-A~e?d~1gJyY+Xhprlg(kyTjwb^zpuuemH z983#4m|ffIMt1Pz%Pm`64MyT+ov}{qSL|rZT|wpR`#^WH7j@`FYfPdAAlm;yQU-@l zo*s1WE4Z&+I*uFSZ~%0=dq4IAVcOAvr-7?TSWD@$T>_o&R$B!Rd_Lvn*TmiCqthFNSMfAfKB zBXWhgWcMvM*Aa1537$sV_2`K{4CFc2(ht4_L!RaOfip z8|Ey{6=T``1^D5R%pInCcg=@>7_|pY+@KpzYC_2PvC+{#3q*>@stHO+ZkKy;6_=*Y zICW5}p>|=6<}m(eBS~c0mAHYo^^5e$8bk}SGdBy3vUor`^RLN6anRfBN!xC_Hj@G< zKx_i+#qDMU{`HeK>9GbUL50#F%o!k9eREIWXZ`U1ypVyg)ZKv0H-XVjR+N@bKO2ho zu5wm)v-C;l-K+ks-qBUjNb(@-ICmAAbfUs}HKwP*aiSs1&ZUS!oeo=cbXH#8iW)s$ zyE^~)$$WvkI%u@)dT2k(RreG?+Z_xrIOjck#5+qxv=KTN5c0L>wL&_MpO^jSCJ#)P zec>ss)_l6ISy|pnwny-V6jsYWeIi8c@qK^6L%<91!pdmngn@TGhP0od9y&Kzw6ne4 z8lo%v$+|GLzRluO!}CO8t`(eItJs^%+dc3|WYB{Xr%nJ6^pbZckF~k|H7MN!xQ@@E z-KTmTrul~jLgQa}8V3K6>@rL)dKd#D++Mp^cU@XFjbo%5EfL}&n8{rPl)SyBUGZ6k zt8M<6pWP;G%@&L<)e<*tjsp@M&|YGEk*({(+mRa?LiXDpYn^-RHH%{;2SBUK=z5{z z=?jqC|7F1~T3LR?N^(PGzT__g65Gq|gN-*aaFmJ_B*S5=-7U5pjSKwQ)OI6^7Ug?; zGXf`2*wle0Y9By@k!=#4JALE25}?rw>#hu%hB<{G^z)l2=KD`nt^t)jb|VkwAd*|BEYw9&Qn+A!5r+aiEHVtMp85i!0le&wyJYdkXvPo`f+%fgW-Q$cdF ztv^gwXB!%&)!((0UcZKw?4Kv(mAODtN|bYb#nl`iI+nOGt*eBi;CoJ-pC2xj&Tq(c zkDIR7I|AGsu`3ATs836^8J4G|CX893_a1qFqfX)_T1hEv^f>R)1_t14wFjd;as5Sl zqOo=e5X9HDQfGR>F}6v$h8LsxD{r)%4c{)kMz(~%Sq+x2mFbmDZEv#g(AH_aS}E7P zVH0Us{S}}V=@JoRiCuPzazkV(#n9MLis{`;NwdxaJD`VYPFBPzc~q6;q(s8E%7sa1z}7=l24Cjho@D(3wUj?T@>!QkD}^%m*- zgKwO_mYB1YSCaS7>kYcBUHsv>uY`>ioUpBipTD0bemU$?TYG&WEj`W2fjFC)WPKI~ z=JlThRh;v%iXk?kpotDyI1EEWSx{}2&!4HE|>gm?Q4lII}QNw`+SKr4~ zgS>5sYei~)YjFqP*NzKl+>Zw_X_$?QwLW${dvnZjte&7a+4a?&iV78#XOM-PnhydL zDlHG*#HzA`@KC2*rv8gath^r0B5jBI)VxaNO{88JZuKE9ecQiw+$`+5c7CNdr=3}xSFB+Xu)?hn2X1keGK=A(GT9a1&7M>iJm?}rZ$as)hR<+7CGaX!JW z)jU1op2dzaIQx>mbb#p7g^Sr$P?)xKeR zD?OmDF+jVl@n$`)YiYEO2%X>prM?Givkhh&Ov6VqtW6T^-y?jv_kXn|0H>9j? z9R{hr0j}dyJO{mXnIriEG7Qk-y#9qhuke4-i1s?Z^ZL(f(B6K3`)C%Mfs^+LeQ&H2 z&5zXCAdGt=SBn5bW3R2=k%r^59oNRDol(@+X}~{JiPpg5!ey zW2~e8<1L#)08;!{Yk9YniIUr`tSj+av%~5!WmFDrP8`(ml(>w2e`VsnNdb-A9gR2q zz9LbT+7#W#`S!`s2`$n_J~FwGxxz7d*;hhuNgeIAh7;u$uk>sLRzyR{YVW0tw~Sc| zm=cD$q6u6pc0fkGJ;0ijziKO*&lXp^@F$lbiaN&b{9HHkzK_p|fG5l0{}Z9cO|Lx4 zfU*|$9SUi$5BP%#E)bw5EIPLFsJ_UZHw2ER9ZwwZuc>;xabf-h@d3&m1@LVzG3&05 z?BF>|G%)}NXdi8ubCFzeW=cT`wtGqxUE7-~5uz6~zI;1qd*YF@NpO5oKsD~8#SzuN zRZxQ3>~gUPG2)rFq$MYwyE-m`@ zdP3paLUuz5iuxg4t39t%;1qom7d$AVL?CRp{zVAFJRlHMLMN5=YwFmTXz+I9`L+iY_wyXsKdZ{% z@Ug4u>-MQy-Sf3QJ&XPA8~G^r_2&qQZ76Eu`s(S!>1P24qobvDOV#N-ThG2`zufbc z_}paG0B%8o>Q; z;FN+k>P^@)8F%MYVQI_L^*=OSZ2LiH{n5&s-}OkzvJ1s#Xiw8(TI$U3LiWPbvd63ox;Kl6Qws$cAa@%VXD60;v0mt%zwS0Q8- zko^os1Jf5+_Wbh4ZXN0gYl&p*Q&#mEKoF<)J^ytBvtfnN?rHjhW%K8j9+K>oNrwbR zqr6xrBKq)H^Kd@p`F~UC;apFKqhH?55kEyND5nQ22gnc5y}Igvnz|dZXDYvGodEp(y;jf;~c z`EkFks||pWZt5JRKj(GO<#4EA)@eU;=HnNHC}p}Cd#myI9lgPY(P~d1ER{u=OT$Zt zw?<@3%F9{gJ~ungmlFpY{`iD;&TGtW`}; zKhKX$36L1Kp^_i(2eQwa+jf8%g!@3;6FFDggW4__T=742Q$FCNexY7YWp*P<>yu+H zzTDu3!6(ODxrD3S+tD|GWA3RF-1R>?=B&PzRmB}8cLpoWOAopz5ezLTU!AwkSs3G- z!Z_ajK3gNZpt3C~zx@=peya%r<=epha6}G%&8hwvTT`;#p&%0gHMf+{Cb{s7M#_}_ zK58`vGI#Ofjext>%fiL6%60p+y4s3{({-FA?p?F&cyG*2%tG_UH!($NBm z+tKeR^DM0diMxQ?w{{9pBN@oUTiJ@iG*52fhnRM#`Qf34{Y!d(AV~0-z?VAv_>)17 zV0hs_803Jp24;Vl;slI>ptYVC>uEqKu*!Jmk~Z~BM(~P1^Dc+^CMk5Nh*W#l7GW0T z>#w^|fXZ5vcx%ma!z}exGt22U{o01KkV6X``1#ZoILj$I`QDM2miY@lPw68yoLLym z_WjE1&4|Sbs=#MeRNliXnlAUrEzW#=k|zeb?9Cs(1X&qS0Oa5`K`?+{45c8CmFv8! z)SdZ+b-I0F12NP4^}C2${q3vyMrm~ueQWH>0Q1e_qN$%S&gz~h+a`$Mf%=`6ngu$n zvrM|Me`ARNom96|UWS)NWT?s0N_=FP$K{+&P3uSIZ0*I*JATS_&C`#bDmKVg@<67h zQLVZ<8oOfjQ(1szULVXw9_KHemvks2);7xSC1=s?a>NIIt-A0+K`HbQD6HIilG~V; zbRD>N9nMy7GMYNayv)$3+XCsFAIAPR7s?jNd)Gb{Q9{L$V_!e^e_eU8`;D!5T|0}1cTeq;%`j||*ZYS=@_+9^+dKcg0w-xzQLKY2 zYBpBqa#uR5=}Ml zSxP(vuhhrFJ+6m=w`pEuCCn%t96&FbZ$2E8mPr&VE$M46d+H2$1o((iPT^YjtaYYs zYFcK4%0yP&EW=fgC|Ca>u(WbAk!=T5TraPT1y>^rPMye73}|f?4PG15cAi~szE;?f zZ6Y3Ut3j!xzaQYohQ1cPg#*yA=&k4=$-a|1T zZk;1tlPp;!uavADxprTUjDZ4WS=$7 z)x;Wxp)j^56f2|4)QLC8xek$4P6=z72bdMsz575f)qrTOMZ;6|(!i-KZ*NaJxjf{= ziNb~#3VamL&pxW6+i`4U{I{`SN}bD+#-V7RwRc};DhWQGOdQYTB10((Hri;t8YbN` z2Kllkbzcr`f8O2u|V4&x5+Y5;W{I#=EHy$R3XgXuemufBms8b={2A|D<~ z65jxf-hyDA?j>bdpMd;JfYZFiaHFIxO&jN21e4lFJlGN|(#&rDLEyraOB|8C)-`RI znvk|X*nMLZN{EP%A!b2)lzb(|sq=uz=9B$(fAEi;FXDqARQ9gfY?VQ!8q%?ppjPN) z0tepSJKa86I1Q{OJ>KxioYGJ4B>skR@P2FumP{0TX{lKrEyo`mP?(5tj99p!qY-{( z+;0w#H$xX_C`f zcKEor&6K}|;oee7HDpft}7!W^HL)t}SR)Xv!$Xt&rB|4_PG zLk{z%2aEujlr$Kj`*4G+ezcoUaHF~Ux?&_W;#Uqn%XFhpmi~`{l5}{749wjoP?Crn z`PtO|lk?~3>@N@RN^lN1X0eObYzb=q>R>E8g3v74Pl?IuLbaH7LCUL?{VBQiUDLVv zc;snme4kXAq2lpylAbqK#J7{hA_e#~cRUg*FHx?&eUit9<+UpDQllb4j)@uVVntpyBg^Es3 zo`?T6YC7@OK&x@^vHg@ol9;^tp&9+Sz(3p3%e9wm;UCgFA7_EYgPpVfe*z@eHMQ?4 z)zzO^TL^qw^jC`^LbZ@XpQI3EkN9KTzktfJfBVUiHM)ZM4koSU-+Xbty6nY+SA|9fqXve3-*0X8cZ|->%I2JF#C4@^H2Vq c{b>iC6L~PwdIuY^*Ui+}@~7$_@BID$0tlLDoB#j- diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index e93cda74b1..0fcbf620fb 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -115,26 +115,11 @@ In order to make it easier for folks to follow the execution process of the Star * Name This means that if a resource instance defines both DisplayName and Id, that the DisplayName value will be used to name the instance. -## Logging Improvements to Include the Instance Name ([#3091](https://github.com/microsoft/Microsoft365DSC/pull/3091)) -Starting with this version of M365DSC, drift events logged in Event Viewer will include the Instance name as their source instead of just the full resource's name. -![image](https://raw.githubusercontent.com/microsoft/Microsoft365DSC/Dev/docs/docs/Images/April2023MR-EventViewer.png) -In addition to this, the M365DSCEvent XML content will now include an additional property for the ConfigurationDrift element that will be named **InstanceName** and will contain the resource's instance name. E.g., +## Logging Improvements to Include Non-Drifted Resource Instances ([#3091](https://github.com/microsoft/Microsoft365DSC/pull/3091)) +Starting with this version of M365DSC, users can decide to also include informaton about resources that don't have any detected drifts in them by setting the logging settings with the new Set-M365DSCLoggingOption. E.g., ``` - - - - 192.226.137.107/12192.226.137.106/12 - - - - #microsoft.graph.ipNamedLocation - Nik's Laptop - 192.226.137.106/12 - True - Present - System.Management.Automation.PSCredential - True - - +Set-M365DSCLoggingOption -IncludeNonDrifted $True ``` +These events will be reported as Information entries having an Event ID of 2. +![image](https://raw.githubusercontent.com/microsoft/Microsoft365DSC/Dev/docs/docs/Images/April2023MR-EventViewer.png) From 1018c12ab2704cd9c022db7fb44971f98309b8b8 Mon Sep 17 00:00:00 2001 From: Adrian Date: Thu, 30 Mar 2023 16:15:57 +0200 Subject: [PATCH 087/187] Update april-2023-major-release.md typo --- docs/docs/blog/april-2023-major-release.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index 16edd84c46..ab365677a5 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -6,7 +6,7 @@ As defined by our [Breaking Changes Policy](https://microsoft365dsc.com/concepts As part of the April 2023 major release, this resource is being re-written almost entirely to account for new properties. The recommendation is to stop using old instances of it and start fresh by using this new updated version. One option would be to use the **Export-M365DSCConfiguration** cmdlet and target only this resource. Then, replace the existing instances in your configurations with the newly extracted content. ## Primary Keys of Multiple Resources ([#2968](https://github.com/microsoft/Microsoft365DSC/pull/2968)) -We have modified the logic of all the resources below to ensure we have a primary key defined. In most cases we have makred the Identity or DisplayName properties as now being mandatory. While we don't believe this change will have a major impact on most existing configuration since they probably alreadfy defined these properties, there is a small chance that customers omitted to include them. The recomendation in this case is to ensure you add the new required properties to your resources. Resources impacted are: +We have modified the logic of all the resources below to ensure we have a primary key defined. In most cases we have marked the Identity or DisplayName properties as now being mandatory. While we don't believe this change will have a major impact on most existing configuration since they probably alreadfy defined these properties, there is a small chance that customers omitted to include them. The recomendation in this case is to ensure you add the new required properties to your resources. Resources impacted are: * AADAdministrativeUnit * AADConditionalAccessPolicy From be4782e1c8d59a3d091d5fd35df4a2320494ab72 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 30 Mar 2023 15:22:36 +0100 Subject: [PATCH 088/187] Use correct EmbeddedInstance Use correct EmbeddedInstance --- .../AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 index 308bafe5f5..627d151cb5 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 @@ -34,7 +34,7 @@ Configuration Example MSFT_MicrosoftGraphScopedRoleMembership { RoleName = "User Administrator" - RoleMemberInfo = MSFT_MicrosoftGraphIdentity + RoleMemberInfo = MSFT_MicrosoftGraphMember { Identity = "TestGroup" Type = "Group" From 0c0e4a1500c279f2e230c3568f0bcb3284de8760 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 30 Mar 2023 10:56:46 -0400 Subject: [PATCH 089/187] Fixes --- .../MSFT_AADAdministrativeUnit.schema.mof | 2 -- .../AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof index 039f2ae884..fbc5e20c82 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof @@ -9,8 +9,6 @@ class MSFT_MicrosoftGraphScopedRoleMembership { [Write, Description("Name of the Azure AD Role that is assigned. See https://learn.microsoft.com/en-us/azure/active-directory/roles/admin-units-assign-roles#roles-that-can-be-assigned-with-administrative-unit-scope")] String RoleName; [Write, Description("Member that is assigned the scoped role"), EmbeddedInstance("MSFT_MicrosoftGraphMember")] String RoleMemberInfo; - // [Write, Description("Identity of member. For users, specify a UserPrincipalName. For groups and SPNs, specify the DisplayName")] String Identity; - // [Write, Description("Specify User, Group or ServicePrincipal to interpret the Identity")] String Type; }; [ClassVersion("1.0.0.0"), FriendlyName("AADAdministrativeUnit")] diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 index d09f4fdecc..50ce8239c3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 @@ -44,7 +44,7 @@ Configuration Example MSFT_MicrosoftGraphScopedRoleMembership { RoleName = "User Administrator" - RoleMemberInfo = MSFT_MicrosoftGraphIdentity + RoleMemberInfo = MSFT_MicrosoftGraphMember { Identity = "TestGroup" Type = "Group" From c32c106f49a134894c0fcbf46114143ea6b14ef5 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 30 Mar 2023 11:27:21 -0400 Subject: [PATCH 090/187] Update 2-CreateNewAdministrativeUnit.ps1 --- .../AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 index 50ce8239c3..2397862c97 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 @@ -39,6 +39,7 @@ Configuration Example } AADAdministrativeUnit 'TestUnit' { + ID = 'Test-Unit' DisplayName = 'Test-Unit' ScopedRoleMembers = @( MSFT_MicrosoftGraphScopedRoleMembership From bc413d3a59c29220f69dc297ac0931574c9410ee Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 30 Mar 2023 11:57:42 -0400 Subject: [PATCH 091/187] Update 2-CreateNewAdministrativeUnit.ps1 --- .../2-CreateNewAdministrativeUnit.ps1 | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 index 2397862c97..add5f150fc 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 @@ -2,18 +2,6 @@ This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. #> - -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsGlobalAdmin - ) - - Import-DscResource -ModuleName Microsoft365DSC - Configuration Example { param From 39d3240c36a3f30d3063bdc1c6c64ff0e56bf5ad Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 30 Mar 2023 12:33:27 -0400 Subject: [PATCH 092/187] Update M365DSCUtil.psm1 --- Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 | 1 - 1 file changed, 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index b5fee1cf58..8ee63d8aef 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -939,7 +939,6 @@ function Test-M365DSCParameterState Add-M365DSCEvent -Message $EventMessage.ToString() -EventType 'NonDrift' -EntryType 'Information' ` -EventID 2 -Source $Source } - $Global:M365DSCIncludeNonDriftsInEventLog | Out-File 'C:\dsc\result.txt' #region Telemetry Add-M365DSCTelemetryEvent -Data $data From 0c914a44fc931ca73a08c746cd6c0908fa8c6fdc Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 30 Mar 2023 17:32:39 +0000 Subject: [PATCH 093/187] Updated Resources and Cmdlet documentation pages --- .../resources/azure-ad/AADAdministrativeUnit.md | 14 ++------------ .../cmdlets/Get-M365DSCLoggingOption.md | 15 +++++++++++++++ ...t-M365DSCNotificationEndpointRegistration.md | 2 +- .../cmdlets/Get-M365DSCTelemetryOption.md | 3 ++- ...w-M365DSCNotificationEndpointRegistration.md | 2 +- ...e-M365DSCNotificationEndpointRegistration.md | 2 +- .../cmdlets/Set-M365DSCLoggingOption.md | 17 +++++++++++++++++ 7 files changed, 39 insertions(+), 16 deletions(-) create mode 100644 docs/docs/user-guide/cmdlets/Get-M365DSCLoggingOption.md create mode 100644 docs/docs/user-guide/cmdlets/Set-M365DSCLoggingOption.md diff --git a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md index f1c05a2a84..0cc27c56d5 100644 --- a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md +++ b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md @@ -111,17 +111,6 @@ This example is used to test new resources and showcase the usage of new resourc It is not meant to use as a production baseline. ```powershell -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsGlobalAdmin - ) - - Import-DscResource -ModuleName Microsoft365DSC - Configuration Example { param @@ -147,12 +136,13 @@ Configuration Example } AADAdministrativeUnit 'TestUnit' { + ID = 'Test-Unit' DisplayName = 'Test-Unit' ScopedRoleMembers = @( MSFT_MicrosoftGraphScopedRoleMembership { RoleName = "User Administrator" - RoleMemberInfo = MSFT_MicrosoftGraphIdentity + RoleMemberInfo = MSFT_MicrosoftGraphMember { Identity = "TestGroup" Type = "Group" diff --git a/docs/docs/user-guide/cmdlets/Get-M365DSCLoggingOption.md b/docs/docs/user-guide/cmdlets/Get-M365DSCLoggingOption.md new file mode 100644 index 0000000000..aafa7ec251 --- /dev/null +++ b/docs/docs/user-guide/cmdlets/Get-M365DSCLoggingOption.md @@ -0,0 +1,15 @@ +# Get-M365DSCLoggingOption + +## Description + +This function returns information about the option for logging events into the Event Log. + +## Output + +This function outputs information as the following type: +**System.Collections.Hashtable** + +## Parameters + +This function does not have any input parameters. + diff --git a/docs/docs/user-guide/cmdlets/Get-M365DSCNotificationEndpointRegistration.md b/docs/docs/user-guide/cmdlets/Get-M365DSCNotificationEndpointRegistration.md index 6c6a11f836..5d5a20ecbe 100644 --- a/docs/docs/user-guide/cmdlets/Get-M365DSCNotificationEndpointRegistration.md +++ b/docs/docs/user-guide/cmdlets/Get-M365DSCNotificationEndpointRegistration.md @@ -13,6 +13,6 @@ This function does not generate any output. | Parameter | Required | DataType | Default Value | Allowed Values | Description | | --- | --- | --- | --- | --- | --- | | Url | False | String | | | Represents the Url of the endpoint to be contacted when events are detected. | -| EventType | False | String | | Drift, Error, Warning | Represents the type of events that need to be reported to the endpoint. | +| EventType | False | String | | Drift, Error, Warning, NonDrift | Represents the type of events that need to be reported to the endpoint. | diff --git a/docs/docs/user-guide/cmdlets/Get-M365DSCTelemetryOption.md b/docs/docs/user-guide/cmdlets/Get-M365DSCTelemetryOption.md index 8db2c6dd17..e3249d019f 100644 --- a/docs/docs/user-guide/cmdlets/Get-M365DSCTelemetryOption.md +++ b/docs/docs/user-guide/cmdlets/Get-M365DSCTelemetryOption.md @@ -6,7 +6,8 @@ This function gets the configuration for the M365DSC telemetry feature ## Output -This function does not generate any output. +This function outputs information as the following type: +**System.Collections.Hashtable** ## Parameters diff --git a/docs/docs/user-guide/cmdlets/New-M365DSCNotificationEndpointRegistration.md b/docs/docs/user-guide/cmdlets/New-M365DSCNotificationEndpointRegistration.md index 15a6824766..07f88f3487 100644 --- a/docs/docs/user-guide/cmdlets/New-M365DSCNotificationEndpointRegistration.md +++ b/docs/docs/user-guide/cmdlets/New-M365DSCNotificationEndpointRegistration.md @@ -13,6 +13,6 @@ This function does not generate any output. | Parameter | Required | DataType | Default Value | Allowed Values | Description | | --- | --- | --- | --- | --- | --- | | Url | True | String | | | Represents the Url of the endpoint to be contacted when events are detected. | -| EventType | True | String | | Drift, Error, Warning | Represents the type of events that need to be reported to the endpoint. | +| EventType | True | String | | Drift, Error, Warning, NonDrift | Represents the type of events that need to be reported to the endpoint. | diff --git a/docs/docs/user-guide/cmdlets/Remove-M365DSCNotificationEndpointRegistration.md b/docs/docs/user-guide/cmdlets/Remove-M365DSCNotificationEndpointRegistration.md index b16732b904..129df8c62a 100644 --- a/docs/docs/user-guide/cmdlets/Remove-M365DSCNotificationEndpointRegistration.md +++ b/docs/docs/user-guide/cmdlets/Remove-M365DSCNotificationEndpointRegistration.md @@ -13,6 +13,6 @@ This function does not generate any output. | Parameter | Required | DataType | Default Value | Allowed Values | Description | | --- | --- | --- | --- | --- | --- | | Url | True | String | | | Represents the Url of the endpoint to be contacted when events are detected. | -| EventType | True | String | | Drift, Error, Warning | Represents the type of events that need to be reported to the endpoint. | +| EventType | True | String | | Drift, Error, Warning, NonDrift | Represents the type of events that need to be reported to the endpoint. | diff --git a/docs/docs/user-guide/cmdlets/Set-M365DSCLoggingOption.md b/docs/docs/user-guide/cmdlets/Set-M365DSCLoggingOption.md new file mode 100644 index 0000000000..12a9bce6ba --- /dev/null +++ b/docs/docs/user-guide/cmdlets/Set-M365DSCLoggingOption.md @@ -0,0 +1,17 @@ +# Set-M365DSCLoggingOption + +## Description + +This function configures the option for logging events into the Event Log. + +## Output + +This function does not generate any output. + +## Parameters + +| Parameter | Required | DataType | Default Value | Allowed Values | Description | +| --- | --- | --- | --- | --- | --- | +| IncludeNonDrifted | False | Boolean | | | Determines whether or not we should log information about resource's instances that don't have drifts. | + + From 344acc4e00c53d0c02e7035631c6dd197e6aea05 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 30 Mar 2023 17:59:12 +0000 Subject: [PATCH 094/187] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/azure-ad/AADAdministrativeUnit.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md index 0cc27c56d5..20a29d2657 100644 --- a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md +++ b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md @@ -126,6 +126,7 @@ Configuration Example { AADGroup 'TestGroup' { + Id = '4b8bbe0f-2d9c-4a82-9f40-9e1717987102' DisplayName = 'TestGroup' MailNickname = 'TestGroup' SecurityEnabled = $true From d58c9612e8d9aa1fd7ea5dd6259998fb34fba89c Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 30 Mar 2023 14:00:11 -0400 Subject: [PATCH 095/187] Update april-2023-major-release.md --- docs/docs/blog/april-2023-major-release.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index 614e140089..9e9f4bc860 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -115,7 +115,7 @@ In order to make it easier for folks to follow the execution process of the Star * Name This means that if a resource instance defines both DisplayName and Id, that the DisplayName value will be used to name the instance. -## Logging Improvements to Include Non-Drifted Resource Instances ([#3091](https://github.com/microsoft/Microsoft365DSC/pull/3091)) +## Logging Improvements for Non-Drifted Resource Instances ([#3090](https://github.com/microsoft/Microsoft365DSC/pull/3099)) Starting with this version of M365DSC, users can decide to also include informaton about resources that don't have any detected drifts in them by setting the logging settings with the new Set-M365DSCLoggingOption. E.g., ``` From d04a7d4ebc0ce51578e795f7d762bb011559b7ed Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 30 Mar 2023 15:13:21 -0400 Subject: [PATCH 096/187] Update april-2023-major-release.md --- docs/docs/blog/april-2023-major-release.md | 109 +++++++++++++-------- 1 file changed, 69 insertions(+), 40 deletions(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index 9e9f4bc860..bb9fa6f4e8 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -45,46 +45,75 @@ As part of this release, we are changing the DisplayName parameter to be require ## Removal of Deprecated Parameters ([#3040](https://github.com/microsoft/Microsoft365DSC/pull/3040)) We are removing parameters that have been deprecated from various resources as part of this major update. As a reminder, parameters that become deprecated on Microsoft 365 are being marked as deprecated in Microsoft365DSC until the next major release. In the past, using these parameters would have resulted in a warning letting the users know that they are using a deprecated parameter and that it would simply be ignored. Starting with this release, using these deprecated parameters will generate an error. It is recommended to scan existing configurations and remove deprecated parameters. The following resources have deprecated parameters that have been removed as part of this release, along with the parameters that have been removed: -* AADApplication - * Oauth2RequirePostResponse -* AADConditionalAccessPolicy - * IncludeDevices - * ExcludeDevices -* AADUser - * PreferredDataLocation -* EXOAntiPhishPolicy - * EnableAntispoofEnforcement - * TargetedDomainProtectionAction -* EXOHostedContentFilterPolicy - * EndUserSpamNotificationCustomFromAddress - * EndUserSpamNotificationCustomFromName -* EXOMalwareFilterPolicy - * Action - * CustomAlertText - * EnableExternalSenderNotifications - * EnableInternalSenderNotifications -* EXOOrganizationConfig - * AllowPlusAddressInRecipients -* EXOSaveLinksPolicy - * DoNotAllowClickThrough - * DoNotTrackUserClicks - * IsEnabled -* EXOSharedMailbox - * Aliases -* EXOTransportRule - * ExceptIfMessageContainsAllDataClassifications - * IncidentReportOriginalMail - * MessageContainsAllDataClassifications -* SCSensitivityLabel - * Disabled - * ApplyContentMarkingFooterFontName - * ApplyContentMarkingHeaderFontName - * ApplyWaterMarkingFontName - * EncryptionAipTemplateScopes -* SPOTenantSettings - * RequireAcceptingAccountMatchInvitedAccount -* TeamsMeetingPolicy - * RecordingStorageMode +

## AADGroup - Added SecurityEnabled and MailEnabled as Mandatory Parameters ([#3077](https://github.com/microsoft/Microsoft365DSC/pull/3077)) We've updated the AADGroup resource to enforce the MailEnabled and SecurityEnabled parameters as mandatory. Omitting these parameters was throwing an error since they were required by the Microsoft Graph API associated with it. To update existing configurations, simply make sure that every instances of the AADGroup resource includes both the MailEnabled and SecurityEnabled parameters. From 3d100760a72530b0f15264f767f76af3c5d40c1c Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 30 Mar 2023 16:12:10 -0400 Subject: [PATCH 097/187] Updated MicrosoftTeams to Version 5.1.0 --- CHANGELOG.md | 2 ++ Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 358e97642a..b1401a53e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -99,6 +99,8 @@ * Added a fix making sure that the progress bar "Scanning dependencies" is no longer displayed after the operation is completed. * Added a new Set-M365DSCLoggingOption function to enable logging information about non-drifted resources in Event Viewer. FIXES [#2981](https://github.com/microsoft/Microsoft365DSC/issues/2981) +* DEPENDENCIES + * Updated MicrosoftTeams dependency to version 5.1.0. # 1.23.322.1 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 599ee0d958..94bfaae274 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -70,7 +70,7 @@ }, @{ ModuleName = 'MicrosoftTeams' - RequiredVersion = '5.0.0' + RequiredVersion = '5.1.0' }, @{ ModuleName = "MSCloudLoginAssistant" From 65bce57cbd54d9fb8e9a332f5050efe38cc1478c Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 30 Mar 2023 19:18:43 -0400 Subject: [PATCH 098/187] Fixes #3098 --- .../docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md b/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md index 5eb209dabf..97249ebdc9 100644 --- a/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md +++ b/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md @@ -40,8 +40,6 @@ This function does not generate any output. | CertificatePath | False | String | | | | | CreateSelfSignedCertificate | False | SwitchParameter | | | | | AdminConsent | False | SwitchParameter | | | | -| Message | True | String | | | | -| Type | False | String | Info | Error, Warning, Info | | ## Examples From bd45ebc8b6fc6a33a4596d13c261132030a33a8d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 30 Mar 2023 19:30:03 -0400 Subject: [PATCH 099/187] Fixes #3097 --- CHANGELOG.md | 2 ++ Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 | 2 ++ 2 files changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c662191873..b8483276f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -101,6 +101,8 @@ * Added a fix making sure that the progress bar "Scanning dependencies" is no longer displayed after the operation is completed. * Added a new Set-M365DSCLoggingOption function to enable logging information about non-drifted resources in Event Viewer. FIXES [#2981](https://github.com/microsoft/Microsoft365DSC/issues/2981) + * Updated the Update-M365DSCModule to unload dependencies before updating them and then to reload the new versions. + FIXES [#3097](https://github.com/microsoft/Microsoft365DSC/issues/3097) * DEPENDENCIES * Updated MicrosoftTeams dependency to version 5.1.0. diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 8ee63d8aef..6dbb43fba7 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -2704,7 +2704,9 @@ function Update-M365DSCDependencies if (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { Write-Information -MessageData "Installing $($dependency.ModuleName) version {$($dependency.RequiredVersion)}" + Remove-Module $dependency.ModuleName -Force -ErrorAction SilentlyContinue Install-Module $dependency.ModuleName -RequiredVersion $dependency.RequiredVersion -AllowClobber -Force -Scope 'AllUsers' + Import-Module $dependency.ModuleName -Force } else { From f201c701918c4608470a1291027f380a1f4d8369 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 00:21:06 +0000 Subject: [PATCH 100/187] Updated Resources and Cmdlet documentation pages --- .../docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md b/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md index 97249ebdc9..5eb209dabf 100644 --- a/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md +++ b/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md @@ -40,6 +40,8 @@ This function does not generate any output. | CertificatePath | False | String | | | | | CreateSelfSignedCertificate | False | SwitchParameter | | | | | AdminConsent | False | SwitchParameter | | | | +| Message | True | String | | | | +| Type | False | String | Info | Error, Warning, Info | | ## Examples From ee9b4f1e1354107668d8a95db6b970af4698fb0c Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Fri, 31 Mar 2023 12:28:53 +0200 Subject: [PATCH 101/187] Fix issue if External Guest not set cause empty Odata type --- .../MSFT_AADConditionalAccessPolicy.psm1 | 86 +++++++++---------- 1 file changed, 40 insertions(+), 46 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 08e2985863..6e30048c17 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -1125,55 +1125,49 @@ function Set-TargetResource } } Write-Verbose -Message 'Set-Targetresource: process includeGuestsOrExternalUsers' - $includeGuestsOrExternalUsers = @{} - [string]$IncludeGuestOrExternalUserTypes = $IncludeGuestOrExternalUserTypes -join ',' - $includeGuestsOrExternalUsers.Add('guestOrExternalUserTypes', $IncludeGuestOrExternalUserTypes) - $externalTenants = @{} - if ($IncludeExternalTenantsMembershipKind -eq 'All') - { - $externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessAllExternalTenants') - } - elseif ($IncludeExternalTenantsMembershipKind -eq 'enumerated') - { - $externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessEnumeratedExternalTenants') - } - else - { - $externalTenants.Add('@odata.type', '') - } - $externalTenants.Add('membershipKind', $IncludeExternalTenantsMembershipKind) - if ($IncludeExternalTenantsMembers) - { - $externalTenants.Add('members', $IncludeExternalTenantsMembers) + if($IncludeGuestOrExternalUserTypes){ + $includeGuestsOrExternalUsers = @{} + [string]$IncludeGuestOrExternalUserTypes = $IncludeGuestOrExternalUserTypes -join ',' + $includeGuestsOrExternalUsers.Add('guestOrExternalUserTypes', $IncludeGuestOrExternalUserTypes) + $externalTenants = @{} + if ($IncludeExternalTenantsMembershipKind -eq 'All') + { + $externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessAllExternalTenants') + } + elseif ($IncludeExternalTenantsMembershipKind -eq 'enumerated') + { + $externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessEnumeratedExternalTenants') + } + $externalTenants.Add('membershipKind', $IncludeExternalTenantsMembershipKind) + if ($IncludeExternalTenantsMembers) + { + $externalTenants.Add('members', $IncludeExternalTenantsMembers) + } + $includeGuestsOrExternalUsers.Add('externalTenants', $externalTenants) + $conditions.Users.Add('includeGuestsOrExternalUsers', $includeGuestsOrExternalUsers) } - $includeGuestsOrExternalUsers.Add('externalTenants', $externalTenants) - $conditions.Users.Add('includeGuestsOrExternalUsers', $includeGuestsOrExternalUsers) - Write-Verbose -Message 'Set-Targetresource: process excludeGuestsOrExternalUsers' - $excludeGuestsOrExternalUsers = @{} - [string]$ExcludeGuestOrExternalUserTypes = $ExcludeGuestOrExternalUserTypes -join ',' - $excludeGuestsOrExternalUsers.Add('guestOrExternalUserTypes', $ExcludeGuestOrExternalUserTypes) - $externalTenants = @{} - if ($ExcludeExternalTenantsMembershipKind -eq 'All') - { - $externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessAllExternalTenants') - } - elseif ($ExcludeExternalTenantsMembershipKind -eq 'enumerated') - { - $externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessEnumeratedExternalTenants') - } - else - { - $externalTenants.Add('@odata.type', '') - } - $externalTenants.Add('membershipKind', $ExcludeExternalTenantsMembershipKind) - if ($ExcludeExternalTenantsMembers) - { - $externalTenants.Add('members', $ExcludeExternalTenantsMembers) + if($ExcludeGuestOrExternalUserTypes){ + $excludeGuestsOrExternalUsers = @{} + [string]$ExcludeGuestOrExternalUserTypes = $ExcludeGuestOrExternalUserTypes -join ',' + $excludeGuestsOrExternalUsers.Add('guestOrExternalUserTypes', $ExcludeGuestOrExternalUserTypes) + $externalTenants = @{} + if ($ExcludeExternalTenantsMembershipKind -eq 'All') + { + $externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessAllExternalTenants') + } + elseif ($ExcludeExternalTenantsMembershipKind -eq 'enumerated') + { + $externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessEnumeratedExternalTenants') + } + $externalTenants.Add('membershipKind', $ExcludeExternalTenantsMembershipKind) + if ($ExcludeExternalTenantsMembers) + { + $externalTenants.Add('members', $ExcludeExternalTenantsMembers) + } + $excludeGuestsOrExternalUsers.Add('externalTenants', $externalTenants) + $conditions.Users.Add('excludeGuestsOrExternalUsers', $excludeGuestsOrExternalUsers) } - $excludeGuestsOrExternalUsers.Add('externalTenants', $externalTenants) - $conditions.Users.Add('excludeGuestsOrExternalUsers', $excludeGuestsOrExternalUsers) - Write-Verbose -Message 'Set-Targetresource: process platform condition' if ($IncludePlatforms -or $ExcludePlatforms) { From f3fef141551c1197349083006ba141cd1722b4cf Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Fri, 31 Mar 2023 12:57:04 +0200 Subject: [PATCH 102/187] Fixed #3024 and #3075 --- CHANGELOG.md | 57 ++++++++++++------- ...onPolicyAndroidEnterpriseDeviceOwner.psm1} | 0 ...cyAndroidEnterpriseDeviceOwner.schema.mof} | 4 +- .../readme.md | 6 ++ .../settings.json | 38 +++++++++++++ ...onPolicyAndroidEnterpriseWorkProfile.psm1} | 0 ...cyAndroidEnterpriseWorkProfile.schema.mof} | 4 +- .../readme.md | 6 ++ .../settings.json | 38 +++++++++++++ .../readme.md | 6 -- .../settings.json | 39 ------------- .../readme.md | 6 -- .../settings.json | 39 ------------- .../readme.md | 6 -- .../settings.json | 33 ----------- ...orBusinessRingUpdateProfileWindows10.psm1} | 0 ...nessRingUpdateProfileWindows10.schema.mof} | 4 +- .../readme.md | 6 ++ .../settings.json | 32 +++++++++++ .../MSFT_SCAuditConfigurationPolicy.psm1 | 11 +++- .../MSFT_SCAutoSensitivityLabelPolicy.psm1 | 57 ++++++++++++++++--- .../MSFT_SCAutoSensitivityLabelRule.psm1 | 33 ++++++++++- .../MSFT_SCCaseHoldPolicy.psm1 | 46 ++++++++++++--- .../MSFT_SCCaseHoldRule.psm1 | 22 ++++++- .../MSFT_SCComplianceCase.psm1 | 20 ++++++- .../MSFT_SCComplianceSearch.psm1 | 35 ++++++++++-- .../MSFT_SCComplianceSearchAction.psm1 | 24 +++++++- .../MSFT_SCComplianceTag.psm1 | 31 +++++++++- .../MSFT_SCDLPComplianceRule.psm1 | 35 ++++++++++-- .../MSFT_SCDeviceConditionalAccessPolicy.psm1 | 34 ++++++++++- .../MSFT_SCDeviceConfigurationPolicy.psm1 | 35 +++++++++++- .../MSFT_SCFilePlanPropertyAuthority.psm1 | 22 ++++++- .../MSFT_SCFilePlanPropertyCategory.psm1 | 22 ++++++- .../MSFT_SCFilePlanPropertyCitation.psm1 | 22 ++++++- .../MSFT_SCFilePlanPropertyDepartment.psm1 | 22 ++++++- .../MSFT_SCFilePlanPropertyReferenceId.psm1 | 22 ++++++- .../MSFT_SCFilePlanPropertySubCategory.psm1 | 20 ++++++- .../MSFT_SCProtectionAlert.psm1 | 31 ++++++---- .../MSFT_SCRetentionEventType.psm1 | 35 +++++++++++- .../MSFT_SCSupervisoryReviewPolicy.psm1 | 36 ++++++++++-- .../MSFT_SCSupervisoryReviewRule.psm1 | 21 ++++++- ...ionPolicyAndroidEnterpriseDeviceOwner.ps1} | 8 ++- ...ionPolicyAndroidEnterpriseWorkProfile.ps1} | 8 ++- ...essRingUpdateProfileWindows10-Example.ps1} | 5 +- ResourceGenerator/Workloads.Manifest.psd1 | 2 +- ...icyAndroidEnterpriseDeviceOwner.Tests.ps1} | 10 ++-- ...icyAndroidEnterpriseWorkProfile.Tests.ps1} | 10 ++-- ...sinessRingUpdateProfileWindows10.Tests.ps1 | 10 ++-- ...tionPolicyAndroidEnterpriseDeviceOwner.md} | 6 +- ...tionPolicyAndroidEnterpriseWorkProfile.md} | 6 +- ...eForBusinessRingUpdateProfileWindows10.md} | 7 ++- 51 files changed, 769 insertions(+), 263 deletions(-) rename Modules/Microsoft365DSC/DSCResources/{MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 => MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1} (100%) rename Modules/Microsoft365DSC/DSCResources/{MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof => MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.schema.mof} (97%) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/settings.json rename Modules/Microsoft365DSC/DSCResources/{MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 => MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1} (100%) rename Modules/Microsoft365DSC/DSCResources/{MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof => MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.schema.mof} (96%) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/settings.json delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/readme.md delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/settings.json delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/readme.md delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/settings.json delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/readme.md delete mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/settings.json rename Modules/Microsoft365DSC/DSCResources/{MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 => MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1} (100%) rename Modules/Microsoft365DSC/DSCResources/{MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.schema.mof => MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.schema.mof} (98%) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/settings.json rename Modules/Microsoft365DSC/Examples/Resources/{IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/1-ConfigureIntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.ps1 => IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.ps1} (92%) rename Modules/Microsoft365DSC/Examples/Resources/{IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/1-ConfigureIntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.ps1 => IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.ps1} (92%) rename Modules/Microsoft365DSC/Examples/Resources/{IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/1-IntuneWindowUpdateForBusinessRingUpdateProfileWindows10-Example.ps1 => IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/1-IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10-Example.ps1} (96%) rename Tests/Unit/Microsoft365DSC/{Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.Tests.ps1 => Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.Tests.ps1} (97%) rename Tests/Unit/Microsoft365DSC/{Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.Tests.ps1 => Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.Tests.ps1} (97%) rename docs/docs/resources/intune/{IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.md => IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.md} (97%) rename docs/docs/resources/intune/{IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.md => IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.md} (96%) rename docs/docs/resources/intune/{IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.md => IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.md} (99%) diff --git a/CHANGELOG.md b/CHANGELOG.md index c662191873..b2c0e046ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,25 +3,18 @@ # UNRELEASED * AADAdministrativeUnit - * Fixes extraction of the Members property. -* AADAdministrativeUnit, AADConditionalAccessPolicy, AADEntitlementManagementAccessPackage, - AADEntitlementManagementAccessPackageAssignmentPolicy, AADEntitlementManagementAccessPackageCatalog, - AADEntitlementManagementAccessPackageCatalogResource, AADEntitlementManagementAccessPackageCatalogResource, - AADEntitlementManagementConnectedOrganization, AADRoleSetting, - IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator, IntuneDeviceConfigurationPolicyAndroidDeviceOwner, - IntuneDeviceConfigurationPolicyAndroidOpenSourceProject, IntuneDeviceConfigurationPolicyMacOS, - IntuneDeviceConfigurationPolicyiOS, IntuneExploitProtectionPolicyWindows10SettingCatalog, - IntuneWifiConfigurationPolicyAndroidDeviceAdministrator, IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner, - IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile, IntuneWifiConfigurationPolicyAndroidForWork, - IntuneWifiConfigurationPolicyAndroidOpenSourceProject, IntuneWifiConfigurationPolicyIOS, - IntuneWifiConfigurationPolicyMacOS, IntuneWifiConfigurationPolicyWindows10, - IntuneWindowUpdateForBusinessRingUpdateProfileWindows10, IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10, - IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled, IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required + * Fixes extraction of the Members property. * AADApplication * [BREAKING CHANGE] Remove deprecated parameter Oauth2RequirePostResponse * AADConditionalAccessPolicy + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required * [BREAKING CHANGE] Remove deprecated parameters IncludeDevices and ExcludeDevices +* AADEntitlementManagementAccessPackage, AADEntitlementManagementAccessPackageAssignmentPolicy, + AADEntitlementManagementAccessPackageCatalog, AADEntitlementManagementAccessPackageCatalogResource, + AADEntitlementManagementAccessPackageCatalogResource, AADEntitlementManagementConnectedOrganization, + AADRoleSetting + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required * AADGroup * Changed the SecurityEnabled and MailEnabled parameters to become mandatory. FIXES [#3072](https://github.com/microsoft/Microsoft365DSC/issues/3072) @@ -58,28 +51,48 @@ IncidentReportOriginalMail and MessageContainsAllDataClassifications * IntuneAntivirusPolicyWindows10SettingCatalog, IntuneASRRulesPolicyWindows10, IntuneAppProtectionPolicyiOS, IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager, - IntuneSettingCatalogASRRulesPolicyWindows10, + IntuneSettingCatalogASRRulesPolicyWindows10 * [BREAKING CHANGE] Setting Identity as Key parameter and DisplayName as Required * IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager * [BREAKING CHANGE] Fix resource +* IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator, IntuneDeviceConfigurationPolicyAndroidDeviceOwner, + IntuneDeviceConfigurationPolicyAndroidOpenSourceProject, IntuneDeviceConfigurationPolicyMacOS, + IntuneDeviceConfigurationPolicyiOS, IntuneExploitProtectionPolicyWindows10SettingCatalog, + IntuneWifiConfigurationPolicyAndroidDeviceAdministrator, IntuneWifiConfigurationPolicyAndroidForWork, + IntuneWifiConfigurationPolicyAndroidOpenSourceProject, IntuneWifiConfigurationPolicyIOS, + IntuneWifiConfigurationPolicyMacOS, IntuneWifiConfigurationPolicyWindows10, + IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled, IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required +* IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required + * [BREAKING CHANGE] Corrected typo in resource name (Entreprise to Enterprise) + FIXES [#3024](https://github.com/microsoft/Microsoft365DSC/issues/3024) +* IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required + * [BREAKING CHANGE] Corrected typo in resource name (Entreprise to Enterprise) + FIXES [#3024](https://github.com/microsoft/Microsoft365DSC/issues/3024) * IntuneWindowsAutopilotDeploymentProfileAzureADJoined * Initial release FIXES [#2605](https://github.com/microsoft/Microsoft365DSC/issues/2605) * IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined * Initial release FIXES [#2605](https://github.com/microsoft/Microsoft365DSC/issues/2605) -* SCLabelPolicy +* IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required + * [BREAKING CHANGE] Corrected typo in resource name (Window to Windows) + FIXES [#3024](https://github.com/microsoft/Microsoft365DSC/issues/3024) +* SCAuditConfigurationPolicy, SCAutoSensitivityLabelPolicy, SCCaseHoldPolicy, SCCaseHoldRule, + SCComplianceCase, SCComplianceSearch, SCComplianceSearchAction, SCComplianceTag, + SCDeviceConditionalAccessPolicy, SCDeviceConfigurationPolicy, SCDLPComplianceRule, + SCFilePlanPropertyAuthority, SCFilePlanPropertyCategory, SCFilePlanPropertyCitation, + SCFilePlanPropertyDepartment, SCFilePlanPropertyReferenceId, SCFilePlanPropertySubCategory, + SCLabelPolicy, SCProtectionAlert, SCRetentionCompliancePolicy, SCRetentionComplianceRule, + SCRetentionEventType, SCSupervisoryReviewPolicy, SCSupervisoryReviewRule * Fixed the collection of new and set parameters to ensure the correct values are passed to the New/Set cmdlets. FIXES [#3075](https://github.com/microsoft/Microsoft365DSC/issues/3075) * SCSensitivityLabel * [BREAKING CHANGE] Remove deprecated parameters Disabled, ApplyContentMarkingFooterFontName, ApplyContentMarkingHeaderFontName, ApplyWaterMarkingFontName and EncryptionAipTemplateScopes -* SCRetentionCompliancePolicy - * Fixed the collection of new and set parameters to ensure the correct values are passed to the New/Set cmdlets. - FIXES [#3075](https://github.com/microsoft/Microsoft365DSC/issues/3075) -* SCRetentionComplianceRule - * Fixed the collection of new and set parameters to ensure the correct values are passed to the New/Set cmdlets. - FIXES [#3075](https://github.com/microsoft/Microsoft365DSC/issues/3075) * SPOApp * Fixed issue in the Export where an error was displayed in Verbose mode when Credentials were specified and the apps were not exported. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 similarity index 100% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.schema.mof similarity index 97% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.schema.mof index 5991811e4f..c6f150a583 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.schema.mof @@ -8,8 +8,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; }; -[ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner")] -class MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner : OMI_BaseResource +[ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner")] +class MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner : OMI_BaseResource { [Key, Description("Id of the Intune policy")] String Id; [Required, Description("Disaply name of the Intune policy")] String DisplayName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/readme.md new file mode 100644 index 0000000000..355b699739 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/readme.md @@ -0,0 +1,6 @@ + +# IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner + +## Description + +This resource configures an Intune Wifi Configuration Policy Android Enterprise Device Owner Device. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/settings.json new file mode 100644 index 0000000000..d72e336efb --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/settings.json @@ -0,0 +1,38 @@ +{ + "resourceName": "IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner", + "description": "This resource configures an Intune Wifi Configuration Policy Android Enterprise Device Owner Device.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 similarity index 100% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.schema.mof similarity index 96% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.schema.mof index 0002c7f327..73089c4bc4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.schema.mof @@ -8,8 +8,8 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; }; -[ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile")] -class MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile : OMI_BaseResource +[ClassVersion("1.0.0.0"), FriendlyName("IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile")] +class MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile : OMI_BaseResource { [Key, Description("Id of the Intune policy.")] String Id; [Required, Description("Display name of the Intune policy.")] String DisplayName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/readme.md new file mode 100644 index 0000000000..1ca253f260 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/readme.md @@ -0,0 +1,6 @@ + +# IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile + +## Description + +This resource configures an Intune Wifi Configuration Policy Android Enterprise Work Profile Device. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/settings.json new file mode 100644 index 0000000000..76e64284ff --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/settings.json @@ -0,0 +1,38 @@ +{ + "resourceName": "IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile", + "description": "This resource configures an Intune Wifi Configuration Policy Android Enterprise Work Profile Device.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/readme.md deleted file mode 100644 index d551788b76..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/readme.md +++ /dev/null @@ -1,6 +0,0 @@ - -# IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner - -## Description - -This resource configures an Intune Wifi Configuration Policy Android Entreprise Device Owner Device. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/settings.json deleted file mode 100644 index d8003c6d10..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/settings.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "resourceName": "IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner", - "description": "This resource configures an Intune Wifi Configuration Policy Android Entreprise Device Owner Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/readme.md deleted file mode 100644 index b9a2065e8f..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/readme.md +++ /dev/null @@ -1,6 +0,0 @@ - -# IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile - -## Description - -This resource configures an Intune Wifi Configuration Policy Android Entreprise Work Profile Device. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/settings.json deleted file mode 100644 index 95d70b0ea5..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/settings.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "resourceName": "IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile", - "description": "This resource configures an Intune Wifi Configuration Policy Android Entreprise Work Profile Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/readme.md deleted file mode 100644 index 93bf6e8715..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/readme.md +++ /dev/null @@ -1,6 +0,0 @@ - -# IntuneWindowUpdateForBusinessRingUpdateProfileWindows10 - -## Description - -Intune Window Update For Business Ring Update Profile for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/settings.json deleted file mode 100644 index 211169cc3d..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/settings.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "resourceName": "IntuneWindowUpdateForBusinessRingUpdateProfileWindows10", - "description": "This resource configures an Intune Window Update For Business Ring Update Profile for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 similarity index 100% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.psm1 rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.schema.mof similarity index 98% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.schema.mof rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.schema.mof index e9e7e0e7d5..3b2fbe3866 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.schema.mof @@ -17,8 +17,8 @@ class MSFT_MicrosoftGraphWindowsUpdateInstallScheduleType [Write, Description("The type of the entity."), ValueMap{"#microsoft.graph.windowsUpdateActiveHoursInstall","#microsoft.graph.windowsUpdateScheduledInstall"}, Values{"#microsoft.graph.windowsUpdateActiveHoursInstall","#microsoft.graph.windowsUpdateScheduledInstall"}] String odataType; }; -[ClassVersion("1.0.0.0"), FriendlyName("IntuneWindowUpdateForBusinessRingUpdateProfileWindows10")] -class MSFT_IntuneWindowUpdateForBusinessRingUpdateProfileWindows10 : OMI_BaseResource +[ClassVersion("1.0.0.0"), FriendlyName("IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10")] +class MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 : OMI_BaseResource { [Key, Description("The unique identifier for an entity. Read-only.")] String Id; [Required, Description("Admin provided name of the device configuration.")] String DisplayName; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/readme.md new file mode 100644 index 0000000000..49483c7d7c --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/readme.md @@ -0,0 +1,6 @@ + +# IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 + +## Description + +Intune Windows Update For Business Ring Update Profile for Windows 10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/settings.json new file mode 100644 index 0000000000..918161498c --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/settings.json @@ -0,0 +1,32 @@ +{ + "resourceName": "IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10", + "description": "This resource configures an Intune Windows Update For Business Ring Update Profile for Windows 10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 index 56ebb731be..df65de69c0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 @@ -205,7 +205,7 @@ function Set-TargetResource catch { Write-Verbose -Message "Policy for $Workload is already in the process of being deleted." - New-M365DSCLogEntry -Message $_ ` + New-M365DSCLogEntry -Message $_ ` -Exception $_ ` -Source $MyInvocation.MyCommand.ModuleName } @@ -270,7 +270,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 index 474c99c1db..131df9e5e2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 @@ -382,7 +382,6 @@ function Set-TargetResource $CreationParams = $PSBoundParameters #Remove parameters not used in New-LabelPolicy - $CreationParams.Remove('Credential') | Out-Null $CreationParams.Remove('Ensure') | Out-Null $CreationParams.Remove('AddExchangeLocation') | Out-Null $CreationParams.Remove('AddOneDriveLocation') | Out-Null @@ -395,6 +394,16 @@ function Set-TargetResource $CreationParams.Remove('RemoveSharePointLocation') | Out-Null $CreationParams.Remove('RemoveSharePointLocationException') | Out-Null + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + Write-Verbose "Creating new Auto Sensitivity label policy $Name." try @@ -409,8 +418,8 @@ function Set-TargetResource { Start-Sleep 5 $SetParams = $PSBoundParameters + #Remove unused parameters for Set-Label cmdlet - $SetParams.Remove('Credential') | Out-Null $SetParams.Remove('Ensure') | Out-Null $SetParams.Remove('Name') | Out-Null $SetParams.Remove('ExchangeLocationException') | Out-Null @@ -419,6 +428,17 @@ function Set-TargetResource $SetParams.Remove('OneDriveLocationException') | Out-Null $SetParams.Remove('SharePointLocation') | Out-Null $SetParams.Remove('SharePointLocationException') | Out-Null + + # Remove authentication parameters + $SetParams.Remove('Credential') | Out-Null + $SetParams.Remove('ApplicationId') | Out-Null + $SetParams.Remove('TenantId') | Out-Null + $SetParams.Remove('CertificatePath') | Out-Null + $SetParams.Remove('CertificatePassword') | Out-Null + $SetParams.Remove('CertificateThumbprint') | Out-Null + $SetParams.Remove('ManagedIdentity') | Out-Null + $SetParams.Remove('ApplicationSecret') | Out-Null + Set-AutoSensitivityLabelPolicy @SetParams -Identity $Name } catch @@ -429,8 +449,8 @@ function Set-TargetResource elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentPolicy.Ensure)) { $SetParams = $PSBoundParameters + #Remove unused parameters for Set-Label cmdlet - $SetParams.Remove('Credential') | Out-Null $SetParams.Remove('Ensure') | Out-Null $SetParams.Remove('Name') | Out-Null $SetParams.Remove('ExchangeLocationException') | Out-Null @@ -439,6 +459,17 @@ function Set-TargetResource $SetParams.Remove('OneDriveLocationException') | Out-Null $SetParams.Remove('SharePointLocation') | Out-Null $SetParams.Remove('SharePointLocationException') | Out-Null + + # Remove authentication parameters + $SetParams.Remove('Credential') | Out-Null + $SetParams.Remove('ApplicationId') | Out-Null + $SetParams.Remove('TenantId') | Out-Null + $SetParams.Remove('CertificatePath') | Out-Null + $SetParams.Remove('CertificatePassword') | Out-Null + $SetParams.Remove('CertificateThumbprint') | Out-Null + $SetParams.Remove('ManagedIdentity') | Out-Null + $SetParams.Remove('ApplicationSecret') | Out-Null + try { Set-AutoSensitivityLabelPolicy @SetParams -Identity $Name @@ -463,6 +494,7 @@ function Set-TargetResource } } } + function Test-TargetResource { [CmdletBinding()] @@ -611,6 +643,16 @@ function Test-TargetResource $ValuesToCheck = $PSBoundParameters + # Remove authentication parameters + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + if ($null -ne $RemoveExchangeLocation -or $null -ne $AddExchangeLocation -or $null -ne $ExchangeLocation) { $configData = New-PolicyData -configData $ExchangeLocation -currentData $CurrentValues.ExchangeLocation ` @@ -645,7 +687,6 @@ function Test-TargetResource } } - if ($null -ne $RemoveSharePointLocation -or $null -ne $AddSharePointLocation -or $null -ne $SharePointLocation) { $configData = New-PolicyData -configData $SharePointLocation -currentData $CurrentValues.SharePointLocation ` @@ -714,7 +755,6 @@ function Test-TargetResource } } - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" @@ -757,6 +797,7 @@ function Export-TargetResource [System.Management.Automation.PSCredential] $CertificatePassword ) + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters ` -SkipModuleReload $true @@ -841,7 +882,7 @@ function New-PolicyData [System.Collections.ArrayList]$desiredData = @() foreach ($currItem in $currentData) { - if (!$desiredData.Contains($currItem)) + if (-not $desiredData.Contains($currItem)) { $desiredData.add($currItem) | Out-Null } @@ -849,7 +890,7 @@ function New-PolicyData foreach ($currItem in $configData) { - if (!$desiredData.Contains("$curritem")) + if (-not $desiredData.Contains("$curritem")) { $desiredData.add($currItem) | Out-Null } @@ -862,7 +903,7 @@ function New-PolicyData foreach ($currItem in $additionalData) { - if (!$desiredData.Contains("$curritem")) + if (-not $desiredData.Contains("$curritem")) { $desiredData.add($currItem) | Out-Null } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 index 9faed9d3da..9f64ece6aa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 @@ -637,9 +637,18 @@ function Set-TargetResource $CreationParams.ExceptIfContentContainsSensitiveInformation = $value } - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + Write-Verbose -Message 'Flipping the parent policy to Mode = TestWithoutNotification while we create the rule' $parentPolicy = Get-AutoSensitivityLabelPolicy -Identity $Policy $currentMode = $parentPolicy.Mode @@ -690,12 +699,21 @@ function Set-TargetResource $UpdateParams.ExceptIfContentContainsSensitiveInformation = $value } - $UpdateParams.Remove('Credential') | Out-Null $UpdateParams.Remove('Ensure') | Out-Null $UpdateParams.Remove('Name') | Out-Null $UpdateParams.Remove('Policy') | Out-Null $UpdateParams.Add('Identity', $Name) + # Remove authentication parameters + $UpdateParams.Remove('Credential') | Out-Null + $UpdateParams.Remove('ApplicationId') | Out-Null + $UpdateParams.Remove('TenantId') | Out-Null + $UpdateParams.Remove('CertificatePath') | Out-Null + $UpdateParams.Remove('CertificatePassword') | Out-Null + $UpdateParams.Remove('CertificateThumbprint') | Out-Null + $UpdateParams.Remove('ManagedIdentity') | Out-Null + $UpdateParams.Remove('ApplicationSecret') | Out-Null + Write-Verbose -Message 'Flipping the parent policy to Mode = TestWithoutNotification while we editing the rule' $parentPolicy = Get-AutoSensitivityLabelPolicy -Identity $Policy $currentMode = $parentPolicy.Mode @@ -952,7 +970,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null #region Test Sensitive Information Type # For each Desired SIT check to see if there is an existing rule with the same name @@ -1150,7 +1177,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 index 69d2d899a5..d1b762f7a6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 @@ -221,18 +221,37 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentPolicy.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') + + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + New-CaseHoldPolicy @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentPolicy.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') $CreationParams.Remove('Name') $CreationParams.Remove('Case') + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + $policy = Get-CaseHoldPolicy -Identity $Name -Case $Case $CreationParams.Add('Identity', $policy.Name) @@ -242,14 +261,14 @@ function Set-TargetResource $null -ne $SharePointLocation) { $ToBeRemoved = $CurrentPolicy.SharePointLocation | ` - Where-Object { $SharePointLocation -NotContains $_ } + Where-Object { $SharePointLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveSharePointLocation', $ToBeRemoved) } $ToBeAdded = $SharePointLocation | ` - Where-Object { $CurrentPolicy.SharePointLocation -NotContains $_ } + Where-Object { $CurrentPolicy.SharePointLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddSharePointLocation', $ToBeAdded) @@ -264,14 +283,14 @@ function Set-TargetResource $null -ne $ExchangeLocation) { $ToBeRemoved = $CurrentPolicy.ExchangeLocation | ` - Where-Object { $ExchangeLocation -NotContains $_ } + Where-Object { $ExchangeLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveExchangeLocation', $ToBeRemoved) } $ToBeAdded = $ExchangeLocation | ` - Where-Object { $CurrentPolicy.ExchangeLocation -NotContains $_ } + Where-Object { $CurrentPolicy.ExchangeLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddExchangeLocation', $ToBeAdded) @@ -286,14 +305,14 @@ function Set-TargetResource $null -ne $PublicFolderLocation) { $ToBeRemoved = $CurrentPolicy.PublicFolderLocation | ` - Where-Object { $PublicFolderLocation -NotContains $_ } + Where-Object { $PublicFolderLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemovePublicFolderLocation', $ToBeRemoved) } $ToBeAdded = $PublicFolderLocation | ` - Where-Object { $CurrentPolicy.PublicFolderLocation -NotContains $_ } + Where-Object { $CurrentPolicy.PublicFolderLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddPublicFolderLocation', $ToBeAdded) @@ -393,7 +412,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -502,7 +530,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 index 8e7ec6d2e9..e70dce2d4d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 @@ -204,9 +204,18 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentRule.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + Write-Verbose "Creating new Case Hold Rule $Name calling the New-CaseHoldRule cmdlet." New-CaseHoldRule @CreationParams } @@ -302,7 +311,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -408,7 +426,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 index dca0745246..777de72029 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 @@ -190,10 +190,19 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentCase.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Status') $CreationParams.Remove('Ensure') + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + Write-Verbose "Creating new Compliance Case $Name calling the New-ComplianceCase cmdlet." New-ComplianceCase @CreationParams @@ -297,7 +306,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 index c1cd6720af..615e9e718b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 @@ -294,9 +294,18 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentSearch.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + Write-Verbose "Creating new Compliance Search $Name calling the New-ComplianceSearch cmdlet." New-ComplianceSearch @CreationParams } @@ -304,12 +313,21 @@ function Set-TargetResource { $SetParams = $PSBoundParameters - #Remove unused parameters for Set-ComplianceTag cmdlet - $SetParams.Remove('Credential') + #Remove unused parameters for Set-ComplianceSearch cmdlet $SetParams.Remove('Ensure') $SetParams.Remove('Name') $SetParams.Remove('Case') + # Remove authentication parameters + $SetParams.Remove('Credential') | Out-Null + $SetParams.Remove('ApplicationId') | Out-Null + $SetParams.Remove('TenantId') | Out-Null + $SetParams.Remove('CertificatePath') | Out-Null + $SetParams.Remove('CertificatePassword') | Out-Null + $SetParams.Remove('CertificateThumbprint') | Out-Null + $SetParams.Remove('ManagedIdentity') | Out-Null + $SetParams.Remove('ApplicationSecret') | Out-Null + Set-ComplianceSearch @SetParams -Identity $Name } elseif (('Absent' -eq $Ensure) -and ('Present' -eq $CurrentSearch.Ensure)) @@ -424,7 +442,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -555,7 +582,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 index 949bd5d466..6a027071fc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 @@ -286,9 +286,18 @@ function Set-TargetResource if ('Present' -eq $Ensure) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + if ($null -ne $ActionScope) { $CreationParams.Remove('ActionScope') @@ -458,7 +467,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -534,7 +552,7 @@ function Export-TargetResource { Write-Host " |---[$i/$($actions.Length)] $($action.Name)" -NoNewline $Params = @{ - Action = $action.Action + Action = $action.Action SearchName = $action.SearchName } @@ -692,7 +710,7 @@ function Get-CurrentAction if ($null -ne $searches) { $currentAction = Get-ComplianceSearchAction -Case $Case.Name - break; + break } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 index d9f0821fa4..7de1bcf6c9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 @@ -264,9 +264,18 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentTag.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + #Convert File plan to JSON before Set if ($FilePlanProperty) { @@ -282,7 +291,6 @@ function Set-TargetResource $SetParams = $PSBoundParameters #Remove unused parameters for Set-ComplianceTag cmdlet - $SetParams.Remove('Credential') $SetParams.Remove('Ensure') $SetParams.Remove('Name') $SetParams.Remove('IsRecordLabel') @@ -290,6 +298,16 @@ function Set-TargetResource $SetParams.Remove('RetentionAction') $SetParams.Remove('RetentionType') + # Remove authentication parameters + $SetParams.Remove('Credential') | Out-Null + $SetParams.Remove('ApplicationId') | Out-Null + $SetParams.Remove('TenantId') | Out-Null + $SetParams.Remove('CertificatePath') | Out-Null + $SetParams.Remove('CertificatePassword') | Out-Null + $SetParams.Remove('CertificateThumbprint') | Out-Null + $SetParams.Remove('ManagedIdentity') | Out-Null + $SetParams.Remove('ApplicationSecret') | Out-Null + # Once set, a label can't be removed; if ($SetParams.IsRecordLabel -eq $false -and $CurrentTag.IsRecordLabel -eq $true) { @@ -435,7 +453,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestFilePlanProperties = Test-SCFilePlanProperties -CurrentProperty $CurrentValues ` -DesiredProperty $PSBoundParameters diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 index 8ecd81898b..3b3325530c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 @@ -549,9 +549,18 @@ function Set-TargetResource $CreationParams.ExceptIfContentContainsSensitiveInformation = $value } - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + Write-Verbose -Message "Calling New-DLPComplianceRule with Values: $(Convert-M365DscHashtableToString -Hashtable $CreationParams)" New-DLPComplianceRule @CreationParams } @@ -594,12 +603,21 @@ function Set-TargetResource $UpdateParams.ExceptIfContentContainsSensitiveInformation = $value } - $UpdateParams.Remove('Credential') | Out-Null $UpdateParams.Remove('Ensure') | Out-Null $UpdateParams.Remove('Name') | Out-Null $UpdateParams.Remove('Policy') | Out-Null $UpdateParams.Add('Identity', $Name) + # Remove authentication parameters + $UpdateParams.Remove('Credential') | Out-Null + $UpdateParams.Remove('ApplicationId') | Out-Null + $UpdateParams.Remove('TenantId') | Out-Null + $UpdateParams.Remove('CertificatePath') | Out-Null + $UpdateParams.Remove('CertificatePassword') | Out-Null + $UpdateParams.Remove('CertificateThumbprint') | Out-Null + $UpdateParams.Remove('ManagedIdentity') | Out-Null + $UpdateParams.Remove('ApplicationSecret') | Out-Null + Write-Verbose "Updating Rule with values: $(Convert-M365DscHashtableToString -Hashtable $UpdateParams)" Set-DLPComplianceRule @UpdateParams } @@ -802,7 +820,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null #region Test Sensitive Information Type # For each Desired SIT check to see if there is an existing rule with the same name @@ -927,7 +954,7 @@ function Export-TargetResource Write-Host " |---[$i/$($rules.Length)] $($rule.Name)" -NoNewline $Results = Get-TargetResource @PSBoundParameters ` - -Name $rule.name ` + -Name $rule.name ` -Policy $rule.ParentPolicyName $IsCIMArray = $false @@ -997,7 +1024,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 index ff2a1d9a39..ee3ad5cdff 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 @@ -187,18 +187,37 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentPolicy.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') + + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + New-DeviceConditionalAccessPolicy @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentPolicy.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') $CreationParams.Remove('Name') $CreationParams.Add('Identity', $Name) + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + Write-Verbose "Updating Policy with values: $(Convert-M365DscHashtableToString -Hashtable $CreationParams)" Set-DeviceConditionalAccessPolicy @CreationParams } @@ -276,7 +295,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -372,7 +400,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 index 94fe28557c..6a4809efc9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 @@ -187,16 +187,36 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentPolicy.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') + + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + New-DeviceConfigurationPolicy @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentPolicy.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') $CreationParams.Remove('Name') + + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + $CreationParams.Add('Identity', $Name) Write-Verbose "Updating Policy with values: $(Convert-M365DscHashtableToString -Hashtable $CreationParams)" @@ -276,7 +296,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -372,7 +401,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 index 0237f8e7dc..dadd25c22e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 @@ -167,9 +167,18 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $Current.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') | Out-Null $CreationParams.Remove('Ensure') | Out-Null + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + New-FilePlanPropertyAuthority @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $Current.Ensure)) @@ -192,7 +201,7 @@ function Set-TargetResource } catch { - New-M365DSCLogEntry -Message $_ ` + New-M365DSCLogEntry -Message $_ ` -Exception $_ ` -Source $MyInvocation.MyCommand.ModuleName } @@ -256,7 +265,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 index b928c5d943..6b215b5a80 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 @@ -166,9 +166,18 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $Current.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') | Out-Null $CreationParams.Remove('Ensure') | Out-Null + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + New-FilePlanPropertyCategory @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $Current.Ensure)) @@ -191,7 +200,7 @@ function Set-TargetResource } catch { - New-M365DSCLogEntry -Message $_ ` + New-M365DSCLogEntry -Message $_ ` -Exception $_ ` -Source $MyInvocation.MyCommand.ModuleName } @@ -256,7 +265,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 index f21b673c40..e7b4a5684d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 @@ -186,9 +186,18 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $Current.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') | Out-Null $CreationParams.Remove('Ensure') | Out-Null + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + New-FilePlanPropertyCitation @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $Current.Ensure)) @@ -211,7 +220,7 @@ function Set-TargetResource } catch { - New-M365DSCLogEntry -Message $_ ` + New-M365DSCLogEntry -Message $_ ` -Exception $_ ` -Source $MyInvocation.MyCommand.ModuleName } @@ -283,7 +292,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 index 25da840745..34ac454972 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 @@ -167,9 +167,18 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $Current.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') | Out-Null $CreationParams.Remove('Ensure') | Out-Null + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + New-FilePlanPropertyDepartment @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $Current.Ensure)) @@ -192,7 +201,7 @@ function Set-TargetResource } catch { - New-M365DSCLogEntry -Message $_ ` + New-M365DSCLogEntry -Message $_ ` -Exception $_ ` -Source $MyInvocation.MyCommand.ModuleName } @@ -256,7 +265,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 index 6a49c92def..bcde33b0ff 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 @@ -167,9 +167,18 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $Current.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') | Out-Null $CreationParams.Remove('Ensure') | Out-Null + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + New-FilePlanPropertyReferenceId @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $Current.Ensure)) @@ -192,7 +201,7 @@ function Set-TargetResource } catch { - New-M365DSCLogEntry -Message $_ ` + New-M365DSCLogEntry -Message $_ ` -Exception $_ ` -Source $MyInvocation.MyCommand.ModuleName } @@ -256,7 +265,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 index 237afd2a18..651e16b9ab 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 @@ -188,9 +188,18 @@ function Set-TargetResource $CreationParams = $PSBoundParameters $CreationParams.Add('ParentId', $Category) $CreationParams.Remove('Category') | Out-Null - $CreationParams.Remove('Credential') | Out-Null $CreationParams.Remove('Ensure') | Out-Null + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + New-FilePlanPropertySubCategory @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $Current.Ensure)) @@ -283,7 +292,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 index f3006729aa..808568f13d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 @@ -92,17 +92,17 @@ function Get-TargetResource $Severity = 'Low', [Parameter()] - [ValidateSet('Activity', 'Malware', 'Phish', 'Malicious','MaliciousUrlClick', 'MailFlow')] + [ValidateSet('Activity', 'Malware', 'Phish', 'Malicious', 'MaliciousUrlClick', 'MailFlow')] [System.String] $ThreatType, [Parameter()] - [ValidateRange(3,2147483647)] + [ValidateRange(3, 2147483647)] [System.Int32] $Threshold, [Parameter()] - [ValidateRange(60,2147483647)] + [ValidateRange(60, 2147483647)] [System.Int32] $TimeWindow, @@ -224,6 +224,7 @@ function Get-TargetResource return $nullReturn } } + function Set-TargetResource { @@ -318,17 +319,17 @@ function Set-TargetResource $Severity = 'Low', [Parameter()] - [ValidateSet('Activity', 'Malware', 'Phish', 'Malicious','MaliciousUrlClick', 'MailFlow')] + [ValidateSet('Activity', 'Malware', 'Phish', 'Malicious', 'MaliciousUrlClick', 'MailFlow')] [System.String] $ThreatType, [Parameter()] - [ValidateRange(3,2147483647)] + [ValidateRange(3, 2147483647)] [System.Int32] $Threshold, [Parameter()] - [ValidateRange(60,2147483647)] + [ValidateRange(60, 2147483647)] [System.Int32] $TimeWindow, @@ -383,12 +384,16 @@ function Set-TargetResource $CreationParams = $PSBoundParameters $CreationParams.Remove('Ensure') | Out-Null + + # Remove authentication parameters $CreationParams.Remove('Credential') | Out-Null $CreationParams.Remove('ApplicationId') | Out-Null $CreationParams.Remove('TenantId') | Out-Null - $CreationParams.Remove('CertificateThumbprint') | Out-Null $CreationParams.Remove('CertificatePath') | Out-Null $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentAlert.Ensure)) { @@ -508,17 +513,17 @@ function Test-TargetResource $Severity = 'Low', [Parameter()] - [ValidateSet('Activity', 'Malware', 'Phish', 'Malicious','MaliciousUrlClick', 'MailFlow')] + [ValidateSet('Activity', 'Malware', 'Phish', 'Malicious', 'MaliciousUrlClick', 'MailFlow')] [System.String] $ThreatType, [Parameter()] - [ValidateRange(3,2147483647)] + [ValidateRange(3, 2147483647)] [System.Int32] $Threshold, [Parameter()] - [ValidateRange(60,2147483647)] + [ValidateRange(60, 2147483647)] [System.Int32] $TimeWindow, @@ -568,12 +573,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null $ValuesToCheck.Remove('CertificatePath') | Out-Null $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 index a1ddcf0ddf..a567470820 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 @@ -177,17 +177,37 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentEventType.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') | Out-Null $CreationParams.Remove('Ensure') | Out-Null + + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + New-ComplianceRetentionEventType @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentEventType.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') | Out-Null $CreationParams.Remove('Ensure') | Out-Null $CreationParams.Remove('Name') | Out-Null $CreationParams.Add('Identity', $Name) + + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + Set-ComplianceRetentionEventType @CreationParams } elseif (('Absent' -eq $Ensure) -and ('Present' -eq $CurrentEventType.Ensure)) @@ -259,7 +279,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -357,7 +386,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 index 898fb2dc62..de353a4ff4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 @@ -186,18 +186,37 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentPolicy.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') + + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + New-SupervisoryReviewPolicyV2 @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentPolicy.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') $CreationParams.Remove('Name') $CreationParams.Add('Identity', $Name) + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + # Reviewers $currentReviewers = $CurrentPolicy.Reviewers $desiredReviewers = $Reviewers @@ -303,7 +322,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -380,7 +408,7 @@ function Export-TargetResource Write-Host " |---[$i/$($policies.Length)] $($policy.Name)" -NoNewline $Results = Get-TargetResource @PSBoundParameters ` -Name $policy.Name ` - -Reviewers "Microsoft365DSC" + -Reviewers 'Microsoft365DSC' $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` @@ -400,7 +428,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 index fcc98e358a..83159458b3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 @@ -199,8 +199,18 @@ function Set-TargetResource if (('Present' -eq $Ensure) -and ('Absent' -eq $CurrentRule.Ensure)) { $CreationParams = $PSBoundParameters - $CreationParams.Remove('Credential') $CreationParams.Remove('Ensure') + + # Remove authentication parameters + $CreationParams.Remove('Credential') | Out-Null + $CreationParams.Remove('ApplicationId') | Out-Null + $CreationParams.Remove('TenantId') | Out-Null + $CreationParams.Remove('CertificatePath') | Out-Null + $CreationParams.Remove('CertificatePassword') | Out-Null + $CreationParams.Remove('CertificateThumbprint') | Out-Null + $CreationParams.Remove('ManagedIdentity') | Out-Null + $CreationParams.Remove('ApplicationSecret') | Out-Null + New-SupervisoryReviewRule @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentRule.Ensure)) @@ -287,7 +297,16 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters + + # Remove authentication parameters $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('CertificatePath') | Out-Null + $ValuesToCheck.Remove('CertificatePassword') | Out-Null + $ValuesToCheck.Remove('CertificateThumbprint') | Out-Null + $ValuesToCheck.Remove('ManagedIdentity') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/1-ConfigureIntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.ps1 similarity index 92% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/1-ConfigureIntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.ps1 index 0b30b9c8cb..31443c07d4 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/1-ConfigureIntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.ps1 @@ -5,7 +5,8 @@ It is not meant to use as a production baseline. Configuration Example { - param( + param + ( [Parameter(Mandatory = $true)] [PSCredential] $credsGlobalAdmin @@ -14,12 +15,13 @@ Configuration Example node localhost { - IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' + IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' { Id = '7d9c4870-e07f-488a-be17-9e1beec45ac3' DisplayName = 'Wifi - androidForWork' Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { + MSFT_DeviceManagementConfigurationPolicyAssignments + { deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/1-ConfigureIntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.ps1 similarity index 92% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/1-ConfigureIntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.ps1 index 9eb34f3655..fa122e069a 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/1-ConfigureIntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.ps1 @@ -5,7 +5,8 @@ It is not meant to use as a production baseline. Configuration Example { - param( + param + ( [Parameter(Mandatory = $true)] [PSCredential] $credsGlobalAdmin @@ -14,12 +15,13 @@ Configuration Example node localhost { - IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' + IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' { Id = 'b6c59816-7f9b-4f7a-a2a2-13a29c8bc315' DisplayName = 'wifi - android BYOD' Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { + MSFT_DeviceManagementConfigurationPolicyAssignments + { deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/1-IntuneWindowUpdateForBusinessRingUpdateProfileWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/1-IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10-Example.ps1 similarity index 96% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/1-IntuneWindowUpdateForBusinessRingUpdateProfileWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/1-IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10-Example.ps1 index 2dbf9532de..40c02962c2 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowUpdateForBusinessRingUpdateProfileWindows10/1-IntuneWindowUpdateForBusinessRingUpdateProfileWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/1-IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10-Example.ps1 @@ -14,13 +14,14 @@ Configuration Example node localhost { - IntuneWindowUpdateForBusinessRingUpdateProfileWindows10 'Example' + IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' { Id = 'f2a9a546-6087-45b9-81da-59994e79dfd2' DisplayName = 'WUfB Ring' AllowWindows11Upgrade = $False Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { + MSFT_DeviceManagementConfigurationPolicyAssignments + { deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' } diff --git a/ResourceGenerator/Workloads.Manifest.psd1 b/ResourceGenerator/Workloads.Manifest.psd1 index 80a8a1b8a3..a490df55a4 100644 --- a/ResourceGenerator/Workloads.Manifest.psd1 +++ b/ResourceGenerator/Workloads.Manifest.psd1 @@ -25,7 +25,7 @@ } }, @{ - ResourceName = 'IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner' + ResourceName = 'IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner' CmdletNoun = 'MgDeviceManagementDeviceConfiguration' APIVersion = 'beta' SelectionFilter = @{ diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.Tests.ps1 similarity index 97% rename from Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.Tests.ps1 rename to Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.Tests.ps1 index 1964e13799..ea7c2eb69f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.Tests.ps1 @@ -15,7 +15,7 @@ Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource 'IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner' -GenericStubModule $GenericStubPath + -DscResource 'IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope @@ -53,7 +53,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } # Test contexts - Context -Name 'The IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner should exist but it DOES NOT' -Fixture { + Context -Name 'The IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ ConnectAutomatically = $True @@ -92,7 +92,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'The IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner exists but it SHOULD NOT' -Fixture { + Context -Name 'The IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ ConnectAutomatically = $True @@ -154,7 +154,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name 'The IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner Exists and Values are already in the desired state' -Fixture { + Context -Name 'The IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ ConnectAutomatically = $True @@ -209,7 +209,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'The IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner exists and values are NOT in the desired state' -Fixture { + Context -Name 'The IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ ConnectAutomatically = $True diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.Tests.ps1 similarity index 97% rename from Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.Tests.ps1 rename to Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.Tests.ps1 index 7a98e448bb..bcb4d12ac5 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.Tests.ps1 @@ -15,7 +15,7 @@ Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource 'IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile' -GenericStubModule $GenericStubPath + -DscResource 'IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope @@ -53,7 +53,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } # Test contexts - Context -Name 'The IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile should exist but it DOES NOT' -Fixture { + Context -Name 'The IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ ConnectAutomatically = $True @@ -85,7 +85,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'The IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile exists but it SHOULD NOT' -Fixture { + Context -Name 'The IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ ConnectAutomatically = $True @@ -133,7 +133,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name 'The IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile Exists and Values are already in the desired state' -Fixture { + Context -Name 'The IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ ConnectAutomatically = $True @@ -174,7 +174,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'The IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile exists and values are NOT in the desired state' -Fixture { + Context -Name 'The IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ ConnectAutomatically = $True diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 index 6111165e7b..212ecba2cd 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 @@ -15,7 +15,7 @@ Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource 'IntuneWindowUpdateForBusinessRingUpdateProfileWindows10' -GenericStubModule $GenericStubPath + -DscResource 'IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope @@ -55,7 +55,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } # Test contexts - Context -Name 'The IntuneWindowUpdateForBusinessRingUpdateProfileWindows10 should exist but it DOES NOT' -Fixture { + Context -Name 'The IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ AllowWindows11Upgrade = $True @@ -121,7 +121,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'The IntuneWindowUpdateForBusinessRingUpdateProfileWindows10 exists but it SHOULD NOT' -Fixture { + Context -Name 'The IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ AllowWindows11Upgrade = $True @@ -237,7 +237,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'The IntuneWindowUpdateForBusinessRingUpdateProfileWindows10 Exists and Values are already in the desired state' -Fixture { + Context -Name 'The IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ AllowWindows11Upgrade = $True @@ -344,7 +344,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'The IntuneWindowUpdateForBusinessRingUpdateProfileWindows10 exists and values are NOT in the desired state' -Fixture { + Context -Name 'The IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ AllowWindows11Upgrade = $True diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.md similarity index 97% rename from docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.md rename to docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.md index 15406e633b..2253b6d665 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.md @@ -1,4 +1,4 @@ -# IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner +# IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner ## Parameters @@ -43,7 +43,7 @@ ## Description -This resource configures an Intune Wifi Configuration Policy Android Entreprise Device Owner Device. +This resource configures an Intune Wifi Configuration Policy Android Enterprise Device Owner Device. ## Permissions @@ -90,7 +90,7 @@ Configuration Example node localhost { - IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' + IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' { Id = '7d9c4870-e07f-488a-be17-9e1beec45ac3' DisplayName = 'Wifi - androidForWork' diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.md similarity index 96% rename from docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.md rename to docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.md index 55b0fc04a7..e5b969cc9b 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.md @@ -1,4 +1,4 @@ -# IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile +# IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile ## Parameters @@ -36,7 +36,7 @@ ## Description -This resource configures an Intune Wifi Configuration Policy Android Entreprise Work Profile Device. +This resource configures an Intune Wifi Configuration Policy Android Enterprise Work Profile Device. ## Permissions @@ -83,7 +83,7 @@ Configuration Example node localhost { - IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' + IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' { Id = 'b6c59816-7f9b-4f7a-a2a2-13a29c8bc315' DisplayName = 'wifi - android BYOD' diff --git a/docs/docs/resources/intune/IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.md b/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.md similarity index 99% rename from docs/docs/resources/intune/IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.md rename to docs/docs/resources/intune/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.md index 58aaeddaa6..410efd7002 100644 --- a/docs/docs/resources/intune/IntuneWindowUpdateForBusinessRingUpdateProfileWindows10.md +++ b/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.md @@ -1,4 +1,4 @@ -# IntuneWindowUpdateForBusinessRingUpdateProfileWindows10 +# IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 ## Parameters @@ -115,7 +115,8 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { - param( + param + ( [Parameter(Mandatory = $true)] [PSCredential] $Credscredential @@ -124,7 +125,7 @@ Configuration Example node localhost { - IntuneWindowUpdateForBusinessRingUpdateProfileWindows10 'Example' + IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' { Id = 'f2a9a546-6087-45b9-81da-59994e79dfd2' DisplayName = 'WUfB Ring' From 2ef8841f43f0ce63afd2aaba98c3642ea40d72d4 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 11:53:49 +0000 Subject: [PATCH 103/187] Updated Resources and Cmdlet documentation pages --- ...WifiConfigurationPolicyAndroidEnterpriseDeviceOwner.md | 6 ++++-- ...WifiConfigurationPolicyAndroidEnterpriseWorkProfile.md | 6 ++++-- ...eWindowsUpdateForBusinessRingUpdateProfileWindows10.md | 8 ++++---- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.md index 2253b6d665..200d22d34e 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.md @@ -81,7 +81,8 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { - param( + param + ( [Parameter(Mandatory = $true)] [PSCredential] $credsGlobalAdmin @@ -95,7 +96,8 @@ Configuration Example Id = '7d9c4870-e07f-488a-be17-9e1beec45ac3' DisplayName = 'Wifi - androidForWork' Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { + MSFT_DeviceManagementConfigurationPolicyAssignments + { deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' } diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.md index e5b969cc9b..1f68f07731 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.md @@ -74,7 +74,8 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { - param( + param + ( [Parameter(Mandatory = $true)] [PSCredential] $credsGlobalAdmin @@ -88,7 +89,8 @@ Configuration Example Id = 'b6c59816-7f9b-4f7a-a2a2-13a29c8bc315' DisplayName = 'wifi - android BYOD' Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { + MSFT_DeviceManagementConfigurationPolicyAssignments + { deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' } diff --git a/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.md b/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.md index 410efd7002..52249be09c 100644 --- a/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.md +++ b/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.md @@ -77,7 +77,7 @@ ## Description -Intune Window Update For Business Ring Update Profile for Windows10 +Intune Windows Update For Business Ring Update Profile for Windows 10 ## Permissions @@ -115,8 +115,7 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { - param - ( + param( [Parameter(Mandatory = $true)] [PSCredential] $Credscredential @@ -131,7 +130,8 @@ Configuration Example DisplayName = 'WUfB Ring' AllowWindows11Upgrade = $False Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { + MSFT_DeviceManagementConfigurationPolicyAssignments + { deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' } From 8dc14f8da98018f421ec23e2bb10c18200317fc8 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Fri, 31 Mar 2023 14:21:47 +0200 Subject: [PATCH 104/187] Update of Breaking Change blogpost --- CHANGELOG.md | 2 ++ docs/docs/blog/april-2023-major-release.md | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2c0e046ec..1254f8feee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,6 +35,8 @@ EnableExternalSenderNotifications and EnableInternalSenderNotifications * EXOOrganizationConfig * [BREAKING CHANGE] Remove deprecated parameters AllowPlusAddressInRecipients + * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance + FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) * EXOPerimeterConfiguration * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index bb9fa6f4e8..a9cd958db8 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -36,12 +36,18 @@ We have modified the logic of all the resources below to ensure we have a primar * IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled * IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 -## Removed the Identity Parameters from EXOIRMConfiguration, EXOResourceConfiguraton & IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows 10 +## Removed the Identity Parameters from EXOIRMConfiguration, EXOPerimeterConfiguration & EXOResourceConfiguraton The Identity parameter, which was the primary key for the resources listed, has been replaced by the IsSingleInstance parameter. This is because there could only ever be one instance of these resources on the tenants and in order to align with other tenant-wide resources, the IsSingleInstance parameter needs to be present. This parameter only ever accepts a value of 'Yes' and its sole purpose is to ensure there isn't more than one instance of the given resource per configuration file. ## IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager ([#3003](https://github.com/microsoft/Microsoft365DSC/pull/3003)) As part of this release, we are changing the DisplayName parameter to be required. Current configurations should make sure to include this parameter to avoid any conflicts when upgrading. +## Corrected typos in resource names ([#3024](https://github.com/microsoft/Microsoft365DSC/pull/3024)) +Three resources had typos in their names. With this release these typos are now corrected: +* IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner: Entreprise should be Enterprise +* IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile: Entreprise should be Enterprise +* IntuneWindowUpdateForBusinessRingUpdateProfileWindows10: Window should be Windows + ## Removal of Deprecated Parameters ([#3040](https://github.com/microsoft/Microsoft365DSC/pull/3040)) We are removing parameters that have been deprecated from various resources as part of this major update. As a reminder, parameters that become deprecated on Microsoft 365 are being marked as deprecated in Microsoft365DSC until the next major release. In the past, using these parameters would have resulted in a warning letting the users know that they are using a deprecated parameter and that it would simply be ignored. Starting with this release, using these deprecated parameters will generate an error. It is recommended to scan existing configurations and remove deprecated parameters. The following resources have deprecated parameters that have been removed as part of this release, along with the parameters that have been removed: From f9ba0e2715373e0ff6df869d248757c4249dd01d Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Fri, 31 Mar 2023 14:25:04 +0200 Subject: [PATCH 105/187] Updated text some more --- docs/docs/blog/april-2023-major-release.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index a9cd958db8..6327af0cf2 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -44,9 +44,9 @@ As part of this release, we are changing the DisplayName parameter to be require ## Corrected typos in resource names ([#3024](https://github.com/microsoft/Microsoft365DSC/pull/3024)) Three resources had typos in their names. With this release these typos are now corrected: -* IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner: Entreprise should be Enterprise -* IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile: Entreprise should be Enterprise -* IntuneWindowUpdateForBusinessRingUpdateProfileWindows10: Window should be Windows +* IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner: Changed Entreprise into Enterprise +* IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile: Changed Entreprise into Enterprise +* IntuneWindowUpdateForBusinessRingUpdateProfileWindows10: Changed Window into Windows ## Removal of Deprecated Parameters ([#3040](https://github.com/microsoft/Microsoft365DSC/pull/3040)) We are removing parameters that have been deprecated from various resources as part of this major update. As a reminder, parameters that become deprecated on Microsoft 365 are being marked as deprecated in Microsoft365DSC until the next major release. In the past, using these parameters would have resulted in a warning letting the users know that they are using a deprecated parameter and that it would simply be ignored. Starting with this release, using these deprecated parameters will generate an error. It is recommended to scan existing configurations and remove deprecated parameters. The following resources have deprecated parameters that have been removed as part of this release, along with the parameters that have been removed: From 03b140c1d03763b25444f774f7ef7718ab0a36a8 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Fri, 31 Mar 2023 14:27:02 +0200 Subject: [PATCH 106/187] Corrected date in article --- docs/docs/blog/april-2023-major-release.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index 6327af0cf2..195930240f 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -1,4 +1,4 @@ -# Microsoft365DSC – October 2022 Major Release (version 1.22.1005.1) +# Microsoft365DSC – April 2023 Major Release (version 1.22.405.1) As defined by our [Breaking Changes Policy](https://microsoft365dsc.com/concepts/breaking-changes/), twice a year we allow for breaking changes to be deployed as part of a release. Our next major release, scheduled to go out on April 5th 2023, will include several breaking changes and will be labeled version 1.23.405.1. This article provides details on the breaking changes and other important updates that will be included as part of our April 2023 Major release. From c0b9fb116a608cd850099b3f4da645796b1b3af1 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Fri, 31 Mar 2023 14:27:34 +0200 Subject: [PATCH 107/187] Corrected version number --- docs/docs/blog/april-2023-major-release.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index 195930240f..e1789d2517 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -1,4 +1,4 @@ -# Microsoft365DSC – April 2023 Major Release (version 1.22.405.1) +# Microsoft365DSC – April 2023 Major Release (version 1.23.405.1) As defined by our [Breaking Changes Policy](https://microsoft365dsc.com/concepts/breaking-changes/), twice a year we allow for breaking changes to be deployed as part of a release. Our next major release, scheduled to go out on April 5th 2023, will include several breaking changes and will be labeled version 1.23.405.1. This article provides details on the breaking changes and other important updates that will be included as part of our April 2023 Major release. From 900248ca743d22b9a4e565e98c98efa8cc860ee1 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Fri, 31 Mar 2023 14:57:18 +0200 Subject: [PATCH 108/187] FIX AADConditionalAccessPolicy failt if ExternalGuest/User is lempty #3108 --- CHANGELOG.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c662191873..06aed93227 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,9 @@ # Change log for Microsoft365DSC # UNRELEASED - +* AADConditionalAccessPolicy + * Add condition for empty External Guest/User include/exclude + FIXES [#3108](https://github.com/microsoft/Microsoft365DSC/issues/3108) * AADAdministrativeUnit * Fixes extraction of the Members property. * AADAdministrativeUnit, AADConditionalAccessPolicy, AADEntitlementManagementAccessPackage, From 614f0051730d02ecd605422c91b2752219539c44 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Fri, 31 Mar 2023 15:02:14 +0200 Subject: [PATCH 109/187] Fix code styling issues / add better parameter checking --- .../MSFT_AADConditionalAccessPolicy.psm1 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 6e30048c17..2d2401bd80 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -1125,7 +1125,8 @@ function Set-TargetResource } } Write-Verbose -Message 'Set-Targetresource: process includeGuestsOrExternalUsers' - if($IncludeGuestOrExternalUserTypes){ + if ($IncludeGuestOrExternalUserTypes.Count -ne 0) + { $includeGuestsOrExternalUsers = @{} [string]$IncludeGuestOrExternalUserTypes = $IncludeGuestOrExternalUserTypes -join ',' $includeGuestsOrExternalUsers.Add('guestOrExternalUserTypes', $IncludeGuestOrExternalUserTypes) @@ -1147,7 +1148,8 @@ function Set-TargetResource $conditions.Users.Add('includeGuestsOrExternalUsers', $includeGuestsOrExternalUsers) } Write-Verbose -Message 'Set-Targetresource: process excludeGuestsOrExternalUsers' - if($ExcludeGuestOrExternalUserTypes){ + if ($ExcludeGuestOrExternalUserTypes.Count -ne 0) + { $excludeGuestsOrExternalUsers = @{} [string]$ExcludeGuestOrExternalUserTypes = $ExcludeGuestOrExternalUserTypes -join ',' $excludeGuestsOrExternalUsers.Add('guestOrExternalUserTypes', $ExcludeGuestOrExternalUserTypes) From 6259ab7e6405b9561299eabe8a78fad5b4a5a3a3 Mon Sep 17 00:00:00 2001 From: Sandro Lanfranchi Date: Fri, 31 Mar 2023 16:27:55 +0200 Subject: [PATCH 110/187] Move fix for AADCOnditionalAccessPolicy in CHANGELOG.md --- CHANGELOG.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fd8b825b6b..7bf1a7e003 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,15 +1,14 @@ # Change log for Microsoft365DSC # UNRELEASED -* AADConditionalAccessPolicy - * Add condition for empty External Guest/User include/exclude - FIXES [#3108](https://github.com/microsoft/Microsoft365DSC/issues/3108) * AADAdministrativeUnit * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required * Fixes extraction of the Members property. * AADApplication * [BREAKING CHANGE] Remove deprecated parameter Oauth2RequirePostResponse * AADConditionalAccessPolicy + * Add condition for empty External Guest/User include/exclude + FIXES [#3108](https://github.com/microsoft/Microsoft365DSC/issues/3108) * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required * [BREAKING CHANGE] Remove deprecated parameters IncludeDevices and ExcludeDevices * AADEntitlementManagementAccessPackage, AADEntitlementManagementAccessPackageAssignmentPolicy, From 24e3fbe822c7c6d61b4f9bca6f3e42d481c49b00 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 10:30:26 -0400 Subject: [PATCH 111/187] Fixes #3066 --- CHANGELOG.md | 2 ++ .../MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1254f8feee..0aef83b579 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -100,6 +100,8 @@ and the apps were not exported. * SPOTenantSettings * [BREAKING CHANGE] Remove deprecated parameter RequireAcceptingAccountMatchInvitedAccount + * Fixes how we are extracting the DisabledWebPartIds parameter. + FIXES [#3066](https://github.com/microsoft/Microsoft365DSC/issues/3066) * TeamsMeetingPolicy * [BREAKING CHANGE] Remove deprecated parameter RecordingStorageMode * DRG diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 index dff98567b7..6867efecb5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 @@ -184,7 +184,7 @@ function Get-TargetResource HideDefaultThemes = $SPOTenantSettings.HideDefaultThemes MarkNewFilesSensitiveByDefault = $SPOTenantSettings.MarkNewFilesSensitiveByDefault ConditionalAccessPolicy = $SPOTenantSettings.ConditionalAccessPolicy - DisabledWebPartIds = $SPOTenantSettings.DisabledWebPartIds + DisabledWebPartIds = [String[]]$SPOTenantSettings.DisabledWebPartIds CommentsOnSitePagesDisabled = $SPOTenantSettings.CommentsOnSitePagesDisabled Credential = $Credential ApplicationId = $ApplicationId From b865fc4e32c8a6d421015c648278a5b79ff224c8 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 10:53:58 -0400 Subject: [PATCH 112/187] Update Unit Tests.yml --- .github/workflows/Unit Tests.yml | 72 +++----------------------------- 1 file changed, 5 insertions(+), 67 deletions(-) diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml index bee6e3a449..f07d66b40a 100644 --- a/.github/workflows/Unit Tests.yml +++ b/.github/workflows/Unit Tests.yml @@ -13,77 +13,15 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v3 + - name: Checkout Repository + uses: actions/checkout@v3 + - name: Install Modules shell: pwsh run: | - $Dependencies = @( - @{ - ModuleName = 'DSCParser' - }, - @{ - ModuleName = 'ExchangeOnlineManagement' - }, - @{ - ModuleName = 'Microsoft.Graph.Applications' - }, - @{ - ModuleName = 'Microsoft.Graph.Authentication' - }, - @{ - ModuleName = 'Microsoft.Graph.DeviceManagement' - }, - @{ - ModuleName = 'Microsoft.Graph.DeviceManagement.Administration' - }, - @{ - ModuleName = 'Microsoft.Graph.DeviceManagement.Enrolment' - }, - @{ - ModuleName = 'Microsoft.Graph.Devices.CorporateManagement' - }, - @{ - ModuleName = 'Microsoft.Graph.Groups' - }, - @{ - ModuleName = 'Microsoft.Graph.Identity.DirectoryManagement' - }, - @{ - ModuleName = 'Microsoft.Graph.Identity.Governance' - }, - @{ - ModuleName = 'Microsoft.Graph.Identity.SignIns' - }, - @{ - ModuleName = 'Microsoft.Graph.Planner' - }, - @{ - ModuleName = 'Microsoft.Graph.Teams' - }, - @{ - ModuleName = 'Microsoft.Graph.Users' - }, - @{ - ModuleName = 'Microsoft.Graph.Users.Actions' - }, - @{ - ModuleName = 'Microsoft.PowerApps.Administration.PowerShell' - }, - @{ - ModuleName = 'MicrosoftTeams' - }, - @{ - ModuleName = "MSCloudLoginAssistant" - }, - @{ - ModuleName = 'PnP.PowerShell' - }, - @{ - ModuleName = 'ReverseDSC' - } - ) + $Manifest = Import-PowerShellDataFile './Modules/Microsoft365DSC/Dependencies/Manifest.psd1' - foreach ($module in $Dependencies) + foreach ($module in $Manifest.Dependencies) { Install-Module $module.ModuleName -Force -Scope AllUsers Import-Module $module.ModuleName -Force From 3fafa676b65b6dc972c684376e326ba17d114016 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 11:12:20 -0400 Subject: [PATCH 113/187] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0aef83b579..2c6671c5ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -99,9 +99,9 @@ * Fixed issue in the Export where an error was displayed in Verbose mode when Credentials were specified and the apps were not exported. * SPOTenantSettings - * [BREAKING CHANGE] Remove deprecated parameter RequireAcceptingAccountMatchInvitedAccount * Fixes how we are extracting the DisabledWebPartIds parameter. FIXES [#3066](https://github.com/microsoft/Microsoft365DSC/issues/3066) + * [BREAKING CHANGE] Remove deprecated parameter RequireAcceptingAccountMatchInvitedAccount * TeamsMeetingPolicy * [BREAKING CHANGE] Remove deprecated parameter RecordingStorageMode * DRG From 57200dcdae2b3f0e3beb9651b3ccfe01243cea6f Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 11:16:48 -0400 Subject: [PATCH 114/187] Update Unit Tests.yml --- .github/workflows/Unit Tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml index f07d66b40a..e7988e7b68 100644 --- a/.github/workflows/Unit Tests.yml +++ b/.github/workflows/Unit Tests.yml @@ -23,7 +23,7 @@ jobs: foreach ($module in $Manifest.Dependencies) { - Install-Module $module.ModuleName -Force -Scope AllUsers + Install-Module $module.ModuleName -RequiredVersion $module.RequiredVersion -Force -Scope AllUsers Import-Module $module.ModuleName -Force } From e4c017b47fbaf4f30f5626f6a24ca77439f199a2 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 11:16:58 -0400 Subject: [PATCH 115/187] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c6671c5ef..0aef83b579 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -99,9 +99,9 @@ * Fixed issue in the Export where an error was displayed in Verbose mode when Credentials were specified and the apps were not exported. * SPOTenantSettings + * [BREAKING CHANGE] Remove deprecated parameter RequireAcceptingAccountMatchInvitedAccount * Fixes how we are extracting the DisabledWebPartIds parameter. FIXES [#3066](https://github.com/microsoft/Microsoft365DSC/issues/3066) - * [BREAKING CHANGE] Remove deprecated parameter RequireAcceptingAccountMatchInvitedAccount * TeamsMeetingPolicy * [BREAKING CHANGE] Remove deprecated parameter RecordingStorageMode * DRG From 6e8bedc5142591e466642bc40ebbb7f3e01b2c4d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 11:33:57 -0400 Subject: [PATCH 116/187] Fixes #3062 - UseNewTeamsClient --- CHANGELOG.md | 3 +++ .../MSFT_TeamsUpdateManagementPolicy.psm1 | 13 +++++++++++++ .../MSFT_TeamsUpdateManagementPolicy.schema.mof | 1 + 3 files changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1254f8feee..e03f4c51a0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -102,6 +102,9 @@ * [BREAKING CHANGE] Remove deprecated parameter RequireAcceptingAccountMatchInvitedAccount * TeamsMeetingPolicy * [BREAKING CHANGE] Remove deprecated parameter RecordingStorageMode +* TeamsUpdateManagementPolicy + * Added support for the new UseNewTeamsClient parameter. + FIXES [#3062](https://github.com/microsoft/Microsoft365DSC/issues/3062) * DRG * Various fixes * Cleanup generated code diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 index a23e3e6132..8aa7f855cc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 @@ -38,6 +38,10 @@ function Get-TargetResource [System.String] $UpdateTimeOfDay, + [Parameter()] + [System.Boolean] + $UseNewTeamsClient, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -98,6 +102,7 @@ function Get-TargetResource AllowPublicPreview = $policy.AllowPublicPreview UpdateDayOfWeek = $policy.UpdateDayOfWeek UpdateTime = $policy.UpdateTime + UseNewTeamsClient = $policy.UseNewTeamsClient Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -162,6 +167,10 @@ function Set-TargetResource [System.String] $UpdateTimeOfDay, + [Parameter()] + [System.Boolean] + $UseNewTeamsClient, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -274,6 +283,10 @@ function Test-TargetResource [System.String] $UpdateTimeOfDay, + [Parameter()] + [System.Boolean] + $UseNewTeamsClient, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.schema.mof index 5a15f169b7..8cfa88cfa7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.schema.mof @@ -9,6 +9,7 @@ class MSFT_TeamsUpdateManagementPolicy : OMI_BaseResource [Write, Description("Determines the day of week to perform the updates. Value shoud be between 0 and 6.")] UInt32 UpdateDayOfWeek; [Write, Description("Determines the time of day to perform the updates. Must be a valid HH:MM format string with leading 0. For instance 08:30.")] String UpdateTime; [Write, Description("Determines the time of day to perform the updates. Accepts a DateTime as string. Only the time will be considered.")] String UpdateTimeOfDay; + [Write, Description("Determines whether or not users will use the new Teams client.")] Boolean UseNewTeamsClient; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Teams Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; From 902fb312ced68de0793fa3a9b1081f6c0e994d18 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 11:57:01 -0400 Subject: [PATCH 117/187] Updated Unit Tests and Examples --- .../TeamsUpdateManagementPolicy/1-CreateNewPolicy.ps1 | 1 + ...Microsoft365DSC.TeamsUpdateManagementPolicy.Tests.ps1 | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/TeamsUpdateManagementPolicy/1-CreateNewPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/TeamsUpdateManagementPolicy/1-CreateNewPolicy.ps1 index 6164cc3998..b436889542 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/TeamsUpdateManagementPolicy/1-CreateNewPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/TeamsUpdateManagementPolicy/1-CreateNewPolicy.ps1 @@ -25,6 +25,7 @@ Configuration Example UpdateDayOfWeek = 1; UpdateTime = "18:00"; UpdateTimeOfDay = "2022-05-06T18:00:00"; + UseNewTeamsClient = $True } } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUpdateManagementPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUpdateManagementPolicy.Tests.ps1 index 490c6bffa8..a1fd23aa7c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUpdateManagementPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUpdateManagementPolicy.Tests.ps1 @@ -26,7 +26,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) $DateTimeValue = [System.DateTime]::Parse("2022-12-08 6:00:00PM") $Global:PartialExportFileName = 'c:\TestPath' - + Mock -CommandName Save-M365DSCPartialExport -MockWith { } @@ -60,6 +60,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UpdateDayOfWeek = 1 UpdateTime = '18:00' UpdateTimeOfDay = '6:00 PM' + UseNewTeamsClient = $True Ensure = 'Present' Credential = $Credential } @@ -94,6 +95,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UpdateDayOfWeek = 1 UpdateTime = '18:00' UpdateTimeOfDay = '6:00 PM' + UseNewTeamsClient = $True Ensure = 'Present' Credential = $Credential } @@ -108,6 +110,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UpdateDayOfWeek = 3; #Drift UpdateTime = '18:00' UpdateTimeOfDay = $DateTimeValue + UseNewTeamsClient = $True } } } @@ -138,6 +141,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UpdateDayOfWeek = 1 UpdateTime = '18:00' UpdateTimeOfDay = '6:00 PM' + UseNewTeamsClient = $True Ensure = 'Present' Credential = $Credential } @@ -152,6 +156,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UpdateDayOfWeek = 1 UpdateTime = '18:00' UpdateTimeOfDay = $DateTimeValue + UseNewTeamsClient = $True } } } @@ -183,6 +188,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UpdateDayOfWeek = 1 UpdateTime = '18:00' UpdateTimeOfDay = $DateTimeValue + UseNewTeamsClient = $True } } } @@ -219,6 +225,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UpdateDayOfWeek = 1 UpdateTime = '18:00' UpdateTimeOfDay = $DateTimeValue + UseNewTeamsClient = $True } } } From 57078dbc52b6e8882c8e63afda2411cc501df72b Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 12:52:20 -0400 Subject: [PATCH 118/187] Initial --- .../MSFT_EXOGroupSettings.psm1 | 984 ++++++++++++++++++ .../MSFT_EXOGroupSettings.schema.mof | 16 + .../MSFT_EXOGroupSettings/readme.md | 6 + .../MSFT_EXOGroupSettings/settings.json | 24 + .../1-ConfigureGroupSettings.ps1 | 28 + ...Microsoft365DSC.EXOGroupSettings.Tests.ps1 | 139 +++ 6 files changed, 1197 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/EXOGroupSettings/1-ConfigureGroupSettings.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOGroupSettings.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 new file mode 100644 index 0000000000..3a114c95b5 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 @@ -0,0 +1,984 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $GroupDisplayName, + + [Parameter()] + [System.String[]] + $AcceptMessagesOnlyFromSendersOrMembers, + + [Parameter()] + [System.Boolean] + $AlwaysSubscribeMembersToCalendarEvents, + + [Parameter()] + [System.String] + $AuditLogAgeLimit, + + [Parameter()] + [System.Boolean] + $AutoSubscribeNewMembers, + + [Parameter()] + [System.Boolean] + $CalendarMemberReadOnly, + + [Parameter()] + [System.String] + $Classification, + + [Parameter()] + [System.Boolean] + $ConnectorsEnabled, + + [Parameter()] + [System.String] + $CustomAttribute1, + + [Parameter()] + [System.String] + $CustomAttribute2, + + [Parameter()] + [System.String] + $CustomAttribute3, + + [Parameter()] + [System.String] + $CustomAttribute4, + + [Parameter()] + [System.String] + $CustomAttribute5, + + [Parameter()] + [System.String] + $CustomAttribute6, + + [Parameter()] + [System.String] + $CustomAttribute7, + + [Parameter()] + [System.String] + $CustomAttribute8, + + [Parameter()] + [System.String] + $CustomAttribute9, + + [Parameter()] + [System.String] + $CustomAttribute10, + + [Parameter()] + [System.String] + $CustomAttribute11, + + [Parameter()] + [System.String] + $CustomAttribute12, + + [Parameter()] + [System.String] + $CustomAttribute13, + + [Parameter()] + [System.String] + $CustomAttribute14, + + [Parameter()] + [System.String] + $CustomAttribute15, + + [Parameter()] + [System.String] + $DataEncryptionPolicy, + + [Parameter()] + [System.String[]] + $EmailAddresses, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute1, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute2, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute3, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute4, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute5, + + [Parameter()] + [System.String[]] + $GrantSendOnBehalfTo, + + [Parameter()] + [System.Boolean] + $HiddenFromAddressListsEnabled, + + [Parameter()] + [System.Boolean] + $HiddenFromExchangeClientsEnabled, + + [Parameter()] + [System.String] + $InformationBarrierMode, + + [Parameter()] + [System.Boolean] + $IsMemberAllowedToEditContent, + + [Parameter()] + [System.String] + $MailboxRegion, + + [Parameter()] + [System.String] + $MailTip, + + [Parameter()] + [System.String] + $MailTipTranslations, + + [Parameter()] + [System.UInt32] + $MaxReceiveSize, + + [Parameter()] + [System.UInt32] + $MaxSendSize, + + [Parameter()] + [System.String[]] + $ModeratedBy, + + [Parameter()] + [System.Boolean] + $ModerationEnabled, + + [Parameter()] + [System.String] + $Notes, + + [Parameter()] + [System.String] + $PrimarySmtpAddress, + + [Parameter()] + [System.String[]] + $RejectMessagesFromSendersOrMembers, + + [Parameter()] + [System.Boolean] + $RequireSenderAuthenticationEnabled, + + [Parameter()] + [System.String] + $SensitivityLabelId, + + [Parameter()] + [System.Boolean] + $SubscriptionEnabled, + + [Parameter()] + [System.Boolean] + $UnifiedGroupWelcomeMessageEnabled, + + [Parameter()] + [ValidateSet('Present')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + Write-Verbose -Message "Getting configuration of Office 365 Group Settings for $GroupDisplayName" + + if ($Global:CurrentModeIsExport) + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + } + else + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = @{ + GroupDisplayName = $GroupDisplayName + } + + try + { + $group = Get-UnifiedGroup -Identity $GroupDisplayName -IncludeAllProperties -ErrorAction Stop + } + catch + { + return $nullReturn + } + + if ($null -eq $group) + { + Write-Verbose -Message "The specified group {$GroupDisplayName} doesn't already exist." + return $nullReturn + } + + $result = @{ + GroupDisplayName = $GroupDisplayName + AcceptMessagesOnlyFromSendersOrMembers = $group.AcceptMessagesOnlyFromSendersOrMembers + AlwaysSubscribeMembersToCalendarEvents = $group.AlwaysSubscribeMembersToCalendarEvents + AuditLogAgeLimit = $group.AuditLogAgeLimit + AutoSubscribeNewMembers = $group.AutoSubscribeNewMembers + CalendarMemberReadOnly = $group.CalendarMemberReadOnly + Classification = $group.Classification + ConnectorsEnabled = $group.ConnectorsEnabled + CustomAttribute1 = $group.CustomAttribute1 + CustomAttribute2 = $group.CustomAttribute2 + CustomAttribute3 = $group.CustomAttribute3 + CustomAttribute4 = $group.CustomAttribute4 + CustomAttribute5 = $group.CustomAttribute5 + CustomAttribute6 = $group.CustomAttribute6 + CustomAttribute7 = $group.CustomAttribute7 + CustomAttribute8 = $group.CustomAttribute8 + CustomAttribute9 = $group.CustomAttribute9 + CustomAttribute10 = $group.CustomAttribute10 + CustomAttribute11 = $group.CustomAttribute11 + CustomAttribute12 = $group.CustomAttribute12 + CustomAttribute13 = $group.CustomAttribute13 + CustomAttribute14 = $group.CustomAttribute14 + CustomAttribute15 = $group.CustomAttribute15 + DataEncryptionPolicy = $group.DataEncryptionPolicy + EmailAddresses = $group.EmailAddresses + ExtensionCustomAttribute1 = $group.ExtensionCustomAttribute1 + ExtensionCustomAttribute2 = $group.ExtensionCustomAttribute2 + ExtensionCustomAttribute3 = $group.ExtensionCustomAttribute3 + ExtensionCustomAttribute4 = $group.ExtensionCustomAttribute4 + ExtensionCustomAttribute5 = $group.ExtensionCustomAttribute5 + GrantSendOnBehalfTo = $group.GrantSendOnBehalfTo + HiddenFromAddressListsEnabled = $group.HiddenFromAddressListsEnabled + HiddenFromExchangeClientsEnabled = $group.HiddenFromExchangeClientsEnabled + InformationBarrierMode = $group.InformationBarrierMode + IsMemberAllowedToEditContent = $group.IsMemberAllowedToEditContent + MailboxRegion = $group.MailboxRegion + MailTip = $group.MailTip + MailTipTranslations = $group.MailTipTranslations + MaxReceiveSize = $group.MaxReceiveSize + MaxSendSize = $group.MaxSendSize + ModeratedBy = $group.ModeratedBy + ModerationEnabled = $group.ModerationEnabled + Notes = $group.Notes + PrimarySmtpAddress = $group.PrimarySmtpAddress + RejectMessagesFromSendersOrMembers = $group.RejectMessagesFromSendersOrMembers + RequireSenderAuthenticationEnabled = $group.RequireSenderAuthenticationEnabled + SensitivityLabelId = $group.SensitivityLabelId + SubscriptionEnabled = $group.SubscriptionEnabled + UnifiedGroupWelcomeMessageEnabled = $group.UnifiedGroupWelcomeMessageEnabled + Ensure = $Ensure + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + ManagedIdentity = $ManagedIdentity + } + + Write-Verbose -Message "Found an existing instance of group '$($GroupDisplayName)'" + return $result +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $GroupDisplayName, + + [Parameter()] + [System.String[]] + $AcceptMessagesOnlyFromSendersOrMembers, + + [Parameter()] + [System.Boolean] + $AlwaysSubscribeMembersToCalendarEvents, + + [Parameter()] + [System.String] + $AuditLogAgeLimit, + + [Parameter()] + [System.Boolean] + $AutoSubscribeNewMembers, + + [Parameter()] + [System.Boolean] + $CalendarMemberReadOnly, + + [Parameter()] + [System.String] + $Classification, + + [Parameter()] + [System.Boolean] + $ConnectorsEnabled, + + [Parameter()] + [System.String] + $CustomAttribute1, + + [Parameter()] + [System.String] + $CustomAttribute2, + + [Parameter()] + [System.String] + $CustomAttribute3, + + [Parameter()] + [System.String] + $CustomAttribute4, + + [Parameter()] + [System.String] + $CustomAttribute5, + + [Parameter()] + [System.String] + $CustomAttribute6, + + [Parameter()] + [System.String] + $CustomAttribute7, + + [Parameter()] + [System.String] + $CustomAttribute8, + + [Parameter()] + [System.String] + $CustomAttribute9, + + [Parameter()] + [System.String] + $CustomAttribute10, + + [Parameter()] + [System.String] + $CustomAttribute11, + + [Parameter()] + [System.String] + $CustomAttribute12, + + [Parameter()] + [System.String] + $CustomAttribute13, + + [Parameter()] + [System.String] + $CustomAttribute14, + + [Parameter()] + [System.String] + $CustomAttribute15, + + [Parameter()] + [System.String] + $DataEncryptionPolicy, + + [Parameter()] + [System.String[]] + $EmailAddresses, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute1, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute2, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute3, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute4, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute5, + + [Parameter()] + [System.String[]] + $GrantSendOnBehalfTo, + + [Parameter()] + [System.Boolean] + $HiddenFromAddressListsEnabled, + + [Parameter()] + [System.Boolean] + $HiddenFromExchangeClientsEnabled, + + [Parameter()] + [System.String] + $InformationBarrierMode, + + [Parameter()] + [System.Boolean] + $IsMemberAllowedToEditContent, + + [Parameter()] + [System.String] + $MailboxRegion, + + [Parameter()] + [System.String] + $MailTip, + + [Parameter()] + [System.String] + $MailTipTranslations, + + [Parameter()] + [System.UInt32] + $MaxReceiveSize, + + [Parameter()] + [System.UInt32] + $MaxSendSize, + + [Parameter()] + [System.String[]] + $ModeratedBy, + + [Parameter()] + [System.Boolean] + $ModerationEnabled, + + [Parameter()] + [System.String] + $Notes, + + [Parameter()] + [System.String] + $PrimarySmtpAddress, + + [Parameter()] + [System.String[]] + $RejectMessagesFromSendersOrMembers, + + [Parameter()] + [System.Boolean] + $RequireSenderAuthenticationEnabled, + + [Parameter()] + [System.String] + $SensitivityLabelId, + + [Parameter()] + [System.Boolean] + $SubscriptionEnabled, + + [Parameter()] + [System.Boolean] + $UnifiedGroupWelcomeMessageEnabled, + + [Parameter()] + [ValidateSet('Present')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + Write-Verbose -Message "Setting configuration of Office 365 Mailbox Settings for $DisplayName" + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + $currentMailbox = Get-TargetResource @PSBoundParameters + + $AllowedTimeZones = (Get-ChildItem 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Time zones' | ` + ForEach-Object { Get-ItemProperty $_.PSPath }).PSChildName + + if ($AllowedTimeZones.Contains($TimeZone) -eq $false) + { + throw "The specified Time Zone {$($TimeZone)} is not valid." + } + + Set-MailboxRegionalConfiguration -Identity $DisplayName ` + -Language $Locale ` + -TimeZone $TimeZone +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $GroupDisplayName, + + [Parameter()] + [System.String[]] + $AcceptMessagesOnlyFromSendersOrMembers, + + [Parameter()] + [System.Boolean] + $AlwaysSubscribeMembersToCalendarEvents, + + [Parameter()] + [System.String] + $AuditLogAgeLimit, + + [Parameter()] + [System.Boolean] + $AutoSubscribeNewMembers, + + [Parameter()] + [System.Boolean] + $CalendarMemberReadOnly, + + [Parameter()] + [System.String] + $Classification, + + [Parameter()] + [System.Boolean] + $ConnectorsEnabled, + + [Parameter()] + [System.String] + $CustomAttribute1, + + [Parameter()] + [System.String] + $CustomAttribute2, + + [Parameter()] + [System.String] + $CustomAttribute3, + + [Parameter()] + [System.String] + $CustomAttribute4, + + [Parameter()] + [System.String] + $CustomAttribute5, + + [Parameter()] + [System.String] + $CustomAttribute6, + + [Parameter()] + [System.String] + $CustomAttribute7, + + [Parameter()] + [System.String] + $CustomAttribute8, + + [Parameter()] + [System.String] + $CustomAttribute9, + + [Parameter()] + [System.String] + $CustomAttribute10, + + [Parameter()] + [System.String] + $CustomAttribute11, + + [Parameter()] + [System.String] + $CustomAttribute12, + + [Parameter()] + [System.String] + $CustomAttribute13, + + [Parameter()] + [System.String] + $CustomAttribute14, + + [Parameter()] + [System.String] + $CustomAttribute15, + + [Parameter()] + [System.String] + $DataEncryptionPolicy, + + [Parameter()] + [System.String[]] + $EmailAddresses, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute1, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute2, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute3, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute4, + + [Parameter()] + [System.String] + $ExtensionCustomAttribute5, + + [Parameter()] + [System.String[]] + $GrantSendOnBehalfTo, + + [Parameter()] + [System.Boolean] + $HiddenFromAddressListsEnabled, + + [Parameter()] + [System.Boolean] + $HiddenFromExchangeClientsEnabled, + + [Parameter()] + [System.String] + $InformationBarrierMode, + + [Parameter()] + [System.Boolean] + $IsMemberAllowedToEditContent, + + [Parameter()] + [System.String] + $MailboxRegion, + + [Parameter()] + [System.String] + $MailTip, + + [Parameter()] + [System.String] + $MailTipTranslations, + + [Parameter()] + [System.UInt32] + $MaxReceiveSize, + + [Parameter()] + [System.UInt32] + $MaxSendSize, + + [Parameter()] + [System.String[]] + $ModeratedBy, + + [Parameter()] + [System.Boolean] + $ModerationEnabled, + + [Parameter()] + [System.String] + $Notes, + + [Parameter()] + [System.String] + $PrimarySmtpAddress, + + [Parameter()] + [System.String[]] + $RejectMessagesFromSendersOrMembers, + + [Parameter()] + [System.Boolean] + $RequireSenderAuthenticationEnabled, + + [Parameter()] + [System.String] + $SensitivityLabelId, + + [Parameter()] + [System.Boolean] + $SubscriptionEnabled, + + [Parameter()] + [System.Boolean] + $UnifiedGroupWelcomeMessageEnabled, + + [Parameter()] + [ValidateSet('Present')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of Office 365 Mailbox Settings for $DisplayName" + + $CurrentValues = Get-TargetResource @PSBoundParameters + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck @('DisplayName', ` + 'TimeZone', ` + 'Locale') + + Write-Verbose -Message "Test-TargetResource returned $TestResult" + + return $TestResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + [array]$groups = Get-UnifiedGroup + + $i = 1 + if ($groups.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n"-NoNewline + } + $dscContent = '' + foreach ($group in $groups) + { + Write-Host " |---[$i/$($groups.Length)] $($group.DisplayName)" -NoNewline + $groupName = $group.DisplayName + if (-not [System.String]::IsNullOrEmpty($groupName)) + { + $Params = @{ + Credential = $Credential + GroupDisplayName = $groupName + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + CertificatePath = $CertificatePath + } + $Results = Get-TargetResource @Params + + if ($Results -is [System.Collections.Hashtable] -and $Results.Count -gt 1) + { + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host $Global:M365DSCEmojiRedX + } + } + + $i++ + } + return $dscContent +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.schema.mof new file mode 100644 index 0000000000..e344eb98ba --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.schema.mof @@ -0,0 +1,16 @@ +[ClassVersion("1.0.0.0"), FriendlyName("MSFT_EXOGroupSettings")] +class MSFT_EXOGroupSettings : OMI_BaseResource +{ + [Key, Description("The display name of the Shared Mailbox")] string DisplayName; + [Write, Description("The name of the Time Zone to assign to the mailbox")] string TimeZone; + [Write, Description("The code of the Locale to assign to the mailbox")] string Locale; + [Write, Description("Present ensures the Mailbox Settings are applied"), ValueMap{"Present"}, Values{"Present"}] string Ensure; + [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; + [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; + diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/readme.md new file mode 100644 index 0000000000..83a2f46fdb --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/readme.md @@ -0,0 +1,6 @@ +# EXO MailboxSettings + +## Description + +This resource configures settings on Mailboxes +such as the Regional settings and its timezone. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/settings.json new file mode 100644 index 0000000000..9c1d5dfc3f --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/settings.json @@ -0,0 +1,24 @@ +{ + "resourceName": "EXOMailboxSettings", + "description": "", + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "User Options", + "View-Only Recipients", + "Mail Recipients" + ], + "requiredrolegroups": "Organization Management" + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOGroupSettings/1-ConfigureGroupSettings.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOGroupSettings/1-ConfigureGroupSettings.ps1 new file mode 100644 index 0000000000..85900a4959 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOGroupSettings/1-ConfigureGroupSettings.ps1 @@ -0,0 +1,28 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsGlobalAdmin + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOMailboxSettings 'OttawaTeamMailboxSettings' + { + DisplayName = 'Ottawa Employees' + TimeZone = 'Eastern Standard Time' + Locale = 'fr-CA' + Ensure = 'Present' + Credential = $credsGlobalAdmin + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOGroupSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOGroupSettings.Tests.ps1 new file mode 100644 index 0000000000..51a45ecb94 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOGroupSettings.Tests.ps1 @@ -0,0 +1,139 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'EXOMailboxSettings' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + + BeforeAll { + $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + } + + Context -Name 'Specified TimeZone is Invalid' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Admin@contoso.com' + TimeZone = 'Non-Existing' + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MailboxRegionalConfiguration -MockWith { + return @{ + TimeZone = 'Eastern Standard Time' + } + } + + Mock -CommandName Set-MailboxRegionalConfiguration -MockWith { + return $null + } + } + + It 'Should throw an error from the Set method' { + { Set-TargetResource @testParams } | Should -Throw 'The specified Time Zone {Non-Existing} is not valid.' + } + + It 'Should return the current TimeZone from the Get method' { + (Get-TargetResource @testParams).TimeZone | Should -Be 'Eastern Standard Time' + } + + It 'Should return False from the Test method' { + Test-TargetResource @testParams | Should -Be $False + } + } + + Context -Name 'Specified Parameters are all valid' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Admin@contoso.com' + TimeZone = 'Eastern Standard Time' + Locale = 'en-US' + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MailboxRegionalConfiguration -MockWith { + return @{ + TimeZone = 'Eastern Standard Time' + Language = @{ + Name = 'en-US' + } + } + } + + Mock -CommandName Set-MailboxRegionalConfiguration -MockWith { + return $null + } + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + } + + It 'Should return True from the Test method' { + Test-TargetResource @testParams | Should -Be $True + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-Mailbox -MockWith { + return @( + @{ + Name = 'John.Smith' + } + ) + } + + Mock -CommandName Get-MailboxRegionalConfiguration -MockWith { + return @{ + TimeZone = 'Eastern Standard Time' + Language = @{ + Name = 'en-US' + } + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From 2867a26fd5744e930af27c05734d2bca0ed9cc1a Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 19:17:36 +0000 Subject: [PATCH 119/187] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/teams/TeamsUpdateManagementPolicy.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/docs/resources/teams/TeamsUpdateManagementPolicy.md b/docs/docs/resources/teams/TeamsUpdateManagementPolicy.md index e14428219c..fe000e0db2 100644 --- a/docs/docs/resources/teams/TeamsUpdateManagementPolicy.md +++ b/docs/docs/resources/teams/TeamsUpdateManagementPolicy.md @@ -12,6 +12,7 @@ | **UpdateDayOfWeek** | Write | UInt32 | Determines the day of week to perform the updates. Value shoud be between 0 and 6. | | | **UpdateTime** | Write | String | Determines the time of day to perform the updates. Must be a valid HH:MM format string with leading 0. For instance 08:30. | | | **UpdateTimeOfDay** | Write | String | Determines the time of day to perform the updates. Accepts a DateTime as string. Only the time will be considered. | | +| **UseNewTeamsClient** | Write | Boolean | Determines whether or not users will use the new Teams client. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Teams Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | @@ -79,6 +80,7 @@ Configuration Example UpdateDayOfWeek = 1; UpdateTime = "18:00"; UpdateTimeOfDay = "2022-05-06T18:00:00"; + UseNewTeamsClient = $True } } } From ca69617ed62a88ba1c04bc7720f68f957e9e92df Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 15:18:57 -0400 Subject: [PATCH 120/187] EXOGroupSettings: Initial Release --- .../MSFT_EXOGroupSettings.psm1 | 121 ++-- .../MSFT_EXOGroupSettings.schema.mof | 59 +- .../MSFT_EXOGroupSettings/readme.md | 6 +- .../MSFT_EXOGroupSettings/settings.json | 2 +- .../1-ConfigureGroupSettings.ps1 | 28 +- .../Modules/M365DSCStubsUtility.psm1 | 52 +- ...Microsoft365DSC.EXOGroupSettings.Tests.ps1 | 194 ++++-- Tests/Unit/Stubs/Microsoft365.psm1 | 558 +++++++++++++++--- 8 files changed, 795 insertions(+), 225 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 index 3a114c95b5..7a77eb3f20 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 @@ -6,12 +6,17 @@ function Get-TargetResource ( [Parameter(Mandatory = $true)] [System.String] - $GroupDisplayName, + $DisplayName, [Parameter()] [System.String[]] $AcceptMessagesOnlyFromSendersOrMembers, + [Parameter()] + [ValidateSet('Public', 'Private')] + [System.String] + $AccessType, + [Parameter()] [System.Boolean] $AlwaysSubscribeMembersToCalendarEvents, @@ -137,6 +142,7 @@ function Get-TargetResource $HiddenFromExchangeClientsEnabled, [Parameter()] + [ValidateSet("Explicit","Implicit","Open","OwnerModerated")] [System.String] $InformationBarrierMode, @@ -144,6 +150,10 @@ function Get-TargetResource [System.Boolean] $IsMemberAllowedToEditContent, + [Parameter()] + [System.String] + $Language, + [Parameter()] [System.String] $MailboxRegion, @@ -157,11 +167,11 @@ function Get-TargetResource $MailTipTranslations, [Parameter()] - [System.UInt32] + [System.String] $MaxReceiveSize, [Parameter()] - [System.UInt32] + [System.String] $MaxSendSize, [Parameter()] @@ -200,11 +210,6 @@ function Get-TargetResource [System.Boolean] $UnifiedGroupWelcomeMessageEnabled, - [Parameter()] - [ValidateSet('Present')] - [System.String] - $Ensure = 'Present', - [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -234,7 +239,7 @@ function Get-TargetResource $ManagedIdentity ) - Write-Verbose -Message "Getting configuration of Office 365 Group Settings for $GroupDisplayName" + Write-Verbose -Message "Getting configuration of Office 365 Group Settings for $DisplayName" if ($Global:CurrentModeIsExport) { @@ -261,12 +266,17 @@ function Get-TargetResource #endregion $nullReturn = @{ - GroupDisplayName = $GroupDisplayName + DisplayName = $DisplayName } try { - $group = Get-UnifiedGroup -Identity $GroupDisplayName -IncludeAllProperties -ErrorAction Stop + [Array]$group = Get-UnifiedGroup -Identity $DisplayName -IncludeAllProperties -ErrorAction Stop + if ($group.Length -gt 1) + { + Write-Warning -Message "Multiple instances of a group named {$DisplayName} was discovered which could result in inconsistencies retrieving its values." + } + $group = $group[0] } catch { @@ -275,13 +285,14 @@ function Get-TargetResource if ($null -eq $group) { - Write-Verbose -Message "The specified group {$GroupDisplayName} doesn't already exist." + Write-Verbose -Message "The specified group {$DisplayName} doesn't already exist." return $nullReturn } $result = @{ - GroupDisplayName = $GroupDisplayName + DisplayName = $DisplayName AcceptMessagesOnlyFromSendersOrMembers = $group.AcceptMessagesOnlyFromSendersOrMembers + AccessType = $group.AccessType AlwaysSubscribeMembersToCalendarEvents = $group.AlwaysSubscribeMembersToCalendarEvents AuditLogAgeLimit = $group.AuditLogAgeLimit AutoSubscribeNewMembers = $group.AutoSubscribeNewMembers @@ -315,6 +326,7 @@ function Get-TargetResource HiddenFromExchangeClientsEnabled = $group.HiddenFromExchangeClientsEnabled InformationBarrierMode = $group.InformationBarrierMode IsMemberAllowedToEditContent = $group.IsMemberAllowedToEditContent + Language = $group.Language.Name MailboxRegion = $group.MailboxRegion MailTip = $group.MailTip MailTipTranslations = $group.MailTipTranslations @@ -329,7 +341,6 @@ function Get-TargetResource SensitivityLabelId = $group.SensitivityLabelId SubscriptionEnabled = $group.SubscriptionEnabled UnifiedGroupWelcomeMessageEnabled = $group.UnifiedGroupWelcomeMessageEnabled - Ensure = $Ensure Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId @@ -339,7 +350,7 @@ function Get-TargetResource ManagedIdentity = $ManagedIdentity } - Write-Verbose -Message "Found an existing instance of group '$($GroupDisplayName)'" + Write-Verbose -Message "Found an existing instance of group '$($DisplayName)'" return $result } @@ -350,12 +361,17 @@ function Set-TargetResource ( [Parameter(Mandatory = $true)] [System.String] - $GroupDisplayName, + $DisplayName, [Parameter()] [System.String[]] $AcceptMessagesOnlyFromSendersOrMembers, + [Parameter()] + [ValidateSet('Public', 'Private')] + [System.String] + $AccessType, + [Parameter()] [System.Boolean] $AlwaysSubscribeMembersToCalendarEvents, @@ -482,12 +498,17 @@ function Set-TargetResource [Parameter()] [System.String] + [ValidateSet("Explicit","Implicit","Open","OwnerModerated")] $InformationBarrierMode, [Parameter()] [System.Boolean] $IsMemberAllowedToEditContent, + [Parameter()] + [System.String] + $Language, + [Parameter()] [System.String] $MailboxRegion, @@ -501,11 +522,11 @@ function Set-TargetResource $MailTipTranslations, [Parameter()] - [System.UInt32] + [System.String] $MaxReceiveSize, [Parameter()] - [System.UInt32] + [System.String] $MaxSendSize, [Parameter()] @@ -544,11 +565,6 @@ function Set-TargetResource [System.Boolean] $UnifiedGroupWelcomeMessageEnabled, - [Parameter()] - [ValidateSet('Present')] - [System.String] - $Ensure = 'Present', - [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -578,7 +594,7 @@ function Set-TargetResource $ManagedIdentity ) - Write-Verbose -Message "Setting configuration of Office 365 Mailbox Settings for $DisplayName" + Write-Verbose -Message "Setting configuration of Office 365 group Settings for $DisplayName" #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -594,19 +610,23 @@ function Set-TargetResource $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters - $currentMailbox = Get-TargetResource @PSBoundParameters - - $AllowedTimeZones = (Get-ChildItem 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Time zones' | ` - ForEach-Object { Get-ItemProperty $_.PSPath }).PSChildName - - if ($AllowedTimeZones.Contains($TimeZone) -eq $false) + $UpdateParameters = ([Hashtable]$PSBoundParameters).Clone() + $UpdateParameters.Add("Identity", $DisplayName) + $UpdateParameters.Remove("DisplayName") | Out-Null + $UpdateParameters.Remove("Credential") | Out-Null + $UpdateParameters.Remove("ApplicationId") | Out-Null + $UpdateParameters.Remove("TenantId") | Out-Null + $UpdateParameters.Remove("CertificateThumbprint") | Out-Null + $UpdateParameters.Remove("CertificatePath") | Out-Null + $UpdateParameters.Remove("CertificatePassword") | Out-Null + $UpdateParameters.Remove("ManagedIdentity") | Out-Null + + # Cannot use PrimarySmtpAddress and EmailAddresses at the same time. If both are present, then give priority to PrimarySmtpAddress. + if ($UpdateParameters.ContainsKey("PrimarySmtpAddress") -and $null -ne $UpdateParameters.PrimarySmtpAddress) { - throw "The specified Time Zone {$($TimeZone)} is not valid." + $UpdateParameters.Remove("EmailAddresses") } - - Set-MailboxRegionalConfiguration -Identity $DisplayName ` - -Language $Locale ` - -TimeZone $TimeZone + Set-UnifiedGroup @UpdateParameters } function Test-TargetResource @@ -617,12 +637,17 @@ function Test-TargetResource ( [Parameter(Mandatory = $true)] [System.String] - $GroupDisplayName, + $DisplayName, [Parameter()] [System.String[]] $AcceptMessagesOnlyFromSendersOrMembers, + [Parameter()] + [ValidateSet('Public', 'Private')] + [System.String] + $AccessType, + [Parameter()] [System.Boolean] $AlwaysSubscribeMembersToCalendarEvents, @@ -749,12 +774,17 @@ function Test-TargetResource [Parameter()] [System.String] + [ValidateSet("Explicit","Implicit","Open","OwnerModerated")] $InformationBarrierMode, [Parameter()] [System.Boolean] $IsMemberAllowedToEditContent, + [Parameter()] + [System.String] + $Language, + [Parameter()] [System.String] $MailboxRegion, @@ -768,11 +798,11 @@ function Test-TargetResource $MailTipTranslations, [Parameter()] - [System.UInt32] + [System.String] $MaxReceiveSize, [Parameter()] - [System.UInt32] + [System.String] $MaxSendSize, [Parameter()] @@ -811,11 +841,6 @@ function Test-TargetResource [System.Boolean] $UnifiedGroupWelcomeMessageEnabled, - [Parameter()] - [ValidateSet('Present')] - [System.String] - $Ensure = 'Present', - [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -856,19 +881,17 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of Office 365 Mailbox Settings for $DisplayName" + Write-Verbose -Message "Testing configuration of Office 365 Group Settings for $DisplayName" $CurrentValues = Get-TargetResource @PSBoundParameters Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" - + $ValuesToCheck = $PSBoundParameters $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` - -ValuesToCheck @('DisplayName', ` - 'TimeZone', ` - 'Locale') + -ValuesToCheck $ValuesToCheck.Keys Write-Verbose -Message "Test-TargetResource returned $TestResult" @@ -945,7 +968,7 @@ function Export-TargetResource { $Params = @{ Credential = $Credential - GroupDisplayName = $groupName + DisplayName = $groupName ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.schema.mof index e344eb98ba..4e43097540 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.schema.mof @@ -1,11 +1,58 @@ -[ClassVersion("1.0.0.0"), FriendlyName("MSFT_EXOGroupSettings")] +[ClassVersion("1.0.0.0"), FriendlyName("EXOGroupSettings")] class MSFT_EXOGroupSettings : OMI_BaseResource { - [Key, Description("The display name of the Shared Mailbox")] string DisplayName; - [Write, Description("The name of the Time Zone to assign to the mailbox")] string TimeZone; - [Write, Description("The code of the Locale to assign to the mailbox")] string Locale; - [Write, Description("Present ensures the Mailbox Settings are applied"), ValueMap{"Present"}, Values{"Present"}] string Ensure; - [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Key, Description("The DisplayName parameter specifies the name of the Microsoft 365 Group. The display name is visible in the Exchange admin center, address lists, and Outlook. The maximum length is 64 characters.")] string DisplayName; + [Write, Description("The AcceptMessagesOnlyFromSendersOrMembers parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected.")] string AcceptMessagesOnlyFromSendersOrMembers[]; + [Write, Description("Private"), ValueMap{"Public","Private"}, Values{"Public","Private"}] string AccessType; + [Write, Description("The AlwaysSubscribeMembersToCalendarEvents switch controls the default subscription settings of new members that are added to the Microsoft 365 Group. Changing this setting doesn't affect existing group members.")] boolean AlwaysSubscribeMembersToCalendarEvents; + [Write, Description("The AlwaysSubscribeMembersToCalendarEvents switch controls the default subscription settings of new members that are added to the Microsoft 365 Group. Changing this setting doesn't affect existing group members.")] string AuditLogAgeLimit; + [Write, Description("The AutoSubscribeNewMembers switch specifies whether to automatically subscribe new members that are added to the Microsoft 365 Group to conversations and calendar events. Only users that are added to the group after you enable this setting are automatically subscribed to the group.")] boolean AutoSubscribeNewMembers; + [Write, Description("The CalendarMemberReadOnly parameter specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group.")] boolean CalendarMemberReadOnly; + [Write, Description("The CalendarMemberReadOnly switch specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group.")] string Classification; + [Write, Description("The CalendarMemberReadOnly switch specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group.")] boolean ConnectorsEnabled; + [Write, Description("This parameter specifies a value for the CustomAttribute1 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute1; + [Write, Description("This parameter specifies a value for the CustomAttribute2 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute2; + [Write, Description("This parameter specifies a value for the CustomAttribute3 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute3; + [Write, Description("This parameter specifies a value for the CustomAttribute4 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute4; + [Write, Description("This parameter specifies a value for the CustomAttribute5 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute5; + [Write, Description("This parameter specifies a value for the CustomAttribute6 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute6; + [Write, Description("This parameter specifies a value for the CustomAttribute7 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute7; + [Write, Description("This parameter specifies a value for the CustomAttribute8 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute8; + [Write, Description("This parameter specifies a value for the CustomAttribute9 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute9; + [Write, Description("This parameter specifies a value for the CustomAttribute10 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute10; + [Write, Description("This parameter specifies a value for the CustomAttribute11 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute11; + [Write, Description("This parameter specifies a value for the CustomAttribute12 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute12; + [Write, Description("This parameter specifies a value for the CustomAttribute13 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute13; + [Write, Description("This parameter specifies a value for the CustomAttribute14 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute14; + [Write, Description("This parameter specifies a value for the CustomAttribute15 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.")] string CustomAttribute15; + [Write, Description("The DataEncryptionPolicy parameter specifies the data encryption policy that's applied to the Microsoft 365 Group. ")] string DataEncryptionPolicy; + [Write, Description("The EmailAddresses parameter specifies all the email addresses (proxy addresses) for the recipient, including the primary SMTP address.")] string EmailAddresses[]; + [Write, Description("This parameter specifies a value for the ExtensionCustomAttribute1 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.")] string ExtensionCustomAttribute1; + [Write, Description("This parameter specifies a value for the ExtensionCustomAttribute2 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.")] string ExtensionCustomAttribute2; + [Write, Description("This parameter specifies a value for the ExtensionCustomAttribute3 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.")] string ExtensionCustomAttribute3; + [Write, Description("This parameter specifies a value for the ExtensionCustomAttribute4 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.")] string ExtensionCustomAttribute4; + [Write, Description("This parameter specifies a value for the ExtensionCustomAttribute5 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.")] string ExtensionCustomAttribute5; + [Write, Description("The GrantSendOnBehalfTo parameter specifies who can send on behalf of this Microsoft 365 Group.")] string GrantSendOnBehalfTo[]; + [Write, Description("The GrantSendOnBehalfTo parameter specifies who can send on behalf of this Microsoft 365 Group.")] boolean HiddenFromAddressListsEnabled; + [Write, Description("The HiddenFromExchangeClientsEnabled switch specifies whether the Microsoft 365 Group is hidden from Outlook clients connected to Microsoft 365.")] boolean HiddenFromExchangeClientsEnabled; + [Write, Description("The InformationBarrierMode parameter specifies the information barrier mode for the Microsoft 365 Group."), ValueMap{"Explicit","Implicit","Open","OwnerModerated"}, Values{"Explicit","Implicit","Open","OwnerModerated"}] string InformationBarrierMode; + [Write, Description("This parameter specifies whether or not members are allow to edit content.")] boolean IsMemberAllowedToEditContent; + [Write, Description("The Language parameter specifies language preference for the Microsoft 365 Group.")]string Language; + [Write, Description("The MailboxRegion parameter specifies the preferred data location (PDL) for the Microsoft 365 Group in multi-geo environments.")] string MailboxRegion; + [Write, Description("The MailTip parameter specifies the custom MailTip text for this recipient. The MailTip is shown to senders when they start drafting an email message to this recipient. ")] string MailTip; + [Write, Description("The MailTipTranslations parameter specifies additional languages for the custom MailTip text that's defined by the MailTip parameter.")] string MailTipTranslations; + [Write, Description("The MaxReceiveSize parameter specifies the maximum size of an email message that can be sent to this group. Messages that exceed the maximum size are rejected by the group.")] string MaxReceiveSize; + [Write, Description("The MaxSendSize parameter specifies the maximum size of an email message that can be sent by this group.")] string MaxSendSize; + [Write, Description("The ModeratedBy parameter specifies one or more moderators for this recipient. A moderator approves messages sent to the recipient before the messages are delivered. A moderator must be a mailbox, mail user, or mail contact in your organization. You can use any value that uniquely identifies the moderator. ")] string ModeratedBy[]; + [Write, Description("The ModerationEnabled parameter specifies whether moderation is enabled for this recipient.")] boolean ModerationEnabled; + [Write, Description("The Notes parameter specifies the description of the Microsoft 365 Group. If the value contains spaces, enclose the value in quotation marks.")] string Notes; + [Write, Description("The PrimarySmtpAddress parameter specifies the primary return email address that's used for the recipient. You can't use the EmailAddresses and PrimarySmtpAddress parameters in the same command.")] string PrimarySmtpAddress; + [Write, Description("The RejectMessagesFromSendersOrMembers parameter specifies who isn't allowed to send messages to this recipient. Messages from these senders are rejected.")] string RejectMessagesFromSendersOrMembers[]; + [Write, Description("The RequireSenderAuthenticationEnabled parameter specifies whether to accept messages only from authenticated (internal) senders. ")] boolean RequireSenderAuthenticationEnabled; + [Write, Description("The SensitivityLabelId parameter specifies the GUID value of the sensitivity label that's assigned to the Microsoft 365 Group.")] string SensitivityLabelId ; + [Write, Description("The SubscriptionEnabled switch specifies whether the group owners can enable subscription to conversations and calendar events on the groups they own. ")] boolean SubscriptionEnabled; + [Write, Description("The UnifiedGroupWelcomeMessageEnabled switch specifies whether to enable or disable sending system-generated welcome messages to users who are added as members to the Microsoft 365 Group.")] boolean UnifiedGroupWelcomeMessageEnabled; + [Write, Description("Credentials of the Exchange Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/readme.md index 83a2f46fdb..91b7f7b46e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/readme.md @@ -1,6 +1,6 @@ -# EXO MailboxSettings +# EXOGroupSettings ## Description -This resource configures settings on Mailboxes -such as the Regional settings and its timezone. +This resource configures settings on groups +such as the custom attributes and language. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/settings.json index 9c1d5dfc3f..4a9e7a11b5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/settings.json @@ -1,5 +1,5 @@ { - "resourceName": "EXOMailboxSettings", + "resourceName": "EXOGroupSettings", "description": "", "permissions": { "graph": { diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOGroupSettings/1-ConfigureGroupSettings.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOGroupSettings/1-ConfigureGroupSettings.ps1 index 85900a4959..a9c7d17766 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOGroupSettings/1-ConfigureGroupSettings.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOGroupSettings/1-ConfigureGroupSettings.ps1 @@ -9,20 +9,34 @@ Configuration Example ( [Parameter(Mandatory = $true)] [PSCredential] - $credsGlobalAdmin + $credential ) Import-DscResource -ModuleName Microsoft365DSC node localhost { - EXOMailboxSettings 'OttawaTeamMailboxSettings' + EXOGroupSettings 'TestGroup' { - DisplayName = 'Ottawa Employees' - TimeZone = 'Eastern Standard Time' - Locale = 'fr-CA' - Ensure = 'Present' - Credential = $credsGlobalAdmin + DisplayName = "Test Group"; + AccessType = "Public"; + AlwaysSubscribeMembersToCalendarEvents = $False; + AuditLogAgeLimit = "90.00:00:00"; + AutoSubscribeNewMembers = $False; + CalendarMemberReadOnly = $False; + ConnectorsEnabled = $True; + Credential = $credential; + HiddenFromAddressListsEnabled = $True; + HiddenFromExchangeClientsEnabled = $True; + InformationBarrierMode = "Open"; + Language = "en-US"; + MaxReceiveSize = "36 MB (37,748,736 bytes)"; + MaxSendSize = "35 MB (36,700,160 bytes)"; + ModerationEnabled = $False; + Notes = "My Notes"; + PrimarySmtpAddress = "TestGroup@contoso.com"; + RequireSenderAuthenticationEnabled = $True; + SubscriptionEnabled = $False; } } } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 index 44e3c32dac..adce696327 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 @@ -15,7 +15,11 @@ function New-M365DSCStubFiles [Parameter()] [System.Management.Automation.PSCredential] - $Credential + $Credential, + + [Parameter()] + [System.Collections.Hashtable[]] + $Workloads ) if ($null -eq $Credential) @@ -41,27 +45,31 @@ function New-M365DSCStubFiles $Content = '' $folderPath = Join-Path $PSScriptRoot -ChildPath '../DSCResources' Write-Host $FolderPath - $workloads = @( - @{Name = 'ExchangeOnline'; ModuleName = 'ExchangeOnlineManagement'; CommandName = 'Get-Mailbox' }, - @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Applications'; }, - @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Authentication'; }, - @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.DeviceManagement'; }, - @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.DeviceManagement.Administration'; }, - @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.DeviceManagement.Enrolment'; }, - @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Devices.CorporateManagement'; }, - @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Groups'; }, - @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Identity.DirectoryManagement'; }, - @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Identity.Governance'; }, - @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Identity.Signins'; }, - @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Planner'; }, - @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Teams'; }, - @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Users'; }, - @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Users.Actions';}, - @{Name = 'SecurityComplianceCenter'; ModuleName = 'ExchangeOnlineManagement'; CommandName = 'Get-Label' }, - @{Name = 'PnP'; ModuleName = 'PnP.PowerShell'; }, - @{Name = 'PowerPlatforms'; ModuleName = 'Microsoft.PowerApps.Administration.PowerShell'; }, - @{Name = 'MicrosoftTeams'; ModuleName = 'MicrosoftTeams'; } - ) + if ($null -eq $Workloads) + { + $workloads = @( + @{Name = 'ExchangeOnline'; ModuleName = 'ExchangeOnlineManagement'; CommandName = 'Get-Mailbox' }, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Applications'; }, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Authentication'; }, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.DeviceManagement'; }, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.DeviceManagement.Administration'; }, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.DeviceManagement.Enrolment'; }, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Devices.CorporateManagement'; }, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Groups'; }, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Identity.DirectoryManagement'; }, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Identity.Governance'; }, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Identity.Signins'; }, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Planner'; }, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Teams'; }, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Users'; }, + @{Name = 'MicrosoftGraph'; ModuleName = 'Microsoft.Graph.Users.Actions';}, + @{Name = 'SecurityComplianceCenter'; ModuleName = 'ExchangeOnlineManagement'; CommandName = 'Get-Label' }, + @{Name = 'PnP'; ModuleName = 'PnP.PowerShell'; }, + @{Name = 'PowerPlatforms'; ModuleName = 'Microsoft.PowerApps.Administration.PowerShell'; }, + @{Name = 'MicrosoftTeams'; ModuleName = 'MicrosoftTeams'; } + ) + } + foreach ($Module in $workloads) { Write-Host "Connecting to {$($Module.Name)}" diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOGroupSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOGroupSettings.Tests.ps1 index 51a45ecb94..1ae3275f3b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOGroupSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOGroupSettings.Tests.ps1 @@ -15,7 +15,7 @@ Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource 'EXOMailboxSettings' -GenericStubModule $GenericStubPath + -DscResource 'EXOGroupSettings' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope @@ -34,34 +34,42 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + + Mock -CommandName Set-UnifiedGroup -MockWith { + } } - Context -Name 'Specified TimeZone is Invalid' -Fixture { + Context -Name "The Specified Group doesn't Exist" -Fixture { BeforeAll { $testParams = @{ - DisplayName = 'Admin@contoso.com' - TimeZone = 'Non-Existing' - Ensure = 'Present' - Credential = $Credential - } - - Mock -CommandName Get-MailboxRegionalConfiguration -MockWith { - return @{ - TimeZone = 'Eastern Standard Time' - } + DisplayName = "Test Group"; + AccessType = "Public"; + AlwaysSubscribeMembersToCalendarEvents = $False; + AuditLogAgeLimit = "90.00:00:00"; + AutoSubscribeNewMembers = $False; + CalendarMemberReadOnly = $False; + ConnectorsEnabled = $True; + Credential = $Credential; + HiddenFromAddressListsEnabled = $True; + HiddenFromExchangeClientsEnabled = $True; + InformationBarrierMode = "Open"; + Language = @{Name = "en-US"}; + MaxReceiveSize = "36 MB (37,748,736 bytes)"; + MaxSendSize = "35 MB (36,700,160 bytes)"; + ModerationEnabled = $False; + Notes = "My Notes"; + PrimarySmtpAddress = "TestGroup@contoso.com"; + RequireSenderAuthenticationEnabled = $True; + SubscriptionEnabled = $False; } - Mock -CommandName Set-MailboxRegionalConfiguration -MockWith { + Mock -CommandName Get-UnifiedGroup -MockWith { return $null } } - It 'Should throw an error from the Set method' { - { Set-TargetResource @testParams } | Should -Throw 'The specified Time Zone {Non-Existing} is not valid.' - } - - It 'Should return the current TimeZone from the Get method' { - (Get-TargetResource @testParams).TimeZone | Should -Be 'Eastern Standard Time' + It 'Should return the current Language as null from the Get method' { + (Get-TargetResource @testParams).Language | Should -Be $null } It 'Should return False from the Test method' { @@ -69,38 +77,119 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'Specified Parameters are all valid' -Fixture { + Context -Name "The Resource is already in the Desired State" -Fixture { BeforeAll { $testParams = @{ - DisplayName = 'Admin@contoso.com' - TimeZone = 'Eastern Standard Time' - Locale = 'en-US' - Ensure = 'Present' - Credential = $Credential + DisplayName = "Test Group"; + AccessType = "Public"; + AlwaysSubscribeMembersToCalendarEvents = $False; + AuditLogAgeLimit = "90.00:00:00"; + AutoSubscribeNewMembers = $False; + CalendarMemberReadOnly = $False; + ConnectorsEnabled = $True; + Credential = $Credential;HiddenFromAddressListsEnabled = $True; + HiddenFromExchangeClientsEnabled = $True; + InformationBarrierMode = "Open"; + Language = "en-US"; + MaxReceiveSize = "36 MB (37,748,736 bytes)"; + MaxSendSize = "35 MB (36,700,160 bytes)"; + ModerationEnabled = $False; + Notes = "My Notes"; + PrimarySmtpAddress = "TestGroup@contoso.com"; + RequireSenderAuthenticationEnabled = $True; + SubscriptionEnabled = $False; } - Mock -CommandName Get-MailboxRegionalConfiguration -MockWith { + Mock -CommandName Get-UnifiedGroup -MockWith { return @{ - TimeZone = 'Eastern Standard Time' - Language = @{ - Name = 'en-US' - } + DisplayName = "Test Group"; + AccessType = "Public"; + AlwaysSubscribeMembersToCalendarEvents = $False; + AuditLogAgeLimit = "90.00:00:00"; + AutoSubscribeNewMembers = $False; + CalendarMemberReadOnly = $False; + ConnectorsEnabled = $True; + EmailAddresses = @("SMTP:TestGroup@$contoso.com","SPO:SPO_eff656f4-6163-44b5-8410-139ac8658c5d@SPO_e7a80bcf-696e-40ca-8775-a7f85fbb3ebc"); + HiddenFromAddressListsEnabled = $True; + HiddenFromExchangeClientsEnabled = $True; + InformationBarrierMode = "Open"; + Language = @{Name = "en-US"}; + MaxReceiveSize = "36 MB (37,748,736 bytes)"; + MaxSendSize = "35 MB (36,700,160 bytes)"; + ModerationEnabled = $False; + Notes = "My Notes"; + PrimarySmtpAddress = "TestGroup@contoso.com"; + RequireSenderAuthenticationEnabled = $True; + SubscriptionEnabled = $False; } } - - Mock -CommandName Set-MailboxRegionalConfiguration -MockWith { - return $null - } } - It 'Should call the Set method' { - Set-TargetResource @testParams + It 'Should return the current Language as en-US from the Get method' { + (Get-TargetResource @testParams).Language | Should -Be 'en-US' } It 'Should return True from the Test method' { Test-TargetResource @testParams | Should -Be $True } } + Context -Name "The Resource is not in the Desired State" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = "Test Group"; + AccessType = "Public"; + AlwaysSubscribeMembersToCalendarEvents = $False; + AuditLogAgeLimit = "90.00:00:00"; + AutoSubscribeNewMembers = $False; + CalendarMemberReadOnly = $False; + ConnectorsEnabled = $True; + Credential = $Credential;HiddenFromAddressListsEnabled = $True; + HiddenFromExchangeClientsEnabled = $True; + InformationBarrierMode = "Open"; + Language = "en-US"; + MaxReceiveSize = "36 MB (37,748,736 bytes)"; + MaxSendSize = "35 MB (36,700,160 bytes)"; + ModerationEnabled = $False; + Notes = "My Notes"; + PrimarySmtpAddress = "TestGroup@contoso.com"; + RequireSenderAuthenticationEnabled = $True; + SubscriptionEnabled = $False; + } + + Mock -CommandName Get-UnifiedGroup -MockWith { + return @{ + DisplayName = "Test Group"; + AccessType = "Public"; + AlwaysSubscribeMembersToCalendarEvents = $False; + AuditLogAgeLimit = "90.00:00:00"; + AutoSubscribeNewMembers = $False; + CalendarMemberReadOnly = $False; + ConnectorsEnabled = $True; + EmailAddresses = @("SMTP:TestGroup@$contoso.com","SPO:SPO_eff656f4-6163-44b5-8410-139ac8658c5d@SPO_e7a80bcf-696e-40ca-8775-a7f85fbb3ebc"); + HiddenFromAddressListsEnabled = $True; + HiddenFromExchangeClientsEnabled = $True; + InformationBarrierMode = "Open"; + Language = @{Name = "en-US"}; + MaxReceiveSize = "36 MB (37,748,736 bytes)"; + MaxSendSize = "35 MB (36,700,160 bytes)"; + ModerationEnabled = $True; #drift + Notes = "My Notes"; + PrimarySmtpAddress = "TestGroup@contoso.com"; + RequireSenderAuthenticationEnabled = $True; + SubscriptionEnabled = $False; + } + } + } + + It 'Should return False from the Test method' { + Test-TargetResource @testParams | Should -Be $False + } + It 'Should call Set-UnifiedGroup from the Set-TargetResource method' { + + Set-TargetResource @testParams + Should -Invoke -CommandName 'Set-UnifiedGroup' -Exactly 1 + } + } Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { @@ -110,20 +199,27 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential } - Mock -CommandName Get-Mailbox -MockWith { - return @( - @{ - Name = 'John.Smith' - } - ) - } - - Mock -CommandName Get-MailboxRegionalConfiguration -MockWith { + Mock -CommandName Get-UnifiedGroup -MockWith { return @{ - TimeZone = 'Eastern Standard Time' - Language = @{ - Name = 'en-US' - } + DisplayName = "Test Group"; + AccessType = "Public"; + AlwaysSubscribeMembersToCalendarEvents = $False; + AuditLogAgeLimit = "90.00:00:00"; + AutoSubscribeNewMembers = $False; + CalendarMemberReadOnly = $False; + ConnectorsEnabled = $True; + EmailAddresses = @("SMTP:TestGroup@$contoso.com","SPO:SPO_eff656f4-6163-44b5-8410-139ac8658c5d@SPO_e7a80bcf-696e-40ca-8775-a7f85fbb3ebc"); + HiddenFromAddressListsEnabled = $True; + HiddenFromExchangeClientsEnabled = $True; + InformationBarrierMode = "Open"; + Language = @{Name = "en-US"}; + MaxReceiveSize = "36 MB (37,748,736 bytes)"; + MaxSendSize = "35 MB (36,700,160 bytes)"; + ModerationEnabled = $True; #drift + Notes = "My Notes"; + PrimarySmtpAddress = "TestGroup@contoso.com"; + RequireSenderAuthenticationEnabled = $True; + SubscriptionEnabled = $False; } } } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 48b24984ea..78989ae899 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -1,87 +1,4 @@ #region ExchangeOnline -function Get-RoleGroup -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $Identity, - - [Parameter()] - [System.Object] - $Members - ) -} -function New-RoleGroup -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Object] - $Roles, - - [Parameter()] - [System.Object] - $Members, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force - ) -} -function Remove-RoleGroup -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $Identity, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force - ) -} -function Get-RoleGroupMember -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $Identity - ) -} -function Update-RoleGroupMember -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Object] - $Identity, - [Parameter()] - [System.Object] - $Members, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm - ) -} function Add-AvailabilityAddressSpace { [CmdletBinding()] @@ -148,7 +65,11 @@ function Get-AcceptedDomain param( [Parameter()] [System.Object] - $Identity + $Identity, + + [Parameter()] + [System.Object] + $ResultSize ) } function Get-ActiveSyncDevice @@ -650,7 +571,11 @@ function Get-InboundConnector param( [Parameter()] [System.Object] - $Identity + $Identity, + + [Parameter()] + [System.Object] + $ResultSize ) } function Get-IntraOrganizationConnector @@ -682,6 +607,10 @@ function Get-Mailbox { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ServiceSafetyConfiguration, + [Parameter()] [System.String] $SortBy, @@ -798,7 +727,11 @@ function Get-MailboxRegionalConfiguration [Parameter()] [System.Object] - $Identity + $Identity, + + [Parameter()] + [System.Object] + $MailboxLocation ) } function Get-MailContact @@ -1084,6 +1017,10 @@ function Get-OutboundConnector [System.Object] $Identity, + [Parameter()] + [System.Object] + $ResultSize, + [Parameter()] [System.Boolean] $IsTransportRuleScoped @@ -1156,7 +1093,11 @@ function Get-RemoteDomain param( [Parameter()] [System.Object] - $Identity + $Identity, + + [Parameter()] + [System.Object] + $ResultSize ) } function Get-ResourceConfig @@ -1175,6 +1116,44 @@ function Get-RoleAssignmentPolicy $Identity ) } +function Get-RoleGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $SortBy, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Object] + $ResultSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ShowPartnerLinked, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Get-RoleGroupMember +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $ResultSize + ) +} function Get-SafeAttachmentPolicy { [CmdletBinding()] @@ -1299,6 +1278,39 @@ function Get-TransportRule $Identity ) } +function Get-UnifiedGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $SortBy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IncludeSoftDeletedGroups, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IncludeAllProperties, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $ResultSize, + + [Parameter()] + [System.String] + $Anr + ) +} function Get-User { [CmdletBinding()] @@ -4012,6 +4024,10 @@ function New-QuarantinePolicy [System.Object] $MultiLanguageSetting, + [Parameter()] + [System.TimeSpan] + $EndUserSpamNotificationFrequency, + [Parameter()] [System.Int32] $QuarantineRetentionDays, @@ -4075,6 +4091,51 @@ function New-RoleAssignmentPolicy $IsDefault ) } +function New-RoleGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Object] + $CustomRecipientWriteScope, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Object] + $Members, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $WellKnownObject, + + [Parameter()] + [System.Object] + $ManagedBy, + + [Parameter()] + [System.Object[]] + $Roles, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force + ) +} function New-SafeAttachmentPolicy { [CmdletBinding()] @@ -5682,6 +5743,27 @@ function Remove-RoleAssignmentPolicy $Identity ) } +function Remove-RoleGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $BypassSecurityGroupManagerCheck + ) +} function Remove-SafeAttachmentPolicy { [CmdletBinding()] @@ -5788,6 +5870,10 @@ function Set-AcceptedDomain [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.Boolean] + $SendingFromDomainDisabled, + [Parameter()] [System.Object] $Identity, @@ -8308,6 +8394,10 @@ function Set-MailboxRegionalConfiguration [System.String] $TimeFormat, + [Parameter()] + [System.Object] + $MailboxLocation, + [Parameter()] [System.Management.Automation.SwitchParameter] $UseCustomRouting, @@ -10415,7 +10505,11 @@ function Set-QuarantinePolicy $MultiLanguageSetting, [Parameter()] - [System.Int32] + [System.TimeSpan] + $EndUserSpamNotificationFrequency, + + [Parameter()] + [System.Int32] $QuarantineRetentionDays, [Parameter()] @@ -10570,6 +10664,47 @@ function Set-RoleAssignmentPolicy $Identity ) } +function Set-RoleGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Name, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $WellKnownObject, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $BypassSecurityGroupManagerCheck, + + [Parameter()] + [System.Object] + $ManagedBy + ) +} function Set-SafeAttachmentPolicy { [CmdletBinding()] @@ -11637,6 +11772,231 @@ function Set-TransportRule $ExceptIfHeaderContainsMessageHeader ) } +function Set-UnifiedGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $EmailAddresses, + + [Parameter()] + [System.Object] + $AcceptMessagesOnlyFromSendersOrMembers, + + [Parameter()] + [System.String] + $CustomAttribute12, + + [Parameter()] + [System.String] + $CustomAttribute10, + + [Parameter()] + [System.Globalization.CultureInfo] + $Language, + + [Parameter()] + [System.Object] + $IsMemberAllowedToEditContent, + + [Parameter()] + [System.String] + $CustomAttribute8, + + [Parameter()] + [System.String] + $CustomAttribute5, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $UnifiedGroupWelcomeMessageEnabled, + + [Parameter()] + [System.String] + $MailTip, + + [Parameter()] + [System.Object] + $ModeratedBy, + + [Parameter()] + [System.Object] + $PrimarySmtpAddress, + + [Parameter()] + [System.String] + $Classification, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AutoSubscribeNewMembers, + + [Parameter()] + [System.Object] + $AuditLogAgeLimit, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $HiddenFromExchangeClientsEnabled, + + [Parameter()] + [System.Object] + $MaxReceiveSize, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute5, + + [Parameter()] + [System.String] + $CustomAttribute15, + + [Parameter()] + [System.Object] + $RejectMessagesFromSendersOrMembers, + + [Parameter()] + [System.String] + $Alias, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $CustomAttribute1, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $SubscriptionEnabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ForceUpgrade, + + [Parameter()] + [System.Object] + $AccessType, + + [Parameter()] + [System.String] + $MailboxRegion, + + [Parameter()] + [System.Object] + $GrantSendOnBehalfTo, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute1, + + [Parameter()] + [System.String] + $Notes, + + [Parameter()] + [System.String] + $CustomAttribute14, + + [Parameter()] + [System.Boolean] + $RequireSenderAuthenticationEnabled, + + [Parameter()] + [System.String] + $CustomAttribute9, + + [Parameter()] + [System.String] + $CustomAttribute6, + + [Parameter()] + [System.Object] + $DataEncryptionPolicy, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute4, + + [Parameter()] + [System.Object] + $SensitivityLabelId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $AlwaysSubscribeMembersToCalendarEvents, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute2, + + [Parameter()] + [System.String] + $CustomAttribute13, + + [Parameter()] + [System.String] + $CustomAttribute2, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $CalendarMemberReadOnly, + + [Parameter()] + [System.Object] + $InformationBarrierMode, + + [Parameter()] + [System.Object] + $MaxSendSize, + + [Parameter()] + [System.Object] + $MailTipTranslations, + + [Parameter()] + [System.String] + $CustomAttribute7, + + [Parameter()] + [System.String] + $CustomAttribute4, + + [Parameter()] + [System.Object] + $ExtensionCustomAttribute3, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ConnectorsEnabled, + + [Parameter()] + [System.Boolean] + $ModerationEnabled, + + [Parameter()] + [System.String] + $CustomAttribute3, + + [Parameter()] + [System.String] + $CustomAttribute11, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Boolean] + $HiddenFromAddressListsEnabled + ) +} function Set-User { [CmdletBinding()] @@ -11838,7 +12198,29 @@ function Set-User $CanHaveCloudCache ) } +function Update-RoleGroupMember +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $BypassSecurityGroupManagerCheck, + + [Parameter()] + [System.Object] + $Members + ) +} #endregion + #region MicrosoftGraph function Get-MgApplication { From f9edb309e2b09ba1df5e1e9c70814030cb393d1e Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 15:20:03 -0400 Subject: [PATCH 121/187] Update CHANGELOG.md --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8679ac76c6..e4d06cf176 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,9 @@ * [BREAKING CHANGE] Remove deprecated parameter PreferredDataLocation* EXOAntiPhishPolicy * [BREAKING CHANGE] Remove deprecated parameters EnableAntispoofEnforcement and TargetedDomainProtectionAction +* EXOGroupSettings + * Initial Release + FIXES [#3089](https://github.com/microsoft/Microsoft365DSC/issues/3089) * EXOHostedContentFilterPolicy * [BREAKING CHANGE] Remove deprecated parameters EndUserSpamNotificationCustomFromAddress and EndUserSpamNotificationCustomFromName From 8a913b2d2b610ba6656cdf980ad26b60f8f090c1 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 20:04:05 +0000 Subject: [PATCH 122/187] Updated Resources and Cmdlet documentation pages --- .../resources/exchange/EXOGroupSettings.md | 131 ++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 docs/docs/resources/exchange/EXOGroupSettings.md diff --git a/docs/docs/resources/exchange/EXOGroupSettings.md b/docs/docs/resources/exchange/EXOGroupSettings.md new file mode 100644 index 0000000000..0f5310378c --- /dev/null +++ b/docs/docs/resources/exchange/EXOGroupSettings.md @@ -0,0 +1,131 @@ +# EXOGroupSettings + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Key | String | The DisplayName parameter specifies the name of the Microsoft 365 Group. The display name is visible in the Exchange admin center, address lists, and Outlook. The maximum length is 64 characters. | | +| **AcceptMessagesOnlyFromSendersOrMembers** | Write | StringArray[] | The AcceptMessagesOnlyFromSendersOrMembers parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected. | | +| **AccessType** | Write | String | Private | `Public`, `Private` | +| **AlwaysSubscribeMembersToCalendarEvents** | Write | Boolean | The AlwaysSubscribeMembersToCalendarEvents switch controls the default subscription settings of new members that are added to the Microsoft 365 Group. Changing this setting doesn't affect existing group members. | | +| **AuditLogAgeLimit** | Write | String | The AlwaysSubscribeMembersToCalendarEvents switch controls the default subscription settings of new members that are added to the Microsoft 365 Group. Changing this setting doesn't affect existing group members. | | +| **AutoSubscribeNewMembers** | Write | Boolean | The AutoSubscribeNewMembers switch specifies whether to automatically subscribe new members that are added to the Microsoft 365 Group to conversations and calendar events. Only users that are added to the group after you enable this setting are automatically subscribed to the group. | | +| **CalendarMemberReadOnly** | Write | Boolean | The CalendarMemberReadOnly parameter specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group. | | +| **Classification** | Write | String | The CalendarMemberReadOnly switch specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group. | | +| **ConnectorsEnabled** | Write | Boolean | The CalendarMemberReadOnly switch specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group. | | +| **CustomAttribute1** | Write | String | This parameter specifies a value for the CustomAttribute1 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **CustomAttribute2** | Write | String | This parameter specifies a value for the CustomAttribute2 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **CustomAttribute3** | Write | String | This parameter specifies a value for the CustomAttribute3 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **CustomAttribute4** | Write | String | This parameter specifies a value for the CustomAttribute4 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **CustomAttribute5** | Write | String | This parameter specifies a value for the CustomAttribute5 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **CustomAttribute6** | Write | String | This parameter specifies a value for the CustomAttribute6 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **CustomAttribute7** | Write | String | This parameter specifies a value for the CustomAttribute7 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **CustomAttribute8** | Write | String | This parameter specifies a value for the CustomAttribute8 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **CustomAttribute9** | Write | String | This parameter specifies a value for the CustomAttribute9 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **CustomAttribute10** | Write | String | This parameter specifies a value for the CustomAttribute10 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **CustomAttribute11** | Write | String | This parameter specifies a value for the CustomAttribute11 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **CustomAttribute12** | Write | String | This parameter specifies a value for the CustomAttribute12 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **CustomAttribute13** | Write | String | This parameter specifies a value for the CustomAttribute13 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **CustomAttribute14** | Write | String | This parameter specifies a value for the CustomAttribute14 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **CustomAttribute15** | Write | String | This parameter specifies a value for the CustomAttribute15 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. | | +| **DataEncryptionPolicy** | Write | String | The DataEncryptionPolicy parameter specifies the data encryption policy that's applied to the Microsoft 365 Group. | | +| **EmailAddresses** | Write | StringArray[] | The EmailAddresses parameter specifies all the email addresses (proxy addresses) for the recipient, including the primary SMTP address. | | +| **ExtensionCustomAttribute1** | Write | String | This parameter specifies a value for the ExtensionCustomAttribute1 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas. | | +| **ExtensionCustomAttribute2** | Write | String | This parameter specifies a value for the ExtensionCustomAttribute2 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas. | | +| **ExtensionCustomAttribute3** | Write | String | This parameter specifies a value for the ExtensionCustomAttribute3 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas. | | +| **ExtensionCustomAttribute4** | Write | String | This parameter specifies a value for the ExtensionCustomAttribute4 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas. | | +| **ExtensionCustomAttribute5** | Write | String | This parameter specifies a value for the ExtensionCustomAttribute5 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas. | | +| **GrantSendOnBehalfTo** | Write | StringArray[] | The GrantSendOnBehalfTo parameter specifies who can send on behalf of this Microsoft 365 Group. | | +| **HiddenFromAddressListsEnabled** | Write | Boolean | The GrantSendOnBehalfTo parameter specifies who can send on behalf of this Microsoft 365 Group. | | +| **HiddenFromExchangeClientsEnabled** | Write | Boolean | The HiddenFromExchangeClientsEnabled switch specifies whether the Microsoft 365 Group is hidden from Outlook clients connected to Microsoft 365. | | +| **InformationBarrierMode** | Write | String | The InformationBarrierMode parameter specifies the information barrier mode for the Microsoft 365 Group. | `Explicit`, `Implicit`, `Open`, `OwnerModerated` | +| **IsMemberAllowedToEditContent** | Write | Boolean | This parameter specifies whether or not members are allow to edit content. | | +| **Language** | Write | String | The Language parameter specifies language preference for the Microsoft 365 Group. | | +| **MailboxRegion** | Write | String | The MailboxRegion parameter specifies the preferred data location (PDL) for the Microsoft 365 Group in multi-geo environments. | | +| **MailTip** | Write | String | The MailTip parameter specifies the custom MailTip text for this recipient. The MailTip is shown to senders when they start drafting an email message to this recipient. | | +| **MailTipTranslations** | Write | String | The MailTipTranslations parameter specifies additional languages for the custom MailTip text that's defined by the MailTip parameter. | | +| **MaxReceiveSize** | Write | String | The MaxReceiveSize parameter specifies the maximum size of an email message that can be sent to this group. Messages that exceed the maximum size are rejected by the group. | | +| **MaxSendSize** | Write | String | The MaxSendSize parameter specifies the maximum size of an email message that can be sent by this group. | | +| **ModeratedBy** | Write | StringArray[] | The ModeratedBy parameter specifies one or more moderators for this recipient. A moderator approves messages sent to the recipient before the messages are delivered. A moderator must be a mailbox, mail user, or mail contact in your organization. You can use any value that uniquely identifies the moderator. | | +| **ModerationEnabled** | Write | Boolean | The ModerationEnabled parameter specifies whether moderation is enabled for this recipient. | | +| **Notes** | Write | String | The Notes parameter specifies the description of the Microsoft 365 Group. If the value contains spaces, enclose the value in quotation marks. | | +| **PrimarySmtpAddress** | Write | String | The PrimarySmtpAddress parameter specifies the primary return email address that's used for the recipient. You can't use the EmailAddresses and PrimarySmtpAddress parameters in the same command. | | +| **RejectMessagesFromSendersOrMembers** | Write | StringArray[] | The RejectMessagesFromSendersOrMembers parameter specifies who isn't allowed to send messages to this recipient. Messages from these senders are rejected. | | +| **RequireSenderAuthenticationEnabled** | Write | Boolean | The RequireSenderAuthenticationEnabled parameter specifies whether to accept messages only from authenticated (internal) senders. | | +| **SensitivityLabelId** | Write | String | The SensitivityLabelId parameter specifies the GUID value of the sensitivity label that's assigned to the Microsoft 365 Group. | | +| **SubscriptionEnabled** | Write | Boolean | The SubscriptionEnabled switch specifies whether the group owners can enable subscription to conversations and calendar events on the groups they own. | | +| **UnifiedGroupWelcomeMessageEnabled** | Write | Boolean | The UnifiedGroupWelcomeMessageEnabled switch specifies whether to enable or disable sending system-generated welcome messages to users who are added as members to the Microsoft 365 Group. | | +| **Credential** | Write | PSCredential | Credentials of the Exchange Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | +| **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +## Description + +This resource configures settings on groups +such as the custom attributes and language. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- User Options, View-Only Recipients, Mail Recipients + +#### Role Groups + +- Organization Management + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXOGroupSettings 'TestGroup' + { + DisplayName = "Test Group"; + AccessType = "Public"; + AlwaysSubscribeMembersToCalendarEvents = $False; + AuditLogAgeLimit = "90.00:00:00"; + AutoSubscribeNewMembers = $False; + CalendarMemberReadOnly = $False; + ConnectorsEnabled = $True; + Credential = $credential; + HiddenFromAddressListsEnabled = $True; + HiddenFromExchangeClientsEnabled = $True; + InformationBarrierMode = "Open"; + Language = "en-US"; + MaxReceiveSize = "36 MB (37,748,736 bytes)"; + MaxSendSize = "35 MB (36,700,160 bytes)"; + ModerationEnabled = $False; + Notes = "My Notes"; + PrimarySmtpAddress = "TestGroup@contoso.com"; + RequireSenderAuthenticationEnabled = $True; + SubscriptionEnabled = $False; + } + } +} +``` + From 3bf2d21c346c9ce865aaa85a89d4bb2757c49b98 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 16:16:47 -0400 Subject: [PATCH 123/187] Fixes #3064 - Administrative Unit via Graph --- CHANGELOG.md | 4 ++++ .../MSFT_EXOManagementRoleAssignment.psm1 | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 52013fd277..271d2253aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -37,6 +37,10 @@ * EXOMalwareFilterPolicy * [BREAKING CHANGE] Remove deprecated parameters Action, CustomAlertText, EnableExternalSenderNotifications and EnableInternalSenderNotifications +* EXOManagementRoleAssignment + * Use Microsoft Graph to retrieve administrative units. This fixes the issue where a soft + deleted AU was present while a new one got create with the same name. + FIXES [#3064](https://github.com/microsoft/Microsoft365DSC/issues/3064) * EXOOrganizationConfig * [BREAKING CHANGE] Remove deprecated parameters AllowPlusAddressInRecipients * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 index 899640440d..af0c9f7c46 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 @@ -129,9 +129,11 @@ function Get-TargetResource $RecipientAdministrativeUnitScopeValue = $null if ($roleAssignment.RecipientWriteScope -eq 'AdministrativeUnit') { - $adminUnit = Get-AdministrativeUnit -Identity $roleAssignment.CustomRecipientWriteScope + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + $adminUnit = Get-MgAdministrativeUnit -AdministrativeUnitId $roleAssignment.CustomRecipientWriteScope - if ($RecipientAdministrativeUnitScope -eq $adminUnit.Name) + if ($RecipientAdministrativeUnitScope -eq $adminUnit.Id) { $RecipientAdministrativeUnitScopeValue = $RecipientAdministrativeUnitScope } From f5631d1b3a210cd23e32523b845d8fe35198dd92 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 16:17:28 -0400 Subject: [PATCH 124/187] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 271d2253aa..1b79e64c6e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -39,7 +39,7 @@ EnableExternalSenderNotifications and EnableInternalSenderNotifications * EXOManagementRoleAssignment * Use Microsoft Graph to retrieve administrative units. This fixes the issue where a soft - deleted AU was present while a new one got create with the same name. + deleted AU was present while a new one got created with the same name. FIXES [#3064](https://github.com/microsoft/Microsoft365DSC/issues/3064) * EXOOrganizationConfig * [BREAKING CHANGE] Remove deprecated parameters AllowPlusAddressInRecipients From 5992ac30a12fdc574e0d9fe22fbc4fc0dabd3dbd Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 16:52:28 -0400 Subject: [PATCH 125/187] Update Unit Tests.yml --- .github/workflows/Unit Tests.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml index e7988e7b68..f02af24d5c 100644 --- a/.github/workflows/Unit Tests.yml +++ b/.github/workflows/Unit Tests.yml @@ -23,7 +23,14 @@ jobs: foreach ($module in $Manifest.Dependencies) { - Install-Module $module.ModuleName -RequiredVersion $module.RequiredVersion -Force -Scope AllUsers + if ($module.AllowPreRelease) + { + Install-Module $module.ModuleName -AllowPreRelease -Force -Scope AllUsers + } + else + { + Install-Module $module.ModuleName -RequiredVersion $module.RequiredVersion -Force -Scope AllUsers + } Import-Module $module.ModuleName -Force } From 232ac24316fdd4d740ea13fa34e4387ca87bb9b8 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 17:18:47 -0400 Subject: [PATCH 126/187] Update Unit Tests.yml --- .github/workflows/Unit Tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml index f02af24d5c..a52d0ea728 100644 --- a/.github/workflows/Unit Tests.yml +++ b/.github/workflows/Unit Tests.yml @@ -19,10 +19,12 @@ jobs: - name: Install Modules shell: pwsh run: | + $VerbosePreference = 'Continue' $Manifest = Import-PowerShellDataFile './Modules/Microsoft365DSC/Dependencies/Manifest.psd1' foreach ($module in $Manifest.Dependencies) { + Write-Verbose -Message $($module.ModuleName) if ($module.AllowPreRelease) { Install-Module $module.ModuleName -AllowPreRelease -Force -Scope AllUsers From be8e108a19cbd4e34b1cd22d00cef2911f1291c0 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 31 Mar 2023 20:38:29 -0400 Subject: [PATCH 127/187] Update Unit Tests.yml --- .github/workflows/Unit Tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml index a52d0ea728..fb8c4eaa74 100644 --- a/.github/workflows/Unit Tests.yml +++ b/.github/workflows/Unit Tests.yml @@ -24,7 +24,7 @@ jobs: foreach ($module in $Manifest.Dependencies) { - Write-Verbose -Message $($module.ModuleName) + Write-Verbose -Message "Installing module: $($module.ModuleName)" if ($module.AllowPreRelease) { Install-Module $module.ModuleName -AllowPreRelease -Force -Scope AllUsers From 6afebaf6be82406325d95708fb2703a01bcf3fba Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 14:05:43 +0100 Subject: [PATCH 128/187] rework resource --- CHANGELOG.md | 5 + ...eDeviceEnrollmentStatusPageWindows10.psm1} | 195 +++++++++++++++++- ...eEnrollmentStatusPageWindows10.schema.mof} | 15 +- .../readme.md | 2 +- .../settings.json | 2 +- ...ce Enrollment Configuration Windows 10.ps1 | 37 ---- ...vice Enrollment Status Page Windows 10.ps1 | 44 ++++ ...ceEnrollmentStatusPageWindows10.Tests.ps1} | 30 ++- 8 files changed, 273 insertions(+), 57 deletions(-) rename Modules/Microsoft365DSC/DSCResources/{MSFT_IntuneDeviceEnrollmentConfigurationWindows10/MSFT_IntuneDeviceEnrollmentConfigurationWindows10.psm1 => MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1} (84%) rename Modules/Microsoft365DSC/DSCResources/{MSFT_IntuneDeviceEnrollmentConfigurationWindows10/MSFT_IntuneDeviceEnrollmentConfigurationWindows10.schema.mof => MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.schema.mof} (59%) rename Modules/Microsoft365DSC/DSCResources/{MSFT_IntuneDeviceEnrollmentConfigurationWindows10 => MSFT_IntuneDeviceEnrollmentStatusPageWindows10}/readme.md (63%) rename Modules/Microsoft365DSC/DSCResources/{MSFT_IntuneDeviceEnrollmentConfigurationWindows10 => MSFT_IntuneDeviceEnrollmentStatusPageWindows10}/settings.json (95%) delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentConfigurationWindows10/1-New Device Enrollment Configuration Windows 10.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/1-New Device Enrollment Status Page Windows 10.ps1 rename Tests/Unit/Microsoft365DSC/{Microsoft365DSC.IntuneDeviceEnrollmentConfigurationWindows10.Tests.ps1 => Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1} (93%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b79e64c6e..aaee810da0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Change log for Microsoft365DSC # UNRELEASED +* IntuneDeviceEnrollmentStatusPageWindows10 + * [BREAKING CHANGE] Renamed resource IntuneDeviceEnrollmentConfigurationWindows10 to IntuneDeviceEnrollmentStatusPageWindows10 + * Added support for property Assignments. + * Added support for property Priority + * FIXES [#2933](https://github.com/microsoft/Microsoft365DSC/issues/2933) * AADAdministrativeUnit * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required * Fixes extraction of the Members property. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentConfigurationWindows10/MSFT_IntuneDeviceEnrollmentConfigurationWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 similarity index 84% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentConfigurationWindows10/MSFT_IntuneDeviceEnrollmentConfigurationWindows10.psm1 rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 index bf4ddfc526..73f362045b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentConfigurationWindows10/MSFT_IntuneDeviceEnrollmentConfigurationWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 @@ -66,6 +66,14 @@ function Get-TargetResource $TrackInstallProgressForAutopilotOnly, #endregion + [Parameter()] + [System.Uint32] + $Priority, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] @@ -103,7 +111,7 @@ function Get-TargetResource -ProfileName 'beta' #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + Confirm-M365DSCDependencies -Verbose #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') @@ -128,9 +136,10 @@ function Get-TargetResource if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDeviceManagementDeviceEnrollmentConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.DisplayName -eq "$($DisplayName)" ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10EnrollmentCompletionPageConfiguration' ` } } } @@ -157,12 +166,35 @@ function Get-TargetResource SelectedMobileAppIds = $getValue.AdditionalProperties.selectedMobileAppIds ShowInstallationProgress = $getValue.AdditionalProperties.showInstallationProgress TrackInstallProgressForAutopilotOnly = $getValue.AdditionalProperties.trackInstallProgressForAutopilotOnly + Priority = $getValue.Priority Description = $getValue.Description DisplayName = $getValue.DisplayName Id = $getValue.Id Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent #endregion } + $assignmentsValues = Get-MgDeviceManagementDeviceEnrollmentConfigurationAssignment -DeviceEnrollmentConfigurationId $Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) return [System.Collections.Hashtable] $results } @@ -245,6 +277,14 @@ function Set-TargetResource $TrackInstallProgressForAutopilotOnly, #endregion + [Parameter()] + [System.Uint32] + $Priority, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] @@ -275,6 +315,7 @@ function Set-TargetResource $ManagedIdentity ) + #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -305,6 +346,8 @@ function Set-TargetResource $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null + $CreateParameters.Remove('Assignments') | Out-Null + $CreateParameters.Remove('Priority') | Out-Null #region resource generator code if ($CreateParameters.showInstallationProgress -eq $false) @@ -327,7 +370,19 @@ function Set-TargetResource } $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10EnrollmentCompletionPageConfiguration') - $null = New-MgDeviceManagementDeviceEnrollmentConfiguration -BodyParameter $CreateParameters + $policy = New-MgDeviceManagementDeviceEnrollmentConfiguration -BodyParameter $CreateParameters + + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceEnrollmentConfigurationAssignment ` + -DeviceEnrollmentConfigurationId $policy.id ` + -Targets $assignmentsHash + + Update-DeviceEnrollmentConfigurationPriority ` + -DeviceEnrollmentConfigurationId $policy.id ` + -Priority $Priority #endregion } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') @@ -336,6 +391,8 @@ function Set-TargetResource $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $UpdateParameters.Remove('Assignments') | Out-Null + $UpdateParameters.Remove('Priority') | Out-Null #region resource generator code if ($UpdateParameters.blockDeviceSetupRetryByUser -eq $true) @@ -346,8 +403,24 @@ function Set-TargetResource } $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10EnrollmentCompletionPageConfiguration') - Update-MgDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $currentInstance.Id ` + Update-MgDeviceManagementDeviceEnrollmentConfiguration ` + -DeviceEnrollmentConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters + + if ($currentInstance.Id -notlike '*_DefaultWindows10EnrollmentCompletionPageConfiguration') + { + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceEnrollmentConfigurationAssignment ` + -DeviceEnrollmentConfigurationId $currentInstance.id ` + -Targets $assignmentsHash + + Update-DeviceEnrollmentConfigurationPriority ` + -DeviceEnrollmentConfigurationId $currentInstance.id ` + -Priority $Priority + } #endregion } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') @@ -427,6 +500,14 @@ function Test-TargetResource $TrackInstallProgressForAutopilotOnly, #endregion + [Parameter()] + [System.Uint32] + $Priority, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] @@ -457,6 +538,7 @@ function Test-TargetResource $ManagedIdentity ) + #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -470,7 +552,6 @@ function Test-TargetResource #endregion Write-Verbose -Message "Testing configuration of the Intune Device Enrollment Configuration for Windows10 with Id {$Id} and DisplayName {$DisplayName}" - $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -616,12 +697,27 @@ function Export-TargetResource $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true + } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -646,6 +742,93 @@ function Export-TargetResource } } +function Update-DeviceEnrollmentConfigurationAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceEnrollmentConfigurationId, + + [Parameter()] + [Array] + $Targets + ) + try + { + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations/$DeviceEnrollmentConfigurationId/assign" + + foreach ($target in $targets) + { + $formattedTarget = @{'@odata.type' = $target.dataType } + if ($target.groupId) + { + $formattedTarget.Add('groupId', $target.groupId) + } + if ($target.collectionId) + { + $formattedTarget.Add('collectionId', $target.collectionId) + } + if ($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) + } + if ($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } + } + $body = @{'enrollmentConfigurationAssignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' + -Exception $_ + -Source $($MyInvocation.MyCommand.Source) + -TenantId $TenantId + -Credential $Credential + + return $null + } +} + +function Update-DeviceEnrollmentConfigurationPriority +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceEnrollmentConfigurationId, + + [Parameter(Mandatory = 'true')] + [System.UInt32] + $Priority + ) + try + { + $Uri = "https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations/$DeviceEnrollmentConfigurationId/setPriority" + $body = @{'priority' = $Priority } | ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' + -Exception $_ + -Source $($MyInvocation.MyCommand.Source) + -TenantId $TenantId + -Credential $Credential + + return $null + } +} + function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentConfigurationWindows10/MSFT_IntuneDeviceEnrollmentConfigurationWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.schema.mof similarity index 59% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentConfigurationWindows10/MSFT_IntuneDeviceEnrollmentConfigurationWindows10.schema.mof rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.schema.mof index 5374f9daa5..c915436754 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentConfigurationWindows10/MSFT_IntuneDeviceEnrollmentConfigurationWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.schema.mof @@ -1,6 +1,15 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; -[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceEnrollmentConfigurationWindows10")] -class MSFT_IntuneDeviceEnrollmentConfigurationWindows10 : OMI_BaseResource +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceEnrollmentStatusPageWindows10")] +class MSFT_IntuneDeviceEnrollmentStatusPageWindows10 : OMI_BaseResource { [Key, Description("The display name of the device enrollment configuration")] String DisplayName; [Required, Description("The unique identifier for an entity. Read-only.")] String Id; @@ -17,6 +26,8 @@ class MSFT_IntuneDeviceEnrollmentConfigurationWindows10 : OMI_BaseResource [Write, Description("Selected applications to track the installation status")] String SelectedMobileAppIds[]; [Write, Description("Show or hide installation progress to user")] Boolean ShowInstallationProgress; [Write, Description("Only show installation progress for Autopilot enrollment scenarios")] Boolean TrackInstallProgressForAutopilotOnly; + [Write, Description("Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value.")] UInt32 Priority; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentConfigurationWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/readme.md similarity index 63% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentConfigurationWindows10/readme.md rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/readme.md index ccd9ea1af1..91bf77dc26 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentConfigurationWindows10/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/readme.md @@ -1,5 +1,5 @@ -# IntuneDeviceEnrollmentConfigurationWindows10 +# IntuneDeviceEnrollmentStatusPageWindows10 ## Description diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentConfigurationWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/settings.json similarity index 95% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentConfigurationWindows10/settings.json rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/settings.json index bc716dcc75..12ac8a15dc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentConfigurationWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/settings.json @@ -1,5 +1,5 @@ { - "resourceName": "IntuneDeviceEnrollmentConfigurationWindows10", + "resourceName": "IntuneDeviceEnrollmentStatusPageWindows10", "description": "This resource configures an Intune Device Enrollment Status Page Configuration for Windows10.", "permissions": { "graph": { diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentConfigurationWindows10/1-New Device Enrollment Configuration Windows 10.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentConfigurationWindows10/1-New Device Enrollment Configuration Windows 10.ps1 deleted file mode 100644 index 75f006bec5..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentConfigurationWindows10/1-New Device Enrollment Configuration Windows 10.ps1 +++ /dev/null @@ -1,37 +0,0 @@ -<# -This example creates a new Device Enrollment Limit Restriction. -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsGlobalAdmin - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - IntuneDeviceEnrollmentConfigurationWindows10 '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' - { - Id = 'b8258075-8457-4ecf-9aed-82754ec868bf_DefaultWindows10EnrollmentCompletionPageConfiguration' - DisplayName = 'All users and all devices' - AllowDeviceResetOnInstallFailure = $false - AllowDeviceUseOnInstallFailure = $false - AllowLogCollectionOnInstallFailure = $false - AllowNonBlockingAppInstallation = $false - BlockDeviceSetupRetryByUser = $true - CustomErrorMessage = '' - Description = 'This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership.' - DisableUserStatusTrackingAfterFirstUser = $false - InstallProgressTimeoutInMinutes = 0 - InstallQualityUpdates = $false - SelectedMobileAppIds = @() - ShowInstallationProgress = $false - TrackInstallProgressForAutopilotOnly = $false - Ensure = 'Present' - Credential = $Credscredential - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/1-New Device Enrollment Status Page Windows 10.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/1-New Device Enrollment Status Page Windows 10.ps1 new file mode 100644 index 0000000000..d2eb11f4d6 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/1-New Device Enrollment Status Page Windows 10.ps1 @@ -0,0 +1,44 @@ +<# +This example creates a new Device Enrollment Status Page. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsGlobalAdmin + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceEnrollmentStatusPageWindows10 '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' + { + AllowDeviceResetOnInstallFailure = $True; + AllowDeviceUseOnInstallFailure = $True; + AllowLogCollectionOnInstallFailure = $True; + AllowNonBlockingAppInstallation = $False; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + BlockDeviceSetupRetryByUser = $False; + CustomErrorMessage = "Setup could not be completed. Please try again or contact your support person for help."; + Description = "This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership."; + DisableUserStatusTrackingAfterFirstUser = $True; + DisplayName = "All users and all devices"; + Ensure = "Present"; + Id = "5b0e1dba-4523-455e-9fdd-e36c833b57bf_DefaultWindows10EnrollmentCompletionPageConfiguration"; + InstallProgressTimeoutInMinutes = 60; + InstallQualityUpdates = $False; + Priority = 0; + SelectedMobileAppIds = @(); + ShowInstallationProgress = $True; + TrackInstallProgressForAutopilotOnly = $True; + Credential = $Credscredential + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentConfigurationWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 similarity index 93% rename from Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentConfigurationWindows10.Tests.ps1 rename to Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 index e6a0aa06b4..d932b50699 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentConfigurationWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 @@ -15,7 +15,7 @@ Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource 'IntuneDeviceEnrollmentConfigurationWindows10' -GenericStubModule $GenericStubPath + -DscResource 'IntuneDeviceEnrollmentStatusPageWindows10' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope @@ -36,9 +36,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Update-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { } - Mock -CommandName New-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { - } - Mock -CommandName Remove-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { } @@ -46,12 +43,18 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return 'Credentials' } - # Mock Write-Host to hide output during the tests - Mock -CommandName Write-Host -MockWith { + Mock Get-MgDeviceManagementDeviceEnrollmentConfigurationAssignment { + return @() + } + + Mock Update-DeviceEnrollmentConfigurationAssignment { + } + + Mock Update-DeviceEnrollmentConfigurationPriority { } } # Test contexts - Context -Name 'The IntuneDeviceEnrollmentConfigurationWindows10 should exist but it DOES NOT' -Fixture { + Context -Name 'The IntuneDeviceEnrollmentStatusPageWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ Id = 'FakeStringValue' @@ -76,6 +79,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { return $null } + + Mock -CommandName New-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { + return @{ + Id = 'FakeStringValue' + Priority = 1 + } + } } It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' @@ -89,7 +99,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'The IntuneDeviceEnrollmentConfigurationWindows10 exists but it SHOULD NOT' -Fixture { + Context -Name 'The IntuneDeviceEnrollmentStatusPageWindows10 exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ Id = 'FakeStringValue' @@ -148,7 +158,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementDeviceEnrollmentConfiguration -Exactly 1 } } - Context -Name 'The IntuneDeviceEnrollmentConfigurationWindows10 Exists and Values are already in the desired state' -Fixture { + Context -Name 'The IntuneDeviceEnrollmentStatusPageWindows10 Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ Id = 'FakeStringValue' @@ -201,7 +211,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name 'The IntuneDeviceEnrollmentConfigurationWindows10 exists and values are NOT in the desired state' -Fixture { + Context -Name 'The IntuneDeviceEnrollmentStatusPageWindows10 exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ Id = 'FakeStringValue' From 7d97071afe5f4f658be42750a0475b15697ddb08 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 14:17:33 +0100 Subject: [PATCH 129/187] updated example --- .../1-NewPlatformRestriction.ps1 | 59 ++++++++++++++----- 1 file changed, 43 insertions(+), 16 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/1-NewPlatformRestriction.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/1-NewPlatformRestriction.ps1 index 58ca659f1c..c7e949abc5 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/1-NewPlatformRestriction.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/1-NewPlatformRestriction.ps1 @@ -15,22 +15,49 @@ Configuration Example { IntuneDeviceEnrollmentPlatformRestriction 'DeviceEnrollmentPlatformRestriction' { - DisplayName = 'My DSC Restriction' - AndroidPersonalDeviceEnrollmentBlocked = $False - AndroidPlatformBlocked = $False - Description = '' - iOSOSMaximumVersion = '11.0' - iOSOSMinimumVersion = '9.0' - iOSPersonalDeviceEnrollmentBlocked = $False - iOSPlatformBlocked = $False - MacPersonalDeviceEnrollmentBlocked = $False - MacPlatformBlocked = $True - WindowsMobilePersonalDeviceEnrollmentBlocked = $False - WindowsMobilePlatformBlocked = $True - WindowsPersonalDeviceEnrollmentBlocked = $True - WindowsPlatformBlocked = $False - Ensure = 'Present' - Credential = $credsGlobalAdmin + AndroidForWorkRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + AndroidRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + }); + Credential = $credsGlobalAdmin + Description = "This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership."; + DeviceEnrollmentConfigurationType = "platformRestrictions"; + DisplayName = "All users and all devices"; + Ensure = "Present"; + Identity = "5b0e1dba-4523-455e-9fdd-e36c833b57bf_DefaultPlatformRestrictions"; + IosRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + MacOSRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + MacRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + WindowsHomeSkuRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + WindowsMobileRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $True + personalDeviceEnrollmentBlocked = $False + }; + WindowsRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; } } } From 514df16bb314ad599753b2a33b35bcee66d9cb0c Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 14:19:42 +0100 Subject: [PATCH 130/187] resource module format --- ...neDeviceEnrollmentPlatformRestriction.psm1 | 444 +++++++++--------- 1 file changed, 222 insertions(+), 222 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index a690b9f322..105cb45323 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -17,7 +17,7 @@ function Get-TargetResource $Description, [Parameter()] - [ValidateSet("singlePlatformRestriction","platformRestrictions")] + [ValidateSet('singlePlatformRestriction', 'platformRestrictions')] [System.String] $DeviceEnrollmentConfigurationType, @@ -134,30 +134,30 @@ function Get-TargetResource } Write-Verbose -Message "Found Device Enrollment Platform Restriction with Name {$($config.DisplayName)}" - $results= @{ - Identity = $config.Id - DisplayName = $config.DisplayName - Description = $config.Description - DeviceEnrollmentConfigurationType = $config.DeviceEnrollmentConfigurationType.toString() - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent + $results = @{ + Identity = $config.Id + DisplayName = $config.DisplayName + Description = $config.Description + DeviceEnrollmentConfigurationType = $config.DeviceEnrollmentConfigurationType.toString() + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent } - $results+=get-DevicePlatformRestrictionSetting -Properties $config.AdditionalProperties - $AssignmentsValues=Get-MgDeviceManagementDeviceEnrollmentConfigurationAssignment -DeviceEnrollmentConfigurationId $config.Id + $results += get-DevicePlatformRestrictionSetting -Properties $config.AdditionalProperties + $AssignmentsValues = Get-MgDeviceManagementDeviceEnrollmentConfigurationAssignment -DeviceEnrollmentConfigurationId $config.Id $assignmentResult = @() foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -195,7 +195,7 @@ function Set-TargetResource $Description, [Parameter()] - [ValidateSet("singlePlatformRestriction","platformRestrictions")] + [ValidateSet('singlePlatformRestriction', 'platformRestrictions')] [System.String] $DeviceEnrollmentConfigurationType, @@ -297,41 +297,41 @@ function Set-TargetResource $PSBoundParameters.Remove('Assignments') | Out-Null - $keys=(([Hashtable]$PSBoundParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$PSBoundParameters).clone()).Keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).toLower()+$key.substring(1,$key.length-1) - $keyValue= $PSBoundParameters.$key - if($null -ne $PSBoundParameters.$key -and $PSBoundParameters.$key.getType().Name -like "*cimInstance*") + $keyName = $key.substring(0, 1).toLower() + $key.substring(1, $key.length - 1) + $keyValue = $PSBoundParameters.$key + if ($null -ne $PSBoundParameters.$key -and $PSBoundParameters.$key.getType().Name -like '*cimInstance*') { - $keyValue= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $PSBoundParameters.$key - if($DeviceEnrollmentConfigurationType -eq 'singlePlatformRestriction' ) + $keyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $PSBoundParameters.$key + if ($DeviceEnrollmentConfigurationType -eq 'singlePlatformRestriction' ) { - $keyName='platformRestriction' - $PSBoundParameters.add('platformType',($key.replace("Restriction",""))) + $keyName = 'platformRestriction' + $PSBoundParameters.add('platformType', ($key.replace('Restriction', ''))) } } $PSBoundParameters.remove($key) - $PSBoundParameters.add($keyName,$keyValue) + $PSBoundParameters.add($keyName, $keyValue) } - $policyType="#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration" - if($DeviceEnrollmentConfigurationType -eq 'platformRestrictions' ) + $policyType = '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration' + if ($DeviceEnrollmentConfigurationType -eq 'platformRestrictions' ) { - $policyType="#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration" - $PSBoundParameters.add('deviceEnrollmentConfigurationType ','limit') + $policyType = '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' + $PSBoundParameters.add('deviceEnrollmentConfigurationType ', 'limit') } - $PSBoundParameters.add("@odata.type",$policyType) + $PSBoundParameters.add('@odata.type', $policyType) - write-verbose ($PSBoundParameters|convertTo-json -depth 20) + Write-Verbose ($PSBoundParameters | ConvertTo-Json -Depth 20) - $policy=New-MgDeviceManagementDeviceEnrollmentConfiguration ` + $policy = New-MgDeviceManagementDeviceEnrollmentConfiguration ` -BodyParameter $PSBoundParameters #Assignments from DefaultPolicy are not editable and will raise an alert - if($policy.Id -notlike "*_DefaultPlatformRestrictions") + if ($policy.Id -notlike '*_DefaultPlatformRestrictions') { - if($null -ne $Assignments -and $Assignments -ne @()) + if ($null -ne $Assignments -and $Assignments -ne @()) { $assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments @@ -347,38 +347,38 @@ function Set-TargetResource $PSBoundParameters.Remove('Assignments') | Out-Null - $keys=(([Hashtable]$PSBoundParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$PSBoundParameters).clone()).Keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).toLower()+$key.substring(1,$key.length-1) - $keyValue= $PSBoundParameters.$key - if($null -ne $PSBoundParameters.$key -and $PSBoundParameters.$key.getType().Name -like "*cimInstance*") + $keyName = $key.substring(0, 1).toLower() + $key.substring(1, $key.length - 1) + $keyValue = $PSBoundParameters.$key + if ($null -ne $PSBoundParameters.$key -and $PSBoundParameters.$key.getType().Name -like '*cimInstance*') { - $keyValue= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $PSBoundParameters.$key - if($DeviceEnrollmentConfigurationType -eq 'singlePlatformRestriction' ) + $keyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $PSBoundParameters.$key + if ($DeviceEnrollmentConfigurationType -eq 'singlePlatformRestriction' ) { - $keyName='platformRestriction' + $keyName = 'platformRestriction' } } $PSBoundParameters.remove($key) - $PSBoundParameters.add($keyName,$keyValue) + $PSBoundParameters.add($keyName, $keyValue) } - $policyType="#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration" - if($DeviceEnrollmentConfigurationType -eq 'platformRestrictions' ) + $policyType = '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration' + if ($DeviceEnrollmentConfigurationType -eq 'platformRestrictions' ) { - $policyType="#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration" + $policyType = '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' } - $PSBoundParameters.add("@odata.type",$policyType) - write-verbose ($PSBoundParameters|convertTo-json -depth 20) + $PSBoundParameters.add('@odata.type', $policyType) + Write-Verbose ($PSBoundParameters | ConvertTo-Json -Depth 20) Update-MgDeviceManagementDeviceEnrollmentConfiguration ` -BodyParameter $PSBoundParameters ` -DeviceEnrollmentConfigurationId $Identity #Assignments from DefaultPolicy are not editable and will raise an alert - if($Identity -notlike "*_DefaultPlatformRestrictions") + if ($Identity -notlike '*_DefaultPlatformRestrictions') { - if($null -ne $Assignments -and $Assignments -ne @()) + if ($null -ne $Assignments -and $Assignments -ne @()) { $assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments @@ -417,7 +417,7 @@ function Test-TargetResource $Description, [Parameter()] - [ValidateSet("singlePlatformRestriction","platformRestrictions")] + [ValidateSet('singlePlatformRestriction', 'platformRestrictions')] [System.String] $DeviceEnrollmentConfigurationType, @@ -502,33 +502,33 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if($CurrentValues.Ensure -eq "Absent") + if ($CurrentValues.Ensure -eq 'Absent') { Write-Verbose -Message "Test-TargetResource returned $false" return $false } - $testResult=$true + $testResult = $true #Compare Cim instances - foreach($key in $PSBoundParameters.Keys) + foreach ($key in $PSBoundParameters.Keys) { - $source=$PSBoundParameters.$key - $target=$CurrentValues.$key - if($source.getType().Name -like "*CimInstance*") + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') { - $source=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - $testResult=Compare-M365DSCComplexObject ` + $testResult = Compare-M365DSCComplexObject ` -Source ($source) ` -Target ($target) - if(-Not $testResult) + if (-Not $testResult) { - $testResult=$false - break; + $testResult = $false + break } - $ValuesToCheck.Remove($key)|Out-Null + $ValuesToCheck.Remove($key) | Out-Null } } @@ -545,15 +545,15 @@ function Test-TargetResource #Convert any DateTime to String foreach ($key in $ValuesToCheck.Keys) { - if(($null -ne $CurrentValues[$key]) ` - -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) { - $CurrentValues[$key]=$CurrentValues[$key].toString() + $CurrentValues[$key] = $CurrentValues[$key].toString() } } #Compare basic parameters - if($testResult) + if ($testResult) { $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` @@ -619,7 +619,7 @@ function Export-TargetResource try { [array]$configs = Get-MgDeviceManagementDeviceEnrollmentConfiguration -All:$true -Filter $Filter -ErrorAction Stop ` - | Where-Object -FilterScript {$_.AdditionalProperties.'@odata.type' -like '#microsoft.graph.deviceEnrollmentPlatform*Configuration'} + | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -like '#microsoft.graph.deviceEnrollmentPlatform*Configuration' } $i = 1 $dscContent = '' @@ -863,7 +863,7 @@ function Get-DevicePlatformRestrictionSetting if ($null -ne $Properties.platformType) { - $keyName = ($Properties.platformType).Substring(0,1).toUpper()+($Properties.platformType).substring(1,$Properties.platformType.length-1)+'Restriction' + $keyName = ($Properties.platformType).Substring(0, 1).toUpper() + ($Properties.platformType).substring(1, $Properties.platformType.length - 1) + 'Restriction' $keyValue = [Hashtable]::new($Properties.platformRestriction) $hash = @{} foreach ($key in $keyValue.Keys) @@ -872,68 +872,68 @@ function Get-DevicePlatformRestrictionSetting { switch -Wildcard ($keyValue.$key.getType().name) { - "*[[\]]" + '*[[\]]' { - if($keyValue.$key.count -gt 0) + if ($keyValue.$key.count -gt 0) { - $hash.add($key,$keyValue.$key) + $hash.add($key, $keyValue.$key) } } - "String" + 'String' { - if(-Not [String]::IsNullOrEmpty($keyValue.$key)) + if (-Not [String]::IsNullOrEmpty($keyValue.$key)) { - $hash.add($key,$keyValue.$key) + $hash.add($key, $keyValue.$key) } } Default { - $hash.add($key,$keyValue.$key) + $hash.add($key, $keyValue.$key) } } } } - $results.add($keyName,$hash) + $results.add($keyName, $hash) } else { - $platformRestrictions=[Hashtable]::new($Properties) + $platformRestrictions = [Hashtable]::new($Properties) $platformRestrictions.remove('@odata.type') $platformRestrictions.remove('@odata.context') - foreach($key in $platformRestrictions.Keys) + foreach ($key in $platformRestrictions.Keys) { - $keyName=$key.Substring(0,1).toUpper()+$key.substring(1,$key.length-1) - $keyValue=[Hashtable]::new($platformRestrictions.$key) - $hash=@{} - foreach($key in $keyValue.Keys) + $keyName = $key.Substring(0, 1).toUpper() + $key.substring(1, $key.length - 1) + $keyValue = [Hashtable]::new($platformRestrictions.$key) + $hash = @{} + foreach ($key in $keyValue.Keys) { - if($null -ne $keyValue.$key) + if ($null -ne $keyValue.$key) { switch -Wildcard ($keyValue.$key.getType().name) { - "*[[\]]" + '*[[\]]' { - if($keyValue.$key.count -gt 0) + if ($keyValue.$key.count -gt 0) { - $hash.add($key,$keyValue.$key) + $hash.add($key, $keyValue.$key) } } - "String" + 'String' { - if(-Not [String]::IsNullOrEmpty($keyValue.$key)) + if (-Not [String]::IsNullOrEmpty($keyValue.$key)) { - $hash.add($key,$keyValue.$key) + $hash.add($key, $keyValue.$key) } } Default { - $hash.add($key,$keyValue.$key) + $hash.add($key, $keyValue.$key) } } } } - $results.add($keyName,$hash) + $results.add($keyName, $hash) #$results.add($keyName,[Hashtable]::new($platformRestrictions.$key)) } @@ -959,7 +959,7 @@ function Update-DeviceConfigurationPolicyAssignments { $configurationPolicyAssignments = @() - $Uri="https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations/$DeviceConfigurationPolicyId/assign" + $Uri = "https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations/$DeviceConfigurationPolicyId/assign" foreach ($target in $targets) { @@ -1011,58 +1011,58 @@ function Update-DeviceConfigurationPolicyAssignments function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { return $ComplexObject } - if($ComplexObject.getType().Fullname -like "*hashtable[[\]]") + if ($ComplexObject.getType().Fullname -like '*hashtable[[\]]') { - return ,[hashtable[]]$ComplexObject + return , [hashtable[]]$ComplexObject } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $results = @{} - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property' -and $_.Name -ne 'AdditionalProperties'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' -and $_.Name -ne 'AdditionalProperties' } foreach ($key in $keys) { - if($null -ne $ComplexObject.$($key.Name)) + if ($null -ne $ComplexObject.$($key.Name)) { $keyName = $key.Name[0].ToString().ToLower() + $key.Name.Substring(1, $key.Name.Length - 1) - if($ComplexObject.$($key.Name).gettype().fullname -like "*CimInstance*") + if ($ComplexObject.$($key.Name).gettype().fullname -like '*CimInstance*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$($key.Name) @@ -1096,11 +1096,11 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace="", + $Whitespace = '', [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -1109,19 +1109,19 @@ function Get-M365DSCDRGComplexTypeToString } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() foreach ($item in $ComplexObject) { - $split=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'Whitespace'=" $whitespace" + $split = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'Whitespace' = " $whitespace" } if ($ComplexTypeMapping) { - $split.add('ComplexTypeMapping',$ComplexTypeMapping) + $split.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @split @@ -1131,11 +1131,11 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty="" - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" } @@ -1146,67 +1146,67 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if($key -notin $ComplexTypeMapping.Name) + if ($key -notin $ComplexTypeMapping.Name) { - $Whitespace+=" " + $Whitespace += ' ' } - if(-not $isArray -or ($isArray -and $key -in $ComplexTypeMapping.Name )) + if (-not $isArray -or ($isArray -and $key -in $ComplexTypeMapping.Name )) { - $currentProperty += $whitespace + $key + " = " - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $currentProperty += $whitespace + $key + ' = ' + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $currentProperty += "@(" + $currentProperty += '@(' } } - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $Whitespace="" + $Whitespace = '' } $currentProperty += Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -Whitespace $Whitespace ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -Whitespace $Whitespace ` + -ComplexTypeMapping $ComplexTypeMapping - if($ComplexObject.$key.GetType().FullName -like "*[[\]]") + if ($ComplexObject.$key.GetType().FullName -like '*[[\]]') { - $currentProperty += ")" + $currentProperty += ')' } } else { - if(-not $isArray) + if (-not $isArray) { - $Whitespace= " " + $Whitespace = ' ' } - $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($Whitespace+" ") + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($Whitespace + ' ') } } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$Whitespace $key = @()`r`n" } @@ -1236,49 +1236,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } foreach ($item in $Value) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1288,7 +1288,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1300,7 +1300,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1318,51 +1318,51 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - $i=0 - foreach($item in $Source) + $i = 0 + foreach ($item in $Source) { - $compareResult= Compare-M365DSCComplexObject ` - -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source[$i]) ` - -Target $Target[$i] + $compareResult = Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source[$i]) ` + -Target $Target[$i] - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } $i++ @@ -1370,40 +1370,40 @@ function Compare-M365DSCComplexObject return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #write-verbose -message "Comparing key: {$key}" #Matching possible key names between Source and Target - $skey=$key - $tkey=$key - if($key -eq 'odataType') + $skey = $key + $tkey = $key + if ($key -eq 'odataType') { - $skey='@odata.type' + $skey = '@odata.type' } else { - $tmpkey=$Target.keys|Where-Object -FilterScript {$_ -eq "$key"} - if($tkey) + $tmpkey = $Target.keys | Where-Object -FilterScript { $_ -eq "$key" } + if ($tkey) { - $tkey=$tmpkey|Select-Object -First 1 + $tkey = $tmpkey | Select-Object -First 1 } } - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$skey) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$skey) + if ($null -eq $Source.$skey) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1411,16 +1411,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$skey) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$skey) -and ($null -ne $Target.$tkey)) { - if($Source.$skey.getType().FullName -like "*CimInstance*" -or $Source.$skey.getType().FullName -like "*hashtable*" ) + if ($Source.$skey.getType().FullName -like '*CimInstance*' -or $Source.$skey.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$skey) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -1430,8 +1430,8 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$skey + $referenceObject = $Target.$tkey + $differenceObject = $Source.$skey $compareResult = Compare-Object ` -ReferenceObject ($referenceObject) ` @@ -1453,47 +1453,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } From 7a1c7dda952c1aba0379547ea3ecab58f9ec48ff Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 14:49:20 +0100 Subject: [PATCH 131/187] update ConfigDeviceHealthMonitoringScope --- ...onitoringConfigurationPolicyWindows10.psm1 | 381 +++++++++--------- ...ingConfigurationPolicyWindows10.schema.mof | 2 +- ...ngConfigurationPolicyWindows10-Example.ps1 | 2 +- 3 files changed, 192 insertions(+), 193 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 index 0467e11a3a..9f2cda895d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 @@ -15,7 +15,8 @@ function Get-TargetResource $ConfigDeviceHealthMonitoringCustomScope, [Parameter()] - [System.String] + [ValidateSet('undefined','healthMonitoring','bootPerformance','windowsUpdates','privilegeManagement')] + [System.String[]] $ConfigDeviceHealthMonitoringScope, [Parameter()] @@ -98,7 +99,7 @@ function Get-TargetResource { Write-Verbose -Message "Could not find an Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDeviceManagementDeviceConfiguration ` -Filter "DisplayName eq '$DisplayName'" ` @@ -121,12 +122,12 @@ function Get-TargetResource $enumAllowDeviceHealthMonitoring = $getValue.AdditionalProperties.allowDeviceHealthMonitoring.ToString() } - $enumConfigDeviceHealthMonitoringScope = $null + $enumConfigDeviceHealthMonitoringScope = @() if ($null -ne $getValue.AdditionalProperties.configDeviceHealthMonitoringScope) { - $enumConfigDeviceHealthMonitoringScope = $getValue.AdditionalProperties.configDeviceHealthMonitoringScope.ToString() - } + $enumConfigDeviceHealthMonitoringScope = $getValue.AdditionalProperties.configDeviceHealthMonitoringScope.ToString().split(',') + } #endregion $results = @{ @@ -153,7 +154,7 @@ function Get-TargetResource { $assignmentValue = @{ dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' - deviceAndAppManagementAssignmentFilterType = $(if($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId groupId = $assignmentEntry.Target.AdditionalProperties.groupId @@ -192,7 +193,8 @@ function Set-TargetResource $ConfigDeviceHealthMonitoringCustomScope, [Parameter()] - [System.String] + [ValidateSet('undefined','healthMonitoring','bootPerformance','windowsUpdates','privilegeManagement')] + [System.String[]] $ConfigDeviceHealthMonitoringScope, [Parameter()] @@ -278,24 +280,25 @@ function Set-TargetResource $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } + $CreateParameters.ConfigDeviceHealthMonitoringScope = [String[]]$CreateParameters.ConfigDeviceHealthMonitoringScope -join ',' #region resource generator code $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsHealthMonitoringConfiguration") - $policy=New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - if($policy.id) + if ($policy.id) { Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` @@ -313,25 +316,27 @@ function Set-TargetResource $UpdateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } + $UpdateParameters.ConfigDeviceHealthMonitoringScope = [String[]]$UpdateParameters.ConfigDeviceHealthMonitoringScope -join ',' #region resource generator code $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsHealthMonitoringConfiguration") Update-MgDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' #endregion @@ -362,7 +367,8 @@ function Test-TargetResource $ConfigDeviceHealthMonitoringCustomScope, [Parameter()] - [System.String] + [ValidateSet('undefined','healthMonitoring','bootPerformance','windowsUpdates','privilegeManagement')] + [System.String[]] $ConfigDeviceHealthMonitoringScope, [Parameter()] @@ -415,6 +421,7 @@ function Test-TargetResource [Switch] $ManagedIdentity ) + #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -455,11 +462,10 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null - } } @@ -575,7 +581,7 @@ function Export-TargetResource $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if($Results.Assignments) + if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) @@ -634,40 +640,40 @@ function Update-DeviceConfigurationPolicyAssignment [Parameter()] [System.String] - $Repository='deviceManagement/configurationPolicies', + $Repository = 'deviceManagement/configurationPolicies', [Parameter()] [ValidateSet('v1.0','beta')] [System.String] - $APIVersion='beta' + $APIVersion = 'beta' ) try { - $deviceManagementPolicyAssignments=@() - $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach ($target in $targets) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) + $formattedTarget = @{"@odata.type" = $target.dataType} + if ($target.groupId) { $formattedTarget.Add('groupId',$target.groupId) } - if($target.collectionId) + if ($target.collectionId) { $formattedTarget.Add('collectionId',$target.collectionId) } - if($target.deviceAndAppManagementAssignmentFilterType) + if ($target.deviceAndAppManagementAssignmentFilterType) { $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) } - if($target.deviceAndAppManagementAssignmentFilterId) + if ($target.deviceAndAppManagementAssignmentFilterId) { $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -692,13 +698,13 @@ function Rename-M365DSCCimInstanceParameter $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" + $keyToRename = @{ + "odataType" = "@odata.type" } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -708,31 +714,31 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values return ,$result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like "*Hashtable") { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) @@ -740,7 +746,6 @@ function Rename-M365DSCCimInstanceParameter } $result = $hashProperties } - return $result #endregion } @@ -754,21 +759,21 @@ function Get-M365DSCDRGComplexTypeToHashtable $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like "*[[\]]") { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } @@ -778,21 +783,21 @@ function Get-M365DSCDRGComplexTypeToHashtable return ,[hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -809,7 +814,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like "*hashtable") { $keys = $ComplexObject.keys } @@ -820,16 +825,16 @@ function Get-M365DSCDRGComplexTypeToHashtable foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike "*hashtable") { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -841,7 +846,6 @@ function Get-M365DSCDRGComplexTypeToHashtable } } } - return [hashtable]$results } @@ -887,15 +891,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -903,22 +907,22 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array if ($ComplexObject.GetType().FullName -like "*[[\]]") { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { @@ -934,20 +938,20 @@ function Get-M365DSCDRGComplexTypeToString return ,$currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -963,32 +967,32 @@ function Get-M365DSCDRGComplexTypeToString $keyNotNull++ if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' $currentProperty += "@(" @@ -1002,7 +1006,7 @@ function Get-M365DSCDRGComplexTypeToString { if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $item ` @@ -1010,7 +1014,7 @@ function Get-M365DSCDRGComplexTypeToString -IndentLevel $IndentLevel ` -ComplexTypeMapping $ComplexTypeMapping ` -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -1025,22 +1029,22 @@ function Get-M365DSCDRGComplexTypeToString -CIMInstanceName $hashPropertyType ` -IndentLevel $IndentLevel ` -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1049,11 +1053,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1064,34 +1068,33 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel-1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel-2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } - return $currentProperty } @@ -1109,43 +1112,43 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' - ) + ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { "*.Boolean" { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } "*.String" { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key ='odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } "*.DateTime" { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } "*[[\]]" { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + " = @(" + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) { - switch -Wildcard ($item.GetType().Fullname ) + switch -Wildcard ($item.GetType().Fullname) { "*.String" { @@ -1161,7 +1164,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1173,7 +1176,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + " = " + $Value + "`r`n" } } return $returnValue @@ -1191,47 +1194,46 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -1241,36 +1243,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1278,18 +1280,17 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { - #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" return $false } @@ -1297,18 +1298,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like "*Date*") { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1326,9 +1327,9 @@ function Compare-M365DSCComplexObject } } } - return $true } + function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] @@ -1338,14 +1339,13 @@ function Convert-M365DSCDRGComplexTypeToHashtable $ComplexObject ) - - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like "*[[\]]") { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) @@ -1356,22 +1356,21 @@ function Convert-M365DSCDRGComplexTypeToHashtable } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null + $propertyValue = $results[$key] + $results.remove($key) | Out-Null $results.add($propertyName,$propertyValue) } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.schema.mof index 623045b233..7c8dfc5fad 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.schema.mof @@ -13,7 +13,7 @@ class MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 { [Write, Description("Enables device health monitoring on the device. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String AllowDeviceHealthMonitoring; [Write, Description("Specifies custom set of events collected from the device where health monitoring is enabled")] String ConfigDeviceHealthMonitoringCustomScope; - [Write, Description("Specifies set of events collected from the device where health monitoring is enabled. Possible values are: undefined, healthMonitoring, bootPerformance, windowsUpdates, privilegeManagement.")] String ConfigDeviceHealthMonitoringScope; + [Write, Description("Specifies set of events collected from the device where health monitoring is enabled. Possible values are: undefined, healthMonitoring, bootPerformance, windowsUpdates, privilegeManagement."), ValueMap{"undefined","healthMonitoring","bootPerformance","windowsUpdates","privilegeManagement"}, Values{"undefined","healthMonitoring","bootPerformance","windowsUpdates","privilegeManagement"}] String ConfigDeviceHealthMonitoringScope[]; [Write, Description("Admin provided description of the Device Configuration.")] String Description; [Required, Description("Admin provided name of the device configuration.")] String DisplayName; [Write, Description("Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.")] Boolean SupportsScopeTags; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/1-IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/1-IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10-Example.ps1 index 8f5b9a754d..cb8f5c3015 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/1-IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/1-IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10-Example.ps1 @@ -23,7 +23,7 @@ Configuration Example dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' } ); - ConfigDeviceHealthMonitoringScope = "bootPerformance,windowsUpdates"; + ConfigDeviceHealthMonitoringScope = @("bootPerformance","windowsUpdates"); Credential = $Credscredential; DisplayName = "Health Monitoring Configuration"; Ensure = "Present"; From 72e77b34f04c75e70ae33126546d86f7271126d1 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 14:51:31 +0100 Subject: [PATCH 132/187] format unit test --- ...ringConfigurationPolicyWindows10.Tests.ps1 | 179 +++++++++--------- 1 file changed, 88 insertions(+), 91 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 index f9cec3fd10..f08ec76c05 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10" -GenericStubModule $GenericStubPath + -DscResource 'IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -43,7 +43,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { @@ -51,25 +51,25 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } # Test contexts - Context -Name "The IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - AllowDeviceHealthMonitoring = "notConfigured" - ConfigDeviceHealthMonitoringCustomScope = "FakeStringValue" - ConfigDeviceHealthMonitoringScope = "undefined" - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - SupportsScopeTags = $True - Ensure = "Present" - Credential = $Credential; + AllowDeviceHealthMonitoring = 'notConfigured' + ConfigDeviceHealthMonitoringCustomScope = 'FakeStringValue' + ConfigDeviceHealthMonitoringScope = 'undefined' + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + SupportsScopeTags = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -81,38 +81,37 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - AllowDeviceHealthMonitoring = "notConfigured" - ConfigDeviceHealthMonitoringCustomScope = "FakeStringValue" - ConfigDeviceHealthMonitoringScope = "undefined" - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - SupportsScopeTags = $True - Ensure = "Absent" - Credential = $Credential; + AllowDeviceHealthMonitoring = 'notConfigured' + ConfigDeviceHealthMonitoringCustomScope = 'FakeStringValue' + ConfigDeviceHealthMonitoringScope = 'undefined' + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + SupportsScopeTags = $True + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.windowsHealthMonitoringConfiguration" - configDeviceHealthMonitoringCustomScope = "FakeStringValue" - allowDeviceHealthMonitoring = "notConfigured" - configDeviceHealthMonitoringScope = "undefined" + '@odata.type' = '#microsoft.graph.windowsHealthMonitoringConfiguration' + configDeviceHealthMonitoringCustomScope = 'FakeStringValue' + allowDeviceHealthMonitoring = 'notConfigured' + configDeviceHealthMonitoringScope = 'undefined' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - SupportsScopeTags = $True - + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + SupportsScopeTags = $True } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -125,33 +124,32 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "The IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - AllowDeviceHealthMonitoring = "notConfigured" - ConfigDeviceHealthMonitoringCustomScope = "FakeStringValue" - ConfigDeviceHealthMonitoringScope = "undefined" - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - SupportsScopeTags = $True - Ensure = "Present" - Credential = $Credential; + AllowDeviceHealthMonitoring = 'notConfigured' + ConfigDeviceHealthMonitoringCustomScope = 'FakeStringValue' + ConfigDeviceHealthMonitoringScope = 'undefined' + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + SupportsScopeTags = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.windowsHealthMonitoringConfiguration" - configDeviceHealthMonitoringCustomScope = "FakeStringValue" - allowDeviceHealthMonitoring = "notConfigured" - configDeviceHealthMonitoringScope = "undefined" + '@odata.type' = '#microsoft.graph.windowsHealthMonitoringConfiguration' + configDeviceHealthMonitoringCustomScope = 'FakeStringValue' + allowDeviceHealthMonitoring = 'notConfigured' + configDeviceHealthMonitoringScope = 'undefined' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - SupportsScopeTags = $True - + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + SupportsScopeTags = $True } } } @@ -162,36 +160,36 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - AllowDeviceHealthMonitoring = "notConfigured" - ConfigDeviceHealthMonitoringCustomScope = "FakeStringValue" - ConfigDeviceHealthMonitoringScope = "undefined" - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - SupportsScopeTags = $True - Ensure = "Present" - Credential = $Credential; + AllowDeviceHealthMonitoring = 'notConfigured' + ConfigDeviceHealthMonitoringCustomScope = 'FakeStringValue' + ConfigDeviceHealthMonitoringScope = 'undefined' + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + SupportsScopeTags = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.windowsHealthMonitoringConfiguration" - configDeviceHealthMonitoringCustomScope = "FakeStringValue" - allowDeviceHealthMonitoring = "notConfigured" - configDeviceHealthMonitoringScope = "undefined" + '@odata.type' = '#microsoft.graph.windowsHealthMonitoringConfiguration' + configDeviceHealthMonitoringCustomScope = 'FakeStringValue' + allowDeviceHealthMonitoring = 'notConfigured' + configDeviceHealthMonitoringScope = 'undefined' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -199,13 +197,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -216,20 +214,19 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.windowsHealthMonitoringConfiguration" - configDeviceHealthMonitoringCustomScope = "FakeStringValue" - allowDeviceHealthMonitoring = "notConfigured" - configDeviceHealthMonitoringScope = "undefined" + '@odata.type' = '#microsoft.graph.windowsHealthMonitoringConfiguration' + configDeviceHealthMonitoringCustomScope = 'FakeStringValue' + allowDeviceHealthMonitoring = 'notConfigured' + configDeviceHealthMonitoringScope = 'undefined' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - SupportsScopeTags = $True - + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + SupportsScopeTags = $True } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } From 06d53f8d91e90e4506355c51bd170abd1ded01df Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 16:40:03 +0100 Subject: [PATCH 133/187] resource rework --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b79e64c6e..a3d358d1e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Change log for Microsoft365DSC # UNRELEASED +* IntuneDeviceConfigurationPolicyWindows10 + * [BREAKING CHANGE] Added complex parameters as embedded CIM (DefenderDetectedMalwareActions, EdgeHomeButtonConfiguration, EdgeSearchEngine, NetworkProxyServer, Windows10AppsForceUpdateSchedule) + * Resource regenerated with DRG + * FIXES[#2867](https://github.com/microsoft/Microsoft365DSC/issues/2867) + * FIXES[#2868](https://github.com/microsoft/Microsoft365DSC/issues/2868) * AADAdministrativeUnit * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required * Fixes extraction of the Members property. From 53846673f37d7f982fe51179bf5f64cb0328ceaf Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 16:40:25 +0100 Subject: [PATCH 134/187] resource rework --- ...uneDeviceConfigurationPolicyWindows10.psm1 | 4964 +++++++++++------ ...iceConfigurationPolicyWindows10.schema.mof | Bin 73952 -> 62143 bytes .../readme.md | 2 +- .../settings.json | 59 +- ...ceConfigurationPolicyWindows10-Example.ps1 | 273 + ...tuneDeviceConfigurationPolicyWindows10.ps1 | 198 - .../M365DSCResourceGenerator.psm1 | 43 +- ResourceGenerator/Module.Template.psm1 | 1 + ...viceConfigurationPolicyWindows10.Tests.ps1 | 3604 +++++++----- 9 files changed, 6026 insertions(+), 3118 deletions(-) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-NewIntuneDeviceConfigurationPolicyWindows10.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 index 1c86747e12..3176adfabd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 @@ -4,220 +4,211 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter(Mandatory = $True)] - [System.String] - $DisplayName, - + #region resource generator code [Parameter()] - [System.String] - $Description, + [System.Boolean] + $AccountsBlockAddingNonMicrosoftAccountEmail, [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $EnterpriseCloudPrintDiscoveryEndPoint, + $ActivateAppsWithVoice, [Parameter()] - [System.String] - $EnterpriseCloudPrintOAuthAuthority, + [System.Boolean] + $AntiTheftModeBlocked, [Parameter()] - [System.String] - $EnterpriseCloudPrintOAuthClientIdentifier, + [System.Boolean] + $AppManagementMSIAllowUserControlOverInstall, [Parameter()] - [System.String] - $EnterpriseCloudPrintResourceIdentifier, + [System.Boolean] + $AppManagementMSIAlwaysInstallWithElevatedPrivileges, [Parameter()] - [System.Uint64] - $EnterpriseCloudPrintDiscoveryMaxLimit, + [System.String[]] + $AppManagementPackageFamilyNamesToLaunchAfterLogOn, [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] [System.String] - $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, + $AppsAllowTrustedAppsSideloading, [Parameter()] [System.Boolean] - $SearchBlockDiacritics, + $AppsBlockWindowsStoreOriginatedApps, [Parameter()] [System.Boolean] - $SearchDisableAutoLanguageDetection, + $AuthenticationAllowSecondaryDevice, [Parameter()] - [System.Boolean] - $SearchDisableIndexingEncryptedItems, + [System.String] + $AuthenticationPreferredAzureADTenantDomainName, [Parameter()] - [System.Boolean] - $SearchEnableRemoteQueries, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $AuthenticationWebSignIn, [Parameter()] - [System.Boolean] - $SearchDisableIndexerBackoff, + [System.String[]] + $BluetoothAllowedServices, [Parameter()] [System.Boolean] - $SearchDisableIndexingRemovableDrive, + $BluetoothBlockAdvertising, [Parameter()] [System.Boolean] - $SearchEnableAutomaticIndexSizeManangement, - - [Parameter()] - [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] - [System.String] - $DiagnosticsDataSubmissionMode, + $BluetoothBlockDiscoverableMode, [Parameter()] [System.Boolean] - $oneDriveDisableFileSync, + $BluetoothBlocked, [Parameter()] [System.Boolean] - $SmartScreenEnableAppInstallControl, - - [Parameter()] - [System.String] - $PersonalizationDesktopImageUrl, + $BluetoothBlockPrePairing, [Parameter()] - [System.String] - $PersonalizationLockScreenImageUrl, + [System.Boolean] + $BluetoothBlockPromptedProximalConnections, [Parameter()] - [System.String[]] - $BluetoothAllowedServices, + [System.Boolean] + $CameraBlocked, [Parameter()] [System.Boolean] - $BluetoothBlockAdvertising, + $CellularBlockDataWhenRoaming, [Parameter()] [System.Boolean] - $BluetoothBlockDiscoverableMode, + $CellularBlockVpn, [Parameter()] [System.Boolean] - $BluetoothBlockPrePairing, + $CellularBlockVpnWhenRoaming, [Parameter()] - [System.Boolean] - $EdgeBlockAutofill, + [ValidateSet('blocked','required','allowed','notConfigured')] + [System.String] + $CellularData, [Parameter()] [System.Boolean] - $EdgeBlocked, + $CertificatesBlockManualRootCertificateInstallation, [Parameter()] - [ValidateSet('userDefined', 'allow', 'blockThirdparty', 'blockAll')] [System.String] - $EdgeCookiePolicy, + $ConfigureTimeZone, [Parameter()] [System.Boolean] - $EdgeBlockDeveloperTools, + $ConnectedDevicesServiceBlocked, [Parameter()] [System.Boolean] - $EdgeBlockSendingDoNotTrackHeader, + $CopyPasteBlocked, [Parameter()] [System.Boolean] - $EdgeBlockExtensions, + $CortanaBlocked, [Parameter()] [System.Boolean] - $EdgeBlockInPrivateBrowsing, + $CryptographyAllowFipsAlgorithmPolicy, [Parameter()] [System.Boolean] - $EdgeBlockJavaScript, + $DataProtectionBlockDirectMemoryAccess, [Parameter()] [System.Boolean] - $EdgeBlockPasswordManager, + $DefenderBlockEndUserAccess, [Parameter()] [System.Boolean] - $EdgeBlockAddressBarDropdown, + $DefenderBlockOnAccessProtection, [Parameter()] - [System.Boolean] - $EdgeBlockCompatibilityList, + [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [System.String] + $DefenderCloudBlockLevel, [Parameter()] - [System.Boolean] - $EdgeClearBrowsingDataOnExit, + [System.Int32] + $DefenderCloudExtendedTimeout, [Parameter()] - [System.Boolean] - $EdgeAllowStartPagesModification, + [System.Int32] + $DefenderCloudExtendedTimeoutInSeconds, [Parameter()] - [System.Boolean] - $EdgeDisableFirstRunPage, + [System.Int32] + $DefenderDaysBeforeDeletingQuarantinedMalware, [Parameter()] - [System.Boolean] - $EdgeBlockLiveTileDataCollection, + [Microsoft.Management.Infrastructure.CimInstance] + $DefenderDetectedMalwareActions, [Parameter()] [System.Boolean] - $EdgeSyncFavoritesWithInternetExplorer, + $DefenderDisableCatchupFullScan, [Parameter()] [System.Boolean] - $CellularBlockDataWhenRoaming, + $DefenderDisableCatchupQuickScan, [Parameter()] - [System.Boolean] - $CellularBlockVpn, + [System.String[]] + $DefenderFileExtensionsToExclude, [Parameter()] - [System.Boolean] - $CellularBlockVpnWhenRoaming, + [System.String[]] + $DefenderFilesAndFoldersToExclude, [Parameter()] - [System.Boolean] - $DefenderRequireRealTimeMonitoring, + [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [System.String] + $DefenderMonitorFileActivity, [Parameter()] - [System.Boolean] - $DefenderRequireBehaviorMonitoring, + [ValidateSet('deviceDefault','block','audit')] + [System.String] + $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [System.Boolean] - $DefenderRequireNetworkInspectionSystem, + [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [System.String] + $DefenderPotentiallyUnwantedAppActionSetting, [Parameter()] - [System.Boolean] - $DefenderScanDownloads, + [System.String[]] + $DefenderProcessesToExclude, [Parameter()] - [System.Boolean] - $DefenderScanScriptsLoadedInInternetExplorer, + [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [System.String] + $DefenderPromptForSampleSubmission, [Parameter()] [System.Boolean] - $DefenderBlockEndUserAccess, - - [Parameter()] - [System.Uint64] - $DefenderSignatureUpdateIntervalInHours, + $DefenderRequireBehaviorMonitoring, [Parameter()] - [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] - [System.String] - $DefenderMonitorFileActivity, + [System.Boolean] + $DefenderRequireCloudProtection, [Parameter()] - [System.Uint64] - $DefenderDaysBeforeDeletingQuarantinedMalware, + [System.Boolean] + $DefenderRequireNetworkInspectionSystem, [Parameter()] - [System.Uint64] - $DefenderScanMaxCpu, + [System.Boolean] + $DefenderRequireRealTimeMonitoring, [Parameter()] [System.Boolean] @@ -225,959 +216,2313 @@ function Get-TargetResource [Parameter()] [System.Boolean] - $DefenderScanIncomingMail, + $DefenderScanDownloads, [Parameter()] [System.Boolean] - $DefenderScanRemovableDrivesDuringFullScan, + $DefenderScanIncomingMail, [Parameter()] [System.Boolean] $DefenderScanMappedNetworkDrivesDuringFullScan, + [Parameter()] + [System.Int32] + $DefenderScanMaxCpu, + [Parameter()] [System.Boolean] $DefenderScanNetworkFiles, [Parameter()] [System.Boolean] - $DefenderRequireCloudProtection, + $DefenderScanRemovableDrivesDuringFullScan, [Parameter()] - [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] - [System.String] - $DefenderCloudBlockLevel, + [System.Boolean] + $DefenderScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] + [ValidateSet('userDefined','disabled','quick','full')] [System.String] - $DefenderPromptForSampleSubmission, + $DefenderScanType, [Parameter()] - [System.String] + [System.TimeSpan] $DefenderScheduledQuickScanTime, [Parameter()] - [ValidateSet('userDefined', 'disabled', 'quick', 'full')] - [System.String] - $DefenderScanType, - - [Parameter()] - [System.string] - $DefenderSystemScanSchedule, + [System.TimeSpan] + $DefenderScheduledScanTime, [Parameter()] - [System.String] - $DefenderScheduledScanTime, + [System.Boolean] + $DefenderScheduleScanEnableLowCpuPriority, [Parameter()] - [System.String[]] - $DefenderFileExtensionsToExclude, + [System.Int32] + $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [System.String[]] - $DefenderFilesAndFoldersToExclude, + [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [System.String] + $DefenderSubmitSamplesConsentType, [Parameter()] - [System.String[]] - $DefenderProcessesToExclude, + [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [System.String] + $DefenderSystemScanSchedule, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance] - $DefenderDetectedMalwareActions, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $DeveloperUnlockSetting, [Parameter()] [System.Boolean] - $LockScreenAllowTimeoutConfiguration, + $DeviceManagementBlockFactoryResetOnMobile, [Parameter()] [System.Boolean] - $LockScreenBlockActionCenterNotifications, + $DeviceManagementBlockManualUnenroll, [Parameter()] - [System.Boolean] - $LockScreenBlockCortana, + [ValidateSet('userDefined','none','basic','enhanced','full')] + [System.String] + $DiagnosticsDataSubmissionMode, [Parameter()] - [System.Boolean] - $LockScreenBlockToastNotifications, + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOff, [Parameter()] - [System.Uint64] - $LockScreenTimeoutInSeconds, + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOn, [Parameter()] [System.Boolean] - $PasswordBlockSimple, + $EdgeAllowStartPagesModification, [Parameter()] - [System.Uint64] - $PasswordExpirationDays, + [System.Boolean] + $EdgeBlockAccessToAboutFlags, [Parameter()] - [System.Uint64] - $PasswordMinimumLength, + [System.Boolean] + $EdgeBlockAddressBarDropdown, [Parameter()] - [System.Uint64] - $PasswordMinutesOfInactivityBeforeScreenTimeout, + [System.Boolean] + $EdgeBlockAutofill, [Parameter()] - [System.Uint64] - $PasswordMinimumCharacterSetCount, + [System.Boolean] + $EdgeBlockCompatibilityList, [Parameter()] - [System.Uint64] - $PasswordPreviousPasswordBlockCount, + [System.Boolean] + $EdgeBlockDeveloperTools, [Parameter()] [System.Boolean] - $PasswordRequired, + $EdgeBlocked, [Parameter()] [System.Boolean] - $PasswordRequireWhenResumeFromIdleState, + $EdgeBlockEditFavorites, [Parameter()] - [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] - [System.String] - $PasswordRequiredType, + [System.Boolean] + $EdgeBlockExtensions, [Parameter()] - [System.Uint64] - $PasswordSignInFailureCountBeforeFactoryReset, + [System.Boolean] + $EdgeBlockFullScreenMode, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - [System.String] - $PrivacyAdvertisingId, + [System.Boolean] + $EdgeBlockInPrivateBrowsing, [Parameter()] [System.Boolean] - $PrivacyAutoAcceptPairingAndConsentPrompts, + $EdgeBlockJavaScript, [Parameter()] [System.Boolean] - $PrivacyBlockInputPersonalization, + $EdgeBlockLiveTileDataCollection, [Parameter()] [System.Boolean] - $StartBlockUnpinningAppsFromTaskbar, + $EdgeBlockPasswordManager, [Parameter()] - [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] - [System.String] - $StartMenuAppListVisibility, + [System.Boolean] + $EdgeBlockPopups, [Parameter()] [System.Boolean] - $StartMenuHideChangeAccountSettings, + $EdgeBlockPrelaunch, [Parameter()] [System.Boolean] - $StartMenuHideFrequentlyUsedApps, + $EdgeBlockPrinting, [Parameter()] [System.Boolean] - $StartMenuHideHibernate, + $EdgeBlockSavingHistory, [Parameter()] [System.Boolean] - $StartMenuHideLock, + $EdgeBlockSearchEngineCustomization, [Parameter()] [System.Boolean] - $StartMenuHidePowerButton, + $EdgeBlockSearchSuggestions, [Parameter()] [System.Boolean] - $StartMenuHideRecentJumpLists, + $EdgeBlockSendingDoNotTrackHeader, [Parameter()] [System.Boolean] - $StartMenuHideRecentlyAddedApps, + $EdgeBlockSendingIntranetTrafficToInternetExplorer, [Parameter()] [System.Boolean] - $StartMenuHideRestartOptions, + $EdgeBlockSideloadingExtensions, [Parameter()] [System.Boolean] - $StartMenuHideShutDown, + $EdgeBlockTabPreloading, [Parameter()] [System.Boolean] - $StartMenuHideSignOut, + $EdgeBlockWebContentOnNewTabPage, [Parameter()] [System.Boolean] - $StartMenuHideSleep, + $EdgeClearBrowsingDataOnExit, [Parameter()] - [System.Boolean] - $StartMenuHideSwitchAccount, + [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [System.String] + $EdgeCookiePolicy, [Parameter()] [System.Boolean] - $StartMenuHideUserTile, + $EdgeDisableFirstRunPage, [Parameter()] [System.String] - $StartMenuLayoutEdgeAssetsXml, + $EdgeEnterpriseModeSiteListLocation, [Parameter()] + [ValidateSet('notConfigured','hide','show')] [System.String] - $StartMenuLayoutXml, + $EdgeFavoritesBarVisibility, [Parameter()] - [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] [System.String] - $StartMenuMode, + $EdgeFavoritesListLocation, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderDocuments, + $EdgeFirstRunUrl, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeHomeButtonConfiguration, + + [Parameter()] + [System.Boolean] + $EdgeHomeButtonConfigurationEnabled, + + [Parameter()] + [System.String[]] + $EdgeHomepageUrls, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] [System.String] - $StartMenuPinnedFolderDownloads, + $EdgeKioskModeRestriction, + + [Parameter()] + [System.Int32] + $EdgeKioskResetAfterIdleTimeInMinutes, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderFileExplorer, + $EdgeNewTabPageURL, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] [System.String] - $StartMenuPinnedFolderHomeGroup, + $EdgeOpensWith, + + [Parameter()] + [System.Boolean] + $EdgePreventCertificateErrorOverride, + + [Parameter()] + [System.String[]] + $EdgeRequiredExtensionPackageFamilyNames, + + [Parameter()] + [System.Boolean] + $EdgeRequireSmartScreen, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeSearchEngine, + + [Parameter()] + [System.Boolean] + $EdgeSendIntranetTrafficToInternetExplorer, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','disabled','enabled','keepGoing')] [System.String] - $StartMenuPinnedFolderMusic, + $EdgeShowMessageWhenOpeningInternetExplorerSites, + + [Parameter()] + [System.Boolean] + $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] [System.String] - $StartMenuPinnedFolderNetwork, + $EdgeTelemetryForMicrosoft365Analytics, + + [Parameter()] + [System.Boolean] + $EnableAutomaticRedeployment, + + [Parameter()] + [System.Int32] + $EnergySaverOnBatteryThresholdPercentage, + + [Parameter()] + [System.Int32] + $EnergySaverPluggedInThresholdPercentage, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderPersonalFolder, + $EnterpriseCloudPrintDiscoveryEndPoint, + + [Parameter()] + [System.Int32] + $EnterpriseCloudPrintDiscoveryMaxLimit, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderPictures, + $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderSettings, + $EnterpriseCloudPrintOAuthAuthority, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderVideos, + $EnterpriseCloudPrintOAuthClientIdentifier, [Parameter()] - [System.Boolean] - $SettingsBlockSettingsApp, + [System.String] + $EnterpriseCloudPrintResourceIdentifier, [Parameter()] [System.Boolean] - $SettingsBlockSystemPage, + $ExperienceBlockDeviceDiscovery, [Parameter()] [System.Boolean] - $SettingsBlockDevicesPage, + $ExperienceBlockErrorDialogWhenNoSIM, [Parameter()] [System.Boolean] - $SettingsBlockNetworkInternetPage, + $ExperienceBlockTaskSwitcher, [Parameter()] - [System.Boolean] - $SettingsBlockPersonalizationPage, + [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [System.String] + $ExperienceDoNotSyncBrowserSettings, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $FindMyFiles, [Parameter()] [System.Boolean] - $SettingsBlockAccountsPage, + $GameDvrBlocked, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $InkWorkspaceAccess, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $InkWorkspaceAccessState, [Parameter()] [System.Boolean] - $SettingsBlockTimeLanguagePage, + $InkWorkspaceBlockSuggestedApps, [Parameter()] [System.Boolean] - $SettingsBlockEaseOfAccessPage, + $InternetSharingBlocked, [Parameter()] [System.Boolean] - $SettingsBlockPrivacyPage, + $LocationServicesBlocked, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $LockScreenActivateAppsWithVoice, [Parameter()] [System.Boolean] - $SettingsBlockUpdateSecurityPage, + $LockScreenAllowTimeoutConfiguration, [Parameter()] [System.Boolean] - $SettingsBlockAppsPage, + $LockScreenBlockActionCenterNotifications, [Parameter()] [System.Boolean] - $SettingsBlockGamingPage, + $LockScreenBlockCortana, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockConsumerSpecificFeatures, + $LockScreenBlockToastNotifications, + + [Parameter()] + [System.Int32] + $LockScreenTimeoutInSeconds, [Parameter()] [System.Boolean] - $WindowsSpotlightBlocked, + $LogonBlockFastUserSwitching, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockOnActionCenter, + $MessagingBlockMMS, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockTailoredExperiences, + $MessagingBlockRichCommunicationServices, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockThirdPartyNotifications, + $MessagingBlockSync, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockWelcomeExperience, + $MicrosoftAccountBlocked, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockWindowsTips, + $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('notConfigured', 'disabled', 'enabled')] + [ValidateSet('notConfigured','disabled')] [System.String] - $WindowsSpotlightConfigureOnLockScreen, + $MicrosoftAccountSignInAssistantSettings, [Parameter()] [System.Boolean] $NetworkProxyApplySettingsDeviceWide, - [Parameter()] - [System.Boolean] - $NetworkProxyDisableAutoDetect, - [Parameter()] [System.String] $NetworkProxyAutomaticConfigurationUrl, [Parameter()] - [System.String[]] + [System.Boolean] + $NetworkProxyDisableAutoDetect, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] $NetworkProxyServer, [Parameter()] [System.Boolean] - $AccountsBlockAddingNonMicrosoftAccountEmail, + $NfcBlocked, [Parameter()] [System.Boolean] - $AntiTheftModeBlocked, + $OneDriveDisableFileSync, [Parameter()] [System.Boolean] - $BluetoothBlocked, + $PasswordBlockSimple, [Parameter()] - [System.Boolean] - $CameraBlocked, + [System.Int32] + $PasswordExpirationDays, [Parameter()] - [System.Boolean] - $ConnectedDevicesServiceBlocked, + [System.Int32] + $PasswordMinimumAgeInDays, [Parameter()] - [System.Boolean] - $CertificatesBlockManualRootCertificateInstallation, + [System.Int32] + $PasswordMinimumCharacterSetCount, [Parameter()] - [System.Boolean] - $CopyPasteBlocked, + [System.Int32] + $PasswordMinimumLength, [Parameter()] - [System.Boolean] - $CortanaBlocked, + [System.Int32] + $PasswordMinutesOfInactivityBeforeScreenTimeout, [Parameter()] - [System.Boolean] - $DeviceManagementBlockFactoryResetOnMobile, + [System.Int32] + $PasswordPreviousPasswordBlockCount, [Parameter()] [System.Boolean] - $DeviceManagementBlockManualUnenroll, + $PasswordRequired, [Parameter()] - [ValidateSet('userDefined', 'strict', 'moderate')] + [ValidateSet('deviceDefault','alphanumeric','numeric')] [System.String] - $SafeSearchFilter, + $PasswordRequiredType, [Parameter()] [System.Boolean] - $EdgeBlockPopups, + $PasswordRequireWhenResumeFromIdleState, [Parameter()] - [System.Boolean] - $EdgeBlockSearchSuggestions, + [System.Int32] + $PasswordSignInFailureCountBeforeFactoryReset, [Parameter()] - [System.Boolean] - $EdgeBlockSendingIntranetTrafficToInternetExplorer, + [System.String] + $PersonalizationDesktopImageUrl, [Parameter()] - [System.Boolean] - $EdgeSendIntranetTrafficToInternetExplorer, + [System.String] + $PersonalizationLockScreenImageUrl, [Parameter()] - [System.Boolean] - $EdgeRequireSmartScreen, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionOnBattery, [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] [System.String] - $EdgeEnterpriseModeSiteListLocation, + $PowerButtonActionPluggedIn, [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $EdgeFirstRunUrl, + $PowerHybridSleepOnBattery, [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $EdgeSearchEngine, + $PowerHybridSleepPluggedIn, [Parameter()] - [System.String[]] - $EdgeHomepageUrls, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionOnBattery, [Parameter()] - [System.Boolean] - $EdgeBlockAccessToAboutFlags, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionPluggedIn, [Parameter()] - [System.Boolean] - $SmartScreenBlockPromptOverride, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionOnBattery, [Parameter()] - [System.Boolean] - $SmartScreenBlockPromptOverrideForFiles, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionPluggedIn, [Parameter()] [System.Boolean] - $WebRtcBlockLocalhostIpAddress, + $PrinterBlockAddition, [Parameter()] - [System.Boolean] - $InternetSharingBlocked, + [System.String] + $PrinterDefaultName, [Parameter()] - [System.Boolean] - $SettingsBlockAddProvisioningPackage, + [System.String[]] + $PrinterNames, [Parameter()] - [System.Boolean] - $SettingsBlockRemoveProvisioningPackage, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $PrivacyAdvertisingId, [Parameter()] [System.Boolean] - $SettingsBlockChangeSystemTime, + $PrivacyAutoAcceptPairingAndConsentPrompts, [Parameter()] [System.Boolean] - $SettingsBlockEditDeviceName, + $PrivacyBlockActivityFeed, [Parameter()] [System.Boolean] - $SettingsBlockChangeRegion, + $PrivacyBlockInputPersonalization, [Parameter()] [System.Boolean] - $SettingsBlockChangeLanguage, + $PrivacyBlockPublishUserActivities, [Parameter()] [System.Boolean] - $SettingsBlockChangePowerSleep, + $PrivacyDisableLaunchExperience, [Parameter()] [System.Boolean] - $LocationServicesBlocked, + $ResetProtectionModeBlocked, [Parameter()] - [System.Boolean] - $MicrosoftAccountBlocked, + [ValidateSet('userDefined','strict','moderate')] + [System.String] + $SafeSearchFilter, [Parameter()] [System.Boolean] - $MicrosoftAccountBlockSettingsSync, + $ScreenCaptureBlocked, [Parameter()] [System.Boolean] - $NfcBlocked, + $SearchBlockDiacritics, [Parameter()] [System.Boolean] - $ResetProtectionModeBlocked, + $SearchBlockWebResults, [Parameter()] [System.Boolean] - $ScreenCaptureBlocked, + $SearchDisableAutoLanguageDetection, [Parameter()] [System.Boolean] - $StorageBlockRemovableStorage, + $SearchDisableIndexerBackoff, [Parameter()] [System.Boolean] - $StorageRequireMobileDeviceEncryption, + $SearchDisableIndexingEncryptedItems, [Parameter()] [System.Boolean] - $UsbBlocked, + $SearchDisableIndexingRemovableDrive, [Parameter()] [System.Boolean] - $VoiceRecordingBlocked, + $SearchDisableLocation, [Parameter()] [System.Boolean] - $WiFiBlockAutomaticConnectHotspots, + $SearchDisableUseLocation, [Parameter()] [System.Boolean] - $WiFiBlocked, + $SearchEnableAutomaticIndexSizeManangement, [Parameter()] [System.Boolean] - $WiFiBlockManualConfiguration, + $SearchEnableRemoteQueries, [Parameter()] - [System.Uint64] - $WiFiScanInterval, + [System.Boolean] + $SecurityBlockAzureADJoinedDevicesAutoEncryption, [Parameter()] [System.Boolean] - $WirelessDisplayBlockProjectionToThisDevice, + $SettingsBlockAccountsPage, [Parameter()] [System.Boolean] - $WirelessDisplayBlockUserInputFromReceiver, + $SettingsBlockAddProvisioningPackage, [Parameter()] [System.Boolean] - $WirelessDisplayRequirePinForPairing, + $SettingsBlockAppsPage, [Parameter()] [System.Boolean] - $WindowsStoreBlocked, + $SettingsBlockChangeLanguage, [Parameter()] - [System.String] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - $AppsAllowTrustedAppsSideloading, + [System.Boolean] + $SettingsBlockChangePowerSleep, [Parameter()] [System.Boolean] - $WindowsStoreBlockAutoUpdate, + $SettingsBlockChangeRegion, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - [System.String] - $DeveloperUnlockSetting, + [System.Boolean] + $SettingsBlockChangeSystemTime, [Parameter()] [System.Boolean] - $SharedUserAppDataAllowed, + $SettingsBlockDevicesPage, [Parameter()] [System.Boolean] - $AppsBlockWindowsStoreOriginatedApps, + $SettingsBlockEaseOfAccessPage, [Parameter()] [System.Boolean] - $WindowsStoreEnablePrivateStoreOnly, + $SettingsBlockEditDeviceName, [Parameter()] [System.Boolean] - $StorageRestrictAppDataToSystemVolume, + $SettingsBlockGamingPage, [Parameter()] [System.Boolean] - $StorageRestrictAppInstallToSystemVolume, + $SettingsBlockNetworkInternetPage, [Parameter()] [System.Boolean] - $GameDvrBlocked, + $SettingsBlockPersonalizationPage, [Parameter()] [System.Boolean] - $ExperienceBlockDeviceDiscovery, + $SettingsBlockPrivacyPage, [Parameter()] [System.Boolean] - $ExperienceBlockErrorDialogWhenNoSIM, + $SettingsBlockRemoveProvisioningPackage, + + [Parameter()] + [System.Boolean] + $SettingsBlockSettingsApp, + + [Parameter()] + [System.Boolean] + $SettingsBlockSystemPage, + + [Parameter()] + [System.Boolean] + $SettingsBlockTimeLanguagePage, + + [Parameter()] + [System.Boolean] + $SettingsBlockUpdateSecurityPage, + + [Parameter()] + [System.Boolean] + $SharedUserAppDataAllowed, + + [Parameter()] + [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] + [System.String] + $SmartScreenAppInstallControl, + + [Parameter()] + [System.Boolean] + $SmartScreenBlockPromptOverride, + + [Parameter()] + [System.Boolean] + $SmartScreenBlockPromptOverrideForFiles, + + [Parameter()] + [System.Boolean] + $SmartScreenEnableAppInstallControl, + + [Parameter()] + [System.Boolean] + $StartBlockUnpinningAppsFromTaskbar, + + [Parameter()] + [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] + [System.String] + $StartMenuAppListVisibility, + + [Parameter()] + [System.Boolean] + $StartMenuHideChangeAccountSettings, + + [Parameter()] + [System.Boolean] + $StartMenuHideFrequentlyUsedApps, + + [Parameter()] + [System.Boolean] + $StartMenuHideHibernate, + + [Parameter()] + [System.Boolean] + $StartMenuHideLock, + + [Parameter()] + [System.Boolean] + $StartMenuHidePowerButton, + + [Parameter()] + [System.Boolean] + $StartMenuHideRecentJumpLists, + + [Parameter()] + [System.Boolean] + $StartMenuHideRecentlyAddedApps, + + [Parameter()] + [System.Boolean] + $StartMenuHideRestartOptions, + + [Parameter()] + [System.Boolean] + $StartMenuHideShutDown, + + [Parameter()] + [System.Boolean] + $StartMenuHideSignOut, + + [Parameter()] + [System.Boolean] + $StartMenuHideSleep, + + [Parameter()] + [System.Boolean] + $StartMenuHideSwitchAccount, + + [Parameter()] + [System.Boolean] + $StartMenuHideUserTile, + + [Parameter()] + [System.String] + $StartMenuLayoutEdgeAssetsXml, + + [Parameter()] + [System.String] + $StartMenuLayoutXml, + + [Parameter()] + [ValidateSet('userDefined','fullScreen','nonFullScreen')] + [System.String] + $StartMenuMode, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderDocuments, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderDownloads, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderFileExplorer, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderHomeGroup, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderMusic, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderNetwork, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderPersonalFolder, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderPictures, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderSettings, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderVideos, + + [Parameter()] + [System.Boolean] + $StorageBlockRemovableStorage, + + [Parameter()] + [System.Boolean] + $StorageRequireMobileDeviceEncryption, + + [Parameter()] + [System.Boolean] + $StorageRestrictAppDataToSystemVolume, + + [Parameter()] + [System.Boolean] + $StorageRestrictAppInstallToSystemVolume, + + [Parameter()] + [System.String] + $SystemTelemetryProxyServer, + + [Parameter()] + [System.Boolean] + $TaskManagerBlockEndTask, + + [Parameter()] + [System.Boolean] + $TenantLockdownRequireNetworkDuringOutOfBoxExperience, + + [Parameter()] + [System.Boolean] + $UninstallBuiltInApps, + + [Parameter()] + [System.Boolean] + $UsbBlocked, + + [Parameter()] + [System.Boolean] + $VoiceRecordingBlocked, + + [Parameter()] + [System.Boolean] + $WebRtcBlockLocalhostIpAddress, + + [Parameter()] + [System.Boolean] + $WiFiBlockAutomaticConnectHotspots, + + [Parameter()] + [System.Boolean] + $WiFiBlocked, + + [Parameter()] + [System.Boolean] + $WiFiBlockManualConfiguration, + + [Parameter()] + [System.Int32] + $WiFiScanInterval, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Windows10AppsForceUpdateSchedule, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockConsumerSpecificFeatures, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlocked, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockOnActionCenter, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockTailoredExperiences, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockThirdPartyNotifications, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockWelcomeExperience, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockWindowsTips, + + [Parameter()] + [ValidateSet('notConfigured','disabled','enabled')] + [System.String] + $WindowsSpotlightConfigureOnLockScreen, + + [Parameter()] + [System.Boolean] + $WindowsStoreBlockAutoUpdate, + + [Parameter()] + [System.Boolean] + $WindowsStoreBlocked, + + [Parameter()] + [System.Boolean] + $WindowsStoreEnablePrivateStoreOnly, + + [Parameter()] + [System.Boolean] + $WirelessDisplayBlockProjectionToThisDevice, + + [Parameter()] + [System.Boolean] + $WirelessDisplayBlockUserInputFromReceiver, + + [Parameter()] + [System.Boolean] + $WirelessDisplayRequirePinForPairing, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgDeviceManagementDeviceConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10GeneralConfiguration" ` + } + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Device Configuration Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." + + #region resource generator code + $complexDefenderDetectedMalwareActions = @{} + if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.highSeverity) + { + $complexDefenderDetectedMalwareActions.Add('HighSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.highSeverity.toString()) + } + if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.lowSeverity) + { + $complexDefenderDetectedMalwareActions.Add('LowSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.lowSeverity.toString()) + } + if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.moderateSeverity) + { + $complexDefenderDetectedMalwareActions.Add('ModerateSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.moderateSeverity.toString()) + } + if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity) + { + $complexDefenderDetectedMalwareActions.Add('SevereSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity.toString()) + } + if ($complexDefenderDetectedMalwareActions.values.Where({$null -ne $_}).count -eq 0) + { + $complexDefenderDetectedMalwareActions = $null + } + + $complexEdgeHomeButtonConfiguration = @{} + $complexEdgeHomeButtonConfiguration.Add('HomeButtonCustomURL', $getValue.AdditionalProperties.edgeHomeButtonConfiguration.homeButtonCustomURL) + if ($null -ne $getValue.AdditionalProperties.edgeHomeButtonConfiguration.'@odata.type') + { + $complexEdgeHomeButtonConfiguration.Add('odataType', $getValue.AdditionalProperties.edgeHomeButtonConfiguration.'@odata.type'.toString()) + } + if ($complexEdgeHomeButtonConfiguration.values.Where({$null -ne $_}).count -eq 0) + { + $complexEdgeHomeButtonConfiguration = $null + } + + $complexEdgeSearchEngine = @{} + if ($null -ne $getValue.AdditionalProperties.edgeSearchEngine.edgeSearchEngineType) + { + $complexEdgeSearchEngine.Add('EdgeSearchEngineType', $getValue.AdditionalProperties.edgeSearchEngine.edgeSearchEngineType.toString()) + } + $complexEdgeSearchEngine.Add('EdgeSearchEngineOpenSearchXmlUrl', $getValue.AdditionalProperties.edgeSearchEngine.edgeSearchEngineOpenSearchXmlUrl) + if ($null -ne $getValue.AdditionalProperties.edgeSearchEngine.'@odata.type') + { + $complexEdgeSearchEngine.Add('odataType', $getValue.AdditionalProperties.edgeSearchEngine.'@odata.type'.toString()) + } + if ($complexEdgeSearchEngine.values.Where({$null -ne $_}).count -eq 0) + { + $complexEdgeSearchEngine = $null + } + + $complexNetworkProxyServer = @{} + $complexNetworkProxyServer.Add('Address', $getValue.AdditionalProperties.networkProxyServer.address) + $complexNetworkProxyServer.Add('Exceptions', $getValue.AdditionalProperties.networkProxyServer.exceptions) + $complexNetworkProxyServer.Add('UseForLocalAddresses', $getValue.AdditionalProperties.networkProxyServer.useForLocalAddresses) + if ($complexNetworkProxyServer.values.Where({$null -ne $_}).count -eq 0) + { + $complexNetworkProxyServer = $null + } + + $complexWindows10AppsForceUpdateSchedule = @{} + if ($null -ne $getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.recurrence) + { + $complexWindows10AppsForceUpdateSchedule.Add('Recurrence', $getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.recurrence.toString()) + } + $complexWindows10AppsForceUpdateSchedule.Add('RunImmediatelyIfAfterStartDateTime', $getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.runImmediatelyIfAfterStartDateTime) + if ($null -ne $getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.startDateTime) + { + $complexWindows10AppsForceUpdateSchedule.Add('StartDateTime', ([DateTimeOffset]$getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.startDateTime).ToString('o')) + } + if ($complexWindows10AppsForceUpdateSchedule.values.Where({$null -ne $_}).count -eq 0) + { + $complexWindows10AppsForceUpdateSchedule = $null + } + #endregion + + #region resource generator code + $enumActivateAppsWithVoice = $null + if ($null -ne $getValue.AdditionalProperties.activateAppsWithVoice) + { + $enumActivateAppsWithVoice = $getValue.AdditionalProperties.activateAppsWithVoice.ToString() + } + + $enumAppsAllowTrustedAppsSideloading = $null + if ($null -ne $getValue.AdditionalProperties.appsAllowTrustedAppsSideloading) + { + $enumAppsAllowTrustedAppsSideloading = $getValue.AdditionalProperties.appsAllowTrustedAppsSideloading.ToString() + } + + $enumAuthenticationWebSignIn = $null + if ($null -ne $getValue.AdditionalProperties.authenticationWebSignIn) + { + $enumAuthenticationWebSignIn = $getValue.AdditionalProperties.authenticationWebSignIn.ToString() + } + + $enumCellularData = $null + if ($null -ne $getValue.AdditionalProperties.cellularData) + { + $enumCellularData = $getValue.AdditionalProperties.cellularData.ToString() + } + + $enumDefenderCloudBlockLevel = $null + if ($null -ne $getValue.AdditionalProperties.defenderCloudBlockLevel) + { + $enumDefenderCloudBlockLevel = $getValue.AdditionalProperties.defenderCloudBlockLevel.ToString() + } + + $enumDefenderMonitorFileActivity = $null + if ($null -ne $getValue.AdditionalProperties.defenderMonitorFileActivity) + { + $enumDefenderMonitorFileActivity = $getValue.AdditionalProperties.defenderMonitorFileActivity.ToString() + } + + $enumDefenderPotentiallyUnwantedAppAction = $null + if ($null -ne $getValue.AdditionalProperties.defenderPotentiallyUnwantedAppAction) + { + $enumDefenderPotentiallyUnwantedAppAction = $getValue.AdditionalProperties.defenderPotentiallyUnwantedAppAction.ToString() + } + + $enumDefenderPotentiallyUnwantedAppActionSetting = $null + if ($null -ne $getValue.AdditionalProperties.defenderPotentiallyUnwantedAppActionSetting) + { + $enumDefenderPotentiallyUnwantedAppActionSetting = $getValue.AdditionalProperties.defenderPotentiallyUnwantedAppActionSetting.ToString() + } + + $enumDefenderPromptForSampleSubmission = $null + if ($null -ne $getValue.AdditionalProperties.defenderPromptForSampleSubmission) + { + $enumDefenderPromptForSampleSubmission = $getValue.AdditionalProperties.defenderPromptForSampleSubmission.ToString() + } + + $enumDefenderScanType = $null + if ($null -ne $getValue.AdditionalProperties.defenderScanType) + { + $enumDefenderScanType = $getValue.AdditionalProperties.defenderScanType.ToString() + } + + $enumDefenderSubmitSamplesConsentType = $null + if ($null -ne $getValue.AdditionalProperties.defenderSubmitSamplesConsentType) + { + $enumDefenderSubmitSamplesConsentType = $getValue.AdditionalProperties.defenderSubmitSamplesConsentType.ToString() + } + + $enumDefenderSystemScanSchedule = $null + if ($null -ne $getValue.AdditionalProperties.defenderSystemScanSchedule) + { + $enumDefenderSystemScanSchedule = $getValue.AdditionalProperties.defenderSystemScanSchedule.ToString() + } + + $enumDeveloperUnlockSetting = $null + if ($null -ne $getValue.AdditionalProperties.developerUnlockSetting) + { + $enumDeveloperUnlockSetting = $getValue.AdditionalProperties.developerUnlockSetting.ToString() + } + + $enumDiagnosticsDataSubmissionMode = $null + if ($null -ne $getValue.AdditionalProperties.diagnosticsDataSubmissionMode) + { + $enumDiagnosticsDataSubmissionMode = $getValue.AdditionalProperties.diagnosticsDataSubmissionMode.ToString() + } + + $enumEdgeCookiePolicy = $null + if ($null -ne $getValue.AdditionalProperties.edgeCookiePolicy) + { + $enumEdgeCookiePolicy = $getValue.AdditionalProperties.edgeCookiePolicy.ToString() + } + + $enumEdgeFavoritesBarVisibility = $null + if ($null -ne $getValue.AdditionalProperties.edgeFavoritesBarVisibility) + { + $enumEdgeFavoritesBarVisibility = $getValue.AdditionalProperties.edgeFavoritesBarVisibility.ToString() + } + + $enumEdgeKioskModeRestriction = $null + if ($null -ne $getValue.AdditionalProperties.edgeKioskModeRestriction) + { + $enumEdgeKioskModeRestriction = $getValue.AdditionalProperties.edgeKioskModeRestriction.ToString() + } + + $enumEdgeOpensWith = $null + if ($null -ne $getValue.AdditionalProperties.edgeOpensWith) + { + $enumEdgeOpensWith = $getValue.AdditionalProperties.edgeOpensWith.ToString() + } + + $enumEdgeShowMessageWhenOpeningInternetExplorerSites = $null + if ($null -ne $getValue.AdditionalProperties.edgeShowMessageWhenOpeningInternetExplorerSites) + { + $enumEdgeShowMessageWhenOpeningInternetExplorerSites = $getValue.AdditionalProperties.edgeShowMessageWhenOpeningInternetExplorerSites.ToString() + } + + $enumEdgeTelemetryForMicrosoft365Analytics = $null + if ($null -ne $getValue.AdditionalProperties.edgeTelemetryForMicrosoft365Analytics) + { + $enumEdgeTelemetryForMicrosoft365Analytics = $getValue.AdditionalProperties.edgeTelemetryForMicrosoft365Analytics.ToString() + } + + $enumExperienceDoNotSyncBrowserSettings = $null + if ($null -ne $getValue.AdditionalProperties.experienceDoNotSyncBrowserSettings) + { + $enumExperienceDoNotSyncBrowserSettings = $getValue.AdditionalProperties.experienceDoNotSyncBrowserSettings.ToString() + } + + $enumFindMyFiles = $null + if ($null -ne $getValue.AdditionalProperties.findMyFiles) + { + $enumFindMyFiles = $getValue.AdditionalProperties.findMyFiles.ToString() + } + + $enumInkWorkspaceAccess = $null + if ($null -ne $getValue.AdditionalProperties.inkWorkspaceAccess) + { + $enumInkWorkspaceAccess = $getValue.AdditionalProperties.inkWorkspaceAccess.ToString() + } + + $enumInkWorkspaceAccessState = $null + if ($null -ne $getValue.AdditionalProperties.inkWorkspaceAccessState) + { + $enumInkWorkspaceAccessState = $getValue.AdditionalProperties.inkWorkspaceAccessState.ToString() + } + + $enumLockScreenActivateAppsWithVoice = $null + if ($null -ne $getValue.AdditionalProperties.lockScreenActivateAppsWithVoice) + { + $enumLockScreenActivateAppsWithVoice = $getValue.AdditionalProperties.lockScreenActivateAppsWithVoice.ToString() + } + + $enumMicrosoftAccountSignInAssistantSettings = $null + if ($null -ne $getValue.AdditionalProperties.microsoftAccountSignInAssistantSettings) + { + $enumMicrosoftAccountSignInAssistantSettings = $getValue.AdditionalProperties.microsoftAccountSignInAssistantSettings.ToString() + } + + $enumPasswordRequiredType = $null + if ($null -ne $getValue.AdditionalProperties.passwordRequiredType) + { + $enumPasswordRequiredType = $getValue.AdditionalProperties.passwordRequiredType.ToString() + } + + $enumPowerButtonActionOnBattery = $null + if ($null -ne $getValue.AdditionalProperties.powerButtonActionOnBattery) + { + $enumPowerButtonActionOnBattery = $getValue.AdditionalProperties.powerButtonActionOnBattery.ToString() + } + + $enumPowerButtonActionPluggedIn = $null + if ($null -ne $getValue.AdditionalProperties.powerButtonActionPluggedIn) + { + $enumPowerButtonActionPluggedIn = $getValue.AdditionalProperties.powerButtonActionPluggedIn.ToString() + } + + $enumPowerHybridSleepOnBattery = $null + if ($null -ne $getValue.AdditionalProperties.powerHybridSleepOnBattery) + { + $enumPowerHybridSleepOnBattery = $getValue.AdditionalProperties.powerHybridSleepOnBattery.ToString() + } + + $enumPowerHybridSleepPluggedIn = $null + if ($null -ne $getValue.AdditionalProperties.powerHybridSleepPluggedIn) + { + $enumPowerHybridSleepPluggedIn = $getValue.AdditionalProperties.powerHybridSleepPluggedIn.ToString() + } + + $enumPowerLidCloseActionOnBattery = $null + if ($null -ne $getValue.AdditionalProperties.powerLidCloseActionOnBattery) + { + $enumPowerLidCloseActionOnBattery = $getValue.AdditionalProperties.powerLidCloseActionOnBattery.ToString() + } + + $enumPowerLidCloseActionPluggedIn = $null + if ($null -ne $getValue.AdditionalProperties.powerLidCloseActionPluggedIn) + { + $enumPowerLidCloseActionPluggedIn = $getValue.AdditionalProperties.powerLidCloseActionPluggedIn.ToString() + } + + $enumPowerSleepButtonActionOnBattery = $null + if ($null -ne $getValue.AdditionalProperties.powerSleepButtonActionOnBattery) + { + $enumPowerSleepButtonActionOnBattery = $getValue.AdditionalProperties.powerSleepButtonActionOnBattery.ToString() + } + + $enumPowerSleepButtonActionPluggedIn = $null + if ($null -ne $getValue.AdditionalProperties.powerSleepButtonActionPluggedIn) + { + $enumPowerSleepButtonActionPluggedIn = $getValue.AdditionalProperties.powerSleepButtonActionPluggedIn.ToString() + } + + $enumPrivacyAdvertisingId = $null + if ($null -ne $getValue.AdditionalProperties.privacyAdvertisingId) + { + $enumPrivacyAdvertisingId = $getValue.AdditionalProperties.privacyAdvertisingId.ToString() + } + + $enumSafeSearchFilter = $null + if ($null -ne $getValue.AdditionalProperties.safeSearchFilter) + { + $enumSafeSearchFilter = $getValue.AdditionalProperties.safeSearchFilter.ToString() + } + + $enumSmartScreenAppInstallControl = $null + if ($null -ne $getValue.AdditionalProperties.smartScreenAppInstallControl) + { + $enumSmartScreenAppInstallControl = $getValue.AdditionalProperties.smartScreenAppInstallControl.ToString() + } + + $enumStartMenuAppListVisibility = $null + if ($null -ne $getValue.AdditionalProperties.startMenuAppListVisibility) + { + $enumStartMenuAppListVisibility = $getValue.AdditionalProperties.startMenuAppListVisibility.ToString() + } + + $enumStartMenuMode = $null + if ($null -ne $getValue.AdditionalProperties.startMenuMode) + { + $enumStartMenuMode = $getValue.AdditionalProperties.startMenuMode.ToString() + } + + $enumStartMenuPinnedFolderDocuments = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderDocuments) + { + $enumStartMenuPinnedFolderDocuments = $getValue.AdditionalProperties.startMenuPinnedFolderDocuments.ToString() + } + + $enumStartMenuPinnedFolderDownloads = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderDownloads) + { + $enumStartMenuPinnedFolderDownloads = $getValue.AdditionalProperties.startMenuPinnedFolderDownloads.ToString() + } + + $enumStartMenuPinnedFolderFileExplorer = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderFileExplorer) + { + $enumStartMenuPinnedFolderFileExplorer = $getValue.AdditionalProperties.startMenuPinnedFolderFileExplorer.ToString() + } + + $enumStartMenuPinnedFolderHomeGroup = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderHomeGroup) + { + $enumStartMenuPinnedFolderHomeGroup = $getValue.AdditionalProperties.startMenuPinnedFolderHomeGroup.ToString() + } + + $enumStartMenuPinnedFolderMusic = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderMusic) + { + $enumStartMenuPinnedFolderMusic = $getValue.AdditionalProperties.startMenuPinnedFolderMusic.ToString() + } + + $enumStartMenuPinnedFolderNetwork = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderNetwork) + { + $enumStartMenuPinnedFolderNetwork = $getValue.AdditionalProperties.startMenuPinnedFolderNetwork.ToString() + } + + $enumStartMenuPinnedFolderPersonalFolder = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderPersonalFolder) + { + $enumStartMenuPinnedFolderPersonalFolder = $getValue.AdditionalProperties.startMenuPinnedFolderPersonalFolder.ToString() + } + + $enumStartMenuPinnedFolderPictures = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderPictures) + { + $enumStartMenuPinnedFolderPictures = $getValue.AdditionalProperties.startMenuPinnedFolderPictures.ToString() + } + + $enumStartMenuPinnedFolderSettings = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderSettings) + { + $enumStartMenuPinnedFolderSettings = $getValue.AdditionalProperties.startMenuPinnedFolderSettings.ToString() + } + + $enumStartMenuPinnedFolderVideos = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderVideos) + { + $enumStartMenuPinnedFolderVideos = $getValue.AdditionalProperties.startMenuPinnedFolderVideos.ToString() + } + + $enumWindowsSpotlightConfigureOnLockScreen = $null + if ($null -ne $getValue.AdditionalProperties.windowsSpotlightConfigureOnLockScreen) + { + $enumWindowsSpotlightConfigureOnLockScreen = $getValue.AdditionalProperties.windowsSpotlightConfigureOnLockScreen.ToString() + } + #endregion + + #region resource generator code + $timeDefenderScheduledQuickScanTime = $null + if ($null -ne $getValue.AdditionalProperties.defenderScheduledQuickScanTime) + { + $timeDefenderScheduledQuickScanTime = ([TimeSpan]$getValue.AdditionalProperties.defenderScheduledQuickScanTime).ToString() + } + + $timeDefenderScheduledScanTime = $null + if ($null -ne $getValue.AdditionalProperties.defenderScheduledScanTime) + { + $timeDefenderScheduledScanTime = ([TimeSpan]$getValue.AdditionalProperties.defenderScheduledScanTime).ToString() + } + #endregion + + $results = @{ + #region resource generator code + AccountsBlockAddingNonMicrosoftAccountEmail = $getValue.AdditionalProperties.accountsBlockAddingNonMicrosoftAccountEmail + ActivateAppsWithVoice = $enumActivateAppsWithVoice + AntiTheftModeBlocked = $getValue.AdditionalProperties.antiTheftModeBlocked + AppManagementMSIAllowUserControlOverInstall = $getValue.AdditionalProperties.appManagementMSIAllowUserControlOverInstall + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $getValue.AdditionalProperties.appManagementMSIAlwaysInstallWithElevatedPrivileges + AppManagementPackageFamilyNamesToLaunchAfterLogOn = $getValue.AdditionalProperties.appManagementPackageFamilyNamesToLaunchAfterLogOn + AppsAllowTrustedAppsSideloading = $enumAppsAllowTrustedAppsSideloading + AppsBlockWindowsStoreOriginatedApps = $getValue.AdditionalProperties.appsBlockWindowsStoreOriginatedApps + AuthenticationAllowSecondaryDevice = $getValue.AdditionalProperties.authenticationAllowSecondaryDevice + AuthenticationPreferredAzureADTenantDomainName = $getValue.AdditionalProperties.authenticationPreferredAzureADTenantDomainName + AuthenticationWebSignIn = $enumAuthenticationWebSignIn + BluetoothAllowedServices = $getValue.AdditionalProperties.bluetoothAllowedServices + BluetoothBlockAdvertising = $getValue.AdditionalProperties.bluetoothBlockAdvertising + BluetoothBlockDiscoverableMode = $getValue.AdditionalProperties.bluetoothBlockDiscoverableMode + BluetoothBlocked = $getValue.AdditionalProperties.bluetoothBlocked + BluetoothBlockPrePairing = $getValue.AdditionalProperties.bluetoothBlockPrePairing + BluetoothBlockPromptedProximalConnections = $getValue.AdditionalProperties.bluetoothBlockPromptedProximalConnections + CameraBlocked = $getValue.AdditionalProperties.cameraBlocked + CellularBlockDataWhenRoaming = $getValue.AdditionalProperties.cellularBlockDataWhenRoaming + CellularBlockVpn = $getValue.AdditionalProperties.cellularBlockVpn + CellularBlockVpnWhenRoaming = $getValue.AdditionalProperties.cellularBlockVpnWhenRoaming + CellularData = $enumCellularData + CertificatesBlockManualRootCertificateInstallation = $getValue.AdditionalProperties.certificatesBlockManualRootCertificateInstallation + ConfigureTimeZone = $getValue.AdditionalProperties.configureTimeZone + ConnectedDevicesServiceBlocked = $getValue.AdditionalProperties.connectedDevicesServiceBlocked + CopyPasteBlocked = $getValue.AdditionalProperties.copyPasteBlocked + CortanaBlocked = $getValue.AdditionalProperties.cortanaBlocked + CryptographyAllowFipsAlgorithmPolicy = $getValue.AdditionalProperties.cryptographyAllowFipsAlgorithmPolicy + DataProtectionBlockDirectMemoryAccess = $getValue.AdditionalProperties.dataProtectionBlockDirectMemoryAccess + DefenderBlockEndUserAccess = $getValue.AdditionalProperties.defenderBlockEndUserAccess + DefenderBlockOnAccessProtection = $getValue.AdditionalProperties.defenderBlockOnAccessProtection + DefenderCloudBlockLevel = $enumDefenderCloudBlockLevel + DefenderCloudExtendedTimeout = $getValue.AdditionalProperties.defenderCloudExtendedTimeout + DefenderCloudExtendedTimeoutInSeconds = $getValue.AdditionalProperties.defenderCloudExtendedTimeoutInSeconds + DefenderDaysBeforeDeletingQuarantinedMalware = $getValue.AdditionalProperties.defenderDaysBeforeDeletingQuarantinedMalware + DefenderDetectedMalwareActions = $complexDefenderDetectedMalwareActions + DefenderDisableCatchupFullScan = $getValue.AdditionalProperties.defenderDisableCatchupFullScan + DefenderDisableCatchupQuickScan = $getValue.AdditionalProperties.defenderDisableCatchupQuickScan + DefenderFileExtensionsToExclude = $getValue.AdditionalProperties.defenderFileExtensionsToExclude + DefenderFilesAndFoldersToExclude = $getValue.AdditionalProperties.defenderFilesAndFoldersToExclude + DefenderMonitorFileActivity = $enumDefenderMonitorFileActivity + DefenderPotentiallyUnwantedAppAction = $enumDefenderPotentiallyUnwantedAppAction + DefenderPotentiallyUnwantedAppActionSetting = $enumDefenderPotentiallyUnwantedAppActionSetting + DefenderProcessesToExclude = $getValue.AdditionalProperties.defenderProcessesToExclude + DefenderPromptForSampleSubmission = $enumDefenderPromptForSampleSubmission + DefenderRequireBehaviorMonitoring = $getValue.AdditionalProperties.defenderRequireBehaviorMonitoring + DefenderRequireCloudProtection = $getValue.AdditionalProperties.defenderRequireCloudProtection + DefenderRequireNetworkInspectionSystem = $getValue.AdditionalProperties.defenderRequireNetworkInspectionSystem + DefenderRequireRealTimeMonitoring = $getValue.AdditionalProperties.defenderRequireRealTimeMonitoring + DefenderScanArchiveFiles = $getValue.AdditionalProperties.defenderScanArchiveFiles + DefenderScanDownloads = $getValue.AdditionalProperties.defenderScanDownloads + DefenderScanIncomingMail = $getValue.AdditionalProperties.defenderScanIncomingMail + DefenderScanMappedNetworkDrivesDuringFullScan = $getValue.AdditionalProperties.defenderScanMappedNetworkDrivesDuringFullScan + DefenderScanMaxCpu = $getValue.AdditionalProperties.defenderScanMaxCpu + DefenderScanNetworkFiles = $getValue.AdditionalProperties.defenderScanNetworkFiles + DefenderScanRemovableDrivesDuringFullScan = $getValue.AdditionalProperties.defenderScanRemovableDrivesDuringFullScan + DefenderScanScriptsLoadedInInternetExplorer = $getValue.AdditionalProperties.defenderScanScriptsLoadedInInternetExplorer + DefenderScanType = $enumDefenderScanType + DefenderScheduledQuickScanTime = $timeDefenderScheduledQuickScanTime + DefenderScheduledScanTime = $timeDefenderScheduledScanTime + DefenderScheduleScanEnableLowCpuPriority = $getValue.AdditionalProperties.defenderScheduleScanEnableLowCpuPriority + DefenderSignatureUpdateIntervalInHours = $getValue.AdditionalProperties.defenderSignatureUpdateIntervalInHours + DefenderSubmitSamplesConsentType = $enumDefenderSubmitSamplesConsentType + DefenderSystemScanSchedule = $enumDefenderSystemScanSchedule + DeveloperUnlockSetting = $enumDeveloperUnlockSetting + DeviceManagementBlockFactoryResetOnMobile = $getValue.AdditionalProperties.deviceManagementBlockFactoryResetOnMobile + DeviceManagementBlockManualUnenroll = $getValue.AdditionalProperties.deviceManagementBlockManualUnenroll + DiagnosticsDataSubmissionMode = $enumDiagnosticsDataSubmissionMode + DisplayAppListWithGdiDPIScalingTurnedOff = $getValue.AdditionalProperties.displayAppListWithGdiDPIScalingTurnedOff + DisplayAppListWithGdiDPIScalingTurnedOn = $getValue.AdditionalProperties.displayAppListWithGdiDPIScalingTurnedOn + EdgeAllowStartPagesModification = $getValue.AdditionalProperties.edgeAllowStartPagesModification + EdgeBlockAccessToAboutFlags = $getValue.AdditionalProperties.edgeBlockAccessToAboutFlags + EdgeBlockAddressBarDropdown = $getValue.AdditionalProperties.edgeBlockAddressBarDropdown + EdgeBlockAutofill = $getValue.AdditionalProperties.edgeBlockAutofill + EdgeBlockCompatibilityList = $getValue.AdditionalProperties.edgeBlockCompatibilityList + EdgeBlockDeveloperTools = $getValue.AdditionalProperties.edgeBlockDeveloperTools + EdgeBlocked = $getValue.AdditionalProperties.edgeBlocked + EdgeBlockEditFavorites = $getValue.AdditionalProperties.edgeBlockEditFavorites + EdgeBlockExtensions = $getValue.AdditionalProperties.edgeBlockExtensions + EdgeBlockFullScreenMode = $getValue.AdditionalProperties.edgeBlockFullScreenMode + EdgeBlockInPrivateBrowsing = $getValue.AdditionalProperties.edgeBlockInPrivateBrowsing + EdgeBlockJavaScript = $getValue.AdditionalProperties.edgeBlockJavaScript + EdgeBlockLiveTileDataCollection = $getValue.AdditionalProperties.edgeBlockLiveTileDataCollection + EdgeBlockPasswordManager = $getValue.AdditionalProperties.edgeBlockPasswordManager + EdgeBlockPopups = $getValue.AdditionalProperties.edgeBlockPopups + EdgeBlockPrelaunch = $getValue.AdditionalProperties.edgeBlockPrelaunch + EdgeBlockPrinting = $getValue.AdditionalProperties.edgeBlockPrinting + EdgeBlockSavingHistory = $getValue.AdditionalProperties.edgeBlockSavingHistory + EdgeBlockSearchEngineCustomization = $getValue.AdditionalProperties.edgeBlockSearchEngineCustomization + EdgeBlockSearchSuggestions = $getValue.AdditionalProperties.edgeBlockSearchSuggestions + EdgeBlockSendingDoNotTrackHeader = $getValue.AdditionalProperties.edgeBlockSendingDoNotTrackHeader + EdgeBlockSendingIntranetTrafficToInternetExplorer = $getValue.AdditionalProperties.edgeBlockSendingIntranetTrafficToInternetExplorer + EdgeBlockSideloadingExtensions = $getValue.AdditionalProperties.edgeBlockSideloadingExtensions + EdgeBlockTabPreloading = $getValue.AdditionalProperties.edgeBlockTabPreloading + EdgeBlockWebContentOnNewTabPage = $getValue.AdditionalProperties.edgeBlockWebContentOnNewTabPage + EdgeClearBrowsingDataOnExit = $getValue.AdditionalProperties.edgeClearBrowsingDataOnExit + EdgeCookiePolicy = $enumEdgeCookiePolicy + EdgeDisableFirstRunPage = $getValue.AdditionalProperties.edgeDisableFirstRunPage + EdgeEnterpriseModeSiteListLocation = $getValue.AdditionalProperties.edgeEnterpriseModeSiteListLocation + EdgeFavoritesBarVisibility = $enumEdgeFavoritesBarVisibility + EdgeFavoritesListLocation = $getValue.AdditionalProperties.edgeFavoritesListLocation + EdgeFirstRunUrl = $getValue.AdditionalProperties.edgeFirstRunUrl + EdgeHomeButtonConfiguration = $complexEdgeHomeButtonConfiguration + EdgeHomeButtonConfigurationEnabled = $getValue.AdditionalProperties.edgeHomeButtonConfigurationEnabled + EdgeHomepageUrls = $getValue.AdditionalProperties.edgeHomepageUrls + EdgeKioskModeRestriction = $enumEdgeKioskModeRestriction + EdgeKioskResetAfterIdleTimeInMinutes = $getValue.AdditionalProperties.edgeKioskResetAfterIdleTimeInMinutes + EdgeNewTabPageURL = $getValue.AdditionalProperties.edgeNewTabPageURL + EdgeOpensWith = $enumEdgeOpensWith + EdgePreventCertificateErrorOverride = $getValue.AdditionalProperties.edgePreventCertificateErrorOverride + EdgeRequiredExtensionPackageFamilyNames = $getValue.AdditionalProperties.edgeRequiredExtensionPackageFamilyNames + EdgeRequireSmartScreen = $getValue.AdditionalProperties.edgeRequireSmartScreen + EdgeSearchEngine = $complexEdgeSearchEngine + EdgeSendIntranetTrafficToInternetExplorer = $getValue.AdditionalProperties.edgeSendIntranetTrafficToInternetExplorer + EdgeShowMessageWhenOpeningInternetExplorerSites = $enumEdgeShowMessageWhenOpeningInternetExplorerSites + EdgeSyncFavoritesWithInternetExplorer = $getValue.AdditionalProperties.edgeSyncFavoritesWithInternetExplorer + EdgeTelemetryForMicrosoft365Analytics = $enumEdgeTelemetryForMicrosoft365Analytics + EnableAutomaticRedeployment = $getValue.AdditionalProperties.enableAutomaticRedeployment + EnergySaverOnBatteryThresholdPercentage = $getValue.AdditionalProperties.energySaverOnBatteryThresholdPercentage + EnergySaverPluggedInThresholdPercentage = $getValue.AdditionalProperties.energySaverPluggedInThresholdPercentage + EnterpriseCloudPrintDiscoveryEndPoint = $getValue.AdditionalProperties.enterpriseCloudPrintDiscoveryEndPoint + EnterpriseCloudPrintDiscoveryMaxLimit = $getValue.AdditionalProperties.enterpriseCloudPrintDiscoveryMaxLimit + EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier = $getValue.AdditionalProperties.enterpriseCloudPrintMopriaDiscoveryResourceIdentifier + EnterpriseCloudPrintOAuthAuthority = $getValue.AdditionalProperties.enterpriseCloudPrintOAuthAuthority + EnterpriseCloudPrintOAuthClientIdentifier = $getValue.AdditionalProperties.enterpriseCloudPrintOAuthClientIdentifier + EnterpriseCloudPrintResourceIdentifier = $getValue.AdditionalProperties.enterpriseCloudPrintResourceIdentifier + ExperienceBlockDeviceDiscovery = $getValue.AdditionalProperties.experienceBlockDeviceDiscovery + ExperienceBlockErrorDialogWhenNoSIM = $getValue.AdditionalProperties.experienceBlockErrorDialogWhenNoSIM + ExperienceBlockTaskSwitcher = $getValue.AdditionalProperties.experienceBlockTaskSwitcher + ExperienceDoNotSyncBrowserSettings = $enumExperienceDoNotSyncBrowserSettings + FindMyFiles = $enumFindMyFiles + GameDvrBlocked = $getValue.AdditionalProperties.gameDvrBlocked + InkWorkspaceAccess = $enumInkWorkspaceAccess + InkWorkspaceAccessState = $enumInkWorkspaceAccessState + InkWorkspaceBlockSuggestedApps = $getValue.AdditionalProperties.inkWorkspaceBlockSuggestedApps + InternetSharingBlocked = $getValue.AdditionalProperties.internetSharingBlocked + LocationServicesBlocked = $getValue.AdditionalProperties.locationServicesBlocked + LockScreenActivateAppsWithVoice = $enumLockScreenActivateAppsWithVoice + LockScreenAllowTimeoutConfiguration = $getValue.AdditionalProperties.lockScreenAllowTimeoutConfiguration + LockScreenBlockActionCenterNotifications = $getValue.AdditionalProperties.lockScreenBlockActionCenterNotifications + LockScreenBlockCortana = $getValue.AdditionalProperties.lockScreenBlockCortana + LockScreenBlockToastNotifications = $getValue.AdditionalProperties.lockScreenBlockToastNotifications + LockScreenTimeoutInSeconds = $getValue.AdditionalProperties.lockScreenTimeoutInSeconds + LogonBlockFastUserSwitching = $getValue.AdditionalProperties.logonBlockFastUserSwitching + MessagingBlockMMS = $getValue.AdditionalProperties.messagingBlockMMS + MessagingBlockRichCommunicationServices = $getValue.AdditionalProperties.messagingBlockRichCommunicationServices + MessagingBlockSync = $getValue.AdditionalProperties.messagingBlockSync + MicrosoftAccountBlocked = $getValue.AdditionalProperties.microsoftAccountBlocked + MicrosoftAccountBlockSettingsSync = $getValue.AdditionalProperties.microsoftAccountBlockSettingsSync + MicrosoftAccountSignInAssistantSettings = $enumMicrosoftAccountSignInAssistantSettings + NetworkProxyApplySettingsDeviceWide = $getValue.AdditionalProperties.networkProxyApplySettingsDeviceWide + NetworkProxyAutomaticConfigurationUrl = $getValue.AdditionalProperties.networkProxyAutomaticConfigurationUrl + NetworkProxyDisableAutoDetect = $getValue.AdditionalProperties.networkProxyDisableAutoDetect + NetworkProxyServer = $complexNetworkProxyServer + NfcBlocked = $getValue.AdditionalProperties.nfcBlocked + OneDriveDisableFileSync = $getValue.AdditionalProperties.oneDriveDisableFileSync + PasswordBlockSimple = $getValue.AdditionalProperties.passwordBlockSimple + PasswordExpirationDays = $getValue.AdditionalProperties.passwordExpirationDays + PasswordMinimumAgeInDays = $getValue.AdditionalProperties.passwordMinimumAgeInDays + PasswordMinimumCharacterSetCount = $getValue.AdditionalProperties.passwordMinimumCharacterSetCount + PasswordMinimumLength = $getValue.AdditionalProperties.passwordMinimumLength + PasswordMinutesOfInactivityBeforeScreenTimeout = $getValue.AdditionalProperties.passwordMinutesOfInactivityBeforeScreenTimeout + PasswordPreviousPasswordBlockCount = $getValue.AdditionalProperties.passwordPreviousPasswordBlockCount + PasswordRequired = $getValue.AdditionalProperties.passwordRequired + PasswordRequiredType = $enumPasswordRequiredType + PasswordRequireWhenResumeFromIdleState = $getValue.AdditionalProperties.passwordRequireWhenResumeFromIdleState + PasswordSignInFailureCountBeforeFactoryReset = $getValue.AdditionalProperties.passwordSignInFailureCountBeforeFactoryReset + PersonalizationDesktopImageUrl = $getValue.AdditionalProperties.personalizationDesktopImageUrl + PersonalizationLockScreenImageUrl = $getValue.AdditionalProperties.personalizationLockScreenImageUrl + PowerButtonActionOnBattery = $enumPowerButtonActionOnBattery + PowerButtonActionPluggedIn = $enumPowerButtonActionPluggedIn + PowerHybridSleepOnBattery = $enumPowerHybridSleepOnBattery + PowerHybridSleepPluggedIn = $enumPowerHybridSleepPluggedIn + PowerLidCloseActionOnBattery = $enumPowerLidCloseActionOnBattery + PowerLidCloseActionPluggedIn = $enumPowerLidCloseActionPluggedIn + PowerSleepButtonActionOnBattery = $enumPowerSleepButtonActionOnBattery + PowerSleepButtonActionPluggedIn = $enumPowerSleepButtonActionPluggedIn + PrinterBlockAddition = $getValue.AdditionalProperties.printerBlockAddition + PrinterDefaultName = $getValue.AdditionalProperties.printerDefaultName + PrinterNames = $getValue.AdditionalProperties.printerNames + PrivacyAdvertisingId = $enumPrivacyAdvertisingId + PrivacyAutoAcceptPairingAndConsentPrompts = $getValue.AdditionalProperties.privacyAutoAcceptPairingAndConsentPrompts + PrivacyBlockActivityFeed = $getValue.AdditionalProperties.privacyBlockActivityFeed + PrivacyBlockInputPersonalization = $getValue.AdditionalProperties.privacyBlockInputPersonalization + PrivacyBlockPublishUserActivities = $getValue.AdditionalProperties.privacyBlockPublishUserActivities + PrivacyDisableLaunchExperience = $getValue.AdditionalProperties.privacyDisableLaunchExperience + ResetProtectionModeBlocked = $getValue.AdditionalProperties.resetProtectionModeBlocked + SafeSearchFilter = $enumSafeSearchFilter + ScreenCaptureBlocked = $getValue.AdditionalProperties.screenCaptureBlocked + SearchBlockDiacritics = $getValue.AdditionalProperties.searchBlockDiacritics + SearchBlockWebResults = $getValue.AdditionalProperties.searchBlockWebResults + SearchDisableAutoLanguageDetection = $getValue.AdditionalProperties.searchDisableAutoLanguageDetection + SearchDisableIndexerBackoff = $getValue.AdditionalProperties.searchDisableIndexerBackoff + SearchDisableIndexingEncryptedItems = $getValue.AdditionalProperties.searchDisableIndexingEncryptedItems + SearchDisableIndexingRemovableDrive = $getValue.AdditionalProperties.searchDisableIndexingRemovableDrive + SearchDisableLocation = $getValue.AdditionalProperties.searchDisableLocation + SearchDisableUseLocation = $getValue.AdditionalProperties.searchDisableUseLocation + SearchEnableAutomaticIndexSizeManangement = $getValue.AdditionalProperties.searchEnableAutomaticIndexSizeManangement + SearchEnableRemoteQueries = $getValue.AdditionalProperties.searchEnableRemoteQueries + SecurityBlockAzureADJoinedDevicesAutoEncryption = $getValue.AdditionalProperties.securityBlockAzureADJoinedDevicesAutoEncryption + SettingsBlockAccountsPage = $getValue.AdditionalProperties.settingsBlockAccountsPage + SettingsBlockAddProvisioningPackage = $getValue.AdditionalProperties.settingsBlockAddProvisioningPackage + SettingsBlockAppsPage = $getValue.AdditionalProperties.settingsBlockAppsPage + SettingsBlockChangeLanguage = $getValue.AdditionalProperties.settingsBlockChangeLanguage + SettingsBlockChangePowerSleep = $getValue.AdditionalProperties.settingsBlockChangePowerSleep + SettingsBlockChangeRegion = $getValue.AdditionalProperties.settingsBlockChangeRegion + SettingsBlockChangeSystemTime = $getValue.AdditionalProperties.settingsBlockChangeSystemTime + SettingsBlockDevicesPage = $getValue.AdditionalProperties.settingsBlockDevicesPage + SettingsBlockEaseOfAccessPage = $getValue.AdditionalProperties.settingsBlockEaseOfAccessPage + SettingsBlockEditDeviceName = $getValue.AdditionalProperties.settingsBlockEditDeviceName + SettingsBlockGamingPage = $getValue.AdditionalProperties.settingsBlockGamingPage + SettingsBlockNetworkInternetPage = $getValue.AdditionalProperties.settingsBlockNetworkInternetPage + SettingsBlockPersonalizationPage = $getValue.AdditionalProperties.settingsBlockPersonalizationPage + SettingsBlockPrivacyPage = $getValue.AdditionalProperties.settingsBlockPrivacyPage + SettingsBlockRemoveProvisioningPackage = $getValue.AdditionalProperties.settingsBlockRemoveProvisioningPackage + SettingsBlockSettingsApp = $getValue.AdditionalProperties.settingsBlockSettingsApp + SettingsBlockSystemPage = $getValue.AdditionalProperties.settingsBlockSystemPage + SettingsBlockTimeLanguagePage = $getValue.AdditionalProperties.settingsBlockTimeLanguagePage + SettingsBlockUpdateSecurityPage = $getValue.AdditionalProperties.settingsBlockUpdateSecurityPage + SharedUserAppDataAllowed = $getValue.AdditionalProperties.sharedUserAppDataAllowed + SmartScreenAppInstallControl = $enumSmartScreenAppInstallControl + SmartScreenBlockPromptOverride = $getValue.AdditionalProperties.smartScreenBlockPromptOverride + SmartScreenBlockPromptOverrideForFiles = $getValue.AdditionalProperties.smartScreenBlockPromptOverrideForFiles + SmartScreenEnableAppInstallControl = $getValue.AdditionalProperties.smartScreenEnableAppInstallControl + StartBlockUnpinningAppsFromTaskbar = $getValue.AdditionalProperties.startBlockUnpinningAppsFromTaskbar + StartMenuAppListVisibility = $enumStartMenuAppListVisibility + StartMenuHideChangeAccountSettings = $getValue.AdditionalProperties.startMenuHideChangeAccountSettings + StartMenuHideFrequentlyUsedApps = $getValue.AdditionalProperties.startMenuHideFrequentlyUsedApps + StartMenuHideHibernate = $getValue.AdditionalProperties.startMenuHideHibernate + StartMenuHideLock = $getValue.AdditionalProperties.startMenuHideLock + StartMenuHidePowerButton = $getValue.AdditionalProperties.startMenuHidePowerButton + StartMenuHideRecentJumpLists = $getValue.AdditionalProperties.startMenuHideRecentJumpLists + StartMenuHideRecentlyAddedApps = $getValue.AdditionalProperties.startMenuHideRecentlyAddedApps + StartMenuHideRestartOptions = $getValue.AdditionalProperties.startMenuHideRestartOptions + StartMenuHideShutDown = $getValue.AdditionalProperties.startMenuHideShutDown + StartMenuHideSignOut = $getValue.AdditionalProperties.startMenuHideSignOut + StartMenuHideSleep = $getValue.AdditionalProperties.startMenuHideSleep + StartMenuHideSwitchAccount = $getValue.AdditionalProperties.startMenuHideSwitchAccount + StartMenuHideUserTile = $getValue.AdditionalProperties.startMenuHideUserTile + StartMenuLayoutEdgeAssetsXml = $getValue.AdditionalProperties.startMenuLayoutEdgeAssetsXml + StartMenuLayoutXml = $getValue.AdditionalProperties.startMenuLayoutXml + StartMenuMode = $enumStartMenuMode + StartMenuPinnedFolderDocuments = $enumStartMenuPinnedFolderDocuments + StartMenuPinnedFolderDownloads = $enumStartMenuPinnedFolderDownloads + StartMenuPinnedFolderFileExplorer = $enumStartMenuPinnedFolderFileExplorer + StartMenuPinnedFolderHomeGroup = $enumStartMenuPinnedFolderHomeGroup + StartMenuPinnedFolderMusic = $enumStartMenuPinnedFolderMusic + StartMenuPinnedFolderNetwork = $enumStartMenuPinnedFolderNetwork + StartMenuPinnedFolderPersonalFolder = $enumStartMenuPinnedFolderPersonalFolder + StartMenuPinnedFolderPictures = $enumStartMenuPinnedFolderPictures + StartMenuPinnedFolderSettings = $enumStartMenuPinnedFolderSettings + StartMenuPinnedFolderVideos = $enumStartMenuPinnedFolderVideos + StorageBlockRemovableStorage = $getValue.AdditionalProperties.storageBlockRemovableStorage + StorageRequireMobileDeviceEncryption = $getValue.AdditionalProperties.storageRequireMobileDeviceEncryption + StorageRestrictAppDataToSystemVolume = $getValue.AdditionalProperties.storageRestrictAppDataToSystemVolume + StorageRestrictAppInstallToSystemVolume = $getValue.AdditionalProperties.storageRestrictAppInstallToSystemVolume + SystemTelemetryProxyServer = $getValue.AdditionalProperties.systemTelemetryProxyServer + TaskManagerBlockEndTask = $getValue.AdditionalProperties.taskManagerBlockEndTask + TenantLockdownRequireNetworkDuringOutOfBoxExperience = $getValue.AdditionalProperties.tenantLockdownRequireNetworkDuringOutOfBoxExperience + UninstallBuiltInApps = $getValue.AdditionalProperties.uninstallBuiltInApps + UsbBlocked = $getValue.AdditionalProperties.usbBlocked + VoiceRecordingBlocked = $getValue.AdditionalProperties.voiceRecordingBlocked + WebRtcBlockLocalhostIpAddress = $getValue.AdditionalProperties.webRtcBlockLocalhostIpAddress + WiFiBlockAutomaticConnectHotspots = $getValue.AdditionalProperties.wiFiBlockAutomaticConnectHotspots + WiFiBlocked = $getValue.AdditionalProperties.wiFiBlocked + WiFiBlockManualConfiguration = $getValue.AdditionalProperties.wiFiBlockManualConfiguration + WiFiScanInterval = $getValue.AdditionalProperties.wiFiScanInterval + Windows10AppsForceUpdateSchedule = $complexWindows10AppsForceUpdateSchedule + WindowsSpotlightBlockConsumerSpecificFeatures = $getValue.AdditionalProperties.windowsSpotlightBlockConsumerSpecificFeatures + WindowsSpotlightBlocked = $getValue.AdditionalProperties.windowsSpotlightBlocked + WindowsSpotlightBlockOnActionCenter = $getValue.AdditionalProperties.windowsSpotlightBlockOnActionCenter + WindowsSpotlightBlockTailoredExperiences = $getValue.AdditionalProperties.windowsSpotlightBlockTailoredExperiences + WindowsSpotlightBlockThirdPartyNotifications = $getValue.AdditionalProperties.windowsSpotlightBlockThirdPartyNotifications + WindowsSpotlightBlockWelcomeExperience = $getValue.AdditionalProperties.windowsSpotlightBlockWelcomeExperience + WindowsSpotlightBlockWindowsTips = $getValue.AdditionalProperties.windowsSpotlightBlockWindowsTips + WindowsSpotlightConfigureOnLockScreen = $enumWindowsSpotlightConfigureOnLockScreen + WindowsStoreBlockAutoUpdate = $getValue.AdditionalProperties.windowsStoreBlockAutoUpdate + WindowsStoreBlocked = $getValue.AdditionalProperties.windowsStoreBlocked + WindowsStoreEnablePrivateStoreOnly = $getValue.AdditionalProperties.windowsStoreEnablePrivateStoreOnly + WirelessDisplayBlockProjectionToThisDevice = $getValue.AdditionalProperties.wirelessDisplayBlockProjectionToThisDevice + WirelessDisplayBlockUserInputFromReceiver = $getValue.AdditionalProperties.wirelessDisplayBlockUserInputFromReceiver + WirelessDisplayRequirePinForPairing = $getValue.AdditionalProperties.wirelessDisplayRequirePinForPairing + Description = $getValue.Description + DisplayName = $getValue.DisplayName + SupportsScopeTags = $getValue.SupportsScopeTags + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + $assignmentsValues = Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.Boolean] + $AccountsBlockAddingNonMicrosoftAccountEmail, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $ActivateAppsWithVoice, + + [Parameter()] + [System.Boolean] + $AntiTheftModeBlocked, + + [Parameter()] + [System.Boolean] + $AppManagementMSIAllowUserControlOverInstall, + + [Parameter()] + [System.Boolean] + $AppManagementMSIAlwaysInstallWithElevatedPrivileges, + + [Parameter()] + [System.String[]] + $AppManagementPackageFamilyNamesToLaunchAfterLogOn, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $AppsAllowTrustedAppsSideloading, + + [Parameter()] + [System.Boolean] + $AppsBlockWindowsStoreOriginatedApps, + + [Parameter()] + [System.Boolean] + $AuthenticationAllowSecondaryDevice, + + [Parameter()] + [System.String] + $AuthenticationPreferredAzureADTenantDomainName, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $AuthenticationWebSignIn, + + [Parameter()] + [System.String[]] + $BluetoothAllowedServices, + + [Parameter()] + [System.Boolean] + $BluetoothBlockAdvertising, + + [Parameter()] + [System.Boolean] + $BluetoothBlockDiscoverableMode, + + [Parameter()] + [System.Boolean] + $BluetoothBlocked, + + [Parameter()] + [System.Boolean] + $BluetoothBlockPrePairing, + + [Parameter()] + [System.Boolean] + $BluetoothBlockPromptedProximalConnections, + + [Parameter()] + [System.Boolean] + $CameraBlocked, + + [Parameter()] + [System.Boolean] + $CellularBlockDataWhenRoaming, + + [Parameter()] + [System.Boolean] + $CellularBlockVpn, + + [Parameter()] + [System.Boolean] + $CellularBlockVpnWhenRoaming, + + [Parameter()] + [ValidateSet('blocked','required','allowed','notConfigured')] + [System.String] + $CellularData, + + [Parameter()] + [System.Boolean] + $CertificatesBlockManualRootCertificateInstallation, + + [Parameter()] + [System.String] + $ConfigureTimeZone, + + [Parameter()] + [System.Boolean] + $ConnectedDevicesServiceBlocked, + + [Parameter()] + [System.Boolean] + $CopyPasteBlocked, + + [Parameter()] + [System.Boolean] + $CortanaBlocked, + + [Parameter()] + [System.Boolean] + $CryptographyAllowFipsAlgorithmPolicy, + + [Parameter()] + [System.Boolean] + $DataProtectionBlockDirectMemoryAccess, + + [Parameter()] + [System.Boolean] + $DefenderBlockEndUserAccess, + + [Parameter()] + [System.Boolean] + $DefenderBlockOnAccessProtection, + + [Parameter()] + [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [System.String] + $DefenderCloudBlockLevel, + + [Parameter()] + [System.Int32] + $DefenderCloudExtendedTimeout, + + [Parameter()] + [System.Int32] + $DefenderCloudExtendedTimeoutInSeconds, + + [Parameter()] + [System.Int32] + $DefenderDaysBeforeDeletingQuarantinedMalware, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DefenderDetectedMalwareActions, + + [Parameter()] + [System.Boolean] + $DefenderDisableCatchupFullScan, + + [Parameter()] + [System.Boolean] + $DefenderDisableCatchupQuickScan, + + [Parameter()] + [System.String[]] + $DefenderFileExtensionsToExclude, + + [Parameter()] + [System.String[]] + $DefenderFilesAndFoldersToExclude, + + [Parameter()] + [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [System.String] + $DefenderMonitorFileActivity, + + [Parameter()] + [ValidateSet('deviceDefault','block','audit')] + [System.String] + $DefenderPotentiallyUnwantedAppAction, + + [Parameter()] + [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [System.String] + $DefenderPotentiallyUnwantedAppActionSetting, + + [Parameter()] + [System.String[]] + $DefenderProcessesToExclude, + + [Parameter()] + [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [System.String] + $DefenderPromptForSampleSubmission, + + [Parameter()] + [System.Boolean] + $DefenderRequireBehaviorMonitoring, + + [Parameter()] + [System.Boolean] + $DefenderRequireCloudProtection, + + [Parameter()] + [System.Boolean] + $DefenderRequireNetworkInspectionSystem, + + [Parameter()] + [System.Boolean] + $DefenderRequireRealTimeMonitoring, + + [Parameter()] + [System.Boolean] + $DefenderScanArchiveFiles, [Parameter()] [System.Boolean] - $ExperienceBlockTaskSwitcher, + $DefenderScanDownloads, [Parameter()] [System.Boolean] - $LogonBlockFastUserSwitching, + $DefenderScanIncomingMail, [Parameter()] [System.Boolean] - $TenantLockdownRequireNetworkDuringOutOfBoxExperience, + $DefenderScanMappedNetworkDrivesDuringFullScan, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $Assignments, + [System.Int32] + $DefenderScanMaxCpu, + + [Parameter()] + [System.Boolean] + $DefenderScanNetworkFiles, - [Parameter(Mandatory = $True)] + [Parameter()] + [System.Boolean] + $DefenderScanRemovableDrivesDuringFullScan, + + [Parameter()] + [System.Boolean] + $DefenderScanScriptsLoadedInInternetExplorer, + + [Parameter()] + [ValidateSet('userDefined','disabled','quick','full')] [System.String] - [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $DefenderScanType, [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, + [System.TimeSpan] + $DefenderScheduledQuickScanTime, + + [Parameter()] + [System.TimeSpan] + $DefenderScheduledScanTime, + + [Parameter()] + [System.Boolean] + $DefenderScheduleScanEnableLowCpuPriority, [Parameter()] + [System.Int32] + $DefenderSignatureUpdateIntervalInHours, + + [Parameter()] + [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] [System.String] - $ApplicationId, + $DefenderSubmitSamplesConsentType, [Parameter()] + [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] [System.String] - $TenantId, + $DefenderSystemScanSchedule, [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $DeveloperUnlockSetting, + + [Parameter()] + [System.Boolean] + $DeviceManagementBlockFactoryResetOnMobile, + + [Parameter()] + [System.Boolean] + $DeviceManagementBlockManualUnenroll, [Parameter()] + [ValidateSet('userDefined','none','basic','enhanced','full')] [System.String] - $CertificateThumbprint, + $DiagnosticsDataSubmissionMode, [Parameter()] - [Switch] - $ManagedIdentity - ) + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOff, - Write-Verbose -Message "Checking for the Intune Device Configuration Policy {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ProfileName 'beta' + [Parameter()] + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOn, - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + [Parameter()] + [System.Boolean] + $EdgeAllowStartPagesModification, - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + [Parameter()] + [System.Boolean] + $EdgeBlockAccessToAboutFlags, - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + [Parameter()] + [System.Boolean] + $EdgeBlockAddressBarDropdown, - try - { - $policy = Get-MgDeviceManagementDeviceConfiguration -Filter "displayName eq '$DisplayName'" ` - -ErrorAction Stop | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' } + [Parameter()] + [System.Boolean] + $EdgeBlockAutofill, - if ($null -eq $policy) - { - Write-Verbose -Message "No Device Configuration Policy {$DisplayName} was found" - return $nullResult - } + [Parameter()] + [System.Boolean] + $EdgeBlockCompatibilityList, - $DefenderDetectedMalwareActionsValues = $null - if (-not [System.String]::IsNullOrEmpty($policy.AdditionalProperties.defenderDetectedMalwareActions.lowSeverity) -or - -not [System.String]::IsNullOrEmpty($policy.AdditionalProperties.defenderDetectedMalwareActions.moderateSeverity) -or - -not [System.String]::IsNullOrEmpty($policy.AdditionalProperties.defenderDetectedMalwareActions.highSeverity) -or - -not [System.String]::IsNullOrEmpty($policy.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity)) - { - $DefenderDetectedMalwareActionsValues = @{ - LowSeverity = $policy.AdditionalProperties.defenderDetectedMalwareActions.lowSeverity - ModerateSeverity = $policy.AdditionalProperties.defenderDetectedMalwareActions.moderateSeverity - HighSeverity = $policy.AdditionalProperties.defenderDetectedMalwareActions.highSeverity - SevereSeverity = $policy.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity - } - } + [Parameter()] + [System.Boolean] + $EdgeBlockDeveloperTools, - Write-Verbose -Message "Found Device Configuration Policy {$DisplayName}" - $results = @{ - Description = $policy.Description - DisplayName = $policy.DisplayName - EnterpriseCloudPrintDiscoveryEndPoint = $policy.AdditionalProperties.enterpriseCloudPrintDiscoveryEndPoint - EnterpriseCloudPrintOAuthAuthority = $policy.AdditionalProperties.enterpriseCloudPrintOAuthAuthority - EnterpriseCloudPrintOAuthClientIdentifier = $policy.AdditionalProperties.enterpriseCloudPrintOAuthClientIdentifier - EnterpriseCloudPrintResourceIdentifier = $policy.AdditionalProperties.enterpriseCloudPrintResourceIdentifier - EnterpriseCloudPrintDiscoveryMaxLimit = $policy.AdditionalProperties.enterpriseCloudPrintDiscoveryMaxLimit - EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier = $policy.AdditionalProperties.enterpriseCloudPrintMopriaDiscoveryResourceIdentifier - SearchBlockDiacritics = $policy.AdditionalProperties.searchBlockDiacritics - SearchDisableAutoLanguageDetection = $policy.AdditionalProperties.searchDisableAutoLanguageDetection - SearchDisableIndexingEncryptedItems = $policy.AdditionalProperties.searchDisableIndexingEncryptedItems - SearchEnableRemoteQueries = $policy.AdditionalProperties.searchEnableRemoteQueries - SearchDisableIndexerBackoff = $policy.AdditionalProperties.searchDisableIndexerBackoff - SearchDisableIndexingRemovableDrive = $policy.AdditionalProperties.searchDisableIndexingRemovableDrive - SearchEnableAutomaticIndexSizeManangement = $policy.AdditionalProperties.searchEnableAutomaticIndexSizeManangement - DiagnosticsDataSubmissionMode = $policy.AdditionalProperties.diagnosticsDataSubmissionMode - OneDriveDisableFileSync = $policy.AdditionalProperties.oneDriveDisableFileSync - SmartScreenEnableAppInstallControl = $policy.AdditionalProperties.smartScreenEnableAppInstallControl - PersonalizationDesktopImageUrl = $policy.AdditionalProperties.personalizationDesktopImageUrl - PersonalizationLockScreenImageUrl = $policy.AdditionalProperties.personalizationLockScreenImageUrl - BluetoothAllowedServices = $policy.AdditionalProperties.bluetoothAllowedServices - BluetoothBlockAdvertising = $policy.AdditionalProperties.bluetoothBlockAdvertising - BluetoothBlockDiscoverableMode = $policy.AdditionalProperties.bluetoothBlockDiscoverableMode - BluetoothBlockPrePairing = $policy.AdditionalProperties.bluetoothBlockPrePairing - EdgeBlockAutofill = $policy.AdditionalProperties.edgeBlockAutofill - EdgeBlocked = $policy.AdditionalProperties.edgeBlocked - EdgeCookiePolicy = $policy.AdditionalProperties.edgeCookiePolicy - EdgeBlockDeveloperTools = $policy.AdditionalProperties.edgeBlockDeveloperTools - EdgeBlockSendingDoNotTrackHeader = $policy.AdditionalProperties.edgeBlockSendingDoNotTrackHeader - EdgeBlockExtensions = $policy.AdditionalProperties.edgeBlockExtensions - EdgeBlockInPrivateBrowsing = $policy.AdditionalProperties.edgeBlockInPrivateBrowsing - EdgeBlockJavaScript = $policy.AdditionalProperties.edgeBlockJavaScript - EdgeBlockPasswordManager = $policy.AdditionalProperties.edgeBlockPasswordManager - EdgeBlockAddressBarDropdown = $policy.AdditionalProperties.edgeBlockAddressBarDropdown - EdgeBlockCompatibilityList = $policy.AdditionalProperties.edgeBlockCompatibilityList - EdgeClearBrowsingDataOnExit = $policy.AdditionalProperties.edgeClearBrowsingDataOnExit - EdgeAllowStartPagesModification = $policy.AdditionalProperties.edgeAllowStartPagesModification - EdgeDisableFirstRunPage = $policy.AdditionalProperties.edgeDisableFirstRunPage - EdgeBlockLiveTileDataCollection = $policy.AdditionalProperties.edgeBlockLiveTileDataCollection - EdgeSyncFavoritesWithInternetExplorer = $policy.AdditionalProperties.edgeSyncFavoritesWithInternetExplorer - CellularBlockDataWhenRoaming = $policy.AdditionalProperties.cellularBlockDataWhenRoaming - CellularBlockVpn = $policy.AdditionalProperties.cellularBlockVpn - CellularBlockVpnWhenRoaming = $policy.AdditionalProperties.cellularBlockVpnWhenRoaming - DefenderRequireRealTimeMonitoring = $policy.AdditionalProperties.defenderRequireRealTimeMonitoring - DefenderRequireBehaviorMonitoring = $policy.AdditionalProperties.defenderRequireBehaviorMonitoring - DefenderRequireNetworkInspectionSystem = $policy.AdditionalProperties.defenderRequireNetworkInspectionSystem - DefenderScanDownloads = $policy.AdditionalProperties.defenderScanDownloads - DefenderScanScriptsLoadedInInternetExplorer = $policy.AdditionalProperties.defenderScanScriptsLoadedInInternetExplorer - DefenderBlockEndUserAccess = $policy.AdditionalProperties.defenderBlockEndUserAccess - DefenderSignatureUpdateIntervalInHours = $policy.AdditionalProperties.defenderSignatureUpdateIntervalInHours - DefenderMonitorFileActivity = $policy.AdditionalProperties.defenderMonitorFileActivity - DefenderDaysBeforeDeletingQuarantinedMalware = $policy.AdditionalProperties.defenderDaysBeforeDeletingQuarantinedMalware - DefenderScanMaxCpu = $policy.AdditionalProperties.defenderScanMaxCpu - DefenderScanArchiveFiles = $policy.AdditionalProperties.defenderScanArchiveFiles - DefenderScanIncomingMail = $policy.AdditionalProperties.defenderScanIncomingMail - DefenderScanRemovableDrivesDuringFullScan = $policy.AdditionalProperties.defenderScanRemovableDrivesDuringFullScan - DefenderScanMappedNetworkDrivesDuringFullScan = $policy.AdditionalProperties.defenderScanMappedNetworkDrivesDuringFullScan - DefenderScanNetworkFiles = $policy.AdditionalProperties.defenderScanNetworkFiles - DefenderRequireCloudProtection = $policy.AdditionalProperties.defenderRequireCloudProtection - DefenderCloudBlockLevel = $policy.AdditionalProperties.defenderCloudBlockLevel - DefenderPromptForSampleSubmission = $policy.AdditionalProperties.defenderPromptForSampleSubmission - DefenderScheduledQuickScanTime = $policy.AdditionalProperties.defenderScheduledQuickScanTime - DefenderScanType = $policy.AdditionalProperties.defenderScanType - DefenderSystemScanSchedule = $policy.AdditionalProperties.defenderSystemScanSchedule - DefenderScheduledScanTime = $policy.AdditionalProperties.defenderScheduledScanTime - DefenderDetectedMalwareActions = $DefenderDetectedMalwareActionsValues - DefenderFileExtensionsToExclude = $policy.AdditionalProperties.defenderFileExtensionsToExclude - DefenderFilesAndFoldersToExclude = $policy.AdditionalProperties.defenderFilesAndFoldersToExclude - DefenderProcessesToExclude = $policy.AdditionalProperties.defenderProcessesToExclude - LockScreenAllowTimeoutConfiguration = $policy.AdditionalProperties.lockScreenAllowTimeoutConfiguration - LockScreenBlockActionCenterNotifications = $policy.AdditionalProperties.lockScreenBlockActionCenterNotifications - LockScreenBlockCortana = $policy.AdditionalProperties.lockScreenBlockCortana - LockScreenBlockToastNotifications = $policy.AdditionalProperties.lockScreenBlockToastNotifications - LockScreenTimeoutInSeconds = $policy.AdditionalProperties.lockScreenTimeoutInSeconds - PasswordBlockSimple = $policy.AdditionalProperties.passwordBlockSimple - PasswordExpirationDays = $policy.AdditionalProperties.passwordExpirationDays - PasswordMinimumLength = $policy.AdditionalProperties.passwordMinimumLength - PasswordMinutesOfInactivityBeforeScreenTimeout = $policy.AdditionalProperties.passwordMinutesOfInactivityBeforeScreenTimeout - PasswordMinimumCharacterSetCount = $policy.AdditionalProperties.passwordMinimumCharacterSetCount - PasswordPreviousPasswordBlockCount = $policy.AdditionalProperties.passwordPreviousPasswordBlockCount - PasswordRequired = $policy.AdditionalProperties.passwordRequired - PasswordRequireWhenResumeFromIdleState = $policy.AdditionalProperties.passwordRequireWhenResumeFromIdleState - PasswordRequiredType = $policy.AdditionalProperties.passwordRequiredType - PasswordSignInFailureCountBeforeFactoryReset = $policy.AdditionalProperties.passwordSignInFailureCountBeforeFactoryReset - PrivacyAdvertisingId = $policy.AdditionalProperties.privacyAdvertisingId - PrivacyAutoAcceptPairingAndConsentPrompts = $policy.AdditionalProperties.privacyAutoAcceptPairingAndConsentPrompts - PrivacyBlockInputPersonalization = $policy.AdditionalProperties.privacyBlockInputPersonalization - StartBlockUnpinningAppsFromTaskbar = $policy.AdditionalProperties.startBlockUnpinningAppsFromTaskbar - StartMenuAppListVisibility = $policy.AdditionalProperties.startMenuAppListVisibility - StartMenuHideChangeAccountSettings = $policy.AdditionalProperties.startMenuHideChangeAccountSettings - StartMenuHideFrequentlyUsedApps = $policy.AdditionalProperties.startMenuHideFrequentlyUsedApps - StartMenuHideHibernate = $policy.AdditionalProperties.startMenuHideHibernate - StartMenuHideLock = $policy.AdditionalProperties.startMenuHideLock - StartMenuHidePowerButton = $policy.AdditionalProperties.startMenuHidePowerButton - StartMenuHideRecentJumpLists = $policy.AdditionalProperties.startMenuHideRecentJumpLists - StartMenuHideRecentlyAddedApps = $policy.AdditionalProperties.startMenuHideRecentlyAddedApps - StartMenuHideRestartOptions = $policy.AdditionalProperties.startMenuHideRestartOptions - StartMenuHideShutDown = $policy.AdditionalProperties.startMenuHideShutDown - StartMenuHideSignOut = $policy.AdditionalProperties.startMenuHideSignOut - StartMenuHideSleep = $policy.AdditionalProperties.startMenuHideSleep - StartMenuHideSwitchAccount = $policy.AdditionalProperties.startMenuHideSwitchAccount - StartMenuHideUserTile = $policy.AdditionalProperties.startMenuHideUserTile - StartMenuLayoutEdgeAssetsXml = $policy.AdditionalProperties.startMenuLayoutEdgeAssetsXml - StartMenuLayoutXml = $policy.AdditionalProperties.startMenuLayoutXml - StartMenuMode = $policy.AdditionalProperties.startMenuMode - StartMenuPinnedFolderDocuments = $policy.AdditionalProperties.startMenuPinnedFolderDocuments - StartMenuPinnedFolderDownloads = $policy.AdditionalProperties.startMenuPinnedFolderDownloads - StartMenuPinnedFolderFileExplorer = $policy.AdditionalProperties.startMenuPinnedFolderFileExplorer - StartMenuPinnedFolderHomeGroup = $policy.AdditionalProperties.startMenuPinnedFolderHomeGroup - StartMenuPinnedFolderMusic = $policy.AdditionalProperties.startMenuPinnedFolderMusic - StartMenuPinnedFolderNetwork = $policy.AdditionalProperties.startMenuPinnedFolderNetwork - StartMenuPinnedFolderPersonalFolder = $policy.AdditionalProperties.startMenuPinnedFolderPersonalFolder - StartMenuPinnedFolderPictures = $policy.AdditionalProperties.startMenuPinnedFolderPictures - StartMenuPinnedFolderSettings = $policy.AdditionalProperties.startMenuPinnedFolderSettings - StartMenuPinnedFolderVideos = $policy.AdditionalProperties.startMenuPinnedFolderVideos - SettingsBlockSettingsApp = $policy.AdditionalProperties.settingsBlockSettingsApp - SettingsBlockSystemPage = $policy.AdditionalProperties.settingsBlockSystemPage - SettingsBlockDevicesPage = $policy.AdditionalProperties.settingsBlockDevicesPage - SettingsBlockNetworkInternetPage = $policy.AdditionalProperties.settingsBlockNetworkInternetPage - SettingsBlockPersonalizationPage = $policy.AdditionalProperties.settingsBlockPersonalizationPage - SettingsBlockAccountsPage = $policy.AdditionalProperties.settingsBlockAccountsPage - SettingsBlockTimeLanguagePage = $policy.AdditionalProperties.settingsBlockTimeLanguagePage - SettingsBlockEaseOfAccessPage = $policy.AdditionalProperties.settingsBlockEaseOfAccessPage - SettingsBlockPrivacyPage = $policy.AdditionalProperties.settingsBlockPrivacyPage - SettingsBlockUpdateSecurityPage = $policy.AdditionalProperties.settingsBlockUpdateSecurityPage - SettingsBlockAppsPage = $policy.AdditionalProperties.settingsBlockAppsPage - SettingsBlockGamingPage = $policy.AdditionalProperties.settingsBlockGamingPage - WindowsSpotlightBlockConsumerSpecificFeatures = $policy.AdditionalProperties.windowsSpotlightBlockConsumerSpecificFeatures - WindowsSpotlightBlocked = $policy.AdditionalProperties.windowsSpotlightBlocked - WindowsSpotlightBlockOnActionCenter = $policy.AdditionalProperties.windowsSpotlightBlockOnActionCenter - WindowsSpotlightBlockTailoredExperiences = $policy.AdditionalProperties.windowsSpotlightBlockTailoredExperiences - WindowsSpotlightBlockThirdPartyNotifications = $policy.AdditionalProperties.windowsSpotlightBlockThirdPartyNotifications - WindowsSpotlightBlockWelcomeExperience = $policy.AdditionalProperties.windowsSpotlightBlockWelcomeExperience - WindowsSpotlightBlockWindowsTips = $policy.AdditionalProperties.windowsSpotlightBlockWindowsTips - WindowsSpotlightConfigureOnLockScreen = $policy.AdditionalProperties.windowsSpotlightConfigureOnLockScreen - NetworkProxyApplySettingsDeviceWide = $policy.AdditionalProperties.networkProxyApplySettingsDeviceWide - NetworkProxyDisableAutoDetect = $policy.AdditionalProperties.networkProxyDisableAutoDetect - NetworkProxyAutomaticConfigurationUrl = $policy.AdditionalProperties.networkProxyAutomaticConfigurationUrl - NetworkProxyServer = $policy.AdditionalProperties.networkProxyServer - AccountsBlockAddingNonMicrosoftAccountEmail = $policy.AdditionalProperties.accountsBlockAddingNonMicrosoftAccountEmail - AntiTheftModeBlocked = $policy.AdditionalProperties.antiTheftModeBlocked - BluetoothBlocked = $policy.AdditionalProperties.bluetoothBlocked - CameraBlocked = $policy.AdditionalProperties.cameraBlocked - ConnectedDevicesServiceBlocked = $policy.AdditionalProperties.connectedDevicesServiceBlocked - CertificatesBlockManualRootCertificateInstallation = $policy.AdditionalProperties.certificatesBlockManualRootCertificateInstallation - CopyPasteBlocked = $policy.AdditionalProperties.copyPasteBlocked - CortanaBlocked = $policy.AdditionalProperties.cortanaBlocked - DeviceManagementBlockFactoryResetOnMobile = $policy.AdditionalProperties.deviceManagementBlockFactoryResetOnMobile - DeviceManagementBlockManualUnenroll = $policy.AdditionalProperties.deviceManagementBlockManualUnenroll - SafeSearchFilter = $policy.AdditionalProperties.safeSearchFilter - EdgeBlockPopups = $policy.AdditionalProperties.edgeBlockPopups - EdgeBlockSearchSuggestions = $policy.AdditionalProperties.edgeBlockSearchSuggestions - EdgeBlockSendingIntranetTrafficToInternetExplorer = $policy.AdditionalProperties.edgeBlockSendingIntranetTrafficToInternetExplorer - EdgeSendIntranetTrafficToInternetExplorer = $policy.AdditionalProperties.edgeSendIntranetTrafficToInternetExplorer - EdgeRequireSmartScreen = $policy.AdditionalProperties.edgeRequireSmartScreen - EdgeEnterpriseModeSiteListLocation = $policy.AdditionalProperties.edgeEnterpriseModeSiteListLocation - EdgeFirstRunUrl = $policy.AdditionalProperties.edgeFirstRunUrl - EdgeSearchEngine = $policy.AdditionalProperties.edgeSearchEngine.edgeSearchEngineType - EdgeHomepageUrls = $policy.AdditionalProperties.edgeHomepageUrls - EdgeBlockAccessToAboutFlags = $policy.AdditionalProperties.edgeBlockAccessToAboutFlags - SmartScreenBlockPromptOverride = $policy.AdditionalProperties.smartScreenBlockPromptOverride - SmartScreenBlockPromptOverrideForFiles = $policy.AdditionalProperties.smartScreenBlockPromptOverrideForFiles - WebRtcBlockLocalhostIpAddress = $policy.AdditionalProperties.webRtcBlockLocalhostIpAddress - InternetSharingBlocked = $policy.AdditionalProperties.internetSharingBlocked - SettingsBlockAddProvisioningPackage = $policy.AdditionalProperties.settingsBlockAddProvisioningPackage - SettingsBlockRemoveProvisioningPackage = $policy.AdditionalProperties.settingsBlockRemoveProvisioningPackage - SettingsBlockChangeSystemTime = $policy.AdditionalProperties.settingsBlockChangeSystemTime - SettingsBlockEditDeviceName = $policy.AdditionalProperties.settingsBlockEditDeviceName - SettingsBlockChangeRegion = $policy.AdditionalProperties.settingsBlockChangeRegion - SettingsBlockChangeLanguage = $policy.AdditionalProperties.settingsBlockChangeLanguage - SettingsBlockChangePowerSleep = $policy.AdditionalProperties.settingsBlockChangePowerSleep - LocationServicesBlocked = $policy.AdditionalProperties.locationServicesBlocked - MicrosoftAccountBlocked = $policy.AdditionalProperties.microsoftAccountBlocked - MicrosoftAccountBlockSettingsSync = $policy.AdditionalProperties.microsoftAccountBlockSettingsSync - NfcBlocked = $policy.AdditionalProperties.nfcBlocked - ResetProtectionModeBlocked = $policy.AdditionalProperties.resetProtectionModeBlocked - ScreenCaptureBlocked = $policy.AdditionalProperties.screenCaptureBlocked - StorageBlockRemovableStorage = $policy.AdditionalProperties.storageBlockRemovableStorage - StorageRequireMobileDeviceEncryption = $policy.AdditionalProperties.storageRequireMobileDeviceEncryption - UsbBlocked = $policy.AdditionalProperties.usbBlocked - VoiceRecordingBlocked = $policy.AdditionalProperties.voiceRecordingBlocked - WiFiBlockAutomaticConnectHotspots = $policy.AdditionalProperties.wiFiBlockAutomaticConnectHotspots - WiFiBlocked = $policy.AdditionalProperties.wiFiBlocked - WiFiBlockManualConfiguration = $policy.AdditionalProperties.wiFiBlockManualConfiguration - WiFiScanInterval = $policy.AdditionalProperties.wiFiScanInterval - WirelessDisplayBlockProjectionToThisDevice = $policy.AdditionalProperties.wirelessDisplayBlockProjectionToThisDevice - WirelessDisplayBlockUserInputFromReceiver = $policy.AdditionalProperties.wirelessDisplayBlockUserInputFromReceiver - WirelessDisplayRequirePinForPairing = $policy.AdditionalProperties.wirelessDisplayRequirePinForPairing - WindowsStoreBlocked = $policy.AdditionalProperties.windowsStoreBlocked - AppsAllowTrustedAppsSideloading = $policy.AdditionalProperties.appsAllowTrustedAppsSideloading - WindowsStoreBlockAutoUpdate = $policy.AdditionalProperties.windowsStoreBlockAutoUpdate - DeveloperUnlockSetting = $policy.AdditionalProperties.developerUnlockSetting - SharedUserAppDataAllowed = $policy.AdditionalProperties.sharedUserAppDataAllowed - AppsBlockWindowsStoreOriginatedApps = $policy.AdditionalProperties.appsBlockWindowsStoreOriginatedApps - WindowsStoreEnablePrivateStoreOnly = $policy.AdditionalProperties.windowsStoreEnablePrivateStoreOnly - StorageRestrictAppDataToSystemVolume = $policy.AdditionalProperties.storageRestrictAppDataToSystemVolume - StorageRestrictAppInstallToSystemVolume = $policy.AdditionalProperties.storageRestrictAppInstallToSystemVolume - GameDvrBlocked = $policy.AdditionalProperties.gameDvrBlocked - ExperienceBlockDeviceDiscovery = $policy.AdditionalProperties.experienceBlockDeviceDiscovery - ExperienceBlockErrorDialogWhenNoSIM = $policy.AdditionalProperties.experienceBlockErrorDialogWhenNoSIM - ExperienceBlockTaskSwitcher = $policy.AdditionalProperties.experienceBlockTaskSwitcher - LogonBlockFastUserSwitching = $policy.AdditionalProperties.logonBlockFastUserSwitching - TenantLockdownRequireNetworkDuringOutOfBoxExperience = $policy.AdditionalProperties.tenantLockdownRequireNetworkDuringOutOfBoxExperience - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - } + [Parameter()] + [System.Boolean] + $EdgeBlocked, - $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $policy.Id - $assignmentResult = @() - foreach ($assignmentEntry in $returnAssignments) - { - $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' - deviceAndAppManagementAssignmentFilterType = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.toString() - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId - } - $assignmentResult += $assignmentValue - } - $results.Add('Assignments', $assignmentResult) - return $results - } - catch - { - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential + [Parameter()] + [System.Boolean] + $EdgeBlockEditFavorites, - return $nullResult - } -} + [Parameter()] + [System.Boolean] + $EdgeBlockExtensions, + + [Parameter()] + [System.Boolean] + $EdgeBlockFullScreenMode, + + [Parameter()] + [System.Boolean] + $EdgeBlockInPrivateBrowsing, + + [Parameter()] + [System.Boolean] + $EdgeBlockJavaScript, + + [Parameter()] + [System.Boolean] + $EdgeBlockLiveTileDataCollection, + + [Parameter()] + [System.Boolean] + $EdgeBlockPasswordManager, + + [Parameter()] + [System.Boolean] + $EdgeBlockPopups, + + [Parameter()] + [System.Boolean] + $EdgeBlockPrelaunch, + + [Parameter()] + [System.Boolean] + $EdgeBlockPrinting, + + [Parameter()] + [System.Boolean] + $EdgeBlockSavingHistory, + + [Parameter()] + [System.Boolean] + $EdgeBlockSearchEngineCustomization, + + [Parameter()] + [System.Boolean] + $EdgeBlockSearchSuggestions, + + [Parameter()] + [System.Boolean] + $EdgeBlockSendingDoNotTrackHeader, + + [Parameter()] + [System.Boolean] + $EdgeBlockSendingIntranetTrafficToInternetExplorer, + + [Parameter()] + [System.Boolean] + $EdgeBlockSideloadingExtensions, + + [Parameter()] + [System.Boolean] + $EdgeBlockTabPreloading, + + [Parameter()] + [System.Boolean] + $EdgeBlockWebContentOnNewTabPage, + + [Parameter()] + [System.Boolean] + $EdgeClearBrowsingDataOnExit, + + [Parameter()] + [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [System.String] + $EdgeCookiePolicy, + + [Parameter()] + [System.Boolean] + $EdgeDisableFirstRunPage, + + [Parameter()] + [System.String] + $EdgeEnterpriseModeSiteListLocation, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $EdgeFavoritesBarVisibility, + + [Parameter()] + [System.String] + $EdgeFavoritesListLocation, + + [Parameter()] + [System.String] + $EdgeFirstRunUrl, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeHomeButtonConfiguration, + + [Parameter()] + [System.Boolean] + $EdgeHomeButtonConfigurationEnabled, + + [Parameter()] + [System.String[]] + $EdgeHomepageUrls, + + [Parameter()] + [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] + [System.String] + $EdgeKioskModeRestriction, + + [Parameter()] + [System.Int32] + $EdgeKioskResetAfterIdleTimeInMinutes, + + [Parameter()] + [System.String] + $EdgeNewTabPageURL, + + [Parameter()] + [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] + [System.String] + $EdgeOpensWith, + + [Parameter()] + [System.Boolean] + $EdgePreventCertificateErrorOverride, + + [Parameter()] + [System.String[]] + $EdgeRequiredExtensionPackageFamilyNames, + + [Parameter()] + [System.Boolean] + $EdgeRequireSmartScreen, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeSearchEngine, + + [Parameter()] + [System.Boolean] + $EdgeSendIntranetTrafficToInternetExplorer, -function Set-TargetResource -{ - [CmdletBinding()] - param - ( - [Parameter(Mandatory = $True)] + [Parameter()] + [ValidateSet('notConfigured','disabled','enabled','keepGoing')] [System.String] - $DisplayName, + $EdgeShowMessageWhenOpeningInternetExplorerSites, + + [Parameter()] + [System.Boolean] + $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] + [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] [System.String] - $Description, + $EdgeTelemetryForMicrosoft365Analytics, + + [Parameter()] + [System.Boolean] + $EnableAutomaticRedeployment, + + [Parameter()] + [System.Int32] + $EnergySaverOnBatteryThresholdPercentage, + + [Parameter()] + [System.Int32] + $EnergySaverPluggedInThresholdPercentage, [Parameter()] [System.String] $EnterpriseCloudPrintDiscoveryEndPoint, + [Parameter()] + [System.Int32] + $EnterpriseCloudPrintDiscoveryMaxLimit, + + [Parameter()] + [System.String] + $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, + [Parameter()] [System.String] $EnterpriseCloudPrintOAuthAuthority, @@ -1191,343 +2536,421 @@ function Set-TargetResource $EnterpriseCloudPrintResourceIdentifier, [Parameter()] - [System.Uint64] - $EnterpriseCloudPrintDiscoveryMaxLimit, + [System.Boolean] + $ExperienceBlockDeviceDiscovery, [Parameter()] - [System.String] - $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, + [System.Boolean] + $ExperienceBlockErrorDialogWhenNoSIM, [Parameter()] [System.Boolean] - $SearchBlockDiacritics, + $ExperienceBlockTaskSwitcher, [Parameter()] - [System.Boolean] - $SearchDisableAutoLanguageDetection, + [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [System.String] + $ExperienceDoNotSyncBrowserSettings, [Parameter()] - [System.Boolean] - $SearchDisableIndexingEncryptedItems, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $FindMyFiles, [Parameter()] [System.Boolean] - $SearchEnableRemoteQueries, + $GameDvrBlocked, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $InkWorkspaceAccess, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $InkWorkspaceAccessState, [Parameter()] [System.Boolean] - $SearchDisableIndexerBackoff, + $InkWorkspaceBlockSuggestedApps, [Parameter()] [System.Boolean] - $SearchDisableIndexingRemovableDrive, + $InternetSharingBlocked, [Parameter()] [System.Boolean] - $SearchEnableAutomaticIndexSizeManangement, + $LocationServicesBlocked, [Parameter()] - [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $DiagnosticsDataSubmissionMode, + $LockScreenActivateAppsWithVoice, [Parameter()] [System.Boolean] - $oneDriveDisableFileSync, + $LockScreenAllowTimeoutConfiguration, [Parameter()] [System.Boolean] - $SmartScreenEnableAppInstallControl, + $LockScreenBlockActionCenterNotifications, [Parameter()] - [System.String] - $PersonalizationDesktopImageUrl, + [System.Boolean] + $LockScreenBlockCortana, [Parameter()] - [System.String] - $PersonalizationLockScreenImageUrl, + [System.Boolean] + $LockScreenBlockToastNotifications, [Parameter()] - [System.String[]] - $BluetoothAllowedServices, + [System.Int32] + $LockScreenTimeoutInSeconds, [Parameter()] [System.Boolean] - $BluetoothBlockAdvertising, + $LogonBlockFastUserSwitching, [Parameter()] [System.Boolean] - $BluetoothBlockDiscoverableMode, + $MessagingBlockMMS, [Parameter()] [System.Boolean] - $BluetoothBlockPrePairing, + $MessagingBlockRichCommunicationServices, [Parameter()] [System.Boolean] - $EdgeBlockAutofill, + $MessagingBlockSync, [Parameter()] [System.Boolean] - $EdgeBlocked, + $MicrosoftAccountBlocked, + + [Parameter()] + [System.Boolean] + $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('userDefined', 'allow', 'blockThirdparty', 'blockAll')] + [ValidateSet('notConfigured','disabled')] [System.String] - $EdgeCookiePolicy, + $MicrosoftAccountSignInAssistantSettings, [Parameter()] [System.Boolean] - $EdgeBlockDeveloperTools, + $NetworkProxyApplySettingsDeviceWide, [Parameter()] - [System.Boolean] - $EdgeBlockSendingDoNotTrackHeader, + [System.String] + $NetworkProxyAutomaticConfigurationUrl, [Parameter()] [System.Boolean] - $EdgeBlockExtensions, + $NetworkProxyDisableAutoDetect, [Parameter()] - [System.Boolean] - $EdgeBlockInPrivateBrowsing, + [Microsoft.Management.Infrastructure.CimInstance] + $NetworkProxyServer, [Parameter()] [System.Boolean] - $EdgeBlockJavaScript, + $NfcBlocked, [Parameter()] [System.Boolean] - $EdgeBlockPasswordManager, + $OneDriveDisableFileSync, [Parameter()] [System.Boolean] - $EdgeBlockAddressBarDropdown, + $PasswordBlockSimple, [Parameter()] - [System.Boolean] - $EdgeBlockCompatibilityList, + [System.Int32] + $PasswordExpirationDays, [Parameter()] - [System.Boolean] - $EdgeClearBrowsingDataOnExit, + [System.Int32] + $PasswordMinimumAgeInDays, [Parameter()] - [System.Boolean] - $EdgeAllowStartPagesModification, + [System.Int32] + $PasswordMinimumCharacterSetCount, [Parameter()] - [System.Boolean] - $EdgeDisableFirstRunPage, + [System.Int32] + $PasswordMinimumLength, [Parameter()] - [System.Boolean] - $EdgeBlockLiveTileDataCollection, + [System.Int32] + $PasswordMinutesOfInactivityBeforeScreenTimeout, [Parameter()] - [System.Boolean] - $EdgeSyncFavoritesWithInternetExplorer, + [System.Int32] + $PasswordPreviousPasswordBlockCount, [Parameter()] [System.Boolean] - $CellularBlockDataWhenRoaming, + $PasswordRequired, [Parameter()] - [System.Boolean] - $CellularBlockVpn, + [ValidateSet('deviceDefault','alphanumeric','numeric')] + [System.String] + $PasswordRequiredType, [Parameter()] [System.Boolean] - $CellularBlockVpnWhenRoaming, + $PasswordRequireWhenResumeFromIdleState, [Parameter()] - [System.Boolean] - $DefenderRequireRealTimeMonitoring, + [System.Int32] + $PasswordSignInFailureCountBeforeFactoryReset, + + [Parameter()] + [System.String] + $PersonalizationDesktopImageUrl, + + [Parameter()] + [System.String] + $PersonalizationLockScreenImageUrl, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionOnBattery, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionPluggedIn, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $PowerHybridSleepOnBattery, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $PowerHybridSleepPluggedIn, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionOnBattery, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionPluggedIn, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionOnBattery, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionPluggedIn, [Parameter()] [System.Boolean] - $DefenderRequireBehaviorMonitoring, + $PrinterBlockAddition, + + [Parameter()] + [System.String] + $PrinterDefaultName, + + [Parameter()] + [System.String[]] + $PrinterNames, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $PrivacyAdvertisingId, [Parameter()] [System.Boolean] - $DefenderRequireNetworkInspectionSystem, + $PrivacyAutoAcceptPairingAndConsentPrompts, [Parameter()] [System.Boolean] - $DefenderScanDownloads, + $PrivacyBlockActivityFeed, [Parameter()] [System.Boolean] - $DefenderScanScriptsLoadedInInternetExplorer, + $PrivacyBlockInputPersonalization, [Parameter()] [System.Boolean] - $DefenderBlockEndUserAccess, + $PrivacyBlockPublishUserActivities, [Parameter()] - [System.Uint64] - $DefenderSignatureUpdateIntervalInHours, + [System.Boolean] + $PrivacyDisableLaunchExperience, [Parameter()] - [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] - [System.String] - $DefenderMonitorFileActivity, + [System.Boolean] + $ResetProtectionModeBlocked, [Parameter()] - [System.Uint64] - $DefenderDaysBeforeDeletingQuarantinedMalware, + [ValidateSet('userDefined','strict','moderate')] + [System.String] + $SafeSearchFilter, [Parameter()] - [System.Uint64] - $DefenderScanMaxCpu, + [System.Boolean] + $ScreenCaptureBlocked, [Parameter()] [System.Boolean] - $DefenderScanArchiveFiles, + $SearchBlockDiacritics, [Parameter()] [System.Boolean] - $DefenderScanIncomingMail, + $SearchBlockWebResults, [Parameter()] [System.Boolean] - $DefenderScanRemovableDrivesDuringFullScan, + $SearchDisableAutoLanguageDetection, [Parameter()] [System.Boolean] - $DefenderScanMappedNetworkDrivesDuringFullScan, + $SearchDisableIndexerBackoff, [Parameter()] [System.Boolean] - $DefenderScanNetworkFiles, + $SearchDisableIndexingEncryptedItems, [Parameter()] [System.Boolean] - $DefenderRequireCloudProtection, + $SearchDisableIndexingRemovableDrive, [Parameter()] - [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] - [System.String] - $DefenderCloudBlockLevel, + [System.Boolean] + $SearchDisableLocation, [Parameter()] - [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] - [System.String] - $DefenderPromptForSampleSubmission, + [System.Boolean] + $SearchDisableUseLocation, [Parameter()] - [System.String] - $DefenderScheduledQuickScanTime, + [System.Boolean] + $SearchEnableAutomaticIndexSizeManangement, [Parameter()] - [ValidateSet('userDefined', 'disabled', 'quick', 'full')] - [System.String] - $DefenderScanType, + [System.Boolean] + $SearchEnableRemoteQueries, [Parameter()] - [System.string] - $DefenderSystemScanSchedule, + [System.Boolean] + $SecurityBlockAzureADJoinedDevicesAutoEncryption, [Parameter()] - [System.String] - $DefenderScheduledScanTime, + [System.Boolean] + $SettingsBlockAccountsPage, [Parameter()] - [System.String[]] - $DefenderFileExtensionsToExclude, + [System.Boolean] + $SettingsBlockAddProvisioningPackage, [Parameter()] - [System.String[]] - $DefenderFilesAndFoldersToExclude, + [System.Boolean] + $SettingsBlockAppsPage, [Parameter()] - [System.String[]] - $DefenderProcessesToExclude, + [System.Boolean] + $SettingsBlockChangeLanguage, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance] - $DefenderDetectedMalwareActions, + [System.Boolean] + $SettingsBlockChangePowerSleep, [Parameter()] [System.Boolean] - $LockScreenAllowTimeoutConfiguration, + $SettingsBlockChangeRegion, [Parameter()] [System.Boolean] - $LockScreenBlockActionCenterNotifications, + $SettingsBlockChangeSystemTime, [Parameter()] [System.Boolean] - $LockScreenBlockCortana, + $SettingsBlockDevicesPage, [Parameter()] [System.Boolean] - $LockScreenBlockToastNotifications, + $SettingsBlockEaseOfAccessPage, [Parameter()] - [System.Uint64] - $LockScreenTimeoutInSeconds, + [System.Boolean] + $SettingsBlockEditDeviceName, [Parameter()] [System.Boolean] - $PasswordBlockSimple, + $SettingsBlockGamingPage, [Parameter()] - [System.Uint64] - $PasswordExpirationDays, + [System.Boolean] + $SettingsBlockNetworkInternetPage, [Parameter()] - [System.Uint64] - $PasswordMinimumLength, + [System.Boolean] + $SettingsBlockPersonalizationPage, [Parameter()] - [System.Uint64] - $PasswordMinutesOfInactivityBeforeScreenTimeout, + [System.Boolean] + $SettingsBlockPrivacyPage, [Parameter()] - [System.Uint64] - $PasswordMinimumCharacterSetCount, + [System.Boolean] + $SettingsBlockRemoveProvisioningPackage, [Parameter()] - [System.Uint64] - $PasswordPreviousPasswordBlockCount, + [System.Boolean] + $SettingsBlockSettingsApp, [Parameter()] [System.Boolean] - $PasswordRequired, + $SettingsBlockSystemPage, [Parameter()] [System.Boolean] - $PasswordRequireWhenResumeFromIdleState, + $SettingsBlockTimeLanguagePage, [Parameter()] - [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] - [System.String] - $PasswordRequiredType, + [System.Boolean] + $SettingsBlockUpdateSecurityPage, [Parameter()] - [System.Uint64] - $PasswordSignInFailureCountBeforeFactoryReset, + [System.Boolean] + $SharedUserAppDataAllowed, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] + [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] [System.String] - $PrivacyAdvertisingId, + $SmartScreenAppInstallControl, [Parameter()] [System.Boolean] - $PrivacyAutoAcceptPairingAndConsentPrompts, + $SmartScreenBlockPromptOverride, [Parameter()] [System.Boolean] - $PrivacyBlockInputPersonalization, + $SmartScreenBlockPromptOverrideForFiles, + + [Parameter()] + [System.Boolean] + $SmartScreenEnableAppInstallControl, [Parameter()] [System.Boolean] $StartBlockUnpinningAppsFromTaskbar, [Parameter()] - [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] + [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] [System.String] $StartMenuAppListVisibility, @@ -1592,107 +3015,123 @@ function Set-TargetResource $StartMenuLayoutXml, [Parameter()] - [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] + [ValidateSet('userDefined','fullScreen','nonFullScreen')] [System.String] $StartMenuMode, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderDocuments, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderDownloads, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderFileExplorer, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderHomeGroup, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderMusic, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderNetwork, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderPersonalFolder, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderPictures, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderSettings, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderVideos, [Parameter()] [System.Boolean] - $SettingsBlockSettingsApp, + $StorageBlockRemovableStorage, [Parameter()] [System.Boolean] - $SettingsBlockSystemPage, + $StorageRequireMobileDeviceEncryption, [Parameter()] [System.Boolean] - $SettingsBlockDevicesPage, + $StorageRestrictAppDataToSystemVolume, [Parameter()] [System.Boolean] - $SettingsBlockNetworkInternetPage, + $StorageRestrictAppInstallToSystemVolume, + + [Parameter()] + [System.String] + $SystemTelemetryProxyServer, [Parameter()] [System.Boolean] - $SettingsBlockPersonalizationPage, + $TaskManagerBlockEndTask, [Parameter()] [System.Boolean] - $SettingsBlockAccountsPage, + $TenantLockdownRequireNetworkDuringOutOfBoxExperience, [Parameter()] [System.Boolean] - $SettingsBlockTimeLanguagePage, + $UninstallBuiltInApps, [Parameter()] [System.Boolean] - $SettingsBlockEaseOfAccessPage, + $UsbBlocked, [Parameter()] [System.Boolean] - $SettingsBlockPrivacyPage, + $VoiceRecordingBlocked, [Parameter()] [System.Boolean] - $SettingsBlockUpdateSecurityPage, + $WebRtcBlockLocalhostIpAddress, [Parameter()] [System.Boolean] - $SettingsBlockAppsPage, + $WiFiBlockAutomaticConnectHotspots, [Parameter()] [System.Boolean] - $SettingsBlockGamingPage, + $WiFiBlocked, + + [Parameter()] + [System.Boolean] + $WiFiBlockManualConfiguration, + + [Parameter()] + [System.Int32] + $WiFiScanInterval, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Windows10AppsForceUpdateSchedule, [Parameter()] [System.Boolean] @@ -1723,742 +3162,867 @@ function Set-TargetResource $WindowsSpotlightBlockWindowsTips, [Parameter()] - [ValidateSet('notConfigured', 'disabled', 'enabled')] + [ValidateSet('notConfigured','disabled','enabled')] [System.String] $WindowsSpotlightConfigureOnLockScreen, [Parameter()] [System.Boolean] - $NetworkProxyApplySettingsDeviceWide, + $WindowsStoreBlockAutoUpdate, [Parameter()] [System.Boolean] - $NetworkProxyDisableAutoDetect, + $WindowsStoreBlocked, + + [Parameter()] + [System.Boolean] + $WindowsStoreEnablePrivateStoreOnly, + + [Parameter()] + [System.Boolean] + $WirelessDisplayBlockProjectionToThisDevice, + + [Parameter()] + [System.Boolean] + $WirelessDisplayBlockUserInputFromReceiver, + + [Parameter()] + [System.Boolean] + $WirelessDisplayRequirePinForPairing, [Parameter()] [System.String] - $NetworkProxyAutomaticConfigurationUrl, + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, [Parameter()] - [System.String[]] - $NetworkProxyServer, + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('Credential') | Out-Null + $PSBoundParameters.Remove('ApplicationId') | Out-Null + $PSBoundParameters.Remove('ApplicationSecret') | Out-Null + $PSBoundParameters.Remove('TenantId') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('Verbose') | Out-Null + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Device Configuration Policy for Windows10 with DisplayName {$DisplayName}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $CreateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + { + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + } + } + #region resource generator code + $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10GeneralConfiguration") + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Device Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + { + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + } + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10GeneralConfiguration") + Update-MgDeviceManagementDeviceConfiguration ` + -DeviceConfigurationId $currentInstance.Id ` + -BodyParameter $UpdateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Device Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code [Parameter()] [System.Boolean] $AccountsBlockAddingNonMicrosoftAccountEmail, + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $ActivateAppsWithVoice, + [Parameter()] [System.Boolean] $AntiTheftModeBlocked, + [Parameter()] + [System.Boolean] + $AppManagementMSIAllowUserControlOverInstall, + + [Parameter()] + [System.Boolean] + $AppManagementMSIAlwaysInstallWithElevatedPrivileges, + + [Parameter()] + [System.String[]] + $AppManagementPackageFamilyNamesToLaunchAfterLogOn, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $AppsAllowTrustedAppsSideloading, + + [Parameter()] + [System.Boolean] + $AppsBlockWindowsStoreOriginatedApps, + + [Parameter()] + [System.Boolean] + $AuthenticationAllowSecondaryDevice, + + [Parameter()] + [System.String] + $AuthenticationPreferredAzureADTenantDomainName, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $AuthenticationWebSignIn, + + [Parameter()] + [System.String[]] + $BluetoothAllowedServices, + + [Parameter()] + [System.Boolean] + $BluetoothBlockAdvertising, + + [Parameter()] + [System.Boolean] + $BluetoothBlockDiscoverableMode, + [Parameter()] [System.Boolean] $BluetoothBlocked, [Parameter()] [System.Boolean] - $CameraBlocked, + $BluetoothBlockPrePairing, [Parameter()] [System.Boolean] - $ConnectedDevicesServiceBlocked, + $BluetoothBlockPromptedProximalConnections, [Parameter()] [System.Boolean] - $CertificatesBlockManualRootCertificateInstallation, + $CameraBlocked, [Parameter()] [System.Boolean] - $CopyPasteBlocked, + $CellularBlockDataWhenRoaming, [Parameter()] [System.Boolean] - $CortanaBlocked, + $CellularBlockVpn, [Parameter()] [System.Boolean] - $DeviceManagementBlockFactoryResetOnMobile, + $CellularBlockVpnWhenRoaming, + + [Parameter()] + [ValidateSet('blocked','required','allowed','notConfigured')] + [System.String] + $CellularData, [Parameter()] [System.Boolean] - $DeviceManagementBlockManualUnenroll, + $CertificatesBlockManualRootCertificateInstallation, [Parameter()] - [ValidateSet('userDefined', 'strict', 'moderate')] [System.String] - $SafeSearchFilter, + $ConfigureTimeZone, + + [Parameter()] + [System.Boolean] + $ConnectedDevicesServiceBlocked, + + [Parameter()] + [System.Boolean] + $CopyPasteBlocked, [Parameter()] [System.Boolean] - $EdgeBlockPopups, + $CortanaBlocked, [Parameter()] [System.Boolean] - $EdgeBlockSearchSuggestions, + $CryptographyAllowFipsAlgorithmPolicy, [Parameter()] [System.Boolean] - $EdgeBlockSendingIntranetTrafficToInternetExplorer, + $DataProtectionBlockDirectMemoryAccess, [Parameter()] [System.Boolean] - $EdgeSendIntranetTrafficToInternetExplorer, + $DefenderBlockEndUserAccess, [Parameter()] [System.Boolean] - $EdgeRequireSmartScreen, + $DefenderBlockOnAccessProtection, [Parameter()] + [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] [System.String] - $EdgeEnterpriseModeSiteListLocation, + $DefenderCloudBlockLevel, [Parameter()] - [System.String] - $EdgeFirstRunUrl, + [System.Int32] + $DefenderCloudExtendedTimeout, [Parameter()] - [System.String] - $EdgeSearchEngine, + [System.Int32] + $DefenderCloudExtendedTimeoutInSeconds, [Parameter()] - [System.String[]] - $EdgeHomepageUrls, + [System.Int32] + $DefenderDaysBeforeDeletingQuarantinedMalware, [Parameter()] - [System.Boolean] - $EdgeBlockAccessToAboutFlags, + [Microsoft.Management.Infrastructure.CimInstance] + $DefenderDetectedMalwareActions, [Parameter()] [System.Boolean] - $SmartScreenBlockPromptOverride, + $DefenderDisableCatchupFullScan, [Parameter()] [System.Boolean] - $SmartScreenBlockPromptOverrideForFiles, + $DefenderDisableCatchupQuickScan, [Parameter()] - [System.Boolean] - $WebRtcBlockLocalhostIpAddress, + [System.String[]] + $DefenderFileExtensionsToExclude, [Parameter()] - [System.Boolean] - $InternetSharingBlocked, + [System.String[]] + $DefenderFilesAndFoldersToExclude, [Parameter()] - [System.Boolean] - $SettingsBlockAddProvisioningPackage, + [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [System.String] + $DefenderMonitorFileActivity, [Parameter()] - [System.Boolean] - $SettingsBlockRemoveProvisioningPackage, + [ValidateSet('deviceDefault','block','audit')] + [System.String] + $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [System.Boolean] - $SettingsBlockChangeSystemTime, + [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [System.String] + $DefenderPotentiallyUnwantedAppActionSetting, [Parameter()] - [System.Boolean] - $SettingsBlockEditDeviceName, + [System.String[]] + $DefenderProcessesToExclude, [Parameter()] - [System.Boolean] - $SettingsBlockChangeRegion, + [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [System.String] + $DefenderPromptForSampleSubmission, [Parameter()] [System.Boolean] - $SettingsBlockChangeLanguage, + $DefenderRequireBehaviorMonitoring, [Parameter()] [System.Boolean] - $SettingsBlockChangePowerSleep, + $DefenderRequireCloudProtection, [Parameter()] [System.Boolean] - $LocationServicesBlocked, + $DefenderRequireNetworkInspectionSystem, [Parameter()] [System.Boolean] - $MicrosoftAccountBlocked, + $DefenderRequireRealTimeMonitoring, [Parameter()] [System.Boolean] - $MicrosoftAccountBlockSettingsSync, + $DefenderScanArchiveFiles, [Parameter()] [System.Boolean] - $NfcBlocked, + $DefenderScanDownloads, [Parameter()] [System.Boolean] - $ResetProtectionModeBlocked, + $DefenderScanIncomingMail, [Parameter()] [System.Boolean] - $ScreenCaptureBlocked, + $DefenderScanMappedNetworkDrivesDuringFullScan, [Parameter()] - [System.Boolean] - $StorageBlockRemovableStorage, + [System.Int32] + $DefenderScanMaxCpu, [Parameter()] [System.Boolean] - $StorageRequireMobileDeviceEncryption, + $DefenderScanNetworkFiles, [Parameter()] [System.Boolean] - $UsbBlocked, + $DefenderScanRemovableDrivesDuringFullScan, [Parameter()] [System.Boolean] - $VoiceRecordingBlocked, + $DefenderScanScriptsLoadedInInternetExplorer, [Parameter()] - [System.Boolean] - $WiFiBlockAutomaticConnectHotspots, + [ValidateSet('userDefined','disabled','quick','full')] + [System.String] + $DefenderScanType, [Parameter()] - [System.Boolean] - $WiFiBlocked, + [System.TimeSpan] + $DefenderScheduledQuickScanTime, + + [Parameter()] + [System.TimeSpan] + $DefenderScheduledScanTime, [Parameter()] [System.Boolean] - $WiFiBlockManualConfiguration, + $DefenderScheduleScanEnableLowCpuPriority, [Parameter()] - [System.Uint64] - $WiFiScanInterval, + [System.Int32] + $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [System.Boolean] - $WirelessDisplayBlockProjectionToThisDevice, + [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [System.String] + $DefenderSubmitSamplesConsentType, [Parameter()] - [System.Boolean] - $WirelessDisplayBlockUserInputFromReceiver, + [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [System.String] + $DefenderSystemScanSchedule, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $DeveloperUnlockSetting, [Parameter()] [System.Boolean] - $WirelessDisplayRequirePinForPairing, + $DeviceManagementBlockFactoryResetOnMobile, [Parameter()] [System.Boolean] - $WindowsStoreBlocked, + $DeviceManagementBlockManualUnenroll, [Parameter()] + [ValidateSet('userDefined','none','basic','enhanced','full')] [System.String] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - $AppsAllowTrustedAppsSideloading, + $DiagnosticsDataSubmissionMode, [Parameter()] - [System.Boolean] - $WindowsStoreBlockAutoUpdate, + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOff, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - [System.String] - $DeveloperUnlockSetting, + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOn, [Parameter()] [System.Boolean] - $SharedUserAppDataAllowed, + $EdgeAllowStartPagesModification, [Parameter()] [System.Boolean] - $AppsBlockWindowsStoreOriginatedApps, + $EdgeBlockAccessToAboutFlags, [Parameter()] [System.Boolean] - $WindowsStoreEnablePrivateStoreOnly, + $EdgeBlockAddressBarDropdown, [Parameter()] [System.Boolean] - $StorageRestrictAppDataToSystemVolume, + $EdgeBlockAutofill, [Parameter()] [System.Boolean] - $StorageRestrictAppInstallToSystemVolume, + $EdgeBlockCompatibilityList, [Parameter()] [System.Boolean] - $GameDvrBlocked, + $EdgeBlockDeveloperTools, [Parameter()] [System.Boolean] - $ExperienceBlockDeviceDiscovery, + $EdgeBlocked, [Parameter()] [System.Boolean] - $ExperienceBlockErrorDialogWhenNoSIM, + $EdgeBlockEditFavorites, [Parameter()] [System.Boolean] - $ExperienceBlockTaskSwitcher, + $EdgeBlockExtensions, [Parameter()] [System.Boolean] - $LogonBlockFastUserSwitching, + $EdgeBlockFullScreenMode, [Parameter()] [System.Boolean] - $TenantLockdownRequireNetworkDuringOutOfBoxExperience, - - [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $Assignments, - - [Parameter(Mandatory = $True)] - [System.String] - [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $EdgeBlockInPrivateBrowsing, [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, + [System.Boolean] + $EdgeBlockJavaScript, [Parameter()] - [System.String] - $ApplicationId, + [System.Boolean] + $EdgeBlockLiveTileDataCollection, [Parameter()] - [System.String] - $TenantId, + [System.Boolean] + $EdgeBlockPasswordManager, [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, + [System.Boolean] + $EdgeBlockPopups, [Parameter()] - [System.String] - $CertificateThumbprint, + [System.Boolean] + $EdgeBlockPrelaunch, [Parameter()] - [Switch] - $ManagedIdentity - ) - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $currentPolicy = Get-TargetResource @PSBoundParameters - $PSBoundParameters.Remove('Ensure') | Out-Null - $PSBoundParameters.Remove('Credential') | Out-Null - $PSBoundParameters.Remove('ApplicationId') | Out-Null - $PSBoundParameters.Remove('TenantId') | Out-Null - $PSBoundParameters.Remove('ApplicationSecret') | Out-Null - if ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Absent') - { - Write-Verbose -Message "Creating new Device Configuration Policy {$DisplayName}" - $PSBoundParameters.Remove('DisplayName') | Out-Null - $PSBoundParameters.Remove('Description') | Out-Null - $PSBoundParameters.Remove('Assignments') | Out-Null - - $AdditionalProperties = Get-M365DSCIntuneDeviceConfigurationPolicyWindowsAdditionalProperties -Properties ([System.Collections.Hashtable]$PSBoundParameters) - if ($AdditionalProperties.DefenderDetectedMalwareActions) - { - $AdditionalProperties.DefenderDetectedMalwareActions.Add('@odata.type', '#microsoft.graph.defenderDetectedMalwareActions') - } - $policy = New-MgDeviceManagementDeviceConfiguration -DisplayName $DisplayName ` - -Description $Description ` - -AdditionalProperties $AdditionalProperties - - #region Assignments - $assignmentsHash = @() - foreach ($assignment in $Assignments) - { - $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment - } - if ($policy.id) - { - Update-DeviceConfigurationPolicyAssignments -DeviceConfigurationPolicyId $policy.id ` - -Targets $assignmentsHash - } - #endregion - } - elseif ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Present') - { - Write-Verbose -Message "Updating existing Device Configuration Policy {$DisplayName}" - $configDevicePolicy = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' -and ` - $_.displayName -eq $($DisplayName) } - - $PSBoundParameters.Remove('DisplayName') | Out-Null - $PSBoundParameters.Remove('Description') | Out-Null - $PSBoundParameters.Remove('Assignments') | Out-Null - - $AdditionalProperties = Get-M365DSCIntuneDeviceConfigurationPolicyWindowsAdditionalProperties -Properties ([System.Collections.Hashtable]$PSBoundParameters) - if ($AdditionalProperties.DefenderDetectedMalwareActions) - { - $AdditionalProperties.DefenderDetectedMalwareActions.Add('@odata.type', '#microsoft.graph.defenderDetectedMalwareActions') - } - Update-MgDeviceManagementDeviceConfiguration -AdditionalProperties $AdditionalProperties ` - -Description $Description ` - -DeviceConfigurationId $configDevicePolicy.Id - - #region Assignments - $assignmentsHash = @() - foreach ($assignment in $Assignments) - { - $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment - } - Update-DeviceConfigurationPolicyAssignments -DeviceConfigurationPolicyId $configDevicePolicy.Id ` - -Targets $assignmentsHash - #endregion - } - elseif ($Ensure -eq 'Absent' -and $currentPolicy.Ensure -eq 'Present') - { - Write-Verbose -Message "Removing Device Configuration Policy {$DisplayName}" - $configDevicePolicy = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' -and ` - $_.displayName -eq $($DisplayName) } - - Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $configDevicePolicy.Id - } -} - -function Test-TargetResource -{ - [CmdletBinding()] - [OutputType([System.Boolean])] - param - ( - [Parameter(Mandatory = $True)] - [System.String] - $DisplayName, + [System.Boolean] + $EdgeBlockPrinting, [Parameter()] - [System.String] - $Description, + [System.Boolean] + $EdgeBlockSavingHistory, [Parameter()] - [System.String] - $EnterpriseCloudPrintDiscoveryEndPoint, + [System.Boolean] + $EdgeBlockSearchEngineCustomization, [Parameter()] - [System.String] - $EnterpriseCloudPrintOAuthAuthority, + [System.Boolean] + $EdgeBlockSearchSuggestions, [Parameter()] - [System.String] - $EnterpriseCloudPrintOAuthClientIdentifier, + [System.Boolean] + $EdgeBlockSendingDoNotTrackHeader, [Parameter()] - [System.String] - $EnterpriseCloudPrintResourceIdentifier, + [System.Boolean] + $EdgeBlockSendingIntranetTrafficToInternetExplorer, [Parameter()] - [System.Uint64] - $EnterpriseCloudPrintDiscoveryMaxLimit, + [System.Boolean] + $EdgeBlockSideloadingExtensions, [Parameter()] - [System.String] - $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, + [System.Boolean] + $EdgeBlockTabPreloading, [Parameter()] [System.Boolean] - $SearchBlockDiacritics, + $EdgeBlockWebContentOnNewTabPage, [Parameter()] [System.Boolean] - $SearchDisableAutoLanguageDetection, + $EdgeClearBrowsingDataOnExit, [Parameter()] - [System.Boolean] - $SearchDisableIndexingEncryptedItems, + [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [System.String] + $EdgeCookiePolicy, [Parameter()] [System.Boolean] - $SearchEnableRemoteQueries, + $EdgeDisableFirstRunPage, [Parameter()] - [System.Boolean] - $SearchDisableIndexerBackoff, + [System.String] + $EdgeEnterpriseModeSiteListLocation, [Parameter()] - [System.Boolean] - $SearchDisableIndexingRemovableDrive, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $EdgeFavoritesBarVisibility, [Parameter()] - [System.Boolean] - $SearchEnableAutomaticIndexSizeManangement, + [System.String] + $EdgeFavoritesListLocation, [Parameter()] - [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] [System.String] - $DiagnosticsDataSubmissionMode, + $EdgeFirstRunUrl, [Parameter()] - [System.Boolean] - $oneDriveDisableFileSync, + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeHomeButtonConfiguration, [Parameter()] [System.Boolean] - $SmartScreenEnableAppInstallControl, + $EdgeHomeButtonConfigurationEnabled, + + [Parameter()] + [System.String[]] + $EdgeHomepageUrls, [Parameter()] + [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] [System.String] - $PersonalizationDesktopImageUrl, + $EdgeKioskModeRestriction, + + [Parameter()] + [System.Int32] + $EdgeKioskResetAfterIdleTimeInMinutes, [Parameter()] [System.String] - $PersonalizationLockScreenImageUrl, + $EdgeNewTabPageURL, [Parameter()] - [System.String[]] - $BluetoothAllowedServices, + [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] + [System.String] + $EdgeOpensWith, [Parameter()] [System.Boolean] - $BluetoothBlockAdvertising, + $EdgePreventCertificateErrorOverride, [Parameter()] - [System.Boolean] - $BluetoothBlockDiscoverableMode, + [System.String[]] + $EdgeRequiredExtensionPackageFamilyNames, [Parameter()] [System.Boolean] - $BluetoothBlockPrePairing, + $EdgeRequireSmartScreen, [Parameter()] - [System.Boolean] - $EdgeBlockAutofill, + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeSearchEngine, [Parameter()] [System.Boolean] - $EdgeBlocked, + $EdgeSendIntranetTrafficToInternetExplorer, [Parameter()] - [ValidateSet('userDefined', 'allow', 'blockThirdparty', 'blockAll')] + [ValidateSet('notConfigured','disabled','enabled','keepGoing')] [System.String] - $EdgeCookiePolicy, + $EdgeShowMessageWhenOpeningInternetExplorerSites, [Parameter()] [System.Boolean] - $EdgeBlockDeveloperTools, + $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] - [System.Boolean] - $EdgeBlockSendingDoNotTrackHeader, + [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] + [System.String] + $EdgeTelemetryForMicrosoft365Analytics, [Parameter()] [System.Boolean] - $EdgeBlockExtensions, + $EnableAutomaticRedeployment, [Parameter()] - [System.Boolean] - $EdgeBlockInPrivateBrowsing, + [System.Int32] + $EnergySaverOnBatteryThresholdPercentage, [Parameter()] - [System.Boolean] - $EdgeBlockJavaScript, + [System.Int32] + $EnergySaverPluggedInThresholdPercentage, [Parameter()] - [System.Boolean] - $EdgeBlockPasswordManager, + [System.String] + $EnterpriseCloudPrintDiscoveryEndPoint, [Parameter()] - [System.Boolean] - $EdgeBlockAddressBarDropdown, + [System.Int32] + $EnterpriseCloudPrintDiscoveryMaxLimit, [Parameter()] - [System.Boolean] - $EdgeBlockCompatibilityList, + [System.String] + $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, [Parameter()] - [System.Boolean] - $EdgeClearBrowsingDataOnExit, + [System.String] + $EnterpriseCloudPrintOAuthAuthority, [Parameter()] - [System.Boolean] - $EdgeAllowStartPagesModification, + [System.String] + $EnterpriseCloudPrintOAuthClientIdentifier, [Parameter()] - [System.Boolean] - $EdgeDisableFirstRunPage, + [System.String] + $EnterpriseCloudPrintResourceIdentifier, [Parameter()] [System.Boolean] - $EdgeBlockLiveTileDataCollection, + $ExperienceBlockDeviceDiscovery, [Parameter()] [System.Boolean] - $EdgeSyncFavoritesWithInternetExplorer, + $ExperienceBlockErrorDialogWhenNoSIM, [Parameter()] [System.Boolean] - $CellularBlockDataWhenRoaming, + $ExperienceBlockTaskSwitcher, [Parameter()] - [System.Boolean] - $CellularBlockVpn, + [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [System.String] + $ExperienceDoNotSyncBrowserSettings, [Parameter()] - [System.Boolean] - $CellularBlockVpnWhenRoaming, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $FindMyFiles, [Parameter()] [System.Boolean] - $DefenderRequireRealTimeMonitoring, + $GameDvrBlocked, [Parameter()] - [System.Boolean] - $DefenderRequireBehaviorMonitoring, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $InkWorkspaceAccess, [Parameter()] - [System.Boolean] - $DefenderRequireNetworkInspectionSystem, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $InkWorkspaceAccessState, [Parameter()] [System.Boolean] - $DefenderScanDownloads, + $InkWorkspaceBlockSuggestedApps, [Parameter()] [System.Boolean] - $DefenderScanScriptsLoadedInInternetExplorer, + $InternetSharingBlocked, [Parameter()] [System.Boolean] - $DefenderBlockEndUserAccess, - - [Parameter()] - [System.Uint64] - $DefenderSignatureUpdateIntervalInHours, + $LocationServicesBlocked, [Parameter()] - [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $DefenderMonitorFileActivity, + $LockScreenActivateAppsWithVoice, [Parameter()] - [System.Uint64] - $DefenderDaysBeforeDeletingQuarantinedMalware, + [System.Boolean] + $LockScreenAllowTimeoutConfiguration, [Parameter()] - [System.Uint64] - $DefenderScanMaxCpu, + [System.Boolean] + $LockScreenBlockActionCenterNotifications, [Parameter()] [System.Boolean] - $DefenderScanArchiveFiles, + $LockScreenBlockCortana, [Parameter()] [System.Boolean] - $DefenderScanIncomingMail, + $LockScreenBlockToastNotifications, [Parameter()] - [System.Boolean] - $DefenderScanRemovableDrivesDuringFullScan, + [System.Int32] + $LockScreenTimeoutInSeconds, [Parameter()] [System.Boolean] - $DefenderScanMappedNetworkDrivesDuringFullScan, + $LogonBlockFastUserSwitching, [Parameter()] [System.Boolean] - $DefenderScanNetworkFiles, + $MessagingBlockMMS, [Parameter()] [System.Boolean] - $DefenderRequireCloudProtection, + $MessagingBlockRichCommunicationServices, [Parameter()] - [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] - [System.String] - $DefenderCloudBlockLevel, + [System.Boolean] + $MessagingBlockSync, [Parameter()] - [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] - [System.String] - $DefenderPromptForSampleSubmission, + [System.Boolean] + $MicrosoftAccountBlocked, [Parameter()] - [System.String] - $DefenderScheduledQuickScanTime, + [System.Boolean] + $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('userDefined', 'disabled', 'quick', 'full')] + [ValidateSet('notConfigured','disabled')] [System.String] - $DefenderScanType, + $MicrosoftAccountSignInAssistantSettings, [Parameter()] - [System.string] - $DefenderSystemScanSchedule, + [System.Boolean] + $NetworkProxyApplySettingsDeviceWide, [Parameter()] [System.String] - $DefenderScheduledScanTime, - - [Parameter()] - [System.String[]] - $DefenderFileExtensionsToExclude, - - [Parameter()] - [System.String[]] - $DefenderFilesAndFoldersToExclude, + $NetworkProxyAutomaticConfigurationUrl, [Parameter()] - [System.String[]] - $DefenderProcessesToExclude, + [System.Boolean] + $NetworkProxyDisableAutoDetect, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] - $DefenderDetectedMalwareActions, - - [Parameter()] - [System.Boolean] - $LockScreenAllowTimeoutConfiguration, + $NetworkProxyServer, [Parameter()] [System.Boolean] - $LockScreenBlockActionCenterNotifications, + $NfcBlocked, [Parameter()] [System.Boolean] - $LockScreenBlockCortana, + $OneDriveDisableFileSync, [Parameter()] [System.Boolean] - $LockScreenBlockToastNotifications, + $PasswordBlockSimple, [Parameter()] - [System.Uint64] - $LockScreenTimeoutInSeconds, + [System.Int32] + $PasswordExpirationDays, [Parameter()] - [System.Boolean] - $PasswordBlockSimple, + [System.Int32] + $PasswordMinimumAgeInDays, [Parameter()] - [System.Uint64] - $PasswordExpirationDays, + [System.Int32] + $PasswordMinimumCharacterSetCount, [Parameter()] - [System.Uint64] + [System.Int32] $PasswordMinimumLength, [Parameter()] - [System.Uint64] + [System.Int32] $PasswordMinutesOfInactivityBeforeScreenTimeout, [Parameter()] - [System.Uint64] - $PasswordMinimumCharacterSetCount, - - [Parameter()] - [System.Uint64] + [System.Int32] $PasswordPreviousPasswordBlockCount, [Parameter()] @@ -2466,420 +4030,424 @@ function Test-TargetResource $PasswordRequired, [Parameter()] - [System.Boolean] - $PasswordRequireWhenResumeFromIdleState, - - [Parameter()] - [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] + [ValidateSet('deviceDefault','alphanumeric','numeric')] [System.String] $PasswordRequiredType, [Parameter()] - [System.Uint64] + [System.Boolean] + $PasswordRequireWhenResumeFromIdleState, + + [Parameter()] + [System.Int32] $PasswordSignInFailureCountBeforeFactoryReset, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] - $PrivacyAdvertisingId, + $PersonalizationDesktopImageUrl, [Parameter()] - [System.Boolean] - $PrivacyAutoAcceptPairingAndConsentPrompts, + [System.String] + $PersonalizationLockScreenImageUrl, [Parameter()] - [System.Boolean] - $PrivacyBlockInputPersonalization, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionOnBattery, [Parameter()] - [System.Boolean] - $StartBlockUnpinningAppsFromTaskbar, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionPluggedIn, [Parameter()] - [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $StartMenuAppListVisibility, + $PowerHybridSleepOnBattery, [Parameter()] - [System.Boolean] - $StartMenuHideChangeAccountSettings, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $PowerHybridSleepPluggedIn, [Parameter()] - [System.Boolean] - $StartMenuHideFrequentlyUsedApps, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionOnBattery, [Parameter()] - [System.Boolean] - $StartMenuHideHibernate, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionPluggedIn, [Parameter()] - [System.Boolean] - $StartMenuHideLock, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionOnBattery, [Parameter()] - [System.Boolean] - $StartMenuHidePowerButton, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionPluggedIn, [Parameter()] [System.Boolean] - $StartMenuHideRecentJumpLists, + $PrinterBlockAddition, [Parameter()] - [System.Boolean] - $StartMenuHideRecentlyAddedApps, + [System.String] + $PrinterDefaultName, [Parameter()] - [System.Boolean] - $StartMenuHideRestartOptions, + [System.String[]] + $PrinterNames, [Parameter()] - [System.Boolean] - $StartMenuHideShutDown, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $PrivacyAdvertisingId, [Parameter()] [System.Boolean] - $StartMenuHideSignOut, + $PrivacyAutoAcceptPairingAndConsentPrompts, [Parameter()] [System.Boolean] - $StartMenuHideSleep, + $PrivacyBlockActivityFeed, [Parameter()] [System.Boolean] - $StartMenuHideSwitchAccount, + $PrivacyBlockInputPersonalization, [Parameter()] [System.Boolean] - $StartMenuHideUserTile, + $PrivacyBlockPublishUserActivities, [Parameter()] - [System.String] - $StartMenuLayoutEdgeAssetsXml, + [System.Boolean] + $PrivacyDisableLaunchExperience, [Parameter()] - [System.String] - $StartMenuLayoutXml, + [System.Boolean] + $ResetProtectionModeBlocked, [Parameter()] - [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] + [ValidateSet('userDefined','strict','moderate')] [System.String] - $StartMenuMode, + $SafeSearchFilter, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderDocuments, + [System.Boolean] + $ScreenCaptureBlocked, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderDownloads, + [System.Boolean] + $SearchBlockDiacritics, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderFileExplorer, + [System.Boolean] + $SearchBlockWebResults, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderHomeGroup, + [System.Boolean] + $SearchDisableAutoLanguageDetection, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderMusic, + [System.Boolean] + $SearchDisableIndexerBackoff, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderNetwork, + [System.Boolean] + $SearchDisableIndexingEncryptedItems, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderPersonalFolder, + [System.Boolean] + $SearchDisableIndexingRemovableDrive, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderPictures, + [System.Boolean] + $SearchDisableLocation, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderSettings, + [System.Boolean] + $SearchDisableUseLocation, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderVideos, + [System.Boolean] + $SearchEnableAutomaticIndexSizeManangement, [Parameter()] [System.Boolean] - $SettingsBlockSettingsApp, + $SearchEnableRemoteQueries, [Parameter()] [System.Boolean] - $SettingsBlockSystemPage, + $SecurityBlockAzureADJoinedDevicesAutoEncryption, [Parameter()] [System.Boolean] - $SettingsBlockDevicesPage, + $SettingsBlockAccountsPage, [Parameter()] [System.Boolean] - $SettingsBlockNetworkInternetPage, + $SettingsBlockAddProvisioningPackage, [Parameter()] [System.Boolean] - $SettingsBlockPersonalizationPage, + $SettingsBlockAppsPage, [Parameter()] [System.Boolean] - $SettingsBlockAccountsPage, + $SettingsBlockChangeLanguage, [Parameter()] [System.Boolean] - $SettingsBlockTimeLanguagePage, + $SettingsBlockChangePowerSleep, [Parameter()] [System.Boolean] - $SettingsBlockEaseOfAccessPage, + $SettingsBlockChangeRegion, [Parameter()] [System.Boolean] - $SettingsBlockPrivacyPage, + $SettingsBlockChangeSystemTime, [Parameter()] [System.Boolean] - $SettingsBlockUpdateSecurityPage, + $SettingsBlockDevicesPage, [Parameter()] [System.Boolean] - $SettingsBlockAppsPage, + $SettingsBlockEaseOfAccessPage, [Parameter()] [System.Boolean] - $SettingsBlockGamingPage, + $SettingsBlockEditDeviceName, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockConsumerSpecificFeatures, + $SettingsBlockGamingPage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlocked, + $SettingsBlockNetworkInternetPage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockOnActionCenter, + $SettingsBlockPersonalizationPage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockTailoredExperiences, + $SettingsBlockPrivacyPage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockThirdPartyNotifications, + $SettingsBlockRemoveProvisioningPackage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockWelcomeExperience, + $SettingsBlockSettingsApp, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockWindowsTips, + $SettingsBlockSystemPage, [Parameter()] - [ValidateSet('notConfigured', 'disabled', 'enabled')] - [System.String] - $WindowsSpotlightConfigureOnLockScreen, + [System.Boolean] + $SettingsBlockTimeLanguagePage, [Parameter()] [System.Boolean] - $NetworkProxyApplySettingsDeviceWide, + $SettingsBlockUpdateSecurityPage, [Parameter()] [System.Boolean] - $NetworkProxyDisableAutoDetect, + $SharedUserAppDataAllowed, [Parameter()] + [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] [System.String] - $NetworkProxyAutomaticConfigurationUrl, + $SmartScreenAppInstallControl, [Parameter()] - [System.String[]] - $NetworkProxyServer, + [System.Boolean] + $SmartScreenBlockPromptOverride, [Parameter()] [System.Boolean] - $AccountsBlockAddingNonMicrosoftAccountEmail, + $SmartScreenBlockPromptOverrideForFiles, [Parameter()] [System.Boolean] - $AntiTheftModeBlocked, + $SmartScreenEnableAppInstallControl, [Parameter()] [System.Boolean] - $BluetoothBlocked, + $StartBlockUnpinningAppsFromTaskbar, [Parameter()] - [System.Boolean] - $CameraBlocked, + [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] + [System.String] + $StartMenuAppListVisibility, [Parameter()] [System.Boolean] - $ConnectedDevicesServiceBlocked, + $StartMenuHideChangeAccountSettings, [Parameter()] [System.Boolean] - $CertificatesBlockManualRootCertificateInstallation, + $StartMenuHideFrequentlyUsedApps, [Parameter()] [System.Boolean] - $CopyPasteBlocked, + $StartMenuHideHibernate, [Parameter()] [System.Boolean] - $CortanaBlocked, + $StartMenuHideLock, [Parameter()] [System.Boolean] - $DeviceManagementBlockFactoryResetOnMobile, + $StartMenuHidePowerButton, [Parameter()] [System.Boolean] - $DeviceManagementBlockManualUnenroll, + $StartMenuHideRecentJumpLists, [Parameter()] - [ValidateSet('userDefined', 'strict', 'moderate')] - [System.String] - $SafeSearchFilter, + [System.Boolean] + $StartMenuHideRecentlyAddedApps, [Parameter()] [System.Boolean] - $EdgeBlockPopups, + $StartMenuHideRestartOptions, [Parameter()] [System.Boolean] - $EdgeBlockSearchSuggestions, + $StartMenuHideShutDown, [Parameter()] [System.Boolean] - $EdgeBlockSendingIntranetTrafficToInternetExplorer, + $StartMenuHideSignOut, [Parameter()] [System.Boolean] - $EdgeSendIntranetTrafficToInternetExplorer, + $StartMenuHideSleep, [Parameter()] [System.Boolean] - $EdgeRequireSmartScreen, + $StartMenuHideSwitchAccount, [Parameter()] - [System.String] - $EdgeEnterpriseModeSiteListLocation, + [System.Boolean] + $StartMenuHideUserTile, [Parameter()] [System.String] - $EdgeFirstRunUrl, + $StartMenuLayoutEdgeAssetsXml, [Parameter()] [System.String] - $EdgeSearchEngine, - - [Parameter()] - [System.String[]] - $EdgeHomepageUrls, + $StartMenuLayoutXml, [Parameter()] - [System.Boolean] - $EdgeBlockAccessToAboutFlags, + [ValidateSet('userDefined','fullScreen','nonFullScreen')] + [System.String] + $StartMenuMode, [Parameter()] - [System.Boolean] - $SmartScreenBlockPromptOverride, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderDocuments, [Parameter()] - [System.Boolean] - $SmartScreenBlockPromptOverrideForFiles, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderDownloads, [Parameter()] - [System.Boolean] - $WebRtcBlockLocalhostIpAddress, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderFileExplorer, [Parameter()] - [System.Boolean] - $InternetSharingBlocked, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderHomeGroup, [Parameter()] - [System.Boolean] - $SettingsBlockAddProvisioningPackage, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderMusic, [Parameter()] - [System.Boolean] - $SettingsBlockRemoveProvisioningPackage, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderNetwork, [Parameter()] - [System.Boolean] - $SettingsBlockChangeSystemTime, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderPersonalFolder, [Parameter()] - [System.Boolean] - $SettingsBlockEditDeviceName, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderPictures, [Parameter()] - [System.Boolean] - $SettingsBlockChangeRegion, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderSettings, [Parameter()] - [System.Boolean] - $SettingsBlockChangeLanguage, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderVideos, [Parameter()] [System.Boolean] - $SettingsBlockChangePowerSleep, + $StorageBlockRemovableStorage, [Parameter()] [System.Boolean] - $LocationServicesBlocked, + $StorageRequireMobileDeviceEncryption, [Parameter()] [System.Boolean] - $MicrosoftAccountBlocked, + $StorageRestrictAppDataToSystemVolume, [Parameter()] [System.Boolean] - $MicrosoftAccountBlockSettingsSync, + $StorageRestrictAppInstallToSystemVolume, [Parameter()] - [System.Boolean] - $NfcBlocked, + [System.String] + $SystemTelemetryProxyServer, [Parameter()] [System.Boolean] - $ResetProtectionModeBlocked, + $TaskManagerBlockEndTask, [Parameter()] [System.Boolean] - $ScreenCaptureBlocked, + $TenantLockdownRequireNetworkDuringOutOfBoxExperience, [Parameter()] [System.Boolean] - $StorageBlockRemovableStorage, + $UninstallBuiltInApps, [Parameter()] [System.Boolean] - $StorageRequireMobileDeviceEncryption, + $UsbBlocked, [Parameter()] [System.Boolean] - $UsbBlocked, + $VoiceRecordingBlocked, [Parameter()] [System.Boolean] - $VoiceRecordingBlocked, + $WebRtcBlockLocalhostIpAddress, [Parameter()] [System.Boolean] @@ -2894,91 +4462,95 @@ function Test-TargetResource $WiFiBlockManualConfiguration, [Parameter()] - [System.Uint64] + [System.Int32] $WiFiScanInterval, [Parameter()] - [System.Boolean] - $WirelessDisplayBlockProjectionToThisDevice, + [Microsoft.Management.Infrastructure.CimInstance] + $Windows10AppsForceUpdateSchedule, [Parameter()] [System.Boolean] - $WirelessDisplayBlockUserInputFromReceiver, + $WindowsSpotlightBlockConsumerSpecificFeatures, [Parameter()] [System.Boolean] - $WirelessDisplayRequirePinForPairing, + $WindowsSpotlightBlocked, [Parameter()] [System.Boolean] - $WindowsStoreBlocked, - - [Parameter()] - [System.String] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - $AppsAllowTrustedAppsSideloading, + $WindowsSpotlightBlockOnActionCenter, [Parameter()] [System.Boolean] - $WindowsStoreBlockAutoUpdate, + $WindowsSpotlightBlockTailoredExperiences, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - [System.String] - $DeveloperUnlockSetting, + [System.Boolean] + $WindowsSpotlightBlockThirdPartyNotifications, [Parameter()] [System.Boolean] - $SharedUserAppDataAllowed, + $WindowsSpotlightBlockWelcomeExperience, [Parameter()] [System.Boolean] - $AppsBlockWindowsStoreOriginatedApps, + $WindowsSpotlightBlockWindowsTips, [Parameter()] - [System.Boolean] - $WindowsStoreEnablePrivateStoreOnly, + [ValidateSet('notConfigured','disabled','enabled')] + [System.String] + $WindowsSpotlightConfigureOnLockScreen, [Parameter()] [System.Boolean] - $StorageRestrictAppDataToSystemVolume, + $WindowsStoreBlockAutoUpdate, [Parameter()] [System.Boolean] - $StorageRestrictAppInstallToSystemVolume, + $WindowsStoreBlocked, [Parameter()] [System.Boolean] - $GameDvrBlocked, + $WindowsStoreEnablePrivateStoreOnly, [Parameter()] [System.Boolean] - $ExperienceBlockDeviceDiscovery, + $WirelessDisplayBlockProjectionToThisDevice, [Parameter()] [System.Boolean] - $ExperienceBlockErrorDialogWhenNoSIM, + $WirelessDisplayBlockUserInputFromReceiver, [Parameter()] [System.Boolean] - $ExperienceBlockTaskSwitcher, + $WirelessDisplayRequirePinForPairing, [Parameter()] - [System.Boolean] - $LogonBlockFastUserSwitching, + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, [Parameter()] [System.Boolean] - $TenantLockdownRequireNetworkDuringOutOfBoxExperience, + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, + #endregion - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -3009,109 +4581,69 @@ function Test-TargetResource Confirm-M365DSCDependencies #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of Device Configuration Policy {$DisplayName}" - - $CurrentValues = Get-TargetResource @PSBoundParameters - - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" - $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + Write-Verbose -Message "Testing configuration of the Intune Device Configuration Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" - # Check DefenderDetectedMalwareActions - if ($CurrentValues.DefenderDetectedMalwareActions.LowSeverity -ne $DefenderDetectedMalwareActions.LowSeverity -or - $CurrentValues.DefenderDetectedMalwareActions.ModerateSeverity -ne $DefenderDetectedMalwareActions.ModerateSeverity -or - $CurrentValues.DefenderDetectedMalwareActions.HighSeverity -ne $DefenderDetectedMalwareActions.HighSeverity -or - $CurrentValues.DefenderDetectedMalwareActions.SevereSeverity -ne $DefenderDetectedMalwareActions.SevereSeverity) - { - Write-Verbose -Message "Test-TargetResource returned $false" - return $false - } - $ValuesToCheck.Remove('DefenderDetectedMalwareActions') | Out-Null + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false } - #region Assignments $testResult = $true - if ((-not $CurrentValues.Assignments) -xor (-not $ValuesToCheck.Assignments)) - { - Write-Verbose -Message 'Configuration drift: one the assignment is null' - return $false - } - - if ($CurrentValues.Assignments) - { - if ($CurrentValues.Assignments.count -ne $ValuesToCheck.Assignments.count) - { - Write-Verbose -Message "Configuration drift: Number of assignment has changed - current {$($CurrentValues.Assignments.count)} target {$($ValuesToCheck.Assignments.count)}" - return $false - } - foreach ($assignment in $CurrentValues.Assignments) - { - #GroupId Assignment - if (-not [String]::IsNullOrEmpty($assignment.groupId)) - { - $source = [Array]$ValuesToCheck.Assignments | Where-Object -FilterScript { $_.groupId -eq $assignment.groupId } - if (-not $source) - { - Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" - $testResult = $false - break - } - $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment - } - #AllDevices/AllUsers assignment - else - { - $source = [Array]$ValuesToCheck.Assignments | Where-Object -FilterScript { $_.dataType -eq $assignment.dataType } - if (-not $source) - { - Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" - $testResult = $false - break - } - $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment - } + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - if (-not $testResult) + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) { $testResult = $false break } + + $ValuesToCheck.Remove($key) | Out-Null } } - if (-not $testResult) + + $ValuesToCheck.remove("Id") | Out-Null + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) { - return $false + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys } - $ValuesToCheck.Remove('Assignments') | Out-Null - #endregion - - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys - Write-Verbose -Message "Test-TargetResource returned $TestResult" + Write-Verbose -Message "Test-TargetResource returned $testResult" - return $TestResult + return $testResult } function Export-TargetResource @@ -3120,10 +4652,6 @@ function Export-TargetResource [OutputType([System.String])] param ( - [Parameter()] - [System.String] - $Filter, - [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -3157,7 +4685,7 @@ function Export-TargetResource Confirm-M365DSCDependencies #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` @@ -3167,12 +4695,18 @@ function Export-TargetResource try { - [array]$policies = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop -All:$true -Filter $Filter | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' } + #region resource generator code + [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' ` + } + #endregion + $i = 1 $dscContent = '' - if ($policies.Length -eq 0) + if ($getValue.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } @@ -3180,11 +4714,17 @@ function Export-TargetResource { Write-Host "`r`n" -NoNewline } - foreach ($policy in $policies) + foreach ($config in $getValue) { - Write-Host " |---[$i/$($policies.Count)] $($policy.DisplayName)" -NoNewline + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - DisplayName = $policy.DisplayName + Id = $config.Id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -3193,25 +4733,83 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent } + $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - - if ($Results.DefenderDetectedMalwareActions) + if ($null -ne $Results.DefenderDetectedMalwareActions) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.DefenderDetectedMalwareActions ` + -CIMInstanceName 'MicrosoftGraphdefenderDetectedMalwareActions1' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.DefenderDetectedMalwareActions = $complexTypeStringResult + } + else + { + $Results.Remove('DefenderDetectedMalwareActions') | Out-Null + } + } + if ($null -ne $Results.EdgeHomeButtonConfiguration) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.EdgeHomeButtonConfiguration ` + -CIMInstanceName 'MicrosoftGraphedgeHomeButtonConfiguration' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.EdgeHomeButtonConfiguration = $complexTypeStringResult + } + else + { + $Results.Remove('EdgeHomeButtonConfiguration') | Out-Null + } + } + if ($null -ne $Results.EdgeSearchEngine) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.EdgeSearchEngine ` + -CIMInstanceName 'MicrosoftGraphedgeSearchEngineBase' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.EdgeSearchEngine = $complexTypeStringResult + } + else + { + $Results.Remove('EdgeSearchEngine') | Out-Null + } + } + if ($null -ne $Results.NetworkProxyServer) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.NetworkProxyServer ` + -CIMInstanceName 'MicrosoftGraphwindows10NetworkProxyServer' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.NetworkProxyServer = $complexTypeStringResult + } + else + { + $Results.Remove('NetworkProxyServer') | Out-Null + } + } + if ($null -ne $Results.Windows10AppsForceUpdateSchedule) { - $StringContent = [System.Text.StringBuilder]::new() - $StringContent.AppendLine('MSFT_IntuneDefenderDetectedMalwareActions {') | Out-Null - $StringContent.AppendLine(" LowSeverity = '" + $Results.DefenderDetectedMalwareActions.LowSeverity + "'") | Out-Null - $StringContent.AppendLine(" ModerateSeverity = '" + $Results.DefenderDetectedMalwareActions.ModerateSeverity + "'") | Out-Null - $StringContent.AppendLine(" HighSeverity = '" + $Results.DefenderDetectedMalwareActions.HighSeverity + "'") | Out-Null - $StringContent.AppendLine(" SevereSeverity = '" + $Results.DefenderDetectedMalwareActions.SevereSeverity + "'") | Out-Null - $StringContent.AppendLine(' }') | Out-Null - $Results.DefenderDetectedMalwareActions = $StringContent.ToString() + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.Windows10AppsForceUpdateSchedule ` + -CIMInstanceName 'MicrosoftGraphwindows10AppsForceUpdateSchedule' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.Windows10AppsForceUpdateSchedule = $complexTypeStringResult + } + else + { + $Results.Remove('Windows10AppsForceUpdateSchedule') | Out-Null + } } if ($Results.Assignments) { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.Assignments) -CIMInstanceName DeviceManagementConfigurationPolicyAssignments - + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) { $Results.Assignments = $complexTypeStringResult @@ -3226,23 +4824,33 @@ function Export-TargetResource -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential - if ($Results.DefenderDetectedMalwareActions) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'DefenderDetectedMalwareActions' + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DefenderDetectedMalwareActions" -isCIMArray:$False + } + if ($Results.EdgeHomeButtonConfiguration) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EdgeHomeButtonConfiguration" -isCIMArray:$False + } + if ($Results.EdgeSearchEngine) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EdgeSearchEngine" -isCIMArray:$False + } + if ($Results.NetworkProxyServer) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "NetworkProxyServer" -isCIMArray:$False + } + if ($Results.Windows10AppsForceUpdateSchedule) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Windows10AppsForceUpdateSchedule" -isCIMArray:$False } - if ($Results.Assignments) { - $isCIMArray = $false - if ($Results.Assignments.getType().Fullname -like '*[[\]]') - { - $isCIMArray = $true - } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true } - + #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable + $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace("`r`n;`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -3255,11 +4863,6 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - if ($_.Exception -like '*401*') - { - Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." - } - New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` @@ -3270,88 +4873,57 @@ function Export-TargetResource } } -function Get-M365DSCIntuneDeviceConfigurationPolicyWindowsAdditionalProperties -{ - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param - ( - [Parameter(Mandatory = 'true')] - [System.Collections.Hashtable] - $Properties - ) - - $results = @{'@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' } - foreach ($property in $properties.Keys) - { - if ($property -ne 'Verbose') - { - $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) - if ($propertyName -eq 'defenderDetectedMalwareActions') - { - $propertyValue = @{ - lowSeverity = $properties.$property.lowSeverity - moderateSeverity = $properties.$property.moderateSeverity - highSeverity = $properties.$property.highSeverity - severeSeverity = $properties.$property.severeSeverity - } - } - else - { - $propertyValue = $properties.$property - } - $results.Add($propertyName, $propertyValue) - } - } - return $results -} - -function Update-DeviceConfigurationPolicyAssignments +function Update-DeviceConfigurationPolicyAssignment { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] - param - ( + param ( [Parameter(Mandatory = 'true')] [System.String] $DeviceConfigurationPolicyId, [Parameter()] [Array] - $Targets - ) + $Targets, + + [Parameter()] + [System.String] + $Repository = 'deviceManagement/configurationPolicies', + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion = 'beta' + ) try { - $configurationPolicyAssignments = @() - - $Uri = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/$DeviceConfigurationPolicyId/assign" + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" foreach ($target in $targets) { - $formattedTarget = @{'@odata.type' = $target.dataType } + $formattedTarget = @{"@odata.type" = $target.dataType} if ($target.groupId) { - $formattedTarget.Add('groupId', $target.groupId) + $formattedTarget.Add('groupId',$target.groupId) } if ($target.collectionId) { - $formattedTarget.Add('collectionId', $target.collectionId) + $formattedTarget.Add('collectionId',$target.collectionId) } if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) } if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) } - $configurationPolicyAssignments += @{'target' = $formattedTarget } + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} } - $body = @{'assignments' = $configurationPolicyAssignments } | ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - } catch { @@ -3365,33 +4937,82 @@ function Update-DeviceConfigurationPolicyAssignments } } -function Get-M365DSCDRGComplexTypeToHashtable +function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([hashtable], [hashtable[]])] - param - ( - [Parameter()] - $ComplexObject + [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $Properties ) - if ($null -eq $ComplexObject) - { - return $null + $keyToRename = @{ + "odataType" = "@odata.type" } + $result = $Properties + + $type = $Properties.getType().FullName + + #region Array + if ($type -like '*[[\]]') + { + $values = @() + foreach ($item in $Properties) + { + $values += Rename-M365DSCCimInstanceParameter $item + } + $result = $values + + return ,$result + } + #endregion - if ($ComplexObject.getType().Fullname -like '*hashtable') + #region Single + if ($type -like "*Hashtable") { - return $ComplexObject + $result = ([Hashtable]$Properties).clone() } - if ($ComplexObject.getType().Fullname -like '*hashtable[[\]]') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') { - return [hashtable[]]$ComplexObject + $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) + { + $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + if ($key -in $keyToRename.Keys) + { + $keyName = $keyToRename.$key + } + + $property = $hashProperties.$key + if ($null -ne $property) + { + $hashProperties.Remove($key) + $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + } + } + $result = $hashProperties } + return $result + #endregion +} + +function Get-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter()] + $ComplexObject + ) + if ($null -eq $ComplexObject) + { + return $null + } - if ($ComplexObject.gettype().fullname -like '*[[\]]') + if ($ComplexObject.gettype().fullname -like "*[[\]]") { $results = @() @@ -3407,41 +5028,104 @@ function Get-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return , [hashtable[]]$results + return ,[hashtable[]]$results + } + + if ($ComplexObject.getType().fullname -like '*Dictionary*') + { + $results = @{} + + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys + foreach ($key in $keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyName = $key + + $keyType = $ComplexObject.$key.gettype().fullname + + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$key) + } + } + } + return [hashtable]$results } $results = @{} - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' -and $_.Name -ne 'AdditionalProperties' } - foreach ($key in $keys) + if ($ComplexObject.getType().Fullname -like "*hashtable") + { + $keys = $ComplexObject.keys + } + else { + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + } - if ($ComplexObject.$($key.Name)) + foreach ($key in $keys) + { + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike "*hashtable") { - $keyName = $key.Name[0].ToString().ToLower() + $key.Name.Substring(1, $key.Name.Length - 1) + $keyName = $key.Name + } - if ($ComplexObject.$($key.Name).gettype().fullname -like '*CimInstance*') + if ($null -ne $ComplexObject.$keyName) + { + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") { - $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$($key.Name) + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName $results.Add($keyName, $hash) } else { - $results.Add($keyName, $ComplexObject.$($key.Name)) + $results.Add($keyName, $ComplexObject.$keyName) } } } - return [hashtable]$results } +<# + Use ComplexTypeMapping to overwrite the type of nested CIM + Example + $complexMapping=@( + @{ + Name="ApprovalStages" + CimInstanceName="MSFT_MicrosoftGraphapprovalstage1" + IsRequired=$false + } + @{ + Name="PrimaryApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + @{ + Name="EscalationApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + ) + With + Name: the name of the parameter to be overwritten + CimInstanceName: The type of the CIM instance (can include or not the prefix MSFT_) + IsRequired: If isRequired equals true, an empty hashtable or array will be returned. Some of the Graph parameters are required even though they are empty +#> function Get-M365DSCDRGComplexTypeToString { [CmdletBinding()] - #[OutputType([System.String])] - param - ( + param( [Parameter()] $ComplexObject, @@ -3457,6 +5141,10 @@ function Get-M365DSCDRGComplexTypeToString [System.String] $Whitespace = '', + [Parameter()] + [System.uint32] + $IndentLevel = 3, + [Parameter()] [switch] $isArray = $false @@ -3467,53 +5155,77 @@ function Get-M365DSCDRGComplexTypeToString return $null } + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' + } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like '*[[\]]') + if ($ComplexObject.GetType().FullName -like "*[[\]]") { $currentProperty = @() + $IndentLevel++ foreach ($item in $ComplexObject) { - $split = @{ + $splat = @{ 'ComplexObject' = $item 'CIMInstanceName' = $CIMInstanceName - 'Whitespace' = " $whitespace" + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $split.add('ComplexTypeMapping', $ComplexTypeMapping) + $splat.add('ComplexTypeMapping',$ComplexTypeMapping) } - $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @split - + $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return , $currentProperty + return ,$currentProperty } $currentProperty = '' if ($isArray) { $currentProperty += "`r`n" + $currentProperty += $indent + } + + $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $currentProperty += "MSFT_$CIMInstanceName{`r`n" + $IndentLevel++ + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' } - $currentProperty += "$whitespace`MSFT_$CIMInstanceName{`r`n" $keyNotNull = 0 - foreach ($key in $ComplexObject.Keys) + + if ($ComplexObject.Keys.count -eq 0) { + return $null + } - if ($ComplexObject[$key]) + foreach ($key in $ComplexObject.Keys) + { + if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject[$key].GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) { $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + { + $isArray = $true + } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType = ($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] } else @@ -3521,73 +5233,124 @@ function Get-M365DSCDRGComplexTypeToString $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if ($key -notin $ComplexTypeMapping.Name) + if (-not $isArray) { - $Whitespace += ' ' + $currentProperty += $indent + $key + ' = ' } - if (-not $isArray -or ($isArray -and $key -in $ComplexTypeMapping.Name )) + if ($isArray -and $key -in $ComplexTypeMapping.Name) { - $currentProperty += $whitespace + $key + ' = ' - if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') + if ($ComplexObject.$key.count -gt 0) { - $currentProperty += '@(' + $currentProperty += $indent + $key + ' = ' + $currentProperty += "@(" } } - if ($key -in $ComplexTypeMapping.Name) + if ($isArray) { - $Whitespace = '' - + $IndentLevel++ + foreach ($item in $ComplexObject[$key]) + { + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + { + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "@()`r`n" + } + $currentProperty += $nestedPropertyString + } + $IndentLevel-- } - $currentProperty += Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -Whitespace $Whitespace ` - -ComplexTypeMapping $ComplexTypeMapping - - if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') + else + { + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "`$null`r`n" + } + $currentProperty += $nestedPropertyString + } + if ($isArray) { - $currentProperty += ')' + if ($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $currentProperty += ')' + $currentProperty += "`r`n" + } } + $isArray = $PSBoundParameters.IsArray } else { - if (-not $isArray) - { - $Whitespace = ' ' - } - $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($Whitespace + ' ') + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($indent) } } else { - $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } + $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} if ($mappedKey -and $mappedKey.isRequired) { if ($mappedKey.isArray) { - $currentProperty += "$Whitespace $key = @()`r`n" + $currentProperty += "$indent$key = @()`r`n" } else { - $currentProperty += "$Whitespace $key = `$null`r`n" + $currentProperty += "$indent$key = `$null`r`n" } } } } - $currentProperty += "$Whitespace}" + $indent = '' + for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + { + $indent += ' ' + } + $currentProperty += "$indent}" + if ($isArray -or $IndentLevel -gt 4) + { + $currentProperty += "`r`n" + } + + #Indenting last parenthese when the cim instance is an array + if ($IndentLevel -eq 5) + { + $indent = '' + for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + { + $indent += ' ' + } + $currentProperty += $indent + } + $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") + { + $currentProperty = $null + } return $currentProperty } -function Get-M365DSCDRGSimpleObjectTypeToString +Function Get-M365DSCDRGSimpleObjectTypeToString { [CmdletBinding()] [OutputType([System.String])] - param - ( + param( [Parameter(Mandatory = 'true')] [System.String] $Key, @@ -3598,30 +5361,31 @@ function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] $Space = ' ' - ) + + ) $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - '*.Boolean' + "*.Boolean" { $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - '*.String' + "*.String" { if ($key -eq '@odata.type') { - $key = 'odataType' + $key ='odataType' } $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - '*.DateTime' + "*.DateTime" { $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - '*[[\]]' + "*[[\]]" { - $returnValue = $Space + $key + ' = @(' + $returnValue = $Space + $key + " = @(" $whitespace = '' $newline = '' if ($Value.count -gt 1) @@ -3630,15 +5394,15 @@ function Get-M365DSCDRGSimpleObjectTypeToString $whitespace = $Space + ' ' $newline = "`r`n" } - foreach ($item in $Value) + foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) { - switch -Wildcard ($item.GetType().Fullname ) + switch -Wildcard ($item.GetType().Fullname) { - '*.String' + "*.String" { $returnValue += "$whitespace'$item'$newline" } - '*.DateTime' + "*.DateTime" { $returnValue += "$whitespace'$item'$newline" } @@ -3660,7 +5424,7 @@ function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" + $returnValue = $Space + $Key + " = " + $Value + "`r`n" } } return $returnValue @@ -3670,17 +5434,15 @@ function Compare-M365DSCComplexObject { [CmdletBinding()] [OutputType([System.Boolean])] - param - ( + param( [Parameter()] $Source, - [Parameter()] $Target ) #Comparing full objects - if ($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } @@ -3702,7 +5464,7 @@ function Compare-M365DSCComplexObject return $false } - if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') + if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") { if ($source.count -ne $target.count) { @@ -3714,51 +5476,44 @@ function Compare-M365DSCComplexObject return $true } - $i = 0 foreach ($item in $Source) { + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) + { + $compareResult = Compare-M365DSCComplexObject ` + -Source $hashSource ` + -Target $targetItem - $compareResult = Compare-M365DSCComplexObject ` - -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source[$i]) ` - -Target $Target[$i] + if ($compareResult) + { + break + } + } if (-not $compareResult) { Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } - $i++ } return $true } - $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } + $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} foreach ($key in $keys) { - #write-verbose -message "Comparing key: {$key}" #Matching possible key names between Source and Target $skey = $key $tkey = $key - if ($key -eq 'odataType') - { - $skey = '@odata.type' - } - else - { - $tmpkey = $Target.keys | Where-Object -FilterScript { $_ -eq "$key" } - if ($tkey) - { - $tkey = $tmpkey | Select-Object -First 1 - } - } $sourceValue = $Source.$key $targetValue = $Target.$tkey #One of the item is null and not the other - if (($null -eq $Source.$skey) -xor ($null -eq $Target.$tkey)) + if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if ($null -eq $Source.$skey) + if ($null -eq $Source.$key) { $sourceValue = 'null' } @@ -3768,23 +5523,23 @@ function Compare-M365DSCComplexObject $targetValue = 'null' } - Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" return $false } #Both keys aren't null or empty - if (($null -ne $Source.$skey) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if ($Source.$skey.getType().FullName -like '*CimInstance*' -or $Source.$skey.getType().FullName -like '*hashtable*' ) + if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") { #Recursive call for complex object $compareResult = Compare-M365DSCComplexObject ` - -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$skey) ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" return $false } } @@ -3792,35 +5547,47 @@ function Compare-M365DSCComplexObject { #Simple object comparison $referenceObject = $Target.$tkey - $differenceObject = $Source.$skey + $differenceObject = $Source.$key - $compareResult = Compare-Object ` - -ReferenceObject ($referenceObject) ` - -DifferenceObject ($differenceObject) + #Identifying date from the current values + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like "*Date*") + { + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) + { + $compareResult = $null + } + } + else + { + $compareResult = Compare-Object ` + -ReferenceObject ($referenceObject) ` + -DifferenceObject ($differenceObject) + } if ($null -ne $compareResult) { - Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" return $false } } } } - return $true } function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable], [hashtable[]])] - param - ( + [OutputType([hashtable],[hashtable[]])] + param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if ($ComplexObject.getType().Fullname -like '*[[\]]') + if ($ComplexObject.getType().Fullname -like "*[[\]]") { $results = @() foreach ($item in $ComplexObject) @@ -3833,18 +5600,17 @@ function Convert-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return , [hashtable[]]$results + return ,[hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if ($hashComplexObject) + if ($null -ne $hashComplexObject) { - $results = $hashComplexObject.clone() - $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } + $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} foreach ($key in $keys) { - if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") { $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } @@ -3853,7 +5619,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) $propertyValue = $results[$key] $results.remove($key) | Out-Null - $results.add($propertyName, $propertyValue) + $results.add($propertyName,$propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.schema.mof index bd7b26b064b81782fe7531a17e9afa8232b3cf19..820a0213e79fff11cb35b3a56c417bb065f2ecce 100644 GIT binary patch literal 62143 zcmeI5ZF3vPvF~4Be~K;Ns%xpPBujCe#7W&36e-%w5k*Fztkg}VPA!2Y2@Bjsuz)Bg zmG6Fj|L&Q60D%GcU?)zJbIJmN-I<=A?w)?0KkZKPy8gbH)#Ivs^!bZt&-H(wKmPM) zL;a8)4)#y}d$0I79u|jrnV%PzMLFNC%CqtLVwTT&>A0GVhu1rGJw7k>WBu9RKFj#u zpWe^L^WsUiSJcDVc&bMqeSUILWb^B3kyU5eT%YsVc`?tJDZKsc^T$uJ@AJum>85}C z{C{7LhqJ1#&gRd~XZiGk|5l4>JK2f7|M`=f59X7}Yk)56V)U+Nd0W2YOWo?};?r=l z5Zb=o7N%hrZ;sB{ZZ(+{Lt*Czgntj1sQ=yZ@aJqWpN-4&Y?ROQ6UgUx+fmrrcrq_$ zYiTVTKP#SPue6OLC~}q^l=ksic3eS_r;{T4C`zoed{+FntV*bP?2kOjZ1+dS620mn zs4+anr|{V4oxNQDOuJ5FxSeveGo7|<*AmFSEo=)+9E{@X11`>3<~qi^<@5)m4clP6 zngPQ6BA;jDx;t^;|Gdli&HVP_#^Hwz=WIR4BbQu<=d;I%xJXs)K$`RKzx(V@D}>^b zNIZ;k>061Vz2dAWN5yQfn8VA(=rEsLK{GqX*Y%5(L_8=*<6%A*ks&I5m@Ky!vw4Mp z{7_`tw2SfiMOGId3#96G7A63rvjW_X!n~^~m!BoS89iT2=1;QWq{z!B*9%|7bybUks48F z2PauRx*V5ieihOhJ1?8gijgZ8XeFkP@Ph`<3LDvUox{Durx5deCJk>C)R%g#aud{= zQ!IofiVIV)=lZd`o6Em6m=a5Mm%2g8KCZ@?yjowLUCigxI-88k4;hx;JRg^`S)^@? z1bxu#)8!;X7svFKQXHPE(Y)pvm>OR$E}z&d^+h$CXJvj_WO*qSx`>>rj{#@C8(p?t z2EU#8kC&5ov&oOb!(Du>B&WzpdSjk-7S8g+GvzPaz`uF2<1R1}0{-&5;RkIJr zv+C3JpqQb9Cy9SFniaTCq`k9MQ@zE8>9uFsz{Kt~dkSm#bK}yUL&?8{2)_937ab|Q zbb7x#btIio=nz0X^a>^Wbo4hzBhWl8qY7X zt6Jh$U0ZA4i-PwSn-ms$}Y9@9JW|n!VP;4Z7}T=rtsPVO}%luy{8`v=)QmMKM}T zl0xxqFx!sBa1n!6fC`FL{uB)ck#5Bm2Kk#aFvK2w7;!JdUj{9!(Xr@K71 z@zI8FT1XQ+c7O+Owvg?(kbsA*=6U@g8(&@)qcJF%Txa7mOl;2SJ^nlyBgvqTK<(4K z#u616IIZD?r8rLgU5*>AI> z!-N0U8T_`Ws|5>4iKEuEjhw~OB_EJaFJ;;r9%PzlXS3>3ETm(rxP<(0L=3A%IN*dX zH_>^6?ZUxfxZTBtypAYP~QY+B4N$0$#tJv%Ok z7kPP(lqliG$;6@yS>=a^lN_M~oMjV4i-<4(2#IKm3_Q~@{a`btb6j&M%&S@dDCjv< z4+jUPsd7Hxhc|umh*SE&=T9L1?{WPPLH;39G?|(6P_%y zG2T(16E9$SEtP?2$0f_M4fNx>kNvJ+*p_jXU)NzukcnzhgDd%o z>*8|!6mKZ=j*7{c&4H(n^Wg{VtZYBO8$rggqr5iK-F`N35>P%6m zR%~&c*&>F;Y%bFnPK?5&9>XFsk&DrGQpDI#QUq$Pu6QdgM8e|;k??#09Ze+b6Se^#z2Gxvt zg_y}utjmB;sk>2A6SyW!!e}p zd)b_WrR=FBJ3Xk5O<*&yy|J@*V$bi{B;uL`glo6@eQ}!Y%0dTcDApJ}AE6z#OqK$C z9L~D!SRg$74>?GCm||4}82zA3pu{%~iot$&VF-1LanX?$#k{IeY-Gc6AWKG%B%@`< z+rC{CpQK1)zDWjh?!ak&>;(DNjA5iyj0Rz(q!@c2455|{jWd?cbRy7@(`f@_KH>zM zkM(Vjq#F=yke&9a1XAt>0m5QPFllBdvvi9D9DAK-rARz9Fo~&?>dMWPo6v2&rl$+^ z{T_92s*k4_uKC1t8AK1PDA6NzWtxx0MG%o>!bJs%xhkCi5C%WywY1b;2dJiTy~>2M zQ_0|JjJl^mjfA0Tcw08Mj{58D6pI4#C21m`jjO)i)F&SV!{roO=U?8u5X(kfRhQ(yEnB?r;h1B3# zg%Y&HSi9j78xBi1XPM<&fAE3G`TOHHeQ+USyDH!9-fOhKND3mu zd(++s*Y2xwiWbv0aKGKC*XY9AW!;+LL*jgr~bkgYk!Re#)vu0ddNI0{bJ(cI` z|1)U<%$s~=8<+*T2#9;;4XU$n@=Kmr%tMD{Emwmbneq#dM9@K+YGp2^eQm@ElvIIT zf)Q5dXvOEvHy{HIC76{O#$QzWT>aEvCuvEilw6Q~>E6H@zzk5nbgIAA!tEVHy|Gv4 z^chxD9fX)zeR|>RV}1Luv+WW-Az^W8D*JBpL{S?={y{`$!Mkii7n3a{)zH?skFLy# zPv)5Gf3h+-6ypho6Va*f(f+~l;Bjz(^kJG^Pvj-~Lk`t)H9 zOurY>rh0gdU)s#CN=pLWIH_#_-i>ybTYpX*FgwC`=J;#Zm!09@&_eTx$GuyVHoj+o z9F_iR`(^?Kec^{gM@Qfp>08xe1V>NCXefx5X@li8hga{Ed19Gl{@-KrSD$2mEoRjT zff7O}_(=QbSMODhE@h#GfAlgRdvAA-uv@>{oMI7UyIQEB?X}jPz?4LEwU{H{u$tvq zGorRIYs~>~aVxyQrX6U|XG$?1k79b~bMeX7%6iV;;f4R|7Y#`n2(L6Mo}VzwKMNcO zgp@fdMky|Ov$#A(enB-O{DYjCh$$VElfpc(ZMxowgWhr$SE1&cRjAoxz?U}OUKs8V zO+sNzfJ~t3+X8t4qu~s$8+4$qX6dg4BXT?2icM z0;%giLLf%c0|2>$ad9 zs7`QEQdWt0qNqAX-!a!IE}wVh75-b88K*TBGG^&ykB;B%U?95oAF2d!SX1Akd~x>> zofa4Q$1#B`iS2xZ^ZW-_qMo!5n)}JLe}rMJ*h@L*SLPYdeI|*TX@0GW922vP)20lE z80UQWtP#4{#n@#YhI5M_AQh@VEkuv4r(Wa8#fj_3I5(JpSk43%v7CwJvRqu;F%&@j zP+*LT`op}MuAyZ&O`tMQPCu2pO4wvE8q4|JHKuz{LRj`F|Jt)%YTEGN4Ql9YTii7^ zO@vXUgzJCE!UAGH4q0?0LX61=s*s-;7RqO3+V|2K0V45eM5Gpt!DkJ^KYdlTQ>t_4 zA#O!t1CNI%1Q6ze%q0%3`=3(-2=FJ%8#GCdFmZjYI6lV46b;OoWd z<=8wCYk0ncS2h*B^STBshI$f)bj5Oj+KmW0M#Raol1a&ytC~Z<_@6bOIEVCy;@(&R zJ`(ROiI2{tB7@GX{OK!MJFSSMJ1>7HChp3jpK{ilRA)%tuVw?=m_f5I30hkl9Av+P z6O)s{k0>Rj1-)gZzWUa^r7y$d;nZbo?m54iz+J<4m9iWrHxmw;2%d<0&Pqc`Ek=rPYwP+l9Ai)G}f3y$e#(N$wb4;D9i7weL)f zi|<4>7>dB^42Y*7hWKhs`FC`ehuDbluS(8x?v#u&!W3QQJLCr>bq7 z_7dMMnp32$5ji_@3NPFqh*siC4il28l;-t7WPA4Vp1r$;fq0mI%65<6A;Oj8gEC3< zZ?2DFcA;gJOW?)xRXzcS=F{$Uai7gTGxMw>XC9<@PGW-_H`vyqA|T=3^k$`t<_Ep) zX1rA;rQW>dMr4tI8U@KKT)4mZr3in? zg{#ybo5C~ojpmu)p!`n5C*a%FH14z0UWhoQ38VMTGk3;!Ox?KoA{S|f)~a9)U+DKi zepa|rR+HA%W{NDU!;RL7@$Z`Ms<)Q-C^Z3Gw50krQ?yF$syVuR_ajYklTW3v&I2?A zDVcY^fp43Qz~Lo$EDf3 zyZMt(eRH2p9~M?3iV}R8Iw^CD%;Ntc;T5S(z*6p{HGJ4J`$M0DPG-l_2KAl>q2_(E z3ILmwPaVg>77urj5TJc$z;5;iq!3`?G9!AESEfBt-4ZhHp?`9}rWa&0*m)AuZucxZ zq3twcqwM2^CRj|3Nijbvy%6Az+p-F(UV6!*d|H$$_cVW{LG4aF<)5IA>g&xAd#1^| z(uYdG+VkAy9tQOEAbC6`CBp2DG#}^ZC0TpaODj0x+A=jx05&I{J~Gcly&$C{Ct{q> z@mH)Nx(>6+eWm6bJ{~=aXp>n z*LY$zs+>FDj>fze-a4_Dj?T`Kp`QBz)GJch+X|j^X#$=qG%szYx$;86i`AOpt*1&u zIc}=qeWs#CqeT6sVtoBf0k6F$Kf?IT1KQn}4aFi~%|MR3N1a{qZjw}UV_0}fkQbP@{eE!Nt~luHI*l!pRFNPvk4OifqC0}n2xIE2+p7Jcqz|^=uq&29-V?FNz6eI08VfJC0{eDQq?| zIh8nSfn*udA4+Xee=fYqXj`invfG79{GM3RW~{Zk14;jI8w(Ue8Pu!H>js~kp{{hC z=)F6_(9*4Oup!XXakm2^nF5_!{HlpB^AD2FE~Je5_w$dk>elVVD`IxdBX`7r({3k4 zVCxNNvj7rPy8u>fG)N@dSi>{&iR8#|{_7ki8Ddr-BQKY07@9rb=P7(DJhb6lOrhRa zd{C-XPbFtYWr72-IIL!5-s#&QZ^+l$8X?V)FXa|u!~|Ya0Is49C(7Sb#^gSw)vVe6 zo|w8FzHP)N%Wd4rspJ4_<%ql^N`AvXL$C?-d&HY$%`zOVQ*e}6%&NJBf)g@jZ{;wv{5x zVOcP!GS}8k;lJKthKA`l@MZOgZpbjNQCF>Kkw48(V&AkZ8lGMa&VV$I^87m=FacAF zetg*y{_TMfD)h@jz395Vb3l^`YY7j%5_P`bQ)^)DbocT0EaSf#TRkA$?Lig*s!2Ac z^8#vRbIx|uwG^O(_RTv2*h-xiv2trQxMRcBBw1vq&RGpGPL?21({%HI+03A$YK(I2wa8kv2W6S_B$vz6b!=gW-5osC%jBXs| zR@iE|0e=xf-iw<%S%qu%sjY(EN>gZMQIvy*dWk;5C#XYgkyvn^pPK2W4o)%gDJcl) zD|YOIfSJU?TL9Q@&B>8=I?3rSB~wspfQw_tfAn=mo~MCX2Q+*ZQQ;A}hhq3fSXipn z3LAmSS)fpI*-_~o(PR*&V1~Lv7)p#JzlhYB;?vmjjoUL^px@Z1UA-NZ6&=4v=5Vi{Qt}>Vr`94= zTvp&oMXUF{wR1)D#dE`rC9$6f-wvJbQS!vHJ+q;;)6{|_2)C-eC|GZ&sc4t`Wu!t;)Q*=dXt`Q9n3^bYQp4Ri`W;_t=CeC<+woUN}<-|p~@fVwCfQ=MfQP;{}1l! z*h(~v=*dEtCX23%R!a51m`LQ2!?`#m6FnZ}12h5B?5ES^9}e+HkNJLsZ0XO0lxe5p zk2Q1M_$5x35>F33Q;(|uO9&Qz2&ma!q`m0_bMc!l!#-J72xlnn=Y<@lW(sHnxuhfH z-^P*=L_ad5SUR=C{z3=TTRqGA$rGZG=TBe!@|Vw_ak#g#0IBr#v+OyCckEGLDhHGy zR%Ku4eQ|QgzmR;hHM8DgZmpXRXqlm0m;<`K**X#|?d$gthxj4NN0XgF@1}+a$jt#{ z9hQ3dZuQl4>*6?(wY0?Hsp>0JKYVnFWvTY2(r?540ed z5j%!p?*_;k$XQrDw5fM0I?_Uo(gy4NSh4vag9~YrVYgCUx&yzYQO=Ui()~GsyVNG$ z!}YW5=H1G3lK`{PEri#Q1|36nQX#HGJj_oT2V7hX*+u_Qla#uh%p?w|fGf!lO^)J+ zqL_ZG>ckDgF}{lU3-9u&c{wEnH@(>tb_4XRLn6sY@ApI+B>R9ZE;qWvWbdVde?e1i zEtUGZ93n*Kgi0N*q=6iBPqWrR6rHOaJZ>C8e_ycNJEP-4EUuqY2UHH}kTmr`3aYF>#5 z!ANuq3aP&=#fx}fmBsA*IwRHtnxNCD4B&BiZ#~1Xw897&%1aOT*WSD;JU$Y(Pw_Qh zJvN*M%}xxv0-mUkkIN}pHP9h|K0>8`{`_(L$vjFm+B_)iS8q5}wt}PbrH_6>e+3NL z$>_K#3HgU&(HhgR_%TJF|MXa-H41?(Vkfu5;;V8r<-8*+3eAqQ$y!2*%VN2kNgEf? z(PPj!8$+2JkL<-}QjBNUQzSNy@*iC}k(EuK5S+LgQ=TKJ5E2M3(Z4LzIjX70iQrvx zUOUt>9ie~zKgW&Gbd8P@V~Gr3hzx)A_19m0-8C6gs{z#4>Qk6l%@N#xAp_N#qT`!6 zFjR&mH7NDl80h4wWX+DWL5O+xRW&=xJ#8w1=fjGD^9I|Pxi;;Abx%DT7pVZg0Odf7 zZ2=+<4cvSvD?|J4>zP*{FthAfPC#SNYS>L>7vH`+*ps1?Lsql`BPXv-(zJ%T4DeSr zn*EuP+&U($sRu~wdvNfYIk$pv*XG;`N2%R}sw|W4<_?-AU_ErV+r?XLTS|R*-7}tj zEq}cGV_&0cTCiD2hO99Nu_2-aai`|yoDNPvvz?*zobFt{Q$V5&JJA!J@^Rn{4h}J1 zNk)NHn~MW`7DOLJv$FSWL@B;+Dh9YCoB>C6QABGs1Ye|U4Jl-uaKXgD0_17tT6Q^z zCZuNz2T*>aHn|mJeo7ASsMxC^x8^^~U5>`xUiYD!L zx~YX0i;)y;S;f(<5n_(pb`W2F9mO;ZoKi;D%-wytRYDu;u#^W`2LXeFpc^KLqcJQY zMeT~=Ns3@2hS>&7X+iw#k7fK^^RL?VVBg?SbEV6lkss84LU6Y|ztPgDzVZ@U=}`3J zrHSHVZY|u|{bpL62YUV4(mbPzapfX#rV@k}PY!VTj8H}lKG}~B7DJQK>WL$k=6`n5Pf)UXin^1N&p!FWqaRa0!VG8 zW$b8(XBvj<@$`T(j zl_*7fBY6|ih^Y3vk(<^dx*lD3!7$`*MY^< zD)uIE#gEPha)QP0p>`T2$ED3bJ=23Z+ULnzVlBxaV`8IQ-2>!awrk}TuySi>XEg1N zS{sLoRkTE32XxPws|d1V%iT1JGpa7f(HImn;V=4eI6&i0w6_C=(DpNRV!A4I8w164OYY(}S)rNV~9VH>j*K=Z5RWj}eOs|#+eU5`a z4!$W!gG+EhSJ7VrISh3x0NGpDljfBo(S3Zihwn{~U-Ms)3m^LU)KQ! zb+D$nF&&V)1g_na835cSBm&t}OX$YInVH}T5+5w4GAubIf#5mSBx2sGJ zYMeb2dQ!t_HLqbxsbQ8q5SG8RE!@*&)V$Az$SQH`i)RzSuBYOdl&Mu59uC;0a`Yt! zZz1P%uY zakvedUoUI%v1{A=&i`5`neg`3Qfm(XD$EH@`E6;vnM zw(jgcmI^ec+oAgEtF^1n5CAnef@8J^MvQCqbdz+_W{~r3Oe{F)q>-R`u^C3erf4<( z0)ZTqT|=iD5&#+*<(?No$u0#Yx}Z9}u(b#cP~qsUyd8FeWLyY> zwyjeyu2{vIJD7E-uE4vbZqhxNI-gv;38O}W9h<9EVFO-$62xUFHbTCSwX@-7QI~E$ zvC`oPdw59yj9N#!C4~e)c|aueb&dyD7=&`f-LrCk^&pF1hP{-pXM-GEHY$z}-k<@i zsjycmqT7dl7hk;Ke_!agFJAoOt6zR$N=Gp4@viZGN1qBF8oZ^jzxn2Z8RE(fXcwh( z&8ODcPS#sYER-}{560>_njpy&v2*~MN|fn1=!vL_^yMLQpr^E1eDv2}byc=F9XTH1 z-96q*&S;homl&%~K5(tEG8dlGD#%nDYO=WNYm@vKU;Eol_GYR1h57!+E(z2?-f- zAk#!=z_V@FJ6sXmrLZ*TZX5v-O-_E93g~I;z?g+7n=PCa<@x+#X|2DMgnRL;^-Fzi zZzVU)=Cbr!D3A*$vEV*x13Nem*$mn-m|@{s&&_pekfXDMW{A*N){Kpy_HTfs#du8d zYzV^6sThiw70xkB=(u^KMcf5tQF<1tv$65erhQ0>%s>LR{YH{(ggd_*h*vUi$T{4U zXx~s+v;RsWTBBdNl0h|<_Y%)1Q&?lc4RY$Q6FvY;SJ~>lVm`+99sUe2bycrz-)K&! zi2AtV4IRw3L3T$xET+hOj)Vn_5<-5&Q^urPD`$D>vZWV>0>4ob1SLZaR_jgvR(D!S7l+|L~@yh7%B z4|eF`m?#H@u3l8tcuPZS)*9)Ab1d2dN^~u&9h;U?fC;ItspPKvGjzaeNm`?7lx=ZHi1>&q0C;0&$@Vt-D-CiZv)O3Tg* zG9IDmkzy0BA_h}cZ3U>oh3!oG8u@0AIDQbkFR#g3Ow8z}uY`FBwqrtsz9HT4Lr}b} zp#d@cU}yB;-;P)sQ#&km({1jng6)Bg>%T4CHnBR8-)FY(Y;OjV61V2H?YFzjLJ8#m zXS1TPky&jK9r>*U3sH(g* z%l%k;&}Gnnvpx7p_@JxbnXvsg*6(cn|4=1w#SZ*iF~E%-*oFt>-BC`rIby>7Y#tTI zrKP@MQn<`3Z&?JvkKE+^2aTzp(R1t-0p=(oQes0Sl+8D~VEYl-N%Bt9oIqIteDzpv zT{$LbSAFT6ai-{;-JNJew^FDJLL#tTq7OZC0QwdzL9?1 zU3rdx(Q9&?#5nMkbrWL0Fcp?bNTzv`?Gef_7PQtW1CQCaB^N89bzTep=Y2d>2{uTf z+Nj0Q=^e{|61WdkgSOi{<&_D2Oip zH4;$h;Y9GuZfk3uqDwfaZFcW=*Fn~KR{k%0m=E#kt|M&Yqm2!2ceNO_giTq<1L7Yi zqokJmQ_0z+H%k}!{{3z~RWS56Xdf$C!0@X8Axl+B5a|n6D&3pGp0c4S@d;1dae=2g zn~cEJSylBE*{a2~2M7HS&leKOUdbdcuAK;D61hJKwetE% zBl2^EZY~_kOZ}?{23BA;X%(--pq}l(n0G`-&?s9Uerjw20q+m@9N@K z^To(~erf4=P!*y5Pj1?}R4X^N2!W0HU^GKtNH2DVib6g+89(SWA~b_= z1%W$YqL6v<2P>6Mk+ttxFJa%QxfN_4WhU*-I7M}5Yt zLk>?rinUM`H@>@x(~_8{rkL2b_jdMvZ*T2cx}04}7I^gT($6tU7GFrM3u%a^t_@=9 zCgNoYo1Wt4poJVlwaB{Hwu<5;C|slk6I3z{5$IN<{eg^Srllh|Kl7nI2wly=y3!{QVKl6e(F564|wa zAe=)X5wfq!bV$cxvM8-NQhp4m1njIh7jJG0&|7=_#{h;_%bp8v*<{@tbymXi$V4=&cFa zUybkG8zz;zjY$u8A6xV-n>hlJNbfhFqxCoIlMJRzF~TC6K_|M3V8;vF6C^`yM5c7v zWRSgh-tqAN`uSG`0W^rU&fFOxi_LD8gF;ofxGms5t}Hc!R&{%35-=oC29?#^+s=ga zbm4f*XphG`WEXmJjk%ZC_|bZ43uNn*UMEI`UOwp~tb`}1GocFJ&1gC{&$#q^=EJ6Q z(c*aKcMAjZd1*wx=?vNR$MwMDvAd1eI_=tCrtIK>N1gEa3)hKFTzj7Sw#b_n+qz_( zcB$%7A{XaXZiS?{7wme&Db^sul#RTm9)_OS%Dm<};#1u|uw-Yn@S0MMn7o|MV;7hQ zf>`2xGt@B+Rw8~;5~EV0B%QxVXRUh*cM|0NY6eoaaIM=_fTY>SS}^+dK{S>$1~dJB z0q%bB{KYrsv5C*j=w5cwh-7=qa`lB>`OLX(q$y}F1`V_Y9)ZHzY>oph%FqRW+8eZf9oQdO!8^WBLW1w zTtgBCWdT7YVB@!VHRkkDmcYRQ6TGDU2p8VrT_mO5xvzDxW~7{X ziRCoO*lW=3evObtehZ9$7c<50hGlbgnkwJoHOwvo_Inj?0S;c{4|jt^TiHXxYN*=X zUQdPQ>+y`GyTRhocf`KRFUU~8D!*Jz8~0rEAXP0+fe(*`ezR$kDUIqS$=KjVkjImB)0e!Hg;?$z;t47gLA@q!rP`bhOP)~O;Am*OH)-7=~@~e{L9b8Voh8@<3R;t#!d^q4d?{txGJo~! zUNxlBSm|?TG?qutguZ93e1}!m&yZ^JNmHtW|2s_?~>0jZ*J`PKH7{o+3=f8lAiA#AH#C(s&SN$u{ zi!UUBl(nHk3`L8tm`dClL*BdF;vwFNnXoHa6-ypX`_5jsbO}AF=<8M)kO~6CFmjvO z8p5fUEW(Ehd4Nq7ugO@Omm1khaf-u%@P|(RnyCx5r zps@vCM-<9o*eYu*d$j+Dy*F4@+)i>V&n}p>ROQ&<5jPG&TVWN`jEMAzVl*rlyZ!l{ z{QGSwk>|lTcgnFT#655~8~UR=!E*%Ty>kSnKha)uLzBhj3};N!r=8p8xZl;>JMy(C z>X<2k``m%1DR3sodOtp{r@}+V9k0rfzDjKS``8T~bcUom+t$#r4)lbM1Yc06W_Q(| zF32u;%J#?JM9^vS*So>Xh^*yug?II-y^*X3yX|}*E8WgT z^nxoaL2++KzSnOA6#S=q%q_|Mh20L2PpnM2!%bc1joga_p)b8uYkE2%(&I`OK=}i#&&FCRdwD5xHi9WH3$eCBrrH=A535%$~-v(t1~ixg4m%`s$AI!&`1&(S2bq;FM3~l}N&XG;U+OJS`N~vm=k1-AA7v4)#y} zyXijt?JS>OT#Z8;U%j?3hha$c3quOfaNLC1Up!y)Xaexy!S1!tb(Sfb;#oN=LtlIv zNrvVDS`g%*Mu;3ta^I5`7rNWJQ?hd%%#-Y}V9m4oVmwv#5C^oYHuSWmEzA6=Rp{iz zB^r6orjboZ%8L#gB}FZfn;~Za$4+zut8oiNXW%$djfeZ8^Y1N}-}LuFRy4;)GgB-- z?4@;u4QL)RaFWdE?A<|;hY=eRaFpZirSKWPpgub%UUM{{h`xX^0-EU4QuS~(!HkZ-iDm{p?%r-Q_|ePt!a{HnTY?W5(pjC!)zsjt7HBfDlLUeS?2 ztFMj}v(Sx^gBe<}qSDThT*uvO+fF!yLG`c#{LR~bLi0BWUxBF*@Fq z$QhT^2FSR;mln_rgik)dx$zsZLpW-x07m+FL%pL?y06Ej66;SX zc&B}(C7vd3a^Wc;@vzyGm}uO#Zit(r9A)D~sV07S+z}q~s{ecCaH7rbd6?7iigg$sJ*gBDcela40JUB6 zi>-}TuEMl2yed0EH^}tUTvq}2j{UaoB>T`DCWO6pN7$r!0SLAljqwdjI)5TM?WCgS zOGSB8Z#c6=OFh&DyOIDSx>0CQlYq;L2fTJwSpZ~u+RYRyM6`5VwJX-OvalRLzu(YsuO3;98MN@E?^Ub()?gHvBZE?D?&%J%a}a) zOsWSNM+z_t3sCZu7SH)PS~l4a{1PlAG5J70p75KH$Z@1>j?Sf@;1uOsiKcw(sTh1X zfsRcH49O^59xp?nqGBMeKUue-#pLJM59GU5(j_{a8(5O3I*--i&z-V?4 zdSS_7T_J@57@tj&%*IL4)pcJF2MJXyBG7i$c%}u?ba!8JHfqzj7rjBHT{V7VnHy(Z zYd5!O?owon372F_uGVY?Zm>R1xc`toIcC_JL<4mjFt^*j x&_eLL&;Hk+-qUr65{#bgaHbs57!UC#>6O}=s1Jpg4vd=T*T4Jh@4x%(e*ix0q3i$v literal 73952 zcmeI5?Qa{`mB#sX3-k}zZ$cK>BtYZD-M*#8evtK&sB2qZOR@_TL19_4k#6{pp8qVB%&U4<+y>t10|NG~`*5K9P$zT}&JsO-2&g18c z!JEO^;FG~egWH2!gD)=seKh!V@Xg@ogP#qaUOuxixHmW$><$hGe;I7Y^WVqQPvhsk z81pRtJ&)gC$G@||Ma;yw&*F~fgYROdCvi=4J%~?UHBY`DY&NuT&)MaZ!)DfhH2>ci z=)XS?9>*9jVvN(lFX9@r4`Xhwy}cY6E)ECZ#%CLG?R|X0Z*PJM{`U1J@f4I^#8qKY z&wndM`LvnkQGEU?s27KC2mgpq{w?T)>+=|Q*o=JR?if3=dvpbjecoJ6_ixKyN5B&Xi!HMp}TN5u{42~O% z*$A(1uQ-e+@Mfoj-^X*KI3#rG~?W6 z@O2X2_HF!EdKAaJE+4X6NNibJu@_XdrC)2tvynXKje6J1KXfl@5ky)=SF{xz;1R1s zyV1yQp6e`Na@-$BAZJ_#{lutt>{&i1pH%tRy(T~Tw8?A6`Rk%6IsIWIF*3nf^T(@l zN4(5M_!#^J*~YW@hh^c__#6L5WG2hO&Rz}Pjr`1J5wRD`6A!|MndL>3qmoUg<~%88 z;p&^_vnPX>@x(^ZLMC|@zdeb6uj12p@sphF`}n6U^?h7DeZCJIe-{ zXEEk?G3Q0dlH3t5dm7iyMt}cLe2Pcr3YiTE>rTA%>!1}Hbwybv)a!3DGfMz(!m}r% z&+z?kVz!s@cel4)PfEwN{ca<#gW#={R$s5QEG(jlKS&**mZad_MtrOup2W!e?v`s8!;1zoZ2HW`lc zwO3K)-j7^^`iI_IJFj!*GFvb3ag%eLH1T;D-AK(jtp~a6`8J}C-5Bgg&bb#I&O5;w zI{z^K(dna$Nw)J5tF9WsJIgsX~qc;4ecWu8D zoSihoD}xv?^3$LbVHGqT%mxzdAlt+aYjg^?}^#w;O`+1W|Qwa4^HSJEQ;2{7_p47%fyNP(cc2=*Fib* zKWl#CU$cXr=*WYJWAzk=jrNi2p?N&F(byt)B0;XEcA?pApGB;1+cq8e!x&i|OZ}f` z=>r_cRk}J@%US%!^Z2TZMsM(cJgv3K7tQ>2NB(wvs-D$v2EUH~{v-a`BOb-r=-+P! zzlytdn&07MUXLhLS&?Kl^kU^&Ea`P24N~)I_jPGCodMzcBzzw-E@R4d>U>vM3XdZ_ zqCfbw=?D;iuy1w#q`AZz`FmEm%Xo4p_#xj^zmcqf-!#^pxUT*noVLg4>*KokQ1?|{ z91E7Fn*+rQJiVgG)3}3t8>^u+%DO*%W)D_t(PdW`3*ipDhO-SUk=%j*<1x8InFlgP zc!jGaUtay@R@D~#6BPrpSx`7A9URdpgQ?hk)e3P<*Lt+WE)bR?O zaxF}e2fy?>I3U*onU5PZQ{J;71s2xmhsFH=9pf^p>|@oaC`OnrMRqVDPS|^ux(%ho zd3@N*1}Xd|D^ysHvY*-TsBJtohZ*QCC63^G`yH@ow_y@}u}aX%1Fs z?IQ2+u7Hz9!c=KF5}EIDTnA@KKYgeD3$jQ}!-5t=m$9BVJsb2tDcruKuP@qN(TMEl zEdDvWq@zO~F5f0QV|DtxK{PQ!|K2t_0RNy{YNq=_<^A-c@}5L&Tu#bT;zUjAKvT)8l4;M+6z;oI(WNIq8g);~IBN-4pQG1e`d(RL1T!==>tt79< z@g%e(;alZ~Pk!@#u?K|s;usa(0AhZaH^~Lk>vW_IT%6t^v zgb$?e$`!dO19K*br-$o}!5L;!WN=}2(jjbu)oUA3?2<-$Vj;`8qHVv)5y0aNbd>b@g z1fR~6{Wshlg*4C}p@YBuYux#~@htpy8o&Fww?Q#~5e?H{dT$ms1JaDD(bP-PdJlb$ zH}Mqui8fj9BspEtlj@`66^CK3j0EL-#hi)~&}!T5;=|bu+?5ogNh!Y^VHo<2X5jnv zIUW*k+~#Y3no~E>7yOEld=O)knL!i!N_5S9ti~V_kj#E88nHZ`xEnZ;Q`4D9PqSXS zA)TM3Ay;$IPg6W@iOaI|rOb+n9oQY3iml)osGi!smTnO>A=XQc>fI^Xx5L)$0~Awi ziF|^6;J2v5v2rY4`6%{@w_tYLQJLk|_BBpNMjXbW!&TC>$Qsw?5eZ+F0U8wO&Rp>w8mo+Ih-24oL~|c6_Y9-er|2kkywxS4UHI*@-m$ z5K$IK&LLbp?xK0|EZ87zYX}u&?qGcyT7MjxK)yzWf)$L*m7XO!&0AC054HKLK*=$A zynia&#j>eaS%FkGD66%WvO*_|2Uk~G{qTJdbDTz{q}inBef4dx!DF$$r!jFpQPxsz zOWFzCsd-ELp{s@;R3^S^PLh($Y7~EvWM;LcPq9?Z4Vpz({w`#U&Pv9zMO=Bxmq1;{>Z>K-70RnEio6%kn=>9ZxG>+U zkw`tCZe8v*IcggZsvmW9wB~|8Rt^jPs)y#YH*ywYfM(i`@$bh!-qG{eUl${<8n04w z$ll1;sJOMdbv^pRx=(wao8+6AM2w?*L^Ve@BK@m1M0F@0j@5bo?|Z2@FTxjd?PXwx zui>fGK>Lew+IF)x|KE(jhxM~b%wY4&m{V`AjWmP_US3JG!)xM_d`J3dM9E?t^ zq)(1V-9vYPtYbb;K`biAx>t?Vm&-0G;m26ZAWCE7bgjugxJJ})4~Tq(3^w1&CZf`b zCI6I;-;1AA_xbicE4#|N=o!{MR@nq~05u_YLq$Y)g)8J`AjlPZKw7;}PbV$Rd!w+s zq>Se?dzwa-=jpmf`IPhJvQoWTH>u1LRaO*vd#*-w8B*+`8^6SgvAR*(v1B=A^*@`$ zlpTR*J~8gAz=WfRZuO02jti)b0 z@5`a`Vx*Iu5Tqx|r3%3N;rp~pS=qH}RjzWcxVN6*BaY%aPdE$nXJ0pxVr4`ARGrkE zudKMyCqGZN-Ze9yVmPs!$ zKsc#;p?#_4zU01=>xu(i8uu=^Jq|vMxwsT+<}#&d#Hps~jDxK(1rvIWU2`Nx<*rMz zDm)GqRN13sHnLJYMY%IlnHEpzJz!`d3L!b}$MdqLbQ%(Lv|=@!>)i1=p2UM>u8X(n zKCeV`Nz2QenK>2BjMvq2uOs4aJTK%PHnG+kuuM6_mypPKY5Cxt%8sq~-)a4@OM2eb z1@hE=Xoz>ns?V<|BsZA%#mvs%Zg zP4H(}MSYchGQ?*rx%4+k%bkCC;AwKj(${m3WY@(jo)|4*=eB;w9@~6p#l`ruM0Bsy z?~dX7xIy~cF)WFG<&ML?@|~qKoEj$&3Ieu(Qm?tzl_98?4bDi5H3jy~s@sdtL4xf3 zVwDz8M%0~b2V1RCk~-_Zcsh%nTIGoAhR~y^)b9u1?)8u3(+7h`p%rJnbE50g2J@O8 zw3hbups-v$z?1l#iveaLsoBUh~%tfCT=iRG%4>Alm{nHD$O7C;YuHO;ee}BMsF8lQX0`o0we-j0r!Jj=Ljtp@P}l6s$6@D60>u9CE45D_E@{ zV^CjDIayoov!jt&0vTc=nQU%g63#!AQVWpn?d7@rCT{4}mQNqSPq{W9LlbKj+YQ?HHbL5#$H z<>cb1;34%zGx0aQ4N>10L2&@p#*w#F|?MIhCGQ4NzS6vUtXT$ zLElZbrMFMpI!$E&g=7Y%k9$h$c$bK(gg63Hc;xmOaeYx^{e%5vTcM#x@e?oSeXQCw zgQsI&UpyRX(VUZ095`K9*3Hxes|_VNno zH9Y}5My=<5qlC=Y8tN#1t@{HSsUG2v2^dqb_ZrSjWlUy9Cb8&jeH=PuBpo8QuEly1(mU|(f#fs;?j#n2+{ zZ6@!`PWkMdVnsPJD{>l_-6i=ZwtBIB?WW9g{SK#kDXiCeCl+!g%ShfnYvkshJs3>p zcb=S3IX2z%a^-~4$=8TUoOW3L{vhZimUGSPF^BOy)GL!9t|#i#Gq*%JtChQ#IP^u? z)d_K@}yO0LxJJKjd8y{tjv)YjdlL zdf>tLCxJLwgDD)ws^2mZQFh`kyejr}(1~%nmdkfpnGh}8>%781=l78>lQVhc;(-Jx{|YPHPQas<^;WUlB9 znLe6MuMiJfo(_nIEq4yHm&f^n_lQBOcev@AxHDJEmzjkq?ntFo19kd+zxHRDYGRLR zcKi{~_}_z|OnB*if6c5F3$kb8L3);U&*<(5nR1S#vz~1$?(MFZ`g&XF@6%61do0m1 zLTbl|R}j5M)V=R1cbVi^rGCwaS=OgzWZP;q6(4;*dNZhtmQ|uBd$47K7tyL*hZCMy z6RSwP`G?%g6W(|li{bnUt(>EQ+=*AP1zNxBd|BFQ#OK$|#JQ&GIx&=QBZ5P>y8*n< zK@O!JNtaylg2(X$m2}#B=}E}ItjEjHJ$%0Cx*xxhZ9I#A$e7=iYxPA6KLfv(tNPSA z@ zJEOffz#3b7M*OzcLD6BxO%1I*NH>qBWIz1lUI!I*e|S=!xhN`K=YZoqw7UR{RChx8 zFSuc!x!OV%4TfpgZH<`^6>Hws7!8VY{?Wk4M8AmyFrd<`a zd4AZ^#=iEjEPko3+d8A2b*g*8hY0QcR%Hg}d|xNm5XtE#Vu5|}$X(^0^)zBSwfpPv zIhu!lt7hqooh_=Cz1BJF$c#SpSGdl>CU;f+d7nGpWwxZzkG1N24lioeMbrBPG>vwEB_<4nshXN~G5BpW%IrHir?1){U)G#ZWX)D(tBl+^R9kzs=LY28 zN2j%mXRN)i4Ep-UtS2%K_!KF25s^VX4Q!#CzAbC_*f77lF0fqjsbtzniS7pX$-|Vq zXJ^xu2im9jjLtyOo920SNwGTK@6u@tbVxk9&O1$iF&>A?c{gJObbhno1fP-=Z#MK| zGps;}CUu6jJD`8&-d8%QZ7ChB$GbY)J6Z5Ucyn1x-Cg2pc|u^;{BWEdDs*}~P{BiF ze}b#BYxJ7mlouca^=VG9CwtFi2bm3lkWTe)@2sd#5?!@@Op<^y?(EE?G7*Vg~Mv}zE~ZEZ0l78RoB_kDJ@?;$)}+c zbok&IO;Zl8=Y#`R%)J+l*F=A`t8)6idS4wc#1r1@epQ5ln)BufYyf-4v&e6tz0c!6 z?K0wO+E&duJcxFp_UsYFd9<=1W^k-%ql8tJNbq+ZH`^3R;;A=vlu50*7ju%y=>EGS zg{mKvCLCVA*2 z5zkx8(C9OlyXo~E=peN-6(N}@I3=R(C^C-e*CT#Z|B44i6?4#*+Rb2$eZi|EF0okn zA*1P-DuZ%l??No&d#$mhkLln{RAxD7=HYw}qAJ_ZY0QNw=a2}ec zs_rUj)cT8cu}6t4n{!mL6v?Z;uS;ru^c;P!>0PZp=PJ*1ovpcFogeV(!)j5nZBEvP zdC*#xt`H@qn|BJ$TrD!#JN1cbioXUO$Ma0~U$sBa z85YahYHIg`Bl1Mm{Hyg-?Dryilk?*>&jz2z-(3ig-?`oxAB;Hj`3bAW)!kb1aqyi- zA6J(*xNp1PP`PT1sDJ6_&4+rNvS)M%_9k#W(T!Y}QF=XVE$ z-7$=#`k8yFxyssI(nTK=8TWbkK3>gqG5Ax=@ha|O9(Q5rU>(Hh?t9Rw^ZmJxk$Ro1 znXWi}F(}eC_R452E4wNw%aRW|!rsd$>!E(*y8x7Tt9O@AsJa6)?93?OmDIg~@~iJI z&nVRjj`sej*Pnl!EWr>`(6Cbxy>M@Gcl;I z&<*G7?7C(h9IWZRqF>o{u9mC-b0*Lls!>2iWM|Ew57yqtL>IBegm!4 z>W}v+dPFGO2sH0S)t5F_uN$eCg!JqAN?j^<#WEMPV-rsrdObd!Z?rCPmS)LfQoqoy zS@a2t@gG{5?5ADwj@PG2=nJSzi}DR<$-P^9BuVvASx>`uY^@K1W4t0gIIUTv-GVFD zb~^Zd{N{MO9e-o*x$fZiMGt~9?gnet8t|0t8OU=h{ORo2-itBdwJ)MOL4l-7&!)5y z_WFtMT&-ZAG}Q&R{CS)dC7jtMt+i0+9#kGrgD>^>J#;3(;tFdYQEP?F1w*mco*$k zCRXAJSYh~S+Q}q-*Gnp2haB)=Uxg&7B2=ya^u5?P-|Hopdm#%V)6=kz42i<;;4l1F>*R+*XnR3phWp4Uw}+SQl4mOljFMW&o@tu40330|Bhxx6~% zpz&bz)TsEWem(@5w7Fg{J7Jd`l^J#Shar!W)|3)YKAKkKg%r zN4(r&t92HhRUd#Zcw1NKc+g|c4#oIhu(BV|DZT13b4FPGiPqKEkK;TI%H8EQ<%^+^ zfM1vD&jS(E3B&WR`GRUQ_k9+ zZ(Wg6-g#YqSMNoxEAL;0H_12am+w8w@fXFQ-Z!updm+fX$9E5uH4LXYz74%c=e4Gt z-2&eB@QN+<5AWHlVq$*+_Mr|#z8ULx<YbQX9{C;zb9 z!r!*Sx(?qm?|Q83v@2%Pdgn##0ojlL?!*d_YY$m7b7;pC*Y(CPYe&?A{G|5+uUcQ4 z_HJnXUiU%J#wlFvhvA&`@=eIC5l=>kd$sD$y7$vq(bgHQ?sWC7Zf2FgPu0>YG-uWr zk(wtwVw)>uUQ;{i9jAJ%@sYC51^vD}=O}b+yEF-kbv{M+cNkOeOVhos4Ia-zf?838 zTkQ#!bH4<(rMu`?h;ltkeZ`4&nltz3fbZf`+7G(PZ)~GmF`Fy9Wk^q6D9@;;8iI0r z7v#Zwj>@%uA^mY(E#EH(_e4=AE+Zq??fOi4^yF?$J?k{BJ`CC5MUV!3Xsx>KX_tW< z8jSbS=>^&|iFfw?NaF^#_$Qq_A#CBEolP}gU6#MN1|43~Nu*;h%lm6MDYNtlS93Ma zIq!qLYOqtC)fFKZ$Kr7{OP6l+)r|g8K%GzR#N~7YqOEGEHjdPUyg9!NJE_O^$bGrT zA~UvTE`tYE1|zRb)El?nW$u{L{y3i~qtjQg#JrN|kq_m5(;AU+DwR)=J5c%KUGU9! zLssomCHtbd7x52|O23Y%#?H_;ktu4YX5E$6>9J&l-UHs=8SEX&x<_NFQ_2j)GiPE% zTD+FdW8)J=PHSfAuaVV$(8o^2^N4%IKNn*3*s!?)ook;o2 z%4NR0@h8N+mpP_Bn-@T>POq}NN>oijzXgSziF?_XEQ4&T~L|S(nk|H8A#dr zxL!Io*FJR;msp%fTjbjl_8J{lbxfv;@0w*jvCLMi1?h{ja-p6eqG+eR_O9dK+Wso5 z1CLhv%=BhFhZee?=5I8T7(zw}59E_rEhF)Hcl}iR%ha;Atx-FazCAgYO^CPqLBUyg zQINzIpom(metM_zTJYc34*SaMIObHGO+VKqFZ7ZKp?XPDQ~kFY{NYCro5%%ke(wco z5FPbRPW<%AWuJ`Y=Uv}h0CGf;Pp8D7@!7p2KIMVr`{Mez;YzwUX$?JRnvNm3TI0c; z?@hp?(P!bLU|V`y(-^wC2eOY!xG{j(22a z+fb}H3oft#`4Zx%vl;x9eJ{3-?&B}{9dA=+72KCWq-hPId4(ylddRM zl-Q}mh>h`{5ESbDD10D20Lg@GroKnHt#V`Tb-yyHDQC0~8%D>coLz7GjrU!rNfhfg zkKkFOS!206ndeN?ZJ9Fztmk!X$IF8mdXJp&jp~ak3bp&TnRQG1 z98o|=YkdB_Ks|eWIs3YKNNnS6lUI{JL-Djzez8yPrW2!kQ&)v$YqBSyYw%gaFFu6|-Q1UJ0JR^MFRHOx2Fj&>;Ur9?V5<6hj;=Z> z*8uRDyz{GANA5|aq(X27&#DG-4qYSrSESY20XkTo!9QOo%o#9RsCphBLiEJ9(Agpj z;BTTW63{nXlp1|7x>LFGK~M;_#5L2pTX5JH!@k;i97sC1VVyz!(PSW=$sa^MKfXr1Y7F^S z9I9d2jnRQ`bezb94+jJO;+u-l`x0Gq$vx~AMjK_ZepV|1=o;AZ?d%()H4?ow?OBO} zcsE-&*Ja7-uPV3nE*2!fE{0)fG4|w6!XM(gN1XH=5rHb4C!rN9mgeM{6v&DgDSi@* z!wQMR7^Tf|o8Qd#MCW8*Y%J5hOa&5oz64r64E>svNf}?Gy0~mtjpxJA%8Y5L>FM`m zh1Oyz#y`&%f>7<;v5*7F}+j#{2;uuM!$zcN0&2R5yBk&L|Xgcrkiuo_H+ z<~O2SRyX(^a_R9iR(vO!h47G1D6h+#={v;uUTy72U{}mV(9|`XwXn_ttb;q3elj_7 z-|Aq*&D{|%cUzqFMffm0Dj31z`3R-+z=J4v6lV?IZ9Wrc>h$u7DJJ5P?{S8UGBSB* zG6&>y8s3tz^}Hol&P5%Jhfh80#%A}DzK0EUi}m7XT|I^?^o9-<`CNJC44*k?Qzu9L z6rm}OwO007qhpGn<(gWVqmyHSxNszrp{HQ&UJyFY6S8pOoV_7^i;H$g3ujeT^H8nW zNbicLkenr!cpVg6qp#+9tBIC)8Y1xD3mc=dgKM$``dOmf=RpbKtE4|^)Pcw5uuaJAJUqMW+nI9yqt0Oa=yNLLN+j8 zPsCAox&?PfNxnC-tZrH1|Bw+CmRK=hG&?RYaUt z&vjFlXg_GQTj#9pkGjYraUV~GNDE|8=;_nu56wNMA=t}w^yasRl{s?3G(hsv<_qSrcJ7t7~sb)!5>%c~(^Meg<_P9!w4*$-4K zM8DBxG}`xA!t66Uj%?*HBCT_*w&(CYRJMt;^Qc#iPlt!S@by}&#k;Zku{wN}sV8+A zf$dlDqQsZiEhIpsuCa+y_zz)~aixvRUhBz&>bax^&0aMU$02j~qb%z#B;XO*$qR~O z@24Q2@d{RcLacfj_baAPMu*HJJJ#jeigZN&aC{C{9CC(rz)e}b^KER37>uXV{<^G+ zuwQUdR8M`w9_Vbst@@XlF4TR#m6Y;ZrioiTN9p zr$_5a+PT$OG0)Ro&UecXV^s3lb_LOE{Y;rZ+(bT=*&I?| zY^UQ@yBBk=o91+!Qn)YoY0}fFBPmzjhn_txI+N|pd3;>;BD}Ld5kL#dERu-K*sJyz zNzv?;1zlX~2r3WWp5;_nWsk2Tlc4@3hGzCS**5OS2xaYc(|X|;+Leb8SEUoKBgoeB zy}(>)n9MKHQ)4K5tw(TYKV`Dccu-qqZC@&XbWS@861%cwa&9^!zxuM?;*E zq8X}6@+}i;PkJ({o2KDV-j}?iDfO5K)riaS6XrncIMV(}yO-gzTvenRWS=K*$2+#U zi%TSddhe;yT8U%ctZ0Bi&WLq*yfRbY>7Zjd=wPerN8zjWz7-sTkXI|_%Oj4W^13tf zmAR``ImKjDj)IQkqC>ULUg7(|M-`NI5YtoO4P9y4WF8+~K8Munr_w5x$N4;(e_ZsO z{0Ua=xZKb?$( zRTBEhdSBNgsC$}pfy-oUnVWTl#BtI)PNtnTrINyRwWrbxC&Kd}u{@1hzPIS+PF?YQ zM{IJ}ZXO)&g|>Ojt&o0qAF!_;lshU-woAUm?0d~;RO#ZZ zuS6K9PsJ>6XX#~BY)dbD#LR*$y=%dqmuKb29>f|=N?9G`zXq0>TTjS@7X?aSi1;`FeQQqHw%-I=LFfHKpYRmeXIn#MduXG&%kI7tcNtH5+7~^L z$=p@n1EW=1)`4>TRU?)bF?+o)D<3~G#5GR2SF7C-!GGat@EF6$enB0nB^}otf%WDZ z5hZ<+P9FGETvL{n>wd%?eJ`ov2lfX4(k*s4W1)^Nliu8Nh^a;M(w?%YNa=4O<4#1Lr3(sj%hq9C_IQy zvq!pWEK6;ptI0b?XtH*uI8NhN>Nk~nk5+FeNcWuOdG`f=Kw3KOeLnBGz2$M@*h$-neRI~n27YjL(F?<7V;&<(JlhLCnB-?N_9XY}yK zmh$Dv=$Kb^bjk0^IcnQH44+W$v7o!f*$mgc&%)f*)=^?*i^LM!NaD*>k=-1E zyS^zL$x)qi*?*VuU_0vihjEAd0ea^FA4BE`{Yc>Xl%AZHC=LPRJtjx9hZ_ zF3xHnLU!s-y{pTt-s#>P#W&MVwv(zrTFJQgQV?Ft$MfzLDRi>293}em9j1H#V6S_^+j^$l1gwijgO;NL7w-6 zVo}f+Q!EiKp&xqj4zsKi)!Kw54`ZE>x=OVanSt@rUJB!0YF=Md4oCAH6tf}Ez9@h# z86DOy3`{N8*wanLgHE-)}JA4}8fi|JHf#ZC|9wy3jtTL__$=`{=rw$kA!QR<#?0th?-@>hvA-nYA7D zvw6pP(x{A8;;;2+vMF+Co>zC9GpATTcsuwWw*XO(hb2(cNlrMC(9TzI42vwY?z;7%Mym8xi{L|dg?aI3H;K{m?We}8TeC{; z`)b%>=rc9ladYVg rfjVnPSgX&ftg)`W@IA_w6kF%FJoC`*^3*e7Klb`$aiaW((a-+}UCc@q diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/readme.md index 9a4928a3fe..f8d24cfa3a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/readme.md @@ -3,4 +3,4 @@ ## Description -This resource configures an Intune device configuration profile for an Windows 10 Device. +Intune Device Configuration Policy for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json index 6123ec197e..fd1ad15727 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json @@ -1,32 +1,33 @@ { "resourceName": "IntuneDeviceConfigurationPolicyWindows10", - "description": "This resource configures an Intune device configuration profile for an Windows 10 Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } - } + "description": "This resource configures an Intune Device Configuration Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } +} + } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 new file mode 100644 index 0000000000..ec0bee60aa --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 @@ -0,0 +1,273 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyWindows10 'Example' + { + AccountsBlockAddingNonMicrosoftAccountEmail = $False; + ActivateAppsWithVoice = "notConfigured"; + AntiTheftModeBlocked = $False; + AppManagementMSIAllowUserControlOverInstall = $False; + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $False; + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @(); + AppsAllowTrustedAppsSideloading = "notConfigured"; + AppsBlockWindowsStoreOriginatedApps = $False; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + AuthenticationAllowSecondaryDevice = $False; + AuthenticationWebSignIn = "notConfigured"; + BluetoothAllowedServices = @(); + BluetoothBlockAdvertising = $True; + BluetoothBlockDiscoverableMode = $False; + BluetoothBlocked = $True; + BluetoothBlockPrePairing = $True; + BluetoothBlockPromptedProximalConnections = $False; + CameraBlocked = $False; + CellularBlockDataWhenRoaming = $False; + CellularBlockVpn = $True; + CellularBlockVpnWhenRoaming = $True; + CellularData = "allowed"; + CertificatesBlockManualRootCertificateInstallation = $False; + ConnectedDevicesServiceBlocked = $False; + CopyPasteBlocked = $False; + CortanaBlocked = $False; + Credential = $Credscredential; + CryptographyAllowFipsAlgorithmPolicy = $False; + DefenderBlockEndUserAccess = $False; + DefenderBlockOnAccessProtection = $False; + DefenderCloudBlockLevel = "notConfigured"; + DefenderDisableCatchupFullScan = $False; + DefenderDisableCatchupQuickScan = $False; + DefenderFileExtensionsToExclude = @(); + DefenderFilesAndFoldersToExclude = @(); + DefenderMonitorFileActivity = "userDefined"; + DefenderPotentiallyUnwantedAppActionSetting = "userDefined"; + DefenderProcessesToExclude = @(); + DefenderPromptForSampleSubmission = "userDefined"; + DefenderRequireBehaviorMonitoring = $False; + DefenderRequireCloudProtection = $False; + DefenderRequireNetworkInspectionSystem = $False; + DefenderRequireRealTimeMonitoring = $False; + DefenderScanArchiveFiles = $False; + DefenderScanDownloads = $False; + DefenderScanIncomingMail = $False; + DefenderScanMappedNetworkDrivesDuringFullScan = $False; + DefenderScanNetworkFiles = $False; + DefenderScanRemovableDrivesDuringFullScan = $False; + DefenderScanScriptsLoadedInInternetExplorer = $False; + DefenderScanType = "userDefined"; + DefenderScheduleScanEnableLowCpuPriority = $False; + DefenderSystemScanSchedule = "userDefined"; + DeveloperUnlockSetting = "notConfigured"; + DeviceManagementBlockFactoryResetOnMobile = $False; + DeviceManagementBlockManualUnenroll = $False; + DiagnosticsDataSubmissionMode = "userDefined"; + DisplayAppListWithGdiDPIScalingTurnedOff = @(); + DisplayAppListWithGdiDPIScalingTurnedOn = @(); + DisplayName = "device config"; + EdgeAllowStartPagesModification = $False; + EdgeBlockAccessToAboutFlags = $False; + EdgeBlockAddressBarDropdown = $False; + EdgeBlockAutofill = $False; + EdgeBlockCompatibilityList = $False; + EdgeBlockDeveloperTools = $False; + EdgeBlocked = $False; + EdgeBlockEditFavorites = $False; + EdgeBlockExtensions = $False; + EdgeBlockFullScreenMode = $False; + EdgeBlockInPrivateBrowsing = $False; + EdgeBlockJavaScript = $False; + EdgeBlockLiveTileDataCollection = $False; + EdgeBlockPasswordManager = $False; + EdgeBlockPopups = $False; + EdgeBlockPrelaunch = $False; + EdgeBlockPrinting = $False; + EdgeBlockSavingHistory = $False; + EdgeBlockSearchEngineCustomization = $False; + EdgeBlockSearchSuggestions = $False; + EdgeBlockSendingDoNotTrackHeader = $False; + EdgeBlockSendingIntranetTrafficToInternetExplorer = $False; + EdgeBlockSideloadingExtensions = $False; + EdgeBlockTabPreloading = $False; + EdgeBlockWebContentOnNewTabPage = $False; + EdgeClearBrowsingDataOnExit = $False; + EdgeCookiePolicy = "userDefined"; + EdgeDisableFirstRunPage = $False; + EdgeFavoritesBarVisibility = "notConfigured"; + EdgeHomeButtonConfigurationEnabled = $False; + EdgeHomepageUrls = @(); + EdgeKioskModeRestriction = "notConfigured"; + EdgeOpensWith = "notConfigured"; + EdgePreventCertificateErrorOverride = $False; + EdgeRequiredExtensionPackageFamilyNames = @(); + EdgeRequireSmartScreen = $False; + EdgeSendIntranetTrafficToInternetExplorer = $False; + EdgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured"; + EdgeSyncFavoritesWithInternetExplorer = $False; + EdgeTelemetryForMicrosoft365Analytics = "notConfigured"; + EnableAutomaticRedeployment = $False; + Ensure = "Present"; + ExperienceBlockDeviceDiscovery = $False; + ExperienceBlockErrorDialogWhenNoSIM = $False; + ExperienceBlockTaskSwitcher = $False; + ExperienceDoNotSyncBrowserSettings = "notConfigured"; + FindMyFiles = "notConfigured"; + GameDvrBlocked = $True; + Id = "d48e4053-8e5f-4856-82d3-c9e293567135"; + InkWorkspaceAccess = "notConfigured"; + InkWorkspaceAccessState = "notConfigured"; + InkWorkspaceBlockSuggestedApps = $False; + InternetSharingBlocked = $False; + LocationServicesBlocked = $False; + LockScreenActivateAppsWithVoice = "notConfigured"; + LockScreenAllowTimeoutConfiguration = $False; + LockScreenBlockActionCenterNotifications = $False; + LockScreenBlockCortana = $False; + LockScreenBlockToastNotifications = $False; + LogonBlockFastUserSwitching = $False; + MessagingBlockMMS = $False; + MessagingBlockRichCommunicationServices = $False; + MessagingBlockSync = $False; + MicrosoftAccountBlocked = $False; + MicrosoftAccountBlockSettingsSync = $False; + MicrosoftAccountSignInAssistantSettings = "notConfigured"; + NetworkProxyApplySettingsDeviceWide = $False; + NetworkProxyDisableAutoDetect = $True; + NetworkProxyServer = MSFT_MicrosoftGraphwindows10NetworkProxyServer{ + UseForLocalAddresses = $True + Exceptions = @('*.domain2.com') + Address = 'proxy.domain.com:8080' + }; + NfcBlocked = $False; + OneDriveDisableFileSync = $False; + PasswordBlockSimple = $False; + PasswordRequired = $False; + PasswordRequiredType = "deviceDefault"; + PasswordRequireWhenResumeFromIdleState = $False; + PowerButtonActionOnBattery = "notConfigured"; + PowerButtonActionPluggedIn = "notConfigured"; + PowerHybridSleepOnBattery = "notConfigured"; + PowerHybridSleepPluggedIn = "notConfigured"; + PowerLidCloseActionOnBattery = "notConfigured"; + PowerLidCloseActionPluggedIn = "notConfigured"; + PowerSleepButtonActionOnBattery = "notConfigured"; + PowerSleepButtonActionPluggedIn = "notConfigured"; + PrinterBlockAddition = $False; + PrinterNames = @(); + PrivacyAdvertisingId = "notConfigured"; + PrivacyAutoAcceptPairingAndConsentPrompts = $False; + PrivacyBlockActivityFeed = $False; + PrivacyBlockInputPersonalization = $False; + PrivacyBlockPublishUserActivities = $False; + PrivacyDisableLaunchExperience = $False; + ResetProtectionModeBlocked = $False; + SafeSearchFilter = "userDefined"; + ScreenCaptureBlocked = $False; + SearchBlockDiacritics = $False; + SearchBlockWebResults = $False; + SearchDisableAutoLanguageDetection = $False; + SearchDisableIndexerBackoff = $False; + SearchDisableIndexingEncryptedItems = $False; + SearchDisableIndexingRemovableDrive = $False; + SearchDisableLocation = $False; + SearchDisableUseLocation = $False; + SearchEnableAutomaticIndexSizeManangement = $False; + SearchEnableRemoteQueries = $False; + SecurityBlockAzureADJoinedDevicesAutoEncryption = $False; + SettingsBlockAccountsPage = $False; + SettingsBlockAddProvisioningPackage = $False; + SettingsBlockAppsPage = $False; + SettingsBlockChangeLanguage = $False; + SettingsBlockChangePowerSleep = $False; + SettingsBlockChangeRegion = $False; + SettingsBlockChangeSystemTime = $False; + SettingsBlockDevicesPage = $False; + SettingsBlockEaseOfAccessPage = $False; + SettingsBlockEditDeviceName = $False; + SettingsBlockGamingPage = $False; + SettingsBlockNetworkInternetPage = $False; + SettingsBlockPersonalizationPage = $False; + SettingsBlockPrivacyPage = $False; + SettingsBlockRemoveProvisioningPackage = $False; + SettingsBlockSettingsApp = $False; + SettingsBlockSystemPage = $False; + SettingsBlockTimeLanguagePage = $False; + SettingsBlockUpdateSecurityPage = $False; + SharedUserAppDataAllowed = $False; + SmartScreenAppInstallControl = "notConfigured"; + SmartScreenBlockPromptOverride = $False; + SmartScreenBlockPromptOverrideForFiles = $False; + SmartScreenEnableAppInstallControl = $False; + StartBlockUnpinningAppsFromTaskbar = $False; + StartMenuAppListVisibility = "userDefined"; + StartMenuHideChangeAccountSettings = $False; + StartMenuHideFrequentlyUsedApps = $False; + StartMenuHideHibernate = $False; + StartMenuHideLock = $False; + StartMenuHidePowerButton = $False; + StartMenuHideRecentJumpLists = $False; + StartMenuHideRecentlyAddedApps = $False; + StartMenuHideRestartOptions = $False; + StartMenuHideShutDown = $False; + StartMenuHideSignOut = $False; + StartMenuHideSleep = $False; + StartMenuHideSwitchAccount = $False; + StartMenuHideUserTile = $False; + StartMenuMode = "userDefined"; + StartMenuPinnedFolderDocuments = "notConfigured"; + StartMenuPinnedFolderDownloads = "notConfigured"; + StartMenuPinnedFolderFileExplorer = "notConfigured"; + StartMenuPinnedFolderHomeGroup = "notConfigured"; + StartMenuPinnedFolderMusic = "notConfigured"; + StartMenuPinnedFolderNetwork = "notConfigured"; + StartMenuPinnedFolderPersonalFolder = "notConfigured"; + StartMenuPinnedFolderPictures = "notConfigured"; + StartMenuPinnedFolderSettings = "notConfigured"; + StartMenuPinnedFolderVideos = "notConfigured"; + StorageBlockRemovableStorage = $False; + StorageRequireMobileDeviceEncryption = $False; + StorageRestrictAppDataToSystemVolume = $False; + StorageRestrictAppInstallToSystemVolume = $False; + SupportsScopeTags = $True; + TaskManagerBlockEndTask = $False; + TenantLockdownRequireNetworkDuringOutOfBoxExperience = $False; + UninstallBuiltInApps = $False; + UsbBlocked = $False; + VoiceRecordingBlocked = $False; + WebRtcBlockLocalhostIpAddress = $False; + WiFiBlockAutomaticConnectHotspots = $False; + WiFiBlocked = $True; + WiFiBlockManualConfiguration = $True; + WindowsSpotlightBlockConsumerSpecificFeatures = $False; + WindowsSpotlightBlocked = $False; + WindowsSpotlightBlockOnActionCenter = $False; + WindowsSpotlightBlockTailoredExperiences = $False; + WindowsSpotlightBlockThirdPartyNotifications = $False; + WindowsSpotlightBlockWelcomeExperience = $False; + WindowsSpotlightBlockWindowsTips = $False; + WindowsSpotlightConfigureOnLockScreen = "notConfigured"; + WindowsStoreBlockAutoUpdate = $False; + WindowsStoreBlocked = $False; + WindowsStoreEnablePrivateStoreOnly = $False; + WirelessDisplayBlockProjectionToThisDevice = $False; + WirelessDisplayBlockUserInputFromReceiver = $False; + WirelessDisplayRequirePinForPairing = $False; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-NewIntuneDeviceConfigurationPolicyWindows10.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-NewIntuneDeviceConfigurationPolicyWindows10.ps1 deleted file mode 100644 index ac30bf3bc5..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-NewIntuneDeviceConfigurationPolicyWindows10.ps1 +++ /dev/null @@ -1,198 +0,0 @@ -<# -This example creates a new General Device Configuration Policy for Windows. -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsGlobalAdmin - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - IntuneDeviceConfigurationPolicyWindows10 'ConfigureDeviceConfigurationPolicyWindows10' - { - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = MSFT_IntuneDefenderDetectedMalwareActions - { - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = 'bing' - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') - Ensure = 'Present' - Credential = $credsGlobalAdmin - } - } -} diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index 2fb1f46eb1..ce456ae5c3 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -352,13 +352,17 @@ function New-M365DSCResource if ($getListIdentifier -contains 'Filter') { $getAlternativeFilterString.appendline(" -Filter `"$alternativeKey eq '`$$alternativeKey'`" ``")|out-null - $getAlternativeFilterString.append(" -ErrorAction SilentlyContinue")|out-null + $getAlternativeFilterString.appendline(" -ErrorAction SilentlyContinue | Where-Object ``")|out-null + $getAlternativeFilterString.appendline(" -FilterScript { ``")|out-null + $getAlternativeFilterString.appendline(" `$_.AdditionalProperties.'@odata.type' -eq `"`#microsoft.graph.$SelectedODataType`" ``")|out-null + $getAlternativeFilterString.append(" }")|out-null } else { $getAlternativeFilterString.appendline(" -ErrorAction SilentlyContinue | Where-Object ``")|out-null $getAlternativeFilterString.appendline(" -FilterScript { ``")|out-null $getAlternativeFilterString.appendline(" `$_.$alternativeKey -eq `"`$(`$$alternativeKey)`" ``")|out-null + $getAlternativeFilterString.appendline(" -and `$_.AdditionalProperties.'@odata.type' -eq `"`#microsoft.graph.$SelectedODataType`" ``")|out-null $getAlternativeFilterString.append(" }")|out-null } Write-TokenReplacement -Token '' -Value $getAlternativeFilterString.ToString() -FilePath $moduleFilePath @@ -1678,12 +1682,27 @@ function Get-ComplexTypeConstructorToString if ($nestedProperty.Type -like "*.Date*") { $nestedPropertyType=$nestedProperty.Type.split(".")|select-object -last 1 - $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + if ($isNested) + { + $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + } + else + { + $complexString.appendLine($spacing + "if (`$null -ne `$$referencePrefix$AssignedPropertyName)" ) | Out-Null + } + $complexString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount $AssignedPropertyName += ").ToString('$DateFormat')" - $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null + if ($isNested) + { + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null + } + else + { + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$referencePrefix$AssignedPropertyName)" ) | Out-Null + } $IndentCount -- $spacing = $indent * $IndentCount $complexString.appendLine($spacing + "}" ) | Out-Null @@ -1692,12 +1711,26 @@ function Get-ComplexTypeConstructorToString elseif ($nestedProperty.Type -like "*.Time*") { $nestedPropertyType=$nestedProperty.Type.split(".")|select-object -last 1 - $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + if ($isNested) + { + $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + } + else + { + $complexString.appendLine($spacing + "if (`$null -ne `$$referencePrefix$AssignedPropertyName)" ) | Out-Null + } $complexString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount $AssignedPropertyName += ").ToString()" - $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null + if ($isNested) + { + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null + } + else + { + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$referencePrefix$AssignedPropertyName)" ) | Out-Null + } $IndentCount -- $spacing = $indent * $IndentCount $complexString.appendLine($spacing + "}" ) | Out-Null diff --git a/ResourceGenerator/Module.Template.psm1 b/ResourceGenerator/Module.Template.psm1 index 56659937cf..cbb58f1d27 100644 --- a/ResourceGenerator/Module.Template.psm1 +++ b/ResourceGenerator/Module.Template.psm1 @@ -296,6 +296,7 @@ function Test-TargetResource } } + $ValuesToCheck.remove("Id") | Out-Null $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 index 4419ff4f27..09048ca2b6 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 @@ -2,1219 +2,2121 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath '..\..\Unit' ` - -Resolve + -ChildPath "..\..\Unit" ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Microsoft365.psm1' ` - -Resolve) + -ChildPath "\Stubs\Microsoft365.psm1" ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Generic.psm1' ` - -Resolve) + -ChildPath "\Stubs\Generic.psm1" ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\UnitTestHelper.psm1' ` + -ChildPath "\UnitTestHelper.psm1" ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource 'IntuneDeviceConfigurationPolicyWindows10' -GenericStubModule $GenericStubPath - + -DscResource "IntuneDeviceConfigurationPolicyWindows10" -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope - BeforeAll { - $secpasswd = ConvertTo-SecureString 'Pass@word1' -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } - Mock -CommandName New-M365DSCConnection -MockWith { - return 'Credentials' + Mock -CommandName Get-PSSession -MockWith { } - Mock -CommandName New-MgDeviceManagementDeviceConfiguration -MockWith { + Mock -CommandName Remove-PSSession -MockWith { } Mock -CommandName Update-MgDeviceManagementDeviceConfiguration -MockWith { } - Mock -CommandName Remove-MgDeviceManagementDeviceConfiguration -MockWith { + Mock -CommandName New-MgDeviceManagementDeviceConfiguration -MockWith { } - Mock -CommandName Get-MGDeviceManagementDeviceConfigurationAssignment -MockWith { + Mock -CommandName Remove-MgDeviceManagementDeviceConfiguration -MockWith { + } - return @() + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" } - # Mock Write-Host to hide output during the tests - Mock -CommandName Write-Host -MockWith { + Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } - } + } # Test contexts - Context -Name "When the policy doesn't already exist" -Fixture { + Context -Name "The IntuneDeviceConfigurationPolicyWindows10 should exist but it DOES NOT" -Fixture { BeforeAll { $testParams = @{ - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_IntuneDefenderDetectedMalwareActions -Property @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } -ClientOnly) - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = 'bing' - #edgeSearchEngine = "https://go.microsoft.com/fwlink/?linkid=842596" #'Google' - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') - Ensure = 'Present' - Credential = $Credential + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = "notConfigured" + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + AppsAllowTrustedAppsSideloading = "notConfigured" + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" + AuthenticationWebSignIn = "notConfigured" + BluetoothAllowedServices = @("FakeStringValue") + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = "blocked" + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = "FakeStringValue" + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = "notConfigured" + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @("FakeStringValue") + defenderFilesAndFoldersToExclude = @("FakeStringValue") + defenderMonitorFileActivity = "userDefined" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderProcessesToExclude = @("FakeStringValue") + defenderPromptForSampleSubmission = "userDefined" + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = "userDefined" + defenderScheduledQuickScanTime = "00:00:00" + defenderScheduledScanTime = "00:00:00" + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + defenderSystemScanSchedule = "userDefined" + description = "FakeStringValue" + developerUnlockSetting = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = "userDefined" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + displayName = "FakeStringValue" + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = "userDefined" + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + edgeFavoritesBarVisibility = "notConfigured" + edgeFavoritesListLocation = "FakeStringValue" + edgeFirstRunUrl = "FakeStringValue" + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = "#microsoft.graph.edgeHomeButtonHidden" + homeButtonCustomURL = "FakeStringValue" + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @("FakeStringValue") + edgeKioskModeRestriction = "notConfigured" + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = "FakeStringValue" + edgeOpensWith = "notConfigured" + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + odataType = "#microsoft.graph.edgeSearchEngine" + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = "notConfigured" + findMyFiles = "notConfigured" + gameDvrBlocked = $True + id = "FakeStringValue" + inkWorkspaceAccess = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = "notConfigured" + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = "deviceDefault" + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + powerButtonActionOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + powerHybridSleepOnBattery = "notConfigured" + powerHybridSleepPluggedIn = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + powerSleepButtonActionPluggedIn = "notConfigured" + printerBlockAddition = $True + printerDefaultName = "FakeStringValue" + printerNames = @("FakeStringValue") + privacyAdvertisingId = "notConfigured" + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = "userDefined" + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = "notConfigured" + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = "userDefined" + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = "userDefined" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + startMenuPinnedFolderFileExplorer = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + startMenuPinnedFolderMusic = "notConfigured" + startMenuPinnedFolderNetwork = "notConfigured" + startMenuPinnedFolderPersonalFolder = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + startMenuPinnedFolderSettings = "notConfigured" + startMenuPinnedFolderVideos = "notConfigured" + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = "FakeStringValue" + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = "Present" + Credential = $Credential; } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return $null } } - - It 'Should return absent from the Get method' { + It "Should return Values from the Get method" { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } - It 'Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } - - It 'Should create the policy from the Set method' { + It 'Should Create the group from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName 'New-MgDeviceManagementDeviceConfiguration' -Exactly 1 + Should -Invoke -CommandName New-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name 'When the policy already exists and is NOT in the Desired State' -Fixture { + Context -Name "The IntuneDeviceConfigurationPolicyWindows10 exists but it SHOULD NOT" -Fixture { BeforeAll { $testParams = @{ - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_IntuneDefenderDetectedMalwareActions -Property @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } -ClientOnly) - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = 'bing' - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') - Ensure = 'Present' - Credential = $Credential + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = "notConfigured" + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + AppsAllowTrustedAppsSideloading = "notConfigured" + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" + AuthenticationWebSignIn = "notConfigured" + BluetoothAllowedServices = @("FakeStringValue") + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = "blocked" + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = "FakeStringValue" + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = "notConfigured" + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @("FakeStringValue") + defenderFilesAndFoldersToExclude = @("FakeStringValue") + defenderMonitorFileActivity = "userDefined" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderProcessesToExclude = @("FakeStringValue") + defenderPromptForSampleSubmission = "userDefined" + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = "userDefined" + defenderScheduledQuickScanTime = "00:00:00" + defenderScheduledScanTime = "00:00:00" + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + defenderSystemScanSchedule = "userDefined" + description = "FakeStringValue" + developerUnlockSetting = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = "userDefined" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + displayName = "FakeStringValue" + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = "userDefined" + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + edgeFavoritesBarVisibility = "notConfigured" + edgeFavoritesListLocation = "FakeStringValue" + edgeFirstRunUrl = "FakeStringValue" + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = "#microsoft.graph.edgeHomeButtonHidden" + homeButtonCustomURL = "FakeStringValue" + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @("FakeStringValue") + edgeKioskModeRestriction = "notConfigured" + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = "FakeStringValue" + edgeOpensWith = "notConfigured" + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + odataType = "#microsoft.graph.edgeSearchEngine" + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = "notConfigured" + findMyFiles = "notConfigured" + gameDvrBlocked = $True + id = "FakeStringValue" + inkWorkspaceAccess = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = "notConfigured" + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = "deviceDefault" + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + powerButtonActionOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + powerHybridSleepOnBattery = "notConfigured" + powerHybridSleepPluggedIn = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + powerSleepButtonActionPluggedIn = "notConfigured" + printerBlockAddition = $True + printerDefaultName = "FakeStringValue" + printerNames = @("FakeStringValue") + privacyAdvertisingId = "notConfigured" + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = "userDefined" + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = "notConfigured" + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = "userDefined" + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = "userDefined" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + startMenuPinnedFolderFileExplorer = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + startMenuPinnedFolderMusic = "notConfigured" + startMenuPinnedFolderNetwork = "notConfigured" + startMenuPinnedFolderPersonalFolder = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + startMenuPinnedFolderSettings = "notConfigured" + startMenuPinnedFolderVideos = "notConfigured" + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = "FakeStringValue" + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = "Absent" + Credential = $Credential; } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ - id = '12345-12345-12345-12345-12345' - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $false # Drift - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = "notConfigured" + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @("FakeStringValue") + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @("FakeStringValue") + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = "notConfigured" + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = "deviceDefault" + powerButtonActionOnBattery = "notConfigured" + startMenuAppListVisibility = "userDefined" + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = "userDefined" + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = "FakeStringValue" + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = "FakeStringValue" + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + powerLidCloseActionOnBattery = "notConfigured" + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = "notConfigured" + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = "notConfigured" + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = "notConfigured" + antiTheftModeBlocked = $True + defenderMonitorFileActivity = "userDefined" + defenderFileExtensionsToExclude = @("FakeStringValue") + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + diagnosticsDataSubmissionMode = "userDefined" + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = "notConfigured" + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = "FakeStringValue" + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = "deviceDefault" + startMenuPinnedFolderSettings = "notConfigured" + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = "notConfigured" + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" + powerSleepButtonActionPluggedIn = "notConfigured" + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + appsAllowTrustedAppsSideloading = "notConfigured" + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = "notConfigured" + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = "00:00:00" + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = "notConfigured" + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = "FakeStringValue" + defenderScanType = "userDefined" + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = "notConfigured" + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @("FakeStringValue") + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = "notConfigured" + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = "notConfigured" + systemTelemetryProxyServer = "FakeStringValue" + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = "userDefined" + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = "notConfigured" + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @("FakeStringValue") + settingsBlockUpdateSecurityPage = $True + startMenuMode = "userDefined" + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = "notConfigured" + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = "notConfigured" + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + experienceDoNotSyncBrowserSettings = "notConfigured" + edgeDisableFirstRunPage = $True + edgeCookiePolicy = "userDefined" + inkWorkspaceAccessState = "notConfigured" + windows10AppsForceUpdateSchedule = @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = "notConfigured" + activateAppsWithVoice = "notConfigured" + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = "notConfigured" + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = "notConfigured" + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = "notConfigured" + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = "userDefined" + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = "notConfigured" + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + edgeBlockPopups = $True + networkProxyServer = @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } + startMenuPinnedFolderDownloads = "notConfigured" + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = "blocked" + defenderScheduledScanTime = "00:00:00" + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + defenderProcessesToExclude = @("FakeStringValue") + defenderDetectedMalwareActions = @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = "FakeStringValue" + '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + } + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = "FakeStringValue" + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = "notConfigured" + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = "FakeStringValue" + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = "notConfigured" + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = "notConfigured" + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + '@odata.type' = "#microsoft.graph.edgeSearchEngine" } - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = @{edgeSearchEngineType = 'bing' } - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True } } } - It 'Should return Present from the Get method' { + It "Should return Values from the Get method" { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } - It 'Should return false from the Test method' { + It 'Should return true from the Test method' { Test-TargetResource @testParams | Should -Be $false } - It 'Should update the policy from the Set method' { + It 'Should Remove the group from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 + Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - - Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + Context -Name "The IntuneDeviceConfigurationPolicyWindows10 Exists and Values are already in the desired state" -Fixture { BeforeAll { - $testParams = @{ - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_IntuneDefenderDetectedMalwareActions -Property @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } -ClientOnly) - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = 'bing' - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') - Ensure = 'Present' - Credential = $Credential + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = "notConfigured" + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + AppsAllowTrustedAppsSideloading = "notConfigured" + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" + AuthenticationWebSignIn = "notConfigured" + BluetoothAllowedServices = @("FakeStringValue") + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = "blocked" + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = "FakeStringValue" + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = "notConfigured" + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @("FakeStringValue") + defenderFilesAndFoldersToExclude = @("FakeStringValue") + defenderMonitorFileActivity = "userDefined" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderProcessesToExclude = @("FakeStringValue") + defenderPromptForSampleSubmission = "userDefined" + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = "userDefined" + defenderScheduledQuickScanTime = "00:00:00" + defenderScheduledScanTime = "00:00:00" + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + defenderSystemScanSchedule = "userDefined" + description = "FakeStringValue" + developerUnlockSetting = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = "userDefined" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + displayName = "FakeStringValue" + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = "userDefined" + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + edgeFavoritesBarVisibility = "notConfigured" + edgeFavoritesListLocation = "FakeStringValue" + edgeFirstRunUrl = "FakeStringValue" + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = "#microsoft.graph.edgeHomeButtonHidden" + homeButtonCustomURL = "FakeStringValue" + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @("FakeStringValue") + edgeKioskModeRestriction = "notConfigured" + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = "FakeStringValue" + edgeOpensWith = "notConfigured" + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + odataType = "#microsoft.graph.edgeSearchEngine" + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = "notConfigured" + findMyFiles = "notConfigured" + gameDvrBlocked = $True + id = "FakeStringValue" + inkWorkspaceAccess = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = "notConfigured" + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = "deviceDefault" + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + powerButtonActionOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + powerHybridSleepOnBattery = "notConfigured" + powerHybridSleepPluggedIn = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + powerSleepButtonActionPluggedIn = "notConfigured" + printerBlockAddition = $True + printerDefaultName = "FakeStringValue" + printerNames = @("FakeStringValue") + privacyAdvertisingId = "notConfigured" + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = "userDefined" + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = "notConfigured" + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = "userDefined" + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = "userDefined" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + startMenuPinnedFolderFileExplorer = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + startMenuPinnedFolderMusic = "notConfigured" + startMenuPinnedFolderNetwork = "notConfigured" + startMenuPinnedFolderPersonalFolder = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + startMenuPinnedFolderSettings = "notConfigured" + startMenuPinnedFolderVideos = "notConfigured" + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = "FakeStringValue" + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = "Present" + Credential = $Credential; } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ - id = '12345-12345-12345-12345-12345' - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = "notConfigured" + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @("FakeStringValue") + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @("FakeStringValue") + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = "notConfigured" + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = "deviceDefault" + powerButtonActionOnBattery = "notConfigured" + startMenuAppListVisibility = "userDefined" + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = "userDefined" + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = "FakeStringValue" + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = "FakeStringValue" + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + powerLidCloseActionOnBattery = "notConfigured" + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = "notConfigured" + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = "notConfigured" + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = "notConfigured" + antiTheftModeBlocked = $True + defenderMonitorFileActivity = "userDefined" + defenderFileExtensionsToExclude = @("FakeStringValue") + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + diagnosticsDataSubmissionMode = "userDefined" + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = "notConfigured" + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = "FakeStringValue" + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = "deviceDefault" + startMenuPinnedFolderSettings = "notConfigured" + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = "notConfigured" + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" + powerSleepButtonActionPluggedIn = "notConfigured" + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + appsAllowTrustedAppsSideloading = "notConfigured" + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = "notConfigured" + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = "00:00:00" + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = "notConfigured" + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = "FakeStringValue" + defenderScanType = "userDefined" + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = "notConfigured" + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @("FakeStringValue") + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = "notConfigured" + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = "notConfigured" + systemTelemetryProxyServer = "FakeStringValue" + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = "userDefined" + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = "notConfigured" + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @("FakeStringValue") + settingsBlockUpdateSecurityPage = $True + startMenuMode = "userDefined" + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = "notConfigured" + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = "notConfigured" + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + experienceDoNotSyncBrowserSettings = "notConfigured" + edgeDisableFirstRunPage = $True + edgeCookiePolicy = "userDefined" + inkWorkspaceAccessState = "notConfigured" + windows10AppsForceUpdateSchedule = @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = "notConfigured" + activateAppsWithVoice = "notConfigured" + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = "notConfigured" + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = "notConfigured" + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = "notConfigured" + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = "userDefined" + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = "notConfigured" + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + edgeBlockPopups = $True + networkProxyServer = @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } + startMenuPinnedFolderDownloads = "notConfigured" + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = "blocked" + defenderScheduledScanTime = "00:00:00" + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + defenderProcessesToExclude = @("FakeStringValue") + defenderDetectedMalwareActions = @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = "FakeStringValue" + '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + } + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = "FakeStringValue" + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = "notConfigured" + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = "FakeStringValue" + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = "notConfigured" + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = "notConfigured" + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + '@odata.type' = "#microsoft.graph.edgeSearchEngine" } - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = @{edgeSearchEngineType = 'bing' } - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + } } } + It 'Should return true from the Test method' { Test-TargetResource @testParams | Should -Be $true } } - Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + Context -Name "The IntuneDeviceConfigurationPolicyWindows10 exists and values are NOT in the desired state" -Fixture { BeforeAll { $testParams = @{ - DisplayName = 'CONTOSO | W10 | Device Restriction' - Ensure = 'Absent' - Credential = $Credential + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = "notConfigured" + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + AppsAllowTrustedAppsSideloading = "notConfigured" + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" + AuthenticationWebSignIn = "notConfigured" + BluetoothAllowedServices = @("FakeStringValue") + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = "blocked" + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = "FakeStringValue" + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = "notConfigured" + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @("FakeStringValue") + defenderFilesAndFoldersToExclude = @("FakeStringValue") + defenderMonitorFileActivity = "userDefined" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderProcessesToExclude = @("FakeStringValue") + defenderPromptForSampleSubmission = "userDefined" + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = "userDefined" + defenderScheduledQuickScanTime = "00:00:00" + defenderScheduledScanTime = "00:00:00" + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + defenderSystemScanSchedule = "userDefined" + description = "FakeStringValue" + developerUnlockSetting = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = "userDefined" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + displayName = "FakeStringValue" + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = "userDefined" + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + edgeFavoritesBarVisibility = "notConfigured" + edgeFavoritesListLocation = "FakeStringValue" + edgeFirstRunUrl = "FakeStringValue" + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = "#microsoft.graph.edgeHomeButtonHidden" + homeButtonCustomURL = "FakeStringValue" + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @("FakeStringValue") + edgeKioskModeRestriction = "notConfigured" + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = "FakeStringValue" + edgeOpensWith = "notConfigured" + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + odataType = "#microsoft.graph.edgeSearchEngine" + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = "notConfigured" + findMyFiles = "notConfigured" + gameDvrBlocked = $True + id = "FakeStringValue" + inkWorkspaceAccess = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = "notConfigured" + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = "deviceDefault" + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + powerButtonActionOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + powerHybridSleepOnBattery = "notConfigured" + powerHybridSleepPluggedIn = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + powerSleepButtonActionPluggedIn = "notConfigured" + printerBlockAddition = $True + printerDefaultName = "FakeStringValue" + printerNames = @("FakeStringValue") + privacyAdvertisingId = "notConfigured" + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = "userDefined" + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = "notConfigured" + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = "userDefined" + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = "userDefined" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + startMenuPinnedFolderFileExplorer = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + startMenuPinnedFolderMusic = "notConfigured" + startMenuPinnedFolderNetwork = "notConfigured" + startMenuPinnedFolderPersonalFolder = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + startMenuPinnedFolderSettings = "notConfigured" + startMenuPinnedFolderVideos = "notConfigured" + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = "FakeStringValue" + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = "Present" + Credential = $Credential; } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ - id = '12345-12345-12345-12345-12345' - AdditionalProperties = @{'@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' } - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_IntuneDefenderDetectedMalwareActions -Property @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } -ClientOnly) - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = @{edgeSearchEngineType = 'bing' } - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') + AdditionalProperties = @{ + energySaverOnBatteryThresholdPercentage = 7 + edgeHomepageUrls = @("FakeStringValue") + startMenuPinnedFolderSettings = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + passwordMinimumLength = 7 + configureTimeZone = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + safeSearchFilter = "userDefined" + edgeKioskModeRestriction = "notConfigured" + defenderDetectedMalwareActions = @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } + personalizationLockScreenImageUrl = "FakeStringValue" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + diagnosticsDataSubmissionMode = "userDefined" + '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" + cellularData = "blocked" + defenderScanMaxCpu = 7 + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + passwordMinimumCharacterSetCount = 7 + edgeOpensWith = "notConfigured" + defenderScanType = "userDefined" + printerNames = @("FakeStringValue") + authenticationWebSignIn = "notConfigured" + defenderPromptForSampleSubmission = "userDefined" + powerHybridSleepOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + lockScreenTimeoutInSeconds = 7 + defenderSystemScanSchedule = "userDefined" + powerHybridSleepPluggedIn = "notConfigured" + passwordMinimumAgeInDays = 7 + startMenuPinnedFolderVideos = "notConfigured" + privacyAdvertisingId = "notConfigured" + edgeCookiePolicy = "userDefined" + wiFiScanInterval = 7 + findMyFiles = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + appsAllowTrustedAppsSideloading = "notConfigured" + defenderFilesAndFoldersToExclude = @("FakeStringValue") + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + developerUnlockSetting = "notConfigured" + defenderFileExtensionsToExclude = @("FakeStringValue") + systemTelemetryProxyServer = "FakeStringValue" + startMenuMode = "userDefined" + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = "FakeStringValue" + '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + } + windowsSpotlightConfigureOnLockScreen = "notConfigured" + experienceDoNotSyncBrowserSettings = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + defenderSignatureUpdateIntervalInHours = 7 + enterpriseCloudPrintDiscoveryMaxLimit = 7 + startMenuPinnedFolderPersonalFolder = "notConfigured" + edgeNewTabPageURL = "FakeStringValue" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + defenderCloudBlockLevel = "notConfigured" + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + defenderCloudExtendedTimeoutInSeconds = 7 + edgeFavoritesListLocation = "FakeStringValue" + startMenuPinnedFolderNetwork = "notConfigured" + powerButtonActionOnBattery = "notConfigured" + passwordRequiredType = "deviceDefault" + powerSleepButtonActionPluggedIn = "notConfigured" + appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + lockScreenActivateAppsWithVoice = "notConfigured" + edgeFavoritesBarVisibility = "notConfigured" + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + '@odata.type' = "#microsoft.graph.edgeSearchEngine" + } + energySaverPluggedInThresholdPercentage = 7 + inkWorkspaceAccess = "notConfigured" + activateAppsWithVoice = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + authenticationPreferredAzureADTenantDomainName = "FakeStringValue" + defenderScheduledQuickScanTime = "00:00:00" + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + startMenuAppListVisibility = "userDefined" + windows10AppsForceUpdateSchedule = @{ + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + recurrence = "none" + } + networkProxyServer = @{ + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } + startMenuPinnedFolderMusic = "notConfigured" + passwordExpirationDays = 7 + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + printerDefaultName = "FakeStringValue" + personalizationDesktopImageUrl = "FakeStringValue" + microsoftAccountSignInAssistantSettings = "notConfigured" + edgeFirstRunUrl = "FakeStringValue" + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + bluetoothAllowedServices = @("FakeStringValue") + defenderCloudExtendedTimeout = 7 + startMenuPinnedFolderFileExplorer = "notConfigured" + passwordMinutesOfInactivityBeforeScreenTimeout = 7 + smartScreenAppInstallControl = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + passwordSignInFailureCountBeforeFactoryReset = 7 + defenderMonitorFileActivity = "userDefined" + edgeKioskResetAfterIdleTimeInMinutes = 7 + defenderProcessesToExclude = @("FakeStringValue") + defenderDaysBeforeDeletingQuarantinedMalware = 7 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderScheduledScanTime = "00:00:00" + passwordPreviousPasswordBlockCount = 7 + } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" } } } - It 'Should return Present from the Get method' { + It "Should return Values from the Get method" { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } - It 'Should return true from the Test method' { + It 'Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } - It 'Should remove the policy from the Set method' { + It "Should call the Set method" { Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 + Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name 'ReverseDSC Tests' -Fixture { + Context -Name "ReverseDSC Tests" -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -1224,190 +2126,320 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ - id = '12345-12345-12345-12345-12345' - AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' - } - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' + AdditionalProperties = @{ + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = "notConfigured" + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @("FakeStringValue") + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @("FakeStringValue") + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = "notConfigured" + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = "deviceDefault" + powerButtonActionOnBattery = "notConfigured" + startMenuAppListVisibility = "userDefined" + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = "userDefined" + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = "FakeStringValue" + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = "FakeStringValue" + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + powerLidCloseActionOnBattery = "notConfigured" + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = "notConfigured" + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = "notConfigured" + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = "notConfigured" + antiTheftModeBlocked = $True + defenderMonitorFileActivity = "userDefined" + defenderFileExtensionsToExclude = @("FakeStringValue") + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + diagnosticsDataSubmissionMode = "userDefined" + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = "notConfigured" + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = "FakeStringValue" + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = "deviceDefault" + startMenuPinnedFolderSettings = "notConfigured" + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = "notConfigured" + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" + powerSleepButtonActionPluggedIn = "notConfigured" + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + appsAllowTrustedAppsSideloading = "notConfigured" + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = "notConfigured" + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = "00:00:00" + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = "notConfigured" + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = "FakeStringValue" + defenderScanType = "userDefined" + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = "notConfigured" + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @("FakeStringValue") + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = "notConfigured" + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = "notConfigured" + systemTelemetryProxyServer = "FakeStringValue" + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = "userDefined" + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = "notConfigured" + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @("FakeStringValue") + settingsBlockUpdateSecurityPage = $True + startMenuMode = "userDefined" + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = "notConfigured" + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = "notConfigured" + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + experienceDoNotSyncBrowserSettings = "notConfigured" + edgeDisableFirstRunPage = $True + edgeCookiePolicy = "userDefined" + inkWorkspaceAccessState = "notConfigured" + windows10AppsForceUpdateSchedule = @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = "notConfigured" + activateAppsWithVoice = "notConfigured" + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = "notConfigured" + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = "notConfigured" + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = "notConfigured" + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = "userDefined" + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = "notConfigured" + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + edgeBlockPopups = $True + networkProxyServer = @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } + startMenuPinnedFolderDownloads = "notConfigured" + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = "blocked" + defenderScheduledScanTime = "00:00:00" + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + defenderProcessesToExclude = @("FakeStringValue") + defenderDetectedMalwareActions = @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = "FakeStringValue" + '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + } + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = "FakeStringValue" + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = "notConfigured" + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = "FakeStringValue" + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = "notConfigured" + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = "notConfigured" + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + '@odata.type' = "#microsoft.graph.edgeSearchEngine" + } } - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = @{edgeSearchEngineType = 'bing' } - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + } } } - - It 'Should Reverse Engineer resource from the Export method' { + It "Should Reverse Engineer resource from the Export method" { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } From 89dc042b28a419f9a4c61a0835a7153cc5b61891 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 17:33:24 +0100 Subject: [PATCH 135/187] initial release --- CHANGELOG.md | 3 + ...urationNetworkBoundaryPolicyWindows10.psm1 | 1415 +++++++++++++++++ ...nNetworkBoundaryPolicyWindows10.schema.mof | 53 + .../readme.md | 6 + .../settings.json | 33 + ...NetworkBoundaryPolicyWindows10-Example.ps1 | 47 + ...onNetworkBoundaryPolicyWindows10.Tests.ps1 | 390 +++++ 7 files changed, 1947 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/1-IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10-Example.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b79e64c6e..ad9bbacc58 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,9 @@ # Change log for Microsoft365DSC # UNRELEASED + +* IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 + * Initial release * AADAdministrativeUnit * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required * Fixes extraction of the Members property. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 new file mode 100644 index 0000000000..ccd62709c5 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 @@ -0,0 +1,1415 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $WindowsNetworkIsolationPolicy, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Network Boundary Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgDeviceManagementDeviceConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object -FilterScript { ` + $_.AdditionalProperties -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' ` + } + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Network Boundary Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Device Configuration Network Boundary Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." + + #region resource generator code + $complexWindowsNetworkIsolationPolicy = @{} + $complexEnterpriseCloudResources = @() + foreach ($currentEnterpriseCloudResources in $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseCloudResources) + { + $myEnterpriseCloudResources = @{} + $myEnterpriseCloudResources.Add('IpAddressOrFQDN', $currentEnterpriseCloudResources.ipAddressOrFQDN) + $myEnterpriseCloudResources.Add('Proxy', $currentEnterpriseCloudResources.proxy) + if ($myEnterpriseCloudResources.values.Where({$null -ne $_}).count -gt 0) + { + $complexEnterpriseCloudResources += $myEnterpriseCloudResources + } + } + $complexWindowsNetworkIsolationPolicy.Add('EnterpriseCloudResources',$complexEnterpriseCloudResources) + $complexWindowsNetworkIsolationPolicy.Add('EnterpriseInternalProxyServers', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseInternalProxyServers) + $complexEnterpriseIPRanges = @() + foreach ($currentEnterpriseIPRanges in $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseIPRanges) + { + $myEnterpriseIPRanges = @{} + $myEnterpriseIPRanges.Add('CidrAddress', $currentEnterpriseIPRanges.cidrAddress) + $myEnterpriseIPRanges.Add('LowerAddress', $currentEnterpriseIPRanges.lowerAddress) + $myEnterpriseIPRanges.Add('UpperAddress', $currentEnterpriseIPRanges.upperAddress) + if ($null -ne $currentEnterpriseIPRanges.'@odata.type') + { + $myEnterpriseIPRanges.Add('odataType', $currentEnterpriseIPRanges.'@odata.type'.toString()) + } + if ($myEnterpriseIPRanges.values.Where({$null -ne $_}).count -gt 0) + { + $complexEnterpriseIPRanges += $myEnterpriseIPRanges + } + } + $complexWindowsNetworkIsolationPolicy.Add('EnterpriseIPRanges',$complexEnterpriseIPRanges) + $complexWindowsNetworkIsolationPolicy.Add('EnterpriseIPRangesAreAuthoritative', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseIPRangesAreAuthoritative) + $complexWindowsNetworkIsolationPolicy.Add('EnterpriseNetworkDomainNames', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseNetworkDomainNames) + $complexWindowsNetworkIsolationPolicy.Add('EnterpriseProxyServers', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseProxyServers) + $complexWindowsNetworkIsolationPolicy.Add('EnterpriseProxyServersAreAuthoritative', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseProxyServersAreAuthoritative) + $complexWindowsNetworkIsolationPolicy.Add('NeutralDomainResources', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.neutralDomainResources) + if ($complexWindowsNetworkIsolationPolicy.values.Where({$null -ne $_}).count -eq 0) + { + $complexWindowsNetworkIsolationPolicy = $null + } + #endregion + + $results = @{ + #region resource generator code + WindowsNetworkIsolationPolicy = $complexWindowsNetworkIsolationPolicy + Description = $getValue.Description + DisplayName = $getValue.DisplayName + SupportsScopeTags = $getValue.SupportsScopeTags + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + $assignmentsValues = Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $WindowsNetworkIsolationPolicy, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('Credential') | Out-Null + $PSBoundParameters.Remove('ApplicationId') | Out-Null + $PSBoundParameters.Remove('ApplicationSecret') | Out-Null + $PSBoundParameters.Remove('TenantId') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('Verbose') | Out-Null + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Device Configuration Network Boundary Policy for Windows10 with DisplayName {$DisplayName}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $CreateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + { + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + } + } + #region resource generator code + $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10NetworkBoundaryConfiguration") + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Device Configuration Network Boundary Policy for Windows10 with Id {$($currentInstance.Id)}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + { + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + } + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10NetworkBoundaryConfiguration") + Update-MgDeviceManagementDeviceConfiguration ` + -DeviceConfigurationId $currentInstance.Id ` + -BodyParameter $UpdateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Device Configuration Network Boundary Policy for Windows10 with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $WindowsNetworkIsolationPolicy, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Device Configuration Network Boundary Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + $testResult = $false + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + if ($null -ne $Results.WindowsNetworkIsolationPolicy) + { + $complexMapping = @( + @{ + Name = 'WindowsNetworkIsolationPolicy' + CimInstanceName = 'MicrosoftGraphWindowsNetworkIsolationPolicy' + IsRequired = $False + } + @{ + Name = 'EnterpriseCloudResources' + CimInstanceName = 'MicrosoftGraphProxiedDomain1' + IsRequired = $False + } + @{ + Name = 'EnterpriseIPRanges' + CimInstanceName = 'MicrosoftGraphIpRange1' + IsRequired = $False + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.WindowsNetworkIsolationPolicy ` + -CIMInstanceName 'MicrosoftGraphwindowsNetworkIsolationPolicy' ` + -ComplexTypeMapping $complexMapping + + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.WindowsNetworkIsolationPolicy = $complexTypeStringResult + } + else + { + $Results.Remove('WindowsNetworkIsolationPolicy') | Out-Null + } + } + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.WindowsNetworkIsolationPolicy) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "WindowsNetworkIsolationPolicy" -isCIMArray:$False + } + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + } + #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable + $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace("`r`n;`r`n" , "`r`n" ) + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function Update-DeviceConfigurationPolicyAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $Targets, + + [Parameter()] + [System.String] + $Repository = 'deviceManagement/configurationPolicies', + + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion = 'beta' + ) + try + { + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + + foreach ($target in $targets) + { + $formattedTarget = @{"@odata.type" = $target.dataType} + if ($target.groupId) + { + $formattedTarget.Add('groupId',$target.groupId) + } + if ($target.collectionId) + { + $formattedTarget.Add('collectionId',$target.collectionId) + } + if ($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + } + if ($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + } + $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $null + } +} + +function Rename-M365DSCCimInstanceParameter +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $Properties + ) + + $keyToRename = @{ + "odataType" = "@odata.type" + } + + $result = $Properties + + $type = $Properties.getType().FullName + + #region Array + if ($type -like '*[[\]]') + { + $values = @() + foreach ($item in $Properties) + { + $values += Rename-M365DSCCimInstanceParameter $item + } + $result = $values + + return ,$result + } + #endregion + + #region Single + if ($type -like "*Hashtable") + { + $result = ([Hashtable]$Properties).clone() + } + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + { + $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) + { + $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + if ($key -in $keyToRename.Keys) + { + $keyName = $keyToRename.$key + } + + $property = $hashProperties.$key + if ($null -ne $property) + { + $hashProperties.Remove($key) + $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + } + } + $result = $hashProperties + } + return $result + #endregion +} + +function Get-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter()] + $ComplexObject + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + if ($ComplexObject.gettype().fullname -like "*[[\]]") + { + $results = @() + + foreach ($item in $ComplexObject) + { + if ($item) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash + } + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + + if ($ComplexObject.getType().fullname -like '*Dictionary*') + { + $results = @{} + + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys + foreach ($key in $keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyName = $key + + $keyType = $ComplexObject.$key.gettype().fullname + + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$key) + } + } + } + return [hashtable]$results + } + + $results = @{} + + if ($ComplexObject.getType().Fullname -like "*hashtable") + { + $keys = $ComplexObject.keys + } + else + { + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + } + + foreach ($key in $keys) + { + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike "*hashtable") + { + $keyName = $key.Name + } + + if ($null -ne $ComplexObject.$keyName) + { + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$keyName) + } + } + } + return [hashtable]$results +} + +<# + Use ComplexTypeMapping to overwrite the type of nested CIM + Example + $complexMapping=@( + @{ + Name="ApprovalStages" + CimInstanceName="MSFT_MicrosoftGraphapprovalstage1" + IsRequired=$false + } + @{ + Name="PrimaryApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + @{ + Name="EscalationApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + ) + With + Name: the name of the parameter to be overwritten + CimInstanceName: The type of the CIM instance (can include or not the prefix MSFT_) + IsRequired: If isRequired equals true, an empty hashtable or array will be returned. Some of the Graph parameters are required even though they are empty +#> +function Get-M365DSCDRGComplexTypeToString +{ + [CmdletBinding()] + param( + [Parameter()] + $ComplexObject, + + [Parameter(Mandatory = $true)] + [System.String] + $CIMInstanceName, + + [Parameter()] + [Array] + $ComplexTypeMapping, + + [Parameter()] + [System.String] + $Whitespace = '', + + [Parameter()] + [System.uint32] + $IndentLevel = 3, + + [Parameter()] + [switch] + $isArray = $false + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' + } + #If ComplexObject is an Array + if ($ComplexObject.GetType().FullName -like "*[[\]]") + { + $currentProperty = @() + $IndentLevel++ + foreach ($item in $ComplexObject) + { + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel + } + if ($ComplexTypeMapping) + { + $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + } + + $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,$currentProperty + } + + $currentProperty = '' + if ($isArray) + { + $currentProperty += "`r`n" + $currentProperty += $indent + } + + $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $currentProperty += "MSFT_$CIMInstanceName{`r`n" + $IndentLevel++ + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' + } + $keyNotNull = 0 + + if ($ComplexObject.Keys.count -eq 0) + { + return $null + } + + foreach ($key in $ComplexObject.Keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyNotNull++ + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + { + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() + + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + { + $isArray = $true + } + #overwrite type if object defined in mapping complextypemapping + if ($key -in $ComplexTypeMapping.Name) + { + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] + } + else + { + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + } + + if (-not $isArray) + { + $currentProperty += $indent + $key + ' = ' + } + + if ($isArray -and $key -in $ComplexTypeMapping.Name) + { + if ($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $key + ' = ' + $currentProperty += "@(" + } + } + + if ($isArray) + { + $IndentLevel++ + foreach ($item in $ComplexObject[$key]) + { + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + { + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "@()`r`n" + } + $currentProperty += $nestedPropertyString + } + $IndentLevel-- + } + else + { + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "`$null`r`n" + } + $currentProperty += $nestedPropertyString + } + if ($isArray) + { + if ($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $currentProperty += ')' + $currentProperty += "`r`n" + } + } + $isArray = $PSBoundParameters.IsArray + } + else + { + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($indent) + } + } + else + { + $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} + + if ($mappedKey -and $mappedKey.isRequired) + { + if ($mappedKey.isArray) + { + $currentProperty += "$indent$key = @()`r`n" + } + else + { + $currentProperty += "$indent$key = `$null`r`n" + } + } + } + } + $indent = '' + for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + { + $indent += ' ' + } + $currentProperty += "$indent}" + if ($isArray -or $IndentLevel -gt 4) + { + $currentProperty += "`r`n" + } + + #Indenting last parenthese when the cim instance is an array + if ($IndentLevel -eq 5) + { + $indent = '' + for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + { + $indent += ' ' + } + $currentProperty += $indent + } + + $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") + { + $currentProperty = $null + } + return $currentProperty +} + +Function Get-M365DSCDRGSimpleObjectTypeToString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory = 'true')] + [System.String] + $Key, + + [Parameter(Mandatory = 'true')] + $Value, + + [Parameter()] + [System.String] + $Space = ' ' + + ) + + $returnValue = '' + switch -Wildcard ($Value.GetType().Fullname ) + { + "*.Boolean" + { + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + } + "*.String" + { + if ($key -eq '@odata.type') + { + $key ='odataType' + } + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" + } + "*.DateTime" + { + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" + } + "*[[\]]" + { + $returnValue = $Space + $key + " = @(" + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) + { + $returnValue += "`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" + } + foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + { + switch -Wildcard ($item.GetType().Fullname) + { + "*.String" + { + $returnValue += "$whitespace'$item'$newline" + } + "*.DateTime" + { + $returnValue += "$whitespace'$item'$newline" + } + Default + { + $returnValue += "$whitespace$item$newline" + } + } + } + if ($Value.count -gt 1) + { + $returnValue += "$Space)`r`n" + } + else + { + $returnValue += ")`r`n" + + } + } + Default + { + $returnValue = $Space + $Key + " = " + $Value + "`r`n" + } + } + return $returnValue +} + +function Compare-M365DSCComplexObject +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param( + [Parameter()] + $Source, + [Parameter()] + $Target + ) + + #Comparing full objects + if ($null -eq $Source -and $null -eq $Target) + { + return $true + } + + $sourceValue = '' + $targetValue = '' + if (($null -eq $Source) -xor ($null -eq $Target)) + { + if ($null -eq $Source) + { + $sourceValue = 'Source is null' + } + + if ($null -eq $Target) + { + $targetValue = 'Target is null' + } + Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" + return $false + } + + if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + { + if ($source.count -ne $target.count) + { + Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" + return $false + } + if ($source.count -eq 0) + { + return $true + } + + foreach ($item in $Source) + { + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) + { + $compareResult = Compare-M365DSCComplexObject ` + -Source $hashSource ` + -Target $targetItem + + if ($compareResult) + { + break + } + } + + if (-not $compareResult) + { + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' + return $false + } + } + return $true + } + + $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} + foreach ($key in $keys) + { + #Matching possible key names between Source and Target + $skey = $key + $tkey = $key + + $sourceValue = $Source.$key + $targetValue = $Target.$tkey + #One of the item is null and not the other + if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) + { + + if ($null -eq $Source.$key) + { + $sourceValue = 'null' + } + + if ($null -eq $Target.$tkey) + { + $targetValue = 'null' + } + + #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + + #Both keys aren't null or empty + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + { + if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") + { + #Recursive call for complex object + $compareResult = Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` + -Target $Target.$tkey + + if (-not $compareResult) + { + #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + else + { + #Simple object comparison + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key + + #Identifying date from the current values + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like "*Date*") + { + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) + { + $compareResult = $null + } + } + else + { + $compareResult = Compare-Object ` + -ReferenceObject ($referenceObject) ` + -DifferenceObject ($differenceObject) + } + + if ($null -ne $compareResult) + { + #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + } + } + return $true +} + +function Convert-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $ComplexObject + ) + + if ($ComplexObject.getType().Fullname -like "*[[\]]") + { + $results = @() + foreach ($item in $ComplexObject) + { + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash + } + + #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject + + if ($null -ne $hashComplexObject) + { + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} + foreach ($key in $keys) + { + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + { + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + } + else + { + $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName,$propertyValue) + } + } + } + return [hashtable]$results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.schema.mof new file mode 100644 index 0000000000..033eb15c30 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.schema.mof @@ -0,0 +1,53 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphWindowsNetworkIsolationPolicy +{ + [Write, Description("Contains a list of enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy. This collection can contain a maximum of 500 elements."), EmbeddedInstance("MSFT_MicrosoftGraphProxiedDomain1")] String EnterpriseCloudResources[]; + [Write, Description("This is the comma-separated list of internal proxy servers. For example, '157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59'. These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseCloudResources policy to force traffic to the matched cloud resources through these proxies.")] String EnterpriseInternalProxyServers[]; + [Write, Description("Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This collection can contain a maximum of 500 elements."), EmbeddedInstance("MSFT_MicrosoftGraphIpRange1")] String EnterpriseIPRanges[]; + [Write, Description("Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false.")] Boolean EnterpriseIPRangesAreAuthoritative; + [Write, Description("This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to.")] String EnterpriseNetworkDomainNames[]; + [Write, Description("This is a list of proxy servers. Any server not on this list is considered non-enterprise.")] String EnterpriseProxyServers[]; + [Write, Description("Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false")] Boolean EnterpriseProxyServersAreAuthoritative; + [Write, Description("List of domain names that can used for work or personal resource.")] String NeutralDomainResources[]; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphProxiedDomain1 +{ + [Write, Description("The IP address or FQDN")] String IpAddressOrFQDN; + [Write, Description("Proxy IP or FQDN")] String Proxy; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphIpRange1 +{ + [Write, Description("IPv4 address in CIDR notation. Not nullable.")] String CidrAddress; + [Write, Description("Lower address.")] String LowerAddress; + [Write, Description("Upper address.")] String UpperAddress; + [Write, Description("The type of the entity."), ValueMap{"#microsoft.graph.iPv4CidrRange","#microsoft.graph.iPv6CidrRange","#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"}, Values{"#microsoft.graph.iPv4CidrRange","#microsoft.graph.iPv6CidrRange","#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"}] String odataType; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10")] +class MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 : OMI_BaseResource +{ + [Write, Description("Windows Network Isolation Policy"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy")] String WindowsNetworkIsolationPolicy; + [Write, Description("Admin provided description of the Device Configuration.")] String Description; + [Required, Description("Admin provided name of the device configuration.")] String DisplayName; + [Write, Description("Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.")] Boolean SupportsScopeTags; + [Key, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/readme.md new file mode 100644 index 0000000000..19725eb54c --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/readme.md @@ -0,0 +1,6 @@ + +# IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 + +## Description + +Intune Device Configuration Network Boundary Policy for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/settings.json new file mode 100644 index 0000000000..f0cea3ba58 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10", + "description": "This resource configures an Intune Device Configuration Network Boundary Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } +} + +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/1-IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/1-IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10-Example.ps1 new file mode 100644 index 0000000000..5c0f78ece1 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/1-IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10-Example.ps1 @@ -0,0 +1,47 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "network boundary"; + Ensure = "Present"; + Id = "16c280a3-a04f-4847-b3bb-3cef06cb2be3"; + SupportsScopeTags = $True; + WindowsNetworkIsolationPolicy = MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy{ + EnterpriseProxyServers = @() + EnterpriseInternalProxyServers = @() + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @('domain.com') + EnterpriseIPRanges = @( + MSFT_MicrosoftGraphIpRange1{ + UpperAddress = '1.1.1.255' + LowerAddress = '1.1.1.0' + odataType = '#microsoft.graph.iPv4Range' + } + ) + NeutralDomainResources = @() + }; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 new file mode 100644 index 0000000000..94c988e736 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 @@ -0,0 +1,390 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath "..\..\Unit" ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\Stubs\Microsoft365.psm1" ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\Stubs\Generic.psm1" ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\UnitTestHelper.psm1" ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { + } + + } + # Test contexts + Context -Name "The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + windowsNetworkIsolationPolicy = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy -Property @{ + EnterpriseProxyServers = @("FakeStringValue") + EnterpriseInternalProxyServers = @("FakeStringValue") + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphproxiedDomain1 -Property @{ + Proxy = "FakeStringValue" + IpAddressOrFQDN = "FakeStringValue" + } -ClientOnly) + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @("FakeStringValue") + EnterpriseIPRanges = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphipRange1 -Property @{ + CidrAddress = "FakeStringValue" + UpperAddress = "FakeStringValue" + LowerAddress = "FakeStringValue" + odataType = "#microsoft.graph.iPv4CidrRange" + } -ClientOnly) + ) + NeutralDomainResources = @("FakeStringValue") + } -ClientOnly) + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name "The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + windowsNetworkIsolationPolicy = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy -Property @{ + EnterpriseProxyServers = @("FakeStringValue") + EnterpriseInternalProxyServers = @("FakeStringValue") + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphproxiedDomain1 -Property @{ + Proxy = "FakeStringValue" + IpAddressOrFQDN = "FakeStringValue" + } -ClientOnly) + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @("FakeStringValue") + EnterpriseIPRanges = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphipRange1 -Property @{ + CidrAddress = "FakeStringValue" + UpperAddress = "FakeStringValue" + LowerAddress = "FakeStringValue" + odataType = "#microsoft.graph.iPv4CidrRange" + } -ClientOnly) + ) + NeutralDomainResources = @("FakeStringValue") + } -ClientOnly) + Ensure = "Absent" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + windowsNetworkIsolationPolicy = @{ + EnterpriseProxyServers = @("FakeStringValue") + EnterpriseInternalProxyServers = @("FakeStringValue") + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = @( + @{ + Proxy = "FakeStringValue" + IpAddressOrFQDN = "FakeStringValue" + } + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @("FakeStringValue") + EnterpriseIPRanges = @( + @{ + CidrAddress = "FakeStringValue" + UpperAddress = "FakeStringValue" + LowerAddress = "FakeStringValue" + '@odata.type' = "#microsoft.graph.iPv4CidrRange" + } + ) + NeutralDomainResources = @("FakeStringValue") + } + '@odata.type' = "#microsoft.graph.windows10NetworkBoundaryConfiguration" + } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + + } + } + } + + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + Context -Name "The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + windowsNetworkIsolationPolicy = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy -Property @{ + EnterpriseProxyServers = @("FakeStringValue") + EnterpriseInternalProxyServers = @("FakeStringValue") + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphproxiedDomain1 -Property @{ + Proxy = "FakeStringValue" + IpAddressOrFQDN = "FakeStringValue" + } -ClientOnly) + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @("FakeStringValue") + EnterpriseIPRanges = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphipRange1 -Property @{ + CidrAddress = "FakeStringValue" + UpperAddress = "FakeStringValue" + LowerAddress = "FakeStringValue" + odataType = "#microsoft.graph.iPv4CidrRange" + } -ClientOnly) + ) + NeutralDomainResources = @("FakeStringValue") + } -ClientOnly) + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + windowsNetworkIsolationPolicy = @{ + EnterpriseProxyServers = @("FakeStringValue") + EnterpriseInternalProxyServers = @("FakeStringValue") + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = @( + @{ + Proxy = "FakeStringValue" + IpAddressOrFQDN = "FakeStringValue" + } + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @("FakeStringValue") + EnterpriseIPRanges = @( + @{ + CidrAddress = "FakeStringValue" + UpperAddress = "FakeStringValue" + LowerAddress = "FakeStringValue" + '@odata.type' = "#microsoft.graph.iPv4CidrRange" + } + ) + NeutralDomainResources = @("FakeStringValue") + } + '@odata.type' = "#microsoft.graph.windows10NetworkBoundaryConfiguration" + } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + windowsNetworkIsolationPolicy = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy -Property @{ + EnterpriseProxyServers = @("FakeStringValue") + EnterpriseInternalProxyServers = @("FakeStringValue") + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphproxiedDomain1 -Property @{ + Proxy = "FakeStringValue" + IpAddressOrFQDN = "FakeStringValue" + } -ClientOnly) + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @("FakeStringValue") + EnterpriseIPRanges = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphipRange1 -Property @{ + CidrAddress = "FakeStringValue" + UpperAddress = "FakeStringValue" + LowerAddress = "FakeStringValue" + odataType = "#microsoft.graph.iPv4CidrRange" + } -ClientOnly) + ) + NeutralDomainResources = @("FakeStringValue") + } -ClientOnly) + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + windowsNetworkIsolationPolicy = @{ + EnterpriseProxyServers = @("FakeStringValue") + EnterpriseInternalProxyServers = @("FakeStringValue") + EnterpriseCloudResources = @( + @{ + Proxy = "FakeStringValue" + IpAddressOrFQDN = "FakeStringValue" + } + ) + EnterpriseNetworkDomainNames = @("FakeStringValue") + EnterpriseIPRanges = @( + @{ + CidrAddress = "FakeStringValue" + UpperAddress = "FakeStringValue" + LowerAddress = "FakeStringValue" + '@odata.type' = "#microsoft.graph.iPv4CidrRange" + } + ) + NeutralDomainResources = @("FakeStringValue") + } + '@odata.type' = "#microsoft.graph.windows10NetworkBoundaryConfiguration" + } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + } + } + } + + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It "Should call the Set method" { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name "ReverseDSC Tests" -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + windowsNetworkIsolationPolicy = @{ + EnterpriseProxyServers = @("FakeStringValue") + EnterpriseInternalProxyServers = @("FakeStringValue") + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = @( + @{ + Proxy = "FakeStringValue" + IpAddressOrFQDN = "FakeStringValue" + } + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @("FakeStringValue") + EnterpriseIPRanges = @( + @{ + CidrAddress = "FakeStringValue" + UpperAddress = "FakeStringValue" + LowerAddress = "FakeStringValue" + '@odata.type' = "#microsoft.graph.iPv4CidrRange" + } + ) + NeutralDomainResources = @("FakeStringValue") + } + '@odata.type' = "#microsoft.graph.windows10NetworkBoundaryConfiguration" + } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + + } + } + } + It "Should Reverse Engineer resource from the Export method" { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From 357d19756974777693379ebbd1fa6ad9f3df5aa1 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 18:16:39 +0100 Subject: [PATCH 136/187] DRG complexTypeConstructor fix --- ResourceGenerator/M365DSCResourceGenerator.psm1 | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index ce456ae5c3..a514f8d703 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -1590,15 +1590,15 @@ function Get-ComplexTypeConstructorToString if ($isNested) { $valuePrefix=$ParentPropertyValuePath - if ($null -eq $valuePrefix) - { + #if ($null -eq $valuePrefix) + #{ $propRoot=$ParentPropertyName.replace("my","") $valuePrefix="current$propRoot." - if ($property.IsRootProperty -eq $false -and -not $IsNested) - { - $valuePrefix += "AdditionalProperties." - } - } + #if ($property.IsRootProperty -eq $false -and -not $IsNested) + #{ + # $valuePrefix += "AdditionalProperties." + #} + #} } $iterationPropertyName="current$propertyName" $complexString.appendLine($spacing + "`$$returnPropertyName" + " = @()") | Out-Null @@ -1621,6 +1621,8 @@ function Get-ComplexTypeConstructorToString if ($Property.IsArray) { $valuePrefix = "$iterationPropertyName." + $referencePrefix = "$iterationPropertyName." + write-host -ForegroundColor Yellow ($valuePrefix) } if ($isNested -and -not $Property.IsArray) { @@ -1767,6 +1769,7 @@ function Get-ComplexTypeConstructorToString } else { + write-host ("Add - $valuePrefix") if ($isNested) { $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', `$$valuePrefix$AssignedPropertyName)" ) | Out-Null From 37154450dc551110070bf76f0947e2f006516f80 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 18:18:27 +0100 Subject: [PATCH 137/187] removed trace --- ResourceGenerator/M365DSCResourceGenerator.psm1 | 2 -- 1 file changed, 2 deletions(-) diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index a514f8d703..c6f1a06957 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -1622,7 +1622,6 @@ function Get-ComplexTypeConstructorToString { $valuePrefix = "$iterationPropertyName." $referencePrefix = "$iterationPropertyName." - write-host -ForegroundColor Yellow ($valuePrefix) } if ($isNested -and -not $Property.IsArray) { @@ -1769,7 +1768,6 @@ function Get-ComplexTypeConstructorToString } else { - write-host ("Add - $valuePrefix") if ($isNested) { $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', `$$valuePrefix$AssignedPropertyName)" ) | Out-Null From 9b4dfbf12cadc79669dd5b3f189494b8bab02392 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 18:24:17 +0100 Subject: [PATCH 138/187] fix export trailing coma --- ResourceGenerator/M365DSCResourceGenerator.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index c6f1a06957..414fce925c 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -476,6 +476,7 @@ function New-M365DSCResource #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) $currentDSCBlock = $currentDSCBlock.replace("`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace("`r`n,`r`n" , "`r`n" ) '@ } $requiredKey = '' From e3416ee3367caf62c9823dc9d6917b90c7a2b253 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Sat, 1 Apr 2023 20:58:09 +0000 Subject: [PATCH 139/187] Updated Resources and Cmdlet documentation pages --- ...tuneDeviceEnrollmentStatusPageWindows10.md | 123 ++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 docs/docs/resources/intune/IntuneDeviceEnrollmentStatusPageWindows10.md diff --git a/docs/docs/resources/intune/IntuneDeviceEnrollmentStatusPageWindows10.md b/docs/docs/resources/intune/IntuneDeviceEnrollmentStatusPageWindows10.md new file mode 100644 index 0000000000..567dcda82b --- /dev/null +++ b/docs/docs/resources/intune/IntuneDeviceEnrollmentStatusPageWindows10.md @@ -0,0 +1,123 @@ +# IntuneDeviceEnrollmentStatusPageWindows10 + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Key | String | The display name of the device enrollment configuration | | +| **Id** | Required | String | The unique identifier for an entity. Read-only. | | +| **Description** | Write | String | The description of the device enrollment configuration | | +| **AllowDeviceResetOnInstallFailure** | Write | Boolean | Allow or block device reset on installation failure | | +| **AllowDeviceUseOnInstallFailure** | Write | Boolean | Allow the user to continue using the device on installation failure | | +| **AllowLogCollectionOnInstallFailure** | Write | Boolean | Allow or block log collection on installation failure | | +| **AllowNonBlockingAppInstallation** | Write | Boolean | Install all required apps as non blocking apps during white glove | | +| **BlockDeviceSetupRetryByUser** | Write | Boolean | Allow the user to retry the setup on installation failure | | +| **CustomErrorMessage** | Write | String | Set custom error message to show upon installation failure | | +| **DisableUserStatusTrackingAfterFirstUser** | Write | Boolean | Only show installation progress for first user post enrollment | | +| **InstallProgressTimeoutInMinutes** | Write | UInt32 | Set installation progress timeout in minutes | | +| **InstallQualityUpdates** | Write | Boolean | Allows quality updates installation during OOBE | | +| **SelectedMobileAppIds** | Write | StringArray[] | Selected applications to track the installation status | | +| **ShowInstallationProgress** | Write | Boolean | Show or hide installation progress to user | | +| **TrackInstallProgressForAutopilotOnly** | Write | Boolean | Only show installation progress for Autopilot enrollment scenarios | | +| **Priority** | Write | UInt32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + + +## Description + +Intune Device Enrollment Status Page Configuration for Windows10 + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All, DeviceManagementServiceConfig.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All, DeviceManagementServiceConfig.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All + +## Examples + +### Example 1 + +This example creates a new Device Enrollment Status Page. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsGlobalAdmin + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceEnrollmentStatusPageWindows10 '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' + { + AllowDeviceResetOnInstallFailure = $True; + AllowDeviceUseOnInstallFailure = $True; + AllowLogCollectionOnInstallFailure = $True; + AllowNonBlockingAppInstallation = $False; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + BlockDeviceSetupRetryByUser = $False; + CustomErrorMessage = "Setup could not be completed. Please try again or contact your support person for help."; + Description = "This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership."; + DisableUserStatusTrackingAfterFirstUser = $True; + DisplayName = "All users and all devices"; + Ensure = "Present"; + Id = "5b0e1dba-4523-455e-9fdd-e36c833b57bf_DefaultWindows10EnrollmentCompletionPageConfiguration"; + InstallProgressTimeoutInMinutes = 60; + InstallQualityUpdates = $False; + Priority = 0; + SelectedMobileAppIds = @(); + ShowInstallationProgress = $True; + TrackInstallProgressForAutopilotOnly = $True; + Credential = $Credscredential + } + } +} +``` + From 6e198f4f13d7540c377458bba8d598cb2beb1d26 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Sat, 1 Apr 2023 21:27:17 +0000 Subject: [PATCH 140/187] Updated Resources and Cmdlet documentation pages --- ...hMonitoringConfigurationPolicyWindows10.md | 104 ++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 docs/docs/resources/intune/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.md diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.md new file mode 100644 index 0000000000..9702bf4568 --- /dev/null +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.md @@ -0,0 +1,104 @@ +# IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **AllowDeviceHealthMonitoring** | Write | String | Enables device health monitoring on the device. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **ConfigDeviceHealthMonitoringCustomScope** | Write | String | Specifies custom set of events collected from the device where health monitoring is enabled | | +| **ConfigDeviceHealthMonitoringScope** | Write | StringArray[] | Specifies set of events collected from the device where health monitoring is enabled. Possible values are: undefined, healthMonitoring, bootPerformance, windowsUpdates, privilegeManagement. | `undefined`, `healthMonitoring`, `bootPerformance`, `windowsUpdates`, `privilegeManagement` | +| **Description** | Write | String | Admin provided description of the Device Configuration. | | +| **DisplayName** | Required | String | Admin provided name of the device configuration. | | +| **SupportsScopeTags** | Write | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. | | +| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + + +## Description + +Intune Device Configuration Health Monitoring Configuration Policy for Windows10 + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 'Example' + { + AllowDeviceHealthMonitoring = "enabled"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ConfigDeviceHealthMonitoringScope = @("bootPerformance","windowsUpdates"); + Credential = $Credscredential; + DisplayName = "Health Monitoring Configuration"; + Ensure = "Present"; + Id = "ea1bbbf2-1593-4156-9995-62b93a474e01"; + SupportsScopeTags = $True; + } + } +} +``` + From bc932e9675c40bc3db7b89e2276f53637447ca6e Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Sat, 1 Apr 2023 21:56:13 +0000 Subject: [PATCH 141/187] Updated Resources and Cmdlet documentation pages --- ...ntuneDeviceConfigurationPolicyWindows10.md | 885 +++++++++++------- 1 file changed, 541 insertions(+), 344 deletions(-) diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md index f1202b2f5b..0654f5fbb1 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md @@ -4,96 +4,232 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **DisplayName** | Key | String | Display name of the device configuration policy for Windows 10. | | -| **Description** | Write | String | Description of the device configuration policy for Windows 10. | | -| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | -| **EnterpriseCloudPrintDiscoveryEndPoint** | Write | String | Endpoint for discovering cloud printers. | | -| **EnterpriseCloudPrintOAuthAuthority** | Write | String | Authentication endpoint for acquiring OAuth tokens. | | -| **EnterpriseCloudPrintOAuthClientIdentifier** | Write | String | GUID of a client application authorized to retrieve OAuth tokens from the OAuth Authority. | | -| **EnterpriseCloudPrintResourceIdentifier** | Write | String | OAuth resource URI for print service as configured in the Azure portal. | | -| **EnterpriseCloudPrintDiscoveryMaxLimit** | Write | UInt64 | Maximum number of printers that should be queried from a discovery endpoint. This is a mobile only setting. Valid values 1 to 65535 | | -| **EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier** | Write | String | OAuth resource URI for printer discovery service as configured in Azure portal. | | -| **SearchBlockDiacritics** | Write | Boolean | Specifies if search can use diacritics. | | -| **SearchDisableAutoLanguageDetection** | Write | Boolean | Specifies whether to use automatic language detection when indexing content and properties. | | -| **SearchDisableIndexingEncryptedItems** | Write | Boolean | Indicates whether or not to block indexing of WIP-protected items to prevent them from appearing in search results for Cortana or Explorer. | | -| **SearchEnableRemoteQueries** | Write | Boolean | Indicates whether or not to block remote queries of this computer's index. | | -| **SearchDisableIndexerBackoff** | Write | Boolean | Indicates whether or not to disable the search indexer backoff feature. | | -| **SearchDisableIndexingRemovableDrive** | Write | Boolean | Indicates whether or not to allow users to add locations on removable drives to libraries and to be indexed. | | -| **SearchEnableAutomaticIndexSizeManangement** | Write | Boolean | Specifies minimum amount of hard drive space on the same drive as the index location before indexing stops. | | -| **DiagnosticsDataSubmissionMode** | Write | String | Gets or sets a value allowing the device to send diagnostic and usage telemetry data, such as Watson. Possible values are: userDefined, none, basic, enhanced, full. | | -| **OneDriveDisableFileSync** | Write | Boolean | Gets or sets a value allowing IT admins to prevent apps and features from working with files on OneDrive. | | -| **SmartScreenEnableAppInstallControl** | Write | Boolean | This property will be deprecated in July 2019 and will be replaced by property SmartScreenAppInstallControl. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. | | -| **PersonalizationDesktopImageUrl** | Write | String | A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Desktop Image or a file Url to a local image on the file system that needs to used as the Desktop Image. | | -| **PersonalizationLockScreenImageUrl** | Write | String | A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image. | | +| **AccountsBlockAddingNonMicrosoftAccountEmail** | Write | Boolean | Indicates whether or not to Block the user from adding email accounts to the device that are not associated with a Microsoft account. | | +| **ActivateAppsWithVoice** | Write | String | Specifies if Windows apps can be activated by voice. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **AntiTheftModeBlocked** | Write | Boolean | Indicates whether or not to block the user from selecting an AntiTheft mode preference (Windows 10 Mobile only). | | +| **AppManagementMSIAllowUserControlOverInstall** | Write | Boolean | This policy setting permits users to change installation options that typically are available only to system administrators. | | +| **AppManagementMSIAlwaysInstallWithElevatedPrivileges** | Write | Boolean | This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system. | | +| **AppManagementPackageFamilyNamesToLaunchAfterLogOn** | Write | StringArray[] | List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are to be launched after logon. | | +| **AppsAllowTrustedAppsSideloading** | Write | String | Indicates whether apps from AppX packages signed with a trusted certificate can be side loaded. Possible values are: notConfigured, blocked, allowed. | `notConfigured`, `blocked`, `allowed` | +| **AppsBlockWindowsStoreOriginatedApps** | Write | Boolean | Indicates whether or not to disable the launch of all apps from Windows Store that came pre-installed or were downloaded. | | +| **AuthenticationAllowSecondaryDevice** | Write | Boolean | Allows secondary authentication devices to work with Windows. | | +| **AuthenticationPreferredAzureADTenantDomainName** | Write | String | Specifies the preferred domain among available domains in the Azure AD tenant. | | +| **AuthenticationWebSignIn** | Write | String | Indicates whether or not Web Credential Provider will be enabled. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | | **BluetoothAllowedServices** | Write | StringArray[] | Specify a list of allowed Bluetooth services and profiles in hex formatted strings. | | | **BluetoothBlockAdvertising** | Write | Boolean | Whether or not to Block the user from using bluetooth advertising. | | | **BluetoothBlockDiscoverableMode** | Write | Boolean | Whether or not to Block the user from using bluetooth discoverable mode. | | +| **BluetoothBlocked** | Write | Boolean | Whether or not to Block the user from using bluetooth. | | | **BluetoothBlockPrePairing** | Write | Boolean | Whether or not to block specific bundled Bluetooth peripherals to automatically pair with the host device. | | -| **EdgeBlockAutofill** | Write | Boolean | Indicates whether or not to block auto fill. | | -| **EdgeBlocked** | Write | Boolean | Indicates whether or not to Block the user from using the Edge browser. | | -| **EdgeCookiePolicy** | Write | String | Indicates which cookies to block in the Edge browser. Possible values are: userDefined, allow, blockThirdParty, blockAll. | | -| **EdgeBlockDeveloperTools** | Write | Boolean | Indicates whether or not to block developer tools in the Edge browser. | | -| **EdgeBlockSendingDoNotTrackHeader** | Write | Boolean | Indicates whether or not to Block the user from sending the do not track header. | | -| **EdgeBlockExtensions** | Write | Boolean | Indicates whether or not to block extensions in the Edge browser. | | -| **EdgeBlockInPrivateBrowsing** | Write | Boolean | Indicates whether or not to block InPrivate browsing on corporate networks, in the Edge browser. | | -| **EdgeBlockJavaScript** | Write | Boolean | Indicates whether or not to Block the user from using JavaScript. | | -| **EdgeBlockPasswordManager** | Write | Boolean | Indicates whether or not to Block password manager. | | -| **EdgeBlockAddressBarDropdown** | Write | Boolean | Block the address bar dropdown functionality in Microsoft Edge. Disable this settings to minimize network connections from Microsoft Edge to Microsoft services. | | -| **EdgeBlockCompatibilityList** | Write | Boolean | Block Microsoft compatibility list in Microsoft Edge. This list from Microsoft helps Edge properly display sites with known compatibility issues. | | -| **EdgeClearBrowsingDataOnExit** | Write | Boolean | Clear browsing data on exiting Microsoft Edge. | | -| **EdgeAllowStartPagesModification** | Write | Boolean | Allow users to change Start pages on Edge. Use the EdgeHomepageUrls to specify the Start pages that the user would see by default when they open Edge. | | -| **EdgeDisableFirstRunPage** | Write | Boolean | Block the Microsoft web page that opens on the first use of Microsoft Edge. This policy allows enterprises, like those enrolled in zero emissions configurations, to block this page. | | -| **EdgeBlockLiveTileDataCollection** | Write | Boolean | Block the collection of information by Microsoft for live tile creation when users pin a site to Start from Microsoft Edge. | | -| **EdgeSyncFavoritesWithInternetExplorer** | Write | Boolean | Enable favorites sync between Internet Explorer and Microsoft Edge. Additions, deletions, modifications and order changes to favorites are shared between browsers. | | +| **BluetoothBlockPromptedProximalConnections** | Write | Boolean | Whether or not to block the users from using Swift Pair and other proximity based scenarios. | | +| **CameraBlocked** | Write | Boolean | Whether or not to Block the user from accessing the camera of the device. | | | **CellularBlockDataWhenRoaming** | Write | Boolean | Whether or not to Block the user from using data over cellular while roaming. | | | **CellularBlockVpn** | Write | Boolean | Whether or not to Block the user from using VPN over cellular. | | | **CellularBlockVpnWhenRoaming** | Write | Boolean | Whether or not to Block the user from using VPN when roaming over cellular. | | -| **DefenderRequireRealTimeMonitoring** | Write | Boolean | Indicates whether or not to require real time monitoring. | | +| **CellularData** | Write | String | Whether or not to allow the cellular data channel on the device. If not configured, the cellular data channel is allowed and the user can turn it off. Possible values are: blocked, required, allowed, notConfigured. | `blocked`, `required`, `allowed`, `notConfigured` | +| **CertificatesBlockManualRootCertificateInstallation** | Write | Boolean | Whether or not to Block the user from doing manual root certificate installation. | | +| **ConfigureTimeZone** | Write | String | Specifies the time zone to be applied to the device. This is the standard Windows name for the target time zone. | | +| **ConnectedDevicesServiceBlocked** | Write | Boolean | Whether or not to block Connected Devices Service which enables discovery and connection to other devices, remote messaging, remote app sessions and other cross-device experiences. | | +| **CopyPasteBlocked** | Write | Boolean | Whether or not to Block the user from using copy paste. | | +| **CortanaBlocked** | Write | Boolean | Whether or not to Block the user from using Cortana. | | +| **CryptographyAllowFipsAlgorithmPolicy** | Write | Boolean | Specify whether to allow or disallow the Federal Information Processing Standard (FIPS) policy. | | +| **DataProtectionBlockDirectMemoryAccess** | Write | Boolean | This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. | | +| **DefenderBlockEndUserAccess** | Write | Boolean | Whether or not to block end user access to Defender. | | +| **DefenderBlockOnAccessProtection** | Write | Boolean | Allows or disallows Windows Defender On Access Protection functionality. | | +| **DefenderCloudBlockLevel** | Write | String | Specifies the level of cloud-delivered protection. Possible values are: notConfigured, high, highPlus, zeroTolerance. | `notConfigured`, `high`, `highPlus`, `zeroTolerance` | +| **DefenderCloudExtendedTimeout** | Write | UInt32 | Timeout extension for file scanning by the cloud. Valid values 0 to 50 | | +| **DefenderCloudExtendedTimeoutInSeconds** | Write | UInt32 | Timeout extension for file scanning by the cloud. Valid values 0 to 50 | | +| **DefenderDaysBeforeDeletingQuarantinedMalware** | Write | UInt32 | Number of days before deleting quarantined malware. Valid values 0 to 90 | | +| **DefenderDetectedMalwareActions** | Write | MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 | Gets or sets Defenders actions to take on detected Malware per threat level. | | +| **DefenderDisableCatchupFullScan** | Write | Boolean | When blocked, catch-up scans for scheduled full scans will be turned off. | | +| **DefenderDisableCatchupQuickScan** | Write | Boolean | When blocked, catch-up scans for scheduled quick scans will be turned off. | | +| **DefenderFileExtensionsToExclude** | Write | StringArray[] | File extensions to exclude from scans and real time protection. | | +| **DefenderFilesAndFoldersToExclude** | Write | StringArray[] | Files and folder to exclude from scans and real time protection. | | +| **DefenderMonitorFileActivity** | Write | String | Value for monitoring file activity. Possible values are: userDefined, disable, monitorAllFiles, monitorIncomingFilesOnly, monitorOutgoingFilesOnly. | `userDefined`, `disable`, `monitorAllFiles`, `monitorIncomingFilesOnly`, `monitorOutgoingFilesOnly` | +| **DefenderPotentiallyUnwantedAppAction** | Write | String | Gets or sets Defenders action to take on Potentially Unwanted Application (PUA), which includes software with behaviors of ad-injection, software bundling, persistent solicitation for payment or subscription, etc. Defender alerts user when PUA is being downloaded or attempts to install itself. Added in Windows 10 for desktop. Possible values are: deviceDefault, block, audit. | `deviceDefault`, `block`, `audit` | +| **DefenderPotentiallyUnwantedAppActionSetting** | Write | String | Gets or sets Defenders action to take on Potentially Unwanted Application (PUA), which includes software with behaviors of ad-injection, software bundling, persistent solicitation for payment or subscription, etc. Defender alerts user when PUA is being downloaded or attempts to install itself. Added in Windows 10 for desktop. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | `userDefined`, `enable`, `auditMode`, `warn`, `notConfigured` | +| **DefenderProcessesToExclude** | Write | StringArray[] | Processes to exclude from scans and real time protection. | | +| **DefenderPromptForSampleSubmission** | Write | String | The configuration for how to prompt user for sample submission. Possible values are: userDefined, alwaysPrompt, promptBeforeSendingPersonalData, neverSendData, sendAllDataWithoutPrompting. | `userDefined`, `alwaysPrompt`, `promptBeforeSendingPersonalData`, `neverSendData`, `sendAllDataWithoutPrompting` | | **DefenderRequireBehaviorMonitoring** | Write | Boolean | Indicates whether or not to require behavior monitoring. | | +| **DefenderRequireCloudProtection** | Write | Boolean | Indicates whether or not to require cloud protection. | | | **DefenderRequireNetworkInspectionSystem** | Write | Boolean | Indicates whether or not to require network inspection system. | | -| **DefenderScanDownloads** | Write | Boolean | Indicates whether or not to scan downloads. | | -| **DefenderScanScriptsLoadedInInternetExplorer** | Write | Boolean | Indicates whether or not to scan scripts loaded in Internet Explorer browser. | | -| **DefenderBlockEndUserAccess** | Write | Boolean | Whether or not to block end user access to Defender. | | -| **DefenderSignatureUpdateIntervalInHours** | Write | UInt64 | The signature update interval in hours. Specify 0 not to check. Valid values 0 to 24 | | -| **DefenderMonitorFileActivity** | Write | String | Value for monitoring file activity. Possible values are: userDefined, disable, monitorAllFiles, monitorIncomingFilesOnly, monitorOutgoingFilesOnly. | | -| **DefenderDaysBeforeDeletingQuarantinedMalware** | Write | UInt64 | Number of days before deleting quarantined malware. Valid values 0 to 90 | | -| **DefenderScanMaxCpu** | Write | UInt64 | Max CPU usage percentage during scan. Valid values 0 to 100 | | +| **DefenderRequireRealTimeMonitoring** | Write | Boolean | Indicates whether or not to require real time monitoring. | | | **DefenderScanArchiveFiles** | Write | Boolean | Indicates whether or not to scan archive files. | | +| **DefenderScanDownloads** | Write | Boolean | Indicates whether or not to scan downloads. | | | **DefenderScanIncomingMail** | Write | Boolean | Indicates whether or not to scan incoming mail messages. | | -| **DefenderScanRemovableDrivesDuringFullScan** | Write | Boolean | Indicates whether or not to scan removable drives during full scan. | | | **DefenderScanMappedNetworkDrivesDuringFullScan** | Write | Boolean | Indicates whether or not to scan mapped network drives during full scan. | | +| **DefenderScanMaxCpu** | Write | UInt32 | Max CPU usage percentage during scan. Valid values 0 to 100 | | | **DefenderScanNetworkFiles** | Write | Boolean | Indicates whether or not to scan files opened from a network folder. | | -| **DefenderRequireCloudProtection** | Write | Boolean | Indicates whether or not to require cloud protection. | | -| **DefenderCloudBlockLevel** | Write | String | Specifies the level of cloud-delivered protection. Possible values are: notConfigured, high, highPlus, zeroTolerance. | | -| **DefenderPromptForSampleSubmission** | Write | String | The configuration for how to prompt user for sample submission. Possible values are: userDefined, alwaysPrompt, promptBeforeSendingPersonalData, neverSendData, sendAllDataWithoutPrompting. | | +| **DefenderScanRemovableDrivesDuringFullScan** | Write | Boolean | Indicates whether or not to scan removable drives during full scan. | | +| **DefenderScanScriptsLoadedInInternetExplorer** | Write | Boolean | Indicates whether or not to scan scripts loaded in Internet Explorer browser. | | +| **DefenderScanType** | Write | String | The defender system scan type. Possible values are: userDefined, disabled, quick, full. | `userDefined`, `disabled`, `quick`, `full` | | **DefenderScheduledQuickScanTime** | Write | String | The time to perform a daily quick scan. | | -| **DefenderScanType** | Write | String | The defender system scan type. Possible values are: userDefined, disabled, quick, full. | | -| **DefenderSystemScanSchedule** | Write | String | Defender day of the week for the system scan. Possible values are: userDefined, everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday. | | | **DefenderScheduledScanTime** | Write | String | The defender time for the system scan. | | -| **DefenderDetectedMalwareActions** | Write | MSFT_IntuneDefenderDetectedMalwareActions | Gets or sets Defender’s actions to take on detected Malware per threat level. | | -| **DefenderFileExtensionsToExclude** | Write | StringArray[] | File extensions to exclude from scans and real time protection. | | -| **DefenderFilesAndFoldersToExclude** | Write | StringArray[] | Files and folder to exclude from scans and real time protection. | | -| **DefenderProcessesToExclude** | Write | StringArray[] | Processes to exclude from scans and real time protection. | | +| **DefenderScheduleScanEnableLowCpuPriority** | Write | Boolean | When enabled, low CPU priority will be used during scheduled scans. | | +| **DefenderSignatureUpdateIntervalInHours** | Write | UInt32 | The signature update interval in hours. Specify 0 not to check. Valid values 0 to 24 | | +| **DefenderSubmitSamplesConsentType** | Write | String | Checks for the user consent level in Windows Defender to send data. Possible values are: sendSafeSamplesAutomatically, alwaysPrompt, neverSend, sendAllSamplesAutomatically. | `sendSafeSamplesAutomatically`, `alwaysPrompt`, `neverSend`, `sendAllSamplesAutomatically` | +| **DefenderSystemScanSchedule** | Write | String | Defender day of the week for the system scan. Possible values are: userDefined, everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday, noScheduledScan. | `userDefined`, `everyday`, `sunday`, `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `noScheduledScan` | +| **DeveloperUnlockSetting** | Write | String | Indicates whether or not to allow developer unlock. Possible values are: notConfigured, blocked, allowed. | `notConfigured`, `blocked`, `allowed` | +| **DeviceManagementBlockFactoryResetOnMobile** | Write | Boolean | Indicates whether or not to Block the user from resetting their phone. | | +| **DeviceManagementBlockManualUnenroll** | Write | Boolean | Indicates whether or not to Block the user from doing manual un-enrollment from device management. | | +| **DiagnosticsDataSubmissionMode** | Write | String | Gets or sets a value allowing the device to send diagnostic and usage telemetry data, such as Watson. Possible values are: userDefined, none, basic, enhanced, full. | `userDefined`, `none`, `basic`, `enhanced`, `full` | +| **DisplayAppListWithGdiDPIScalingTurnedOff** | Write | StringArray[] | List of legacy applications that have GDI DPI Scaling turned off. | | +| **DisplayAppListWithGdiDPIScalingTurnedOn** | Write | StringArray[] | List of legacy applications that have GDI DPI Scaling turned on. | | +| **EdgeAllowStartPagesModification** | Write | Boolean | Allow users to change Start pages on Edge. Use the EdgeHomepageUrls to specify the Start pages that the user would see by default when they open Edge. | | +| **EdgeBlockAccessToAboutFlags** | Write | Boolean | Indicates whether or not to prevent access to about flags on Edge browser. | | +| **EdgeBlockAddressBarDropdown** | Write | Boolean | Block the address bar dropdown functionality in Microsoft Edge. Disable this settings to minimize network connections from Microsoft Edge to Microsoft services. | | +| **EdgeBlockAutofill** | Write | Boolean | Indicates whether or not to block auto fill. | | +| **EdgeBlockCompatibilityList** | Write | Boolean | Block Microsoft compatibility list in Microsoft Edge. This list from Microsoft helps Edge properly display sites with known compatibility issues. | | +| **EdgeBlockDeveloperTools** | Write | Boolean | Indicates whether or not to block developer tools in the Edge browser. | | +| **EdgeBlocked** | Write | Boolean | Indicates whether or not to Block the user from using the Edge browser. | | +| **EdgeBlockEditFavorites** | Write | Boolean | Indicates whether or not to Block the user from making changes to Favorites. | | +| **EdgeBlockExtensions** | Write | Boolean | Indicates whether or not to block extensions in the Edge browser. | | +| **EdgeBlockFullScreenMode** | Write | Boolean | Allow or prevent Edge from entering the full screen mode. | | +| **EdgeBlockInPrivateBrowsing** | Write | Boolean | Indicates whether or not to block InPrivate browsing on corporate networks, in the Edge browser. | | +| **EdgeBlockJavaScript** | Write | Boolean | Indicates whether or not to Block the user from using JavaScript. | | +| **EdgeBlockLiveTileDataCollection** | Write | Boolean | Block the collection of information by Microsoft for live tile creation when users pin a site to Start from Microsoft Edge. | | +| **EdgeBlockPasswordManager** | Write | Boolean | Indicates whether or not to Block password manager. | | +| **EdgeBlockPopups** | Write | Boolean | Indicates whether or not to block popups. | | +| **EdgeBlockPrelaunch** | Write | Boolean | Decide whether Microsoft Edge is prelaunched at Windows startup. | | +| **EdgeBlockPrinting** | Write | Boolean | Configure Edge to allow or block printing. | | +| **EdgeBlockSavingHistory** | Write | Boolean | Configure Edge to allow browsing history to be saved or to never save browsing history. | | +| **EdgeBlockSearchEngineCustomization** | Write | Boolean | Indicates whether or not to block the user from adding new search engine or changing the default search engine. | | +| **EdgeBlockSearchSuggestions** | Write | Boolean | Indicates whether or not to block the user from using the search suggestions in the address bar. | | +| **EdgeBlockSendingDoNotTrackHeader** | Write | Boolean | Indicates whether or not to Block the user from sending the do not track header. | | +| **EdgeBlockSendingIntranetTrafficToInternetExplorer** | Write | Boolean | Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer. Note: the name of this property is misleading the property is obsolete, use EdgeSendIntranetTrafficToInternetExplorer instead. | | +| **EdgeBlockSideloadingExtensions** | Write | Boolean | Indicates whether the user can sideload extensions. | | +| **EdgeBlockTabPreloading** | Write | Boolean | Configure whether Edge preloads the new tab page at Windows startup. | | +| **EdgeBlockWebContentOnNewTabPage** | Write | Boolean | Configure to load a blank page in Edge instead of the default New tab page and prevent users from changing it. | | +| **EdgeClearBrowsingDataOnExit** | Write | Boolean | Clear browsing data on exiting Microsoft Edge. | | +| **EdgeCookiePolicy** | Write | String | Indicates which cookies to block in the Edge browser. Possible values are: userDefined, allow, blockThirdParty, blockAll. | `userDefined`, `allow`, `blockThirdParty`, `blockAll` | +| **EdgeDisableFirstRunPage** | Write | Boolean | Block the Microsoft web page that opens on the first use of Microsoft Edge. This policy allows enterprises, like those enrolled in zero emissions configurations, to block this page. | | +| **EdgeEnterpriseModeSiteListLocation** | Write | String | Indicates the enterprise mode site list location. Could be a local file, local network or http location. | | +| **EdgeFavoritesBarVisibility** | Write | String | Get or set a value that specifies whether to set the favorites bar to always be visible or hidden on any page. Possible values are: notConfigured, hide, show. | `notConfigured`, `hide`, `show` | +| **EdgeFavoritesListLocation** | Write | String | The location of the favorites list to provision. Could be a local file, local network or http location. | | +| **EdgeFirstRunUrl** | Write | String | The first run URL for when Edge browser is opened for the first time. | | +| **EdgeHomeButtonConfiguration** | Write | MSFT_MicrosoftGraphedgeHomeButtonConfiguration | Causes the Home button to either hide, load the default Start page, load a New tab page, or a custom URL | | +| **EdgeHomeButtonConfigurationEnabled** | Write | Boolean | Enable the Home button configuration. | | +| **EdgeHomepageUrls** | Write | StringArray[] | The list of URLs for homepages shodwn on MDM-enrolled devices on Edge browser. | | +| **EdgeKioskModeRestriction** | Write | String | Controls how the Microsoft Edge settings are restricted based on the configure kiosk mode. Possible values are: notConfigured, digitalSignage, normalMode, publicBrowsingSingleApp, publicBrowsingMultiApp. | `notConfigured`, `digitalSignage`, `normalMode`, `publicBrowsingSingleApp`, `publicBrowsingMultiApp` | +| **EdgeKioskResetAfterIdleTimeInMinutes** | Write | UInt32 | Specifies the time in minutes from the last user activity before Microsoft Edge kiosk resets. Valid values are 0-1440. The default is 5. 0 indicates no reset. Valid values 0 to 1440 | | +| **EdgeNewTabPageURL** | Write | String | Specify the page opened when new tabs are created. | | +| **EdgeOpensWith** | Write | String | Specify what kind of pages are open at start. Possible values are: notConfigured, startPage, newTabPage, previousPages, specificPages. | `notConfigured`, `startPage`, `newTabPage`, `previousPages`, `specificPages` | +| **EdgePreventCertificateErrorOverride** | Write | Boolean | Allow or prevent users from overriding certificate errors. | | +| **EdgeRequiredExtensionPackageFamilyNames** | Write | StringArray[] | Specify the list of package family names of browser extensions that are required and cannot be turned off by the user. | | +| **EdgeRequireSmartScreen** | Write | Boolean | Indicates whether or not to Require the user to use the smart screen filter. | | +| **EdgeSearchEngine** | Write | MSFT_MicrosoftGraphedgeSearchEngineBase | Allows IT admins to set a default search engine for MDM-Controlled devices. Users can override this and change their default search engine provided the AllowSearchEngineCustomization policy is not set. | | +| **EdgeSendIntranetTrafficToInternetExplorer** | Write | Boolean | Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer. | | +| **EdgeShowMessageWhenOpeningInternetExplorerSites** | Write | String | Controls the message displayed by Edge before switching to Internet Explorer. Possible values are: notConfigured, disabled, enabled, keepGoing. | `notConfigured`, `disabled`, `enabled`, `keepGoing` | +| **EdgeSyncFavoritesWithInternetExplorer** | Write | Boolean | Enable favorites sync between Internet Explorer and Microsoft Edge. Additions, deletions, modifications and order changes to favorites are shared between browsers. | | +| **EdgeTelemetryForMicrosoft365Analytics** | Write | String | Specifies what type of telemetry data (none, intranet, internet, both) is sent to Microsoft 365 Analytics. Possible values are: notConfigured, intranet, internet, intranetAndInternet. | `notConfigured`, `intranet`, `internet`, `intranetAndInternet` | +| **EnableAutomaticRedeployment** | Write | Boolean | Allow users with administrative rights to delete all user data and settings using CTRL + Win + R at the device lock screen so that the device can be automatically re-configured and re-enrolled into management. | | +| **EnergySaverOnBatteryThresholdPercentage** | Write | UInt32 | This setting allows you to specify battery charge level at which Energy Saver is turned on. While on battery, Energy Saver is automatically turned on at (and below) the specified battery charge level. Valid input range (0-100). Valid values 0 to 100 | | +| **EnergySaverPluggedInThresholdPercentage** | Write | UInt32 | This setting allows you to specify battery charge level at which Energy Saver is turned on. While plugged in, Energy Saver is automatically turned on at (and below) the specified battery charge level. Valid input range (0-100). Valid values 0 to 100 | | +| **EnterpriseCloudPrintDiscoveryEndPoint** | Write | String | Endpoint for discovering cloud printers. | | +| **EnterpriseCloudPrintDiscoveryMaxLimit** | Write | UInt32 | Maximum number of printers that should be queried from a discovery endpoint. This is a mobile only setting. Valid values 1 to 65535 | | +| **EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier** | Write | String | OAuth resource URI for printer discovery service as configured in Azure portal. | | +| **EnterpriseCloudPrintOAuthAuthority** | Write | String | Authentication endpoint for acquiring OAuth tokens. | | +| **EnterpriseCloudPrintOAuthClientIdentifier** | Write | String | GUID of a client application authorized to retrieve OAuth tokens from the OAuth Authority. | | +| **EnterpriseCloudPrintResourceIdentifier** | Write | String | OAuth resource URI for print service as configured in the Azure portal. | | +| **ExperienceBlockDeviceDiscovery** | Write | Boolean | Indicates whether or not to enable device discovery UX. | | +| **ExperienceBlockErrorDialogWhenNoSIM** | Write | Boolean | Indicates whether or not to allow the error dialog from displaying if no SIM card is detected. | | +| **ExperienceBlockTaskSwitcher** | Write | Boolean | Indicates whether or not to enable task switching on the device. | | +| **ExperienceDoNotSyncBrowserSettings** | Write | String | Allow or prevent the syncing of Microsoft Edge Browser settings. Option for IT admins to prevent syncing across devices, but allow user override. Possible values are: notConfigured, blockedWithUserOverride, blocked. | `notConfigured`, `blockedWithUserOverride`, `blocked` | +| **FindMyFiles** | Write | String | Controls if the user can configure search to Find My Files mode, which searches files in secondary hard drives and also outside of the user profile. Find My Files does not allow users to search files or locations to which they do not have access. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **GameDvrBlocked** | Write | Boolean | Indicates whether or not to block DVR and broadcasting. | | +| **InkWorkspaceAccess** | Write | String | Controls the user access to the ink workspace, from the desktop and from above the lock screen. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **InkWorkspaceAccessState** | Write | String | Controls the user access to the ink workspace, from the desktop and from above the lock screen. Possible values are: notConfigured, blocked, allowed. | `notConfigured`, `blocked`, `allowed` | +| **InkWorkspaceBlockSuggestedApps** | Write | Boolean | Specify whether to show recommended app suggestions in the ink workspace. | | +| **InternetSharingBlocked** | Write | Boolean | Indicates whether or not to Block the user from using internet sharing. | | +| **LocationServicesBlocked** | Write | Boolean | Indicates whether or not to Block the user from location services. | | +| **LockScreenActivateAppsWithVoice** | Write | String | This policy setting specifies whether Windows apps can be activated by voice while the system is locked. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | | **LockScreenAllowTimeoutConfiguration** | Write | Boolean | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. If this policy is set to Allow, the value set by lockScreenTimeoutInSeconds is ignored. | | | **LockScreenBlockActionCenterNotifications** | Write | Boolean | Indicates whether or not to block action center notifications over lock screen. | | | **LockScreenBlockCortana** | Write | Boolean | Indicates whether or not the user can interact with Cortana using speech while the system is locked. | | | **LockScreenBlockToastNotifications** | Write | Boolean | Indicates whether to allow toast notifications above the device lock screen. | | -| **LockScreenTimeoutInSeconds** | Write | UInt64 | Set the duration (in seconds) from the screen locking to the screen turning off for Windows 10 Mobile devices. Supported values are 11-1800. Valid values 11 to 1800 | | +| **LockScreenTimeoutInSeconds** | Write | UInt32 | Set the duration (in seconds) from the screen locking to the screen turning off for Windows 10 Mobile devices. Supported values are 11-1800. Valid values 11 to 1800 | | +| **LogonBlockFastUserSwitching** | Write | Boolean | Disables the ability to quickly switch between users that are logged on simultaneously without logging off. | | +| **MessagingBlockMMS** | Write | Boolean | Indicates whether or not to block the MMS send/receive functionality on the device. | | +| **MessagingBlockRichCommunicationServices** | Write | Boolean | Indicates whether or not to block the RCS send/receive functionality on the device. | | +| **MessagingBlockSync** | Write | Boolean | Indicates whether or not to block text message back up and restore and Messaging Everywhere. | | +| **MicrosoftAccountBlocked** | Write | Boolean | Indicates whether or not to Block a Microsoft account. | | +| **MicrosoftAccountBlockSettingsSync** | Write | Boolean | Indicates whether or not to Block Microsoft account settings sync. | | +| **MicrosoftAccountSignInAssistantSettings** | Write | String | Controls the Microsoft Account Sign-In Assistant (wlidsvc) NT service. Possible values are: notConfigured, disabled. | `notConfigured`, `disabled` | +| **NetworkProxyApplySettingsDeviceWide** | Write | Boolean | If set, proxy settings will be applied to all processes and accounts in the device. Otherwise, it will be applied to the user account thats enrolled into MDM. | | +| **NetworkProxyAutomaticConfigurationUrl** | Write | String | Address to the proxy auto-config (PAC) script you want to use. | | +| **NetworkProxyDisableAutoDetect** | Write | Boolean | Disable automatic detection of settings. If enabled, the system will try to find the path to a proxy auto-config (PAC) script. | | +| **NetworkProxyServer** | Write | MSFT_MicrosoftGraphwindows10NetworkProxyServer | Specifies manual proxy server settings. | | +| **NfcBlocked** | Write | Boolean | Indicates whether or not to Block the user from using near field communication. | | +| **OneDriveDisableFileSync** | Write | Boolean | Gets or sets a value allowing IT admins to prevent apps and features from working with files on OneDrive. | | | **PasswordBlockSimple** | Write | Boolean | Specify whether PINs or passwords such as '1111' or '1234' are allowed. For Windows 10 desktops, it also controls the use of picture passwords. | | -| **PasswordExpirationDays** | Write | UInt64 | The password expiration in days. Valid values 0 to 730 | | -| **PasswordMinimumLength** | Write | UInt64 | The minimum password length. Valid values 4 to 16 | | -| **PasswordMinutesOfInactivityBeforeScreenTimeout** | Write | UInt64 | The minutes of inactivity before the screen times out. | | -| **PasswordMinimumCharacterSetCount** | Write | UInt64 | The number of character sets required in the password. | | -| **PasswordPreviousPasswordBlockCount** | Write | UInt64 | The number of previous passwords to prevent reuse of. Valid values 0 to 50 | | +| **PasswordExpirationDays** | Write | UInt32 | The password expiration in days. Valid values 0 to 730 | | +| **PasswordMinimumAgeInDays** | Write | UInt32 | This security setting determines the period of time (in days) that a password must be used before the user can change it. Valid values 0 to 998 | | +| **PasswordMinimumCharacterSetCount** | Write | UInt32 | The number of character sets required in the password. | | +| **PasswordMinimumLength** | Write | UInt32 | The minimum password length. Valid values 4 to 16 | | +| **PasswordMinutesOfInactivityBeforeScreenTimeout** | Write | UInt32 | The minutes of inactivity before the screen times out. | | +| **PasswordPreviousPasswordBlockCount** | Write | UInt32 | The number of previous passwords to prevent reuse of. Valid values 0 to 50 | | | **PasswordRequired** | Write | Boolean | Indicates whether or not to require the user to have a password. | | +| **PasswordRequiredType** | Write | String | The required password type. Possible values are: deviceDefault, alphanumeric, numeric. | `deviceDefault`, `alphanumeric`, `numeric` | | **PasswordRequireWhenResumeFromIdleState** | Write | Boolean | Indicates whether or not to require a password upon resuming from an idle state. | | -| **PasswordRequiredType** | Write | String | The required password type. Possible values are: deviceDefault, alphanumeric, numeric. | | -| **PasswordSignInFailureCountBeforeFactoryReset** | Write | UInt64 | The number of sign in failures before factory reset. Valid values 0 to 999 | | -| **PrivacyAdvertisingId** | Write | String | Enables or disables the use of advertising ID. Added in Windows 10, version 1607. Possible values are: notConfigured, blocked, allowed. | | +| **PasswordSignInFailureCountBeforeFactoryReset** | Write | UInt32 | The number of sign in failures before factory reset. Valid values 0 to 999 | | +| **PersonalizationDesktopImageUrl** | Write | String | A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Desktop Image or a file Url to a local image on the file system that needs to used as the Desktop Image. | | +| **PersonalizationLockScreenImageUrl** | Write | String | A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image. | | +| **PowerButtonActionOnBattery** | Write | String | This setting specifies the action that Windows takes when a user presses the Power button while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown. | `notConfigured`, `noAction`, `sleep`, `hibernate`, `shutdown` | +| **PowerButtonActionPluggedIn** | Write | String | This setting specifies the action that Windows takes when a user presses the Power button while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown. | `notConfigured`, `noAction`, `sleep`, `hibernate`, `shutdown` | +| **PowerHybridSleepOnBattery** | Write | String | This setting allows you to turn off hybrid sleep while on battery. If you set this setting to disable, a hiberfile is not generated when the system transitions to sleep (Stand By). If you set this setting to enable or do not configure this policy setting, users control this setting. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **PowerHybridSleepPluggedIn** | Write | String | This setting allows you to turn off hybrid sleep while plugged in. If you set this setting to disable, a hiberfile is not generated when the system transitions to sleep (Stand By). If you set this setting to enable or do not configure this policy setting, users control this setting. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **PowerLidCloseActionOnBattery** | Write | String | This setting specifies the action that Windows takes when a user closes the lid on a mobile PC while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown. | `notConfigured`, `noAction`, `sleep`, `hibernate`, `shutdown` | +| **PowerLidCloseActionPluggedIn** | Write | String | This setting specifies the action that Windows takes when a user closes the lid on a mobile PC while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown. | `notConfigured`, `noAction`, `sleep`, `hibernate`, `shutdown` | +| **PowerSleepButtonActionOnBattery** | Write | String | This setting specifies the action that Windows takes when a user presses the Sleep button while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown. | `notConfigured`, `noAction`, `sleep`, `hibernate`, `shutdown` | +| **PowerSleepButtonActionPluggedIn** | Write | String | This setting specifies the action that Windows takes when a user presses the Sleep button while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown. | `notConfigured`, `noAction`, `sleep`, `hibernate`, `shutdown` | +| **PrinterBlockAddition** | Write | Boolean | Prevent user installation of additional printers from printers settings. | | +| **PrinterDefaultName** | Write | String | Name (network host name) of an installed printer. | | +| **PrinterNames** | Write | StringArray[] | Automatically provision printers based on their names (network host names). | | +| **PrivacyAdvertisingId** | Write | String | Enables or disables the use of advertising ID. Added in Windows 10, version 1607. Possible values are: notConfigured, blocked, allowed. | `notConfigured`, `blocked`, `allowed` | | **PrivacyAutoAcceptPairingAndConsentPrompts** | Write | Boolean | Indicates whether or not to allow the automatic acceptance of the pairing and privacy user consent dialog when launching apps. | | +| **PrivacyBlockActivityFeed** | Write | Boolean | Blocks the usage of cloud based speech services for Cortana, Dictation, or Store applications. | | | **PrivacyBlockInputPersonalization** | Write | Boolean | Indicates whether or not to block the usage of cloud based speech services for Cortana, Dictation, or Store applications. | | +| **PrivacyBlockPublishUserActivities** | Write | Boolean | Blocks the shared experiences/discovery of recently used resources in task switcher etc. | | +| **PrivacyDisableLaunchExperience** | Write | Boolean | This policy prevents the privacy experience from launching during user logon for new and upgraded users. | | +| **ResetProtectionModeBlocked** | Write | Boolean | Indicates whether or not to Block the user from reset protection mode. | | +| **SafeSearchFilter** | Write | String | Specifies what filter level of safe search is required. Possible values are: userDefined, strict, moderate. | `userDefined`, `strict`, `moderate` | +| **ScreenCaptureBlocked** | Write | Boolean | Indicates whether or not to Block the user from taking Screenshots. | | +| **SearchBlockDiacritics** | Write | Boolean | Specifies if search can use diacritics. | | +| **SearchBlockWebResults** | Write | Boolean | Indicates whether or not to block the web search. | | +| **SearchDisableAutoLanguageDetection** | Write | Boolean | Specifies whether to use automatic language detection when indexing content and properties. | | +| **SearchDisableIndexerBackoff** | Write | Boolean | Indicates whether or not to disable the search indexer backoff feature. | | +| **SearchDisableIndexingEncryptedItems** | Write | Boolean | Indicates whether or not to block indexing of WIP-protected items to prevent them from appearing in search results for Cortana or Explorer. | | +| **SearchDisableIndexingRemovableDrive** | Write | Boolean | Indicates whether or not to allow users to add locations on removable drives to libraries and to be indexed. | | +| **SearchDisableLocation** | Write | Boolean | Specifies if search can use location information. | | +| **SearchDisableUseLocation** | Write | Boolean | Specifies if search can use location information. | | +| **SearchEnableAutomaticIndexSizeManangement** | Write | Boolean | Specifies minimum amount of hard drive space on the same drive as the index location before indexing stops. | | +| **SearchEnableRemoteQueries** | Write | Boolean | Indicates whether or not to block remote queries of this computers index. | | +| **SecurityBlockAzureADJoinedDevicesAutoEncryption** | Write | Boolean | Specify whether to allow automatic device encryption during OOBE when the device is Azure AD joined (desktop only). | | +| **SettingsBlockAccountsPage** | Write | Boolean | Indicates whether or not to block access to Accounts in Settings app. | | +| **SettingsBlockAddProvisioningPackage** | Write | Boolean | Indicates whether or not to block the user from installing provisioning packages. | | +| **SettingsBlockAppsPage** | Write | Boolean | Indicates whether or not to block access to Apps in Settings app. | | +| **SettingsBlockChangeLanguage** | Write | Boolean | Indicates whether or not to block the user from changing the language settings. | | +| **SettingsBlockChangePowerSleep** | Write | Boolean | Indicates whether or not to block the user from changing power and sleep settings. | | +| **SettingsBlockChangeRegion** | Write | Boolean | Indicates whether or not to block the user from changing the region settings. | | +| **SettingsBlockChangeSystemTime** | Write | Boolean | Indicates whether or not to block the user from changing date and time settings. | | +| **SettingsBlockDevicesPage** | Write | Boolean | Indicates whether or not to block access to Devices in Settings app. | | +| **SettingsBlockEaseOfAccessPage** | Write | Boolean | Indicates whether or not to block access to Ease of Access in Settings app. | | +| **SettingsBlockEditDeviceName** | Write | Boolean | Indicates whether or not to block the user from editing the device name. | | +| **SettingsBlockGamingPage** | Write | Boolean | Indicates whether or not to block access to Gaming in Settings app. | | +| **SettingsBlockNetworkInternetPage** | Write | Boolean | Indicates whether or not to block access to Network & Internet in Settings app. | | +| **SettingsBlockPersonalizationPage** | Write | Boolean | Indicates whether or not to block access to Personalization in Settings app. | | +| **SettingsBlockPrivacyPage** | Write | Boolean | Indicates whether or not to block access to Privacy in Settings app. | | +| **SettingsBlockRemoveProvisioningPackage** | Write | Boolean | Indicates whether or not to block the runtime configuration agent from removing provisioning packages. | | +| **SettingsBlockSettingsApp** | Write | Boolean | Indicates whether or not to block access to Settings app. | | +| **SettingsBlockSystemPage** | Write | Boolean | Indicates whether or not to block access to System in Settings app. | | +| **SettingsBlockTimeLanguagePage** | Write | Boolean | Indicates whether or not to block access to Time & Language in Settings app. | | +| **SettingsBlockUpdateSecurityPage** | Write | Boolean | Indicates whether or not to block access to Update & Security in Settings app. | | +| **SharedUserAppDataAllowed** | Write | Boolean | Indicates whether or not to block multiple users of the same app to share data. | | +| **SmartScreenAppInstallControl** | Write | String | Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. Possible values are: notConfigured, anywhere, storeOnly, recommendations, preferStore. | `notConfigured`, `anywhere`, `storeOnly`, `recommendations`, `preferStore` | +| **SmartScreenBlockPromptOverride** | Write | Boolean | Indicates whether or not users can override SmartScreen Filter warnings about potentially malicious websites. | | +| **SmartScreenBlockPromptOverrideForFiles** | Write | Boolean | Indicates whether or not users can override the SmartScreen Filter warnings about downloading unverified files | | +| **SmartScreenEnableAppInstallControl** | Write | Boolean | This property will be deprecated in July 2019 and will be replaced by property SmartScreenAppInstallControl. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. | | | **StartBlockUnpinningAppsFromTaskbar** | Write | Boolean | Indicates whether or not to block the user from unpinning apps from taskbar. | | -| **StartMenuAppListVisibility** | Write | String | Setting the value of this collapses the app list, removes the app list entirely, or disables the corresponding toggle in the Settings app. Possible values are: userDefined, collapse, remove, disableSettingsApp. | | +| **StartMenuAppListVisibility** | Write | String | Setting the value of this collapses the app list, removes the app list entirely, or disables the corresponding toggle in the Settings app. Possible values are: userDefined, collapse, remove, disableSettingsApp. | `userDefined`, `collapse`, `remove`, `disableSettingsApp` | | **StartMenuHideChangeAccountSettings** | Write | Boolean | Enabling this policy hides the change account setting from appearing in the user tile in the start menu. | | | **StartMenuHideFrequentlyUsedApps** | Write | Boolean | Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app. | | | **StartMenuHideHibernate** | Write | Boolean | Enabling this policy hides hibernate from appearing in the power button in the start menu. | | @@ -109,109 +245,56 @@ | **StartMenuHideUserTile** | Write | Boolean | Enabling this policy hides the user tile from appearing in the start menu. | | | **StartMenuLayoutEdgeAssetsXml** | Write | String | This policy setting allows you to import Edge assets to be used with startMenuLayoutXml policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when startMenuLayoutXml policy is modified. The value should be a UTF-8 Base64 encoded byte array. | | | **StartMenuLayoutXml** | Write | String | Allows admins to override the default Start menu layout and prevents the user from changing it. The layout is modified by specifying an XML file based on a layout modification schema. XML needs to be in a UTF8 encoded byte array format. | | -| **StartMenuMode** | Write | String | Allows admins to decide how the Start menu is displayed. Possible values are: userDefined, fullScreen, nonFullScreen. | | -| **StartMenuPinnedFolderDocuments** | Write | String | Enforces the visibility (Show/Hide) of the Documents folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | | -| **StartMenuPinnedFolderDownloads** | Write | String | Enforces the visibility (Show/Hide) of the Downloads folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | | -| **StartMenuPinnedFolderFileExplorer** | Write | String | Enforces the visibility (Show/Hide) of the FileExplorer shortcut on the Start menu. Possible values are: notConfigured, hide, show. | | -| **StartMenuPinnedFolderHomeGroup** | Write | String | Enforces the visibility (Show/Hide) of the HomeGroup folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | | -| **StartMenuPinnedFolderMusic** | Write | String | Enforces the visibility (Show/Hide) of the Music folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | | -| **StartMenuPinnedFolderNetwork** | Write | String | Enforces the visibility (Show/Hide) of the Network folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | | -| **StartMenuPinnedFolderPersonalFolder** | Write | String | Enforces the visibility (Show/Hide) of the PersonalFolder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | | -| **StartMenuPinnedFolderPictures** | Write | String | Enforces the visibility (Show/Hide) of the Pictures folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | | -| **StartMenuPinnedFolderSettings** | Write | String | Enforces the visibility (Show/Hide) of the Settings folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | | -| **StartMenuPinnedFolderVideos** | Write | String | Enforces the visibility (Show/Hide) of the Videos folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | | -| **SettingsBlockSettingsApp** | Write | Boolean | Indicates whether or not to block access to Settings app. | | -| **SettingsBlockSystemPage** | Write | Boolean | Indicates whether or not to block access to System in Settings app. | | -| **SettingsBlockDevicesPage** | Write | Boolean | Indicates whether or not to block access to Devices in Settings app. | | -| **SettingsBlockNetworkInternetPage** | Write | Boolean | Indicates whether or not to block access to Network & Internet in Settings app. | | -| **SettingsBlockPersonalizationPage** | Write | Boolean | Indicates whether or not to block access to Personalization in Settings app. | | -| **SettingsBlockAccountsPage** | Write | Boolean | Indicates whether or not to block access to Accounts in Settings app. | | -| **SettingsBlockTimeLanguagePage** | Write | Boolean | Indicates whether or not to block access to Time & Language in Settings app. | | -| **SettingsBlockEaseOfAccessPage** | Write | Boolean | Indicates whether or not to block access to Ease of Access in Settings app. | | -| **SettingsBlockPrivacyPage** | Write | Boolean | Indicates whether or not to block access to Privacy in Settings app. | | -| **SettingsBlockUpdateSecurityPage** | Write | Boolean | Indicates whether or not to block access to Update & Security in Settings app. | | -| **SettingsBlockAppsPage** | Write | Boolean | Indicates whether or not to block access to Apps in Settings app. | | -| **SettingsBlockGamingPage** | Write | Boolean | Indicates whether or not to block access to Gaming in Settings app. | | -| **WindowsSpotlightBlockConsumerSpecificFeatures** | Write | Boolean | Allows IT admins to block experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles. | | -| **WindowsSpotlightBlocked** | Write | Boolean | Allows IT admins to turn off all Windows Spotlight features | | -| **WindowsSpotlightBlockOnActionCenter** | Write | Boolean | Block suggestions from Microsoft that show after each OS clean install, upgrade or in an on-going basis to introduce users to what is new or changed | | -| **WindowsSpotlightBlockTailoredExperiences** | Write | Boolean | Block personalized content in Windows spotlight based on user’s device usage. | | -| **WindowsSpotlightBlockThirdPartyNotifications** | Write | Boolean | Block third party content delivered via Windows Spotlight | | -| **WindowsSpotlightBlockWelcomeExperience** | Write | Boolean | Block Windows Spotlight Windows welcome experience | | -| **WindowsSpotlightBlockWindowsTips** | Write | Boolean | Allows IT admins to turn off the popup of Windows Tips. | | -| **WindowsSpotlightConfigureOnLockScreen** | Write | String | Specifies the type of Spotlight. Possible values are: notConfigured, disabled, enabled. | | -| **NetworkProxyApplySettingsDeviceWide** | Write | Boolean | If set, proxy settings will be applied to all processes and accounts in the device. Otherwise, it will be applied to the user account that’s enrolled into MDM. | | -| **NetworkProxyDisableAutoDetect** | Write | Boolean | Disable automatic detection of settings. If enabled, the system will try to find the path to a proxy auto-config (PAC) script. | | -| **NetworkProxyAutomaticConfigurationUrl** | Write | String | Address to the proxy auto-config (PAC) script you want to use. | | -| **NetworkProxyServer** | Write | StringArray[] | Specifies manual proxy server settings. | | -| **AccountsBlockAddingNonMicrosoftAccountEmail** | Write | Boolean | Indicates whether or not to Block the user from adding email accounts to the device that are not associated with a Microsoft account. | | -| **AntiTheftModeBlocked** | Write | Boolean | Indicates whether or not to block the user from selecting an AntiTheft mode preference (Windows 10 Mobile only). | | -| **BluetoothBlocked** | Write | Boolean | Whether or not to Block the user from using bluetooth. | | -| **CameraBlocked** | Write | Boolean | Whether or not to Block the user from accessing the camera of the device. | | -| **ConnectedDevicesServiceBlocked** | Write | Boolean | Whether or not to block Connected Devices Service which enables discovery and connection to other devices, remote messaging, remote app sessions and other cross-device experiences. | | -| **CertificatesBlockManualRootCertificateInstallation** | Write | Boolean | Whether or not to Block the user from doing manual root certificate installation. | | -| **CopyPasteBlocked** | Write | Boolean | Whether or not to Block the user from using copy paste. | | -| **CortanaBlocked** | Write | Boolean | Whether or not to Block the user from using Cortana. | | -| **DeviceManagementBlockFactoryResetOnMobile** | Write | Boolean | Indicates whether or not to Block the user from resetting their phone. | | -| **DeviceManagementBlockManualUnenroll** | Write | Boolean | Indicates whether or not to Block the user from doing manual un-enrollment from device management. | | -| **SafeSearchFilter** | Write | String | Specifies what filter level of safe search is required. Possible values are: userDefined, strict, moderate. | | -| **EdgeBlockPopups** | Write | Boolean | Indicates whether or not to block popups. | | -| **EdgeBlockSearchSuggestions** | Write | Boolean | Indicates whether or not to block the user from using the search suggestions in the address bar. | | -| **EdgeBlockSendingIntranetTrafficToInternetExplorer** | Write | Boolean | Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer. Note: the name of this property is misleading; the property is obsolete, use EdgeSendIntranetTrafficToInternetExplorer instead. | | -| **EdgeSendIntranetTrafficToInternetExplorer** | Write | Boolean | Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer. | | -| **EdgeRequireSmartScreen** | Write | Boolean | Indicates whether or not to Require the user to use the smart screen filter. | | -| **EdgeEnterpriseModeSiteListLocation** | Write | String | Indicates the enterprise mode site list location. Could be a local file, local network or http location. | | -| **EdgeFirstRunUrl** | Write | String | The first run URL for when Edge browser is opened for the first time. | | -| **EdgeSearchEngine** | Write | String | Allows IT admins to set a default search engine for MDM-Controlled devices. Users can override this and change their default search engine provided the AllowSearchEngineCustomization policy is not set. | | -| **EdgeHomepageUrls** | Write | StringArray[] | The list of URLs for homepages shodwn on MDM-enrolled devices on Edge browser. | | -| **EdgeBlockAccessToAboutFlags** | Write | Boolean | Indicates whether or not to prevent access to about flags on Edge browser. | | -| **SmartScreenBlockPromptOverride** | Write | Boolean | Indicates whether or not users can override SmartScreen Filter warnings about potentially malicious websites. | | -| **SmartScreenBlockPromptOverrideForFiles** | Write | Boolean | Indicates whether or not users can override the SmartScreen Filter warnings about downloading unverified files | | -| **WebRtcBlockLocalhostIpAddress** | Write | Boolean | Indicates whether or not user's localhost IP address is displayed while making phone calls using the WebRTC | | -| **InternetSharingBlocked** | Write | Boolean | Indicates whether or not to Block the user from using internet sharing. | | -| **SettingsBlockAddProvisioningPackage** | Write | Boolean | Indicates whether or not to block the user from installing provisioning packages. | | -| **SettingsBlockRemoveProvisioningPackage** | Write | Boolean | Indicates whether or not to block the runtime configuration agent from removing provisioning packages. | | -| **SettingsBlockChangeSystemTime** | Write | Boolean | Indicates whether or not to block the user from changing date and time settings. | | -| **SettingsBlockEditDeviceName** | Write | Boolean | Indicates whether or not to block the user from editing the device name. | | -| **SettingsBlockChangeRegion** | Write | Boolean | Indicates whether or not to block the user from changing the region settings. | | -| **SettingsBlockChangeLanguage** | Write | Boolean | Indicates whether or not to block the user from changing the language settings. | | -| **SettingsBlockChangePowerSleep** | Write | Boolean | Indicates whether or not to block the user from changing power and sleep settings. | | -| **LocationServicesBlocked** | Write | Boolean | Indicates whether or not to Block the user from location services. | | -| **MicrosoftAccountBlocked** | Write | Boolean | Indicates whether or not to Block a Microsoft account. | | -| **MicrosoftAccountBlockSettingsSync** | Write | Boolean | Indicates whether or not to Block Microsoft account settings sync. | | -| **NfcBlocked** | Write | Boolean | Indicates whether or not to Block the user from using near field communication. | | -| **ResetProtectionModeBlocked** | Write | Boolean | Indicates whether or not to Block the user from reset protection mode. | | -| **ScreenCaptureBlocked** | Write | Boolean | Indicates whether or not to Block the user from taking Screenshots. | | +| **StartMenuMode** | Write | String | Allows admins to decide how the Start menu is displayed. Possible values are: userDefined, fullScreen, nonFullScreen. | `userDefined`, `fullScreen`, `nonFullScreen` | +| **StartMenuPinnedFolderDocuments** | Write | String | Enforces the visibility (Show/Hide) of the Documents folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | `notConfigured`, `hide`, `show` | +| **StartMenuPinnedFolderDownloads** | Write | String | Enforces the visibility (Show/Hide) of the Downloads folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | `notConfigured`, `hide`, `show` | +| **StartMenuPinnedFolderFileExplorer** | Write | String | Enforces the visibility (Show/Hide) of the FileExplorer shortcut on the Start menu. Possible values are: notConfigured, hide, show. | `notConfigured`, `hide`, `show` | +| **StartMenuPinnedFolderHomeGroup** | Write | String | Enforces the visibility (Show/Hide) of the HomeGroup folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | `notConfigured`, `hide`, `show` | +| **StartMenuPinnedFolderMusic** | Write | String | Enforces the visibility (Show/Hide) of the Music folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | `notConfigured`, `hide`, `show` | +| **StartMenuPinnedFolderNetwork** | Write | String | Enforces the visibility (Show/Hide) of the Network folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | `notConfigured`, `hide`, `show` | +| **StartMenuPinnedFolderPersonalFolder** | Write | String | Enforces the visibility (Show/Hide) of the PersonalFolder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | `notConfigured`, `hide`, `show` | +| **StartMenuPinnedFolderPictures** | Write | String | Enforces the visibility (Show/Hide) of the Pictures folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | `notConfigured`, `hide`, `show` | +| **StartMenuPinnedFolderSettings** | Write | String | Enforces the visibility (Show/Hide) of the Settings folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | `notConfigured`, `hide`, `show` | +| **StartMenuPinnedFolderVideos** | Write | String | Enforces the visibility (Show/Hide) of the Videos folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | `notConfigured`, `hide`, `show` | | **StorageBlockRemovableStorage** | Write | Boolean | Indicates whether or not to Block the user from using removable storage. | | | **StorageRequireMobileDeviceEncryption** | Write | Boolean | Indicating whether or not to require encryption on a mobile device. | | +| **StorageRestrictAppDataToSystemVolume** | Write | Boolean | Indicates whether application data is restricted to the system drive. | | +| **StorageRestrictAppInstallToSystemVolume** | Write | Boolean | Indicates whether the installation of applications is restricted to the system drive. | | +| **SystemTelemetryProxyServer** | Write | String | Gets or sets the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. | | +| **TaskManagerBlockEndTask** | Write | Boolean | Specify whether non-administrators can use Task Manager to end tasks. | | +| **TenantLockdownRequireNetworkDuringOutOfBoxExperience** | Write | Boolean | Whether the device is required to connect to the network. | | +| **UninstallBuiltInApps** | Write | Boolean | Indicates whether or not to uninstall a fixed list of built-in Windows apps. | | | **UsbBlocked** | Write | Boolean | Indicates whether or not to Block the user from USB connection. | | | **VoiceRecordingBlocked** | Write | Boolean | Indicates whether or not to Block the user from voice recording. | | +| **WebRtcBlockLocalhostIpAddress** | Write | Boolean | Indicates whether or not user's localhost IP address is displayed while making phone calls using the WebRTC | | | **WiFiBlockAutomaticConnectHotspots** | Write | Boolean | Indicating whether or not to block automatically connecting to Wi-Fi hotspots. Has no impact if Wi-Fi is blocked. | | | **WiFiBlocked** | Write | Boolean | Indicates whether or not to Block the user from using Wi-Fi. | | | **WiFiBlockManualConfiguration** | Write | Boolean | Indicates whether or not to Block the user from using Wi-Fi manual configuration. | | -| **WiFiScanInterval** | Write | UInt64 | Specify how often devices scan for Wi-Fi networks. Supported values are 1-500, where 100 = default, and 500 = low frequency. Valid values 1 to 500 | | +| **WiFiScanInterval** | Write | UInt32 | Specify how often devices scan for Wi-Fi networks. Supported values are 1-500, where 100 = default, and 500 = low frequency. Valid values 1 to 500 | | +| **Windows10AppsForceUpdateSchedule** | Write | MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule | Windows 10 force update schedule for Apps. | | +| **WindowsSpotlightBlockConsumerSpecificFeatures** | Write | Boolean | Allows IT admins to block experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles. | | +| **WindowsSpotlightBlocked** | Write | Boolean | Allows IT admins to turn off all Windows Spotlight features | | +| **WindowsSpotlightBlockOnActionCenter** | Write | Boolean | Block suggestions from Microsoft that show after each OS clean install, upgrade or in an on-going basis to introduce users to what is new or changed | | +| **WindowsSpotlightBlockTailoredExperiences** | Write | Boolean | Block personalized content in Windows spotlight based on users device usage. | | +| **WindowsSpotlightBlockThirdPartyNotifications** | Write | Boolean | Block third party content delivered via Windows Spotlight | | +| **WindowsSpotlightBlockWelcomeExperience** | Write | Boolean | Block Windows Spotlight Windows welcome experience | | +| **WindowsSpotlightBlockWindowsTips** | Write | Boolean | Allows IT admins to turn off the popup of Windows Tips. | | +| **WindowsSpotlightConfigureOnLockScreen** | Write | String | Specifies the type of Spotlight. Possible values are: notConfigured, disabled, enabled. | `notConfigured`, `disabled`, `enabled` | +| **WindowsStoreBlockAutoUpdate** | Write | Boolean | Indicates whether or not to block automatic update of apps from Windows Store. | | +| **WindowsStoreBlocked** | Write | Boolean | Indicates whether or not to Block the user from using the Windows store. | | +| **WindowsStoreEnablePrivateStoreOnly** | Write | Boolean | Indicates whether or not to enable Private Store Only. | | | **WirelessDisplayBlockProjectionToThisDevice** | Write | Boolean | Indicates whether or not to allow other devices from discovering this PC for projection. | | | **WirelessDisplayBlockUserInputFromReceiver** | Write | Boolean | Indicates whether or not to allow user input from wireless display receiver. | | | **WirelessDisplayRequirePinForPairing** | Write | Boolean | Indicates whether or not to require a PIN for new devices to initiate pairing. | | -| **WindowsStoreBlocked** | Write | Boolean | Indicates whether or not to Block the user from using the Windows store. | | -| **AppsAllowTrustedAppsSideloading** | Write | String | Indicates whether apps from AppX packages signed with a trusted certificate can be side loaded. Possible values are: notConfigured, blocked, allowed. | | -| **WindowsStoreBlockAutoUpdate** | Write | Boolean | Indicates whether or not to block automatic update of apps from Windows Store. | | -| **DeveloperUnlockSetting** | Write | String | Indicates whether or not to allow developer unlock. Possible values are: notConfigured, blocked, allowed. | | -| **SharedUserAppDataAllowed** | Write | Boolean | Indicates whether or not to block multiple users of the same app to share data. | | -| **AppsBlockWindowsStoreOriginatedApps** | Write | Boolean | Indicates whether or not to disable the launch of all apps from Windows Store that came pre-installed or were downloaded. | | -| **WindowsStoreEnablePrivateStoreOnly** | Write | Boolean | Indicates whether or not to enable Private Store Only. | | -| **StorageRestrictAppDataToSystemVolume** | Write | Boolean | Indicates whether application data is restricted to the system drive. | | -| **StorageRestrictAppInstallToSystemVolume** | Write | Boolean | Indicates whether the installation of applications is restricted to the system drive. | | -| **GameDvrBlocked** | Write | Boolean | Indicates whether or not to block DVR and broadcasting. | | -| **ExperienceBlockDeviceDiscovery** | Write | Boolean | Indicates whether or not to enable device discovery UX. | | -| **ExperienceBlockErrorDialogWhenNoSIM** | Write | Boolean | NIndicates whether or not to allow the error dialog from displaying if no SIM card is detected. | | -| **ExperienceBlockTaskSwitcher** | Write | Boolean | Indicates whether or not to enable task switching on the device. | | -| **LogonBlockFastUserSwitching** | Write | Boolean | Disables the ability to quickly switch between users that are logged on simultaneously without logging off. | | -| **TenantLockdownRequireNetworkDuringOutOfBoxExperience** | Write | Boolean | Whether the device is required to connect to the network. | | -| **Ensure** | Write | String | Present ensures the site collection exists, absent ensures it is removed | `Present`, `Absent` | -| **Credential** | Write | PSCredential | Credentials of the Intune Admin | | +| **Description** | Write | String | Admin provided description of the Device Configuration. | | +| **DisplayName** | Required | String | Admin provided name of the device configuration. | | +| **SupportsScopeTags** | Write | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. | | +| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | -| **TenantId** | Write | String | Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | | **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | @@ -228,21 +311,60 @@ | **groupId** | Write | String | The group Id that is the target of the assignment. | | | **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | -### MSFT_IntuneDefenderDetectedMalwareActions +### MSFT_MicrosoftGraphDefenderDetectedMalwareActions1 + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **HighSeverity** | Write | String | Indicates a Defender action to take for high severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block. | `deviceDefault`, `clean`, `quarantine`, `remove`, `allow`, `userDefined`, `block` | +| **LowSeverity** | Write | String | Indicates a Defender action to take for low severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block. | `deviceDefault`, `clean`, `quarantine`, `remove`, `allow`, `userDefined`, `block` | +| **ModerateSeverity** | Write | String | Indicates a Defender action to take for moderate severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block. | `deviceDefault`, `clean`, `quarantine`, `remove`, `allow`, `userDefined`, `block` | +| **SevereSeverity** | Write | String | Indicates a Defender action to take for severe severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block. | `deviceDefault`, `clean`, `quarantine`, `remove`, `allow`, `userDefined`, `block` | + +### MSFT_MicrosoftGraphEdgeHomeButtonConfiguration + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **HomeButtonCustomURL** | Write | String | The specific URL to load. | | +| **odataType** | Write | String | The type of the entity. | `#microsoft.graph.edgeHomeButtonHidden`, `#microsoft.graph.edgeHomeButtonLoadsStartPage`, `#microsoft.graph.edgeHomeButtonOpensCustomURL`, `#microsoft.graph.edgeHomeButtonOpensNewTab` | + +### MSFT_MicrosoftGraphEdgeSearchEngineBase + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **EdgeSearchEngineType** | Write | String | Allows IT admins to set a predefined default search engine for MDM-Controlled devices. Possible values are: default, bing. | `default`, `bing` | +| **EdgeSearchEngineOpenSearchXmlUrl** | Write | String | Points to a https link containing the OpenSearch xml file that contains, at minimum, the short name and the URL to the search Engine. | | +| **odataType** | Write | String | The type of the entity. | `#microsoft.graph.edgeSearchEngine`, `#microsoft.graph.edgeSearchEngineCustom` | + +### MSFT_MicrosoftGraphWindows10NetworkProxyServer + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Address** | Write | String | Address to the proxy server. Specify an address in the format ':' | | +| **Exceptions** | Write | StringArray[] | Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node. | | +| **UseForLocalAddresses** | Write | Boolean | Specifies whether the proxy server should be used for local (intranet) addresses. | | + +### MSFT_MicrosoftGraphWindows10AppsForceUpdateSchedule #### Parameters | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **LowSeverity** | Write | String | Specifies the action to take when a low severity malware is detected. | `deviceDefault`, `clean`, `quarantine`, `remove`, `allow`, `userDefined`, `block` | -| **ModerateSeverity** | Write | String | Specifies the action to take when a moderate severity malware is detected. | `deviceDefault`, `clean`, `quarantine`, `remove`, `allow`, `userDefined`, `block` | -| **HighSeverity** | Write | String | Specifies the action to take when a high severity malware is detected. | `deviceDefault`, `clean`, `quarantine`, `remove`, `allow`, `userDefined`, `block` | -| **SevereSeverity** | Write | String | Specifies the action to take when a severe malware is detected. | `deviceDefault`, `clean`, `quarantine`, `remove`, `allow`, `userDefined`, `block` | +| **Recurrence** | Write | String | Recurrence schedule. Possible values are: none, daily, weekly, monthly. | `none`, `daily`, `weekly`, `monthly` | +| **RunImmediatelyIfAfterStartDateTime** | Write | Boolean | If true, runs the task immediately if StartDateTime is in the past, else, runs at the next recurrence. | | +| **StartDateTime** | Write | String | The start time for the force restart. | | ## Description -This resource configures an Intune device configuration profile for an Windows 10 Device. +Intune Device Configuration Policy for Windows10 ## Permissions @@ -274,7 +396,8 @@ To authenticate with the Microsoft Graph API, this resource required the followi ### Example 1 -This example creates a new General Device Configuration Policy for Windows. +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. ```powershell Configuration Example @@ -282,192 +405,266 @@ Configuration Example param( [Parameter(Mandatory = $true)] [PSCredential] - $credsGlobalAdmin + $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC node localhost { - IntuneDeviceConfigurationPolicyWindows10 'ConfigureDeviceConfigurationPolicyWindows10' + IntuneDeviceConfigurationPolicyWindows10 'Example' { - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = MSFT_IntuneDefenderDetectedMalwareActions - { - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = 'bing' - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') - Ensure = 'Present' - Credential = $credsGlobalAdmin + AccountsBlockAddingNonMicrosoftAccountEmail = $False; + ActivateAppsWithVoice = "notConfigured"; + AntiTheftModeBlocked = $False; + AppManagementMSIAllowUserControlOverInstall = $False; + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $False; + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @(); + AppsAllowTrustedAppsSideloading = "notConfigured"; + AppsBlockWindowsStoreOriginatedApps = $False; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + AuthenticationAllowSecondaryDevice = $False; + AuthenticationWebSignIn = "notConfigured"; + BluetoothAllowedServices = @(); + BluetoothBlockAdvertising = $True; + BluetoothBlockDiscoverableMode = $False; + BluetoothBlocked = $True; + BluetoothBlockPrePairing = $True; + BluetoothBlockPromptedProximalConnections = $False; + CameraBlocked = $False; + CellularBlockDataWhenRoaming = $False; + CellularBlockVpn = $True; + CellularBlockVpnWhenRoaming = $True; + CellularData = "allowed"; + CertificatesBlockManualRootCertificateInstallation = $False; + ConnectedDevicesServiceBlocked = $False; + CopyPasteBlocked = $False; + CortanaBlocked = $False; + Credential = $Credscredential; + CryptographyAllowFipsAlgorithmPolicy = $False; + DefenderBlockEndUserAccess = $False; + DefenderBlockOnAccessProtection = $False; + DefenderCloudBlockLevel = "notConfigured"; + DefenderDisableCatchupFullScan = $False; + DefenderDisableCatchupQuickScan = $False; + DefenderFileExtensionsToExclude = @(); + DefenderFilesAndFoldersToExclude = @(); + DefenderMonitorFileActivity = "userDefined"; + DefenderPotentiallyUnwantedAppActionSetting = "userDefined"; + DefenderProcessesToExclude = @(); + DefenderPromptForSampleSubmission = "userDefined"; + DefenderRequireBehaviorMonitoring = $False; + DefenderRequireCloudProtection = $False; + DefenderRequireNetworkInspectionSystem = $False; + DefenderRequireRealTimeMonitoring = $False; + DefenderScanArchiveFiles = $False; + DefenderScanDownloads = $False; + DefenderScanIncomingMail = $False; + DefenderScanMappedNetworkDrivesDuringFullScan = $False; + DefenderScanNetworkFiles = $False; + DefenderScanRemovableDrivesDuringFullScan = $False; + DefenderScanScriptsLoadedInInternetExplorer = $False; + DefenderScanType = "userDefined"; + DefenderScheduleScanEnableLowCpuPriority = $False; + DefenderSystemScanSchedule = "userDefined"; + DeveloperUnlockSetting = "notConfigured"; + DeviceManagementBlockFactoryResetOnMobile = $False; + DeviceManagementBlockManualUnenroll = $False; + DiagnosticsDataSubmissionMode = "userDefined"; + DisplayAppListWithGdiDPIScalingTurnedOff = @(); + DisplayAppListWithGdiDPIScalingTurnedOn = @(); + DisplayName = "device config"; + EdgeAllowStartPagesModification = $False; + EdgeBlockAccessToAboutFlags = $False; + EdgeBlockAddressBarDropdown = $False; + EdgeBlockAutofill = $False; + EdgeBlockCompatibilityList = $False; + EdgeBlockDeveloperTools = $False; + EdgeBlocked = $False; + EdgeBlockEditFavorites = $False; + EdgeBlockExtensions = $False; + EdgeBlockFullScreenMode = $False; + EdgeBlockInPrivateBrowsing = $False; + EdgeBlockJavaScript = $False; + EdgeBlockLiveTileDataCollection = $False; + EdgeBlockPasswordManager = $False; + EdgeBlockPopups = $False; + EdgeBlockPrelaunch = $False; + EdgeBlockPrinting = $False; + EdgeBlockSavingHistory = $False; + EdgeBlockSearchEngineCustomization = $False; + EdgeBlockSearchSuggestions = $False; + EdgeBlockSendingDoNotTrackHeader = $False; + EdgeBlockSendingIntranetTrafficToInternetExplorer = $False; + EdgeBlockSideloadingExtensions = $False; + EdgeBlockTabPreloading = $False; + EdgeBlockWebContentOnNewTabPage = $False; + EdgeClearBrowsingDataOnExit = $False; + EdgeCookiePolicy = "userDefined"; + EdgeDisableFirstRunPage = $False; + EdgeFavoritesBarVisibility = "notConfigured"; + EdgeHomeButtonConfigurationEnabled = $False; + EdgeHomepageUrls = @(); + EdgeKioskModeRestriction = "notConfigured"; + EdgeOpensWith = "notConfigured"; + EdgePreventCertificateErrorOverride = $False; + EdgeRequiredExtensionPackageFamilyNames = @(); + EdgeRequireSmartScreen = $False; + EdgeSendIntranetTrafficToInternetExplorer = $False; + EdgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured"; + EdgeSyncFavoritesWithInternetExplorer = $False; + EdgeTelemetryForMicrosoft365Analytics = "notConfigured"; + EnableAutomaticRedeployment = $False; + Ensure = "Present"; + ExperienceBlockDeviceDiscovery = $False; + ExperienceBlockErrorDialogWhenNoSIM = $False; + ExperienceBlockTaskSwitcher = $False; + ExperienceDoNotSyncBrowserSettings = "notConfigured"; + FindMyFiles = "notConfigured"; + GameDvrBlocked = $True; + Id = "d48e4053-8e5f-4856-82d3-c9e293567135"; + InkWorkspaceAccess = "notConfigured"; + InkWorkspaceAccessState = "notConfigured"; + InkWorkspaceBlockSuggestedApps = $False; + InternetSharingBlocked = $False; + LocationServicesBlocked = $False; + LockScreenActivateAppsWithVoice = "notConfigured"; + LockScreenAllowTimeoutConfiguration = $False; + LockScreenBlockActionCenterNotifications = $False; + LockScreenBlockCortana = $False; + LockScreenBlockToastNotifications = $False; + LogonBlockFastUserSwitching = $False; + MessagingBlockMMS = $False; + MessagingBlockRichCommunicationServices = $False; + MessagingBlockSync = $False; + MicrosoftAccountBlocked = $False; + MicrosoftAccountBlockSettingsSync = $False; + MicrosoftAccountSignInAssistantSettings = "notConfigured"; + NetworkProxyApplySettingsDeviceWide = $False; + NetworkProxyDisableAutoDetect = $True; + NetworkProxyServer = MSFT_MicrosoftGraphwindows10NetworkProxyServer{ + UseForLocalAddresses = $True + Exceptions = @('*.domain2.com') + Address = 'proxy.domain.com:8080' + }; + NfcBlocked = $False; + OneDriveDisableFileSync = $False; + PasswordBlockSimple = $False; + PasswordRequired = $False; + PasswordRequiredType = "deviceDefault"; + PasswordRequireWhenResumeFromIdleState = $False; + PowerButtonActionOnBattery = "notConfigured"; + PowerButtonActionPluggedIn = "notConfigured"; + PowerHybridSleepOnBattery = "notConfigured"; + PowerHybridSleepPluggedIn = "notConfigured"; + PowerLidCloseActionOnBattery = "notConfigured"; + PowerLidCloseActionPluggedIn = "notConfigured"; + PowerSleepButtonActionOnBattery = "notConfigured"; + PowerSleepButtonActionPluggedIn = "notConfigured"; + PrinterBlockAddition = $False; + PrinterNames = @(); + PrivacyAdvertisingId = "notConfigured"; + PrivacyAutoAcceptPairingAndConsentPrompts = $False; + PrivacyBlockActivityFeed = $False; + PrivacyBlockInputPersonalization = $False; + PrivacyBlockPublishUserActivities = $False; + PrivacyDisableLaunchExperience = $False; + ResetProtectionModeBlocked = $False; + SafeSearchFilter = "userDefined"; + ScreenCaptureBlocked = $False; + SearchBlockDiacritics = $False; + SearchBlockWebResults = $False; + SearchDisableAutoLanguageDetection = $False; + SearchDisableIndexerBackoff = $False; + SearchDisableIndexingEncryptedItems = $False; + SearchDisableIndexingRemovableDrive = $False; + SearchDisableLocation = $False; + SearchDisableUseLocation = $False; + SearchEnableAutomaticIndexSizeManangement = $False; + SearchEnableRemoteQueries = $False; + SecurityBlockAzureADJoinedDevicesAutoEncryption = $False; + SettingsBlockAccountsPage = $False; + SettingsBlockAddProvisioningPackage = $False; + SettingsBlockAppsPage = $False; + SettingsBlockChangeLanguage = $False; + SettingsBlockChangePowerSleep = $False; + SettingsBlockChangeRegion = $False; + SettingsBlockChangeSystemTime = $False; + SettingsBlockDevicesPage = $False; + SettingsBlockEaseOfAccessPage = $False; + SettingsBlockEditDeviceName = $False; + SettingsBlockGamingPage = $False; + SettingsBlockNetworkInternetPage = $False; + SettingsBlockPersonalizationPage = $False; + SettingsBlockPrivacyPage = $False; + SettingsBlockRemoveProvisioningPackage = $False; + SettingsBlockSettingsApp = $False; + SettingsBlockSystemPage = $False; + SettingsBlockTimeLanguagePage = $False; + SettingsBlockUpdateSecurityPage = $False; + SharedUserAppDataAllowed = $False; + SmartScreenAppInstallControl = "notConfigured"; + SmartScreenBlockPromptOverride = $False; + SmartScreenBlockPromptOverrideForFiles = $False; + SmartScreenEnableAppInstallControl = $False; + StartBlockUnpinningAppsFromTaskbar = $False; + StartMenuAppListVisibility = "userDefined"; + StartMenuHideChangeAccountSettings = $False; + StartMenuHideFrequentlyUsedApps = $False; + StartMenuHideHibernate = $False; + StartMenuHideLock = $False; + StartMenuHidePowerButton = $False; + StartMenuHideRecentJumpLists = $False; + StartMenuHideRecentlyAddedApps = $False; + StartMenuHideRestartOptions = $False; + StartMenuHideShutDown = $False; + StartMenuHideSignOut = $False; + StartMenuHideSleep = $False; + StartMenuHideSwitchAccount = $False; + StartMenuHideUserTile = $False; + StartMenuMode = "userDefined"; + StartMenuPinnedFolderDocuments = "notConfigured"; + StartMenuPinnedFolderDownloads = "notConfigured"; + StartMenuPinnedFolderFileExplorer = "notConfigured"; + StartMenuPinnedFolderHomeGroup = "notConfigured"; + StartMenuPinnedFolderMusic = "notConfigured"; + StartMenuPinnedFolderNetwork = "notConfigured"; + StartMenuPinnedFolderPersonalFolder = "notConfigured"; + StartMenuPinnedFolderPictures = "notConfigured"; + StartMenuPinnedFolderSettings = "notConfigured"; + StartMenuPinnedFolderVideos = "notConfigured"; + StorageBlockRemovableStorage = $False; + StorageRequireMobileDeviceEncryption = $False; + StorageRestrictAppDataToSystemVolume = $False; + StorageRestrictAppInstallToSystemVolume = $False; + SupportsScopeTags = $True; + TaskManagerBlockEndTask = $False; + TenantLockdownRequireNetworkDuringOutOfBoxExperience = $False; + UninstallBuiltInApps = $False; + UsbBlocked = $False; + VoiceRecordingBlocked = $False; + WebRtcBlockLocalhostIpAddress = $False; + WiFiBlockAutomaticConnectHotspots = $False; + WiFiBlocked = $True; + WiFiBlockManualConfiguration = $True; + WindowsSpotlightBlockConsumerSpecificFeatures = $False; + WindowsSpotlightBlocked = $False; + WindowsSpotlightBlockOnActionCenter = $False; + WindowsSpotlightBlockTailoredExperiences = $False; + WindowsSpotlightBlockThirdPartyNotifications = $False; + WindowsSpotlightBlockWelcomeExperience = $False; + WindowsSpotlightBlockWindowsTips = $False; + WindowsSpotlightConfigureOnLockScreen = "notConfigured"; + WindowsStoreBlockAutoUpdate = $False; + WindowsStoreBlocked = $False; + WindowsStoreEnablePrivateStoreOnly = $False; + WirelessDisplayBlockProjectionToThisDevice = $False; + WirelessDisplayBlockUserInputFromReceiver = $False; + WirelessDisplayRequirePinForPairing = $False; } } } From fbf6f485c0ae47f1d8057b76b14c8b8d1841ba6c Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Sun, 2 Apr 2023 13:13:17 +0000 Subject: [PATCH 142/187] Updated Resources and Cmdlet documentation pages --- ...igurationNetworkBoundaryPolicyWindows10.md | 150 ++++++++++++++++++ 1 file changed, 150 insertions(+) create mode 100644 docs/docs/resources/intune/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.md diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.md new file mode 100644 index 0000000000..2ef0a79371 --- /dev/null +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.md @@ -0,0 +1,150 @@ +# IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **WindowsNetworkIsolationPolicy** | Write | MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy | Windows Network Isolation Policy | | +| **Description** | Write | String | Admin provided description of the Device Configuration. | | +| **DisplayName** | Required | String | Admin provided name of the device configuration. | | +| **SupportsScopeTags** | Write | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. | | +| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + +### MSFT_MicrosoftGraphWindowsNetworkIsolationPolicy + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **EnterpriseCloudResources** | Write | MSFT_MicrosoftGraphProxiedDomain1[] | Contains a list of enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy. This collection can contain a maximum of 500 elements. | | +| **EnterpriseInternalProxyServers** | Write | StringArray[] | This is the comma-separated list of internal proxy servers. For example, '157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59'. These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseCloudResources policy to force traffic to the matched cloud resources through these proxies. | | +| **EnterpriseIPRanges** | Write | MSFT_MicrosoftGraphIpRange1[] | Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This collection can contain a maximum of 500 elements. | | +| **EnterpriseIPRangesAreAuthoritative** | Write | Boolean | Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false. | | +| **EnterpriseNetworkDomainNames** | Write | StringArray[] | This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to. | | +| **EnterpriseProxyServers** | Write | StringArray[] | This is a list of proxy servers. Any server not on this list is considered non-enterprise. | | +| **EnterpriseProxyServersAreAuthoritative** | Write | Boolean | Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false | | +| **NeutralDomainResources** | Write | StringArray[] | List of domain names that can used for work or personal resource. | | + +### MSFT_MicrosoftGraphProxiedDomain1 + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IpAddressOrFQDN** | Write | String | The IP address or FQDN | | +| **Proxy** | Write | String | Proxy IP or FQDN | | + +### MSFT_MicrosoftGraphIpRange1 + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **CidrAddress** | Write | String | IPv4 address in CIDR notation. Not nullable. | | +| **LowerAddress** | Write | String | Lower address. | | +| **UpperAddress** | Write | String | Upper address. | | +| **odataType** | Write | String | The type of the entity. | `#microsoft.graph.iPv4CidrRange`, `#microsoft.graph.iPv6CidrRange`, `#microsoft.graph.iPv4Range`, `#microsoft.graph.iPv6Range` | + + +## Description + +Intune Device Configuration Network Boundary Policy for Windows10 + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "network boundary"; + Ensure = "Present"; + Id = "16c280a3-a04f-4847-b3bb-3cef06cb2be3"; + SupportsScopeTags = $True; + WindowsNetworkIsolationPolicy = MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy{ + EnterpriseProxyServers = @() + EnterpriseInternalProxyServers = @() + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @('domain.com') + EnterpriseIPRanges = @( + MSFT_MicrosoftGraphIpRange1{ + UpperAddress = '1.1.1.255' + LowerAddress = '1.1.1.0' + odataType = '#microsoft.graph.iPv4Range' + } + ) + NeutralDomainResources = @() + }; + } + } +} +``` + From 9a1cfe18842bfd666b82e501f38ec2b68817b2d6 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sun, 2 Apr 2023 17:33:42 +0100 Subject: [PATCH 143/187] fix missing key --- ...neDeviceEnrollmentPlatformRestriction.psm1 | 25 +++++++++---------- ...ceEnrollmentPlatformRestriction.schema.mof | 4 +-- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index 105cb45323..8cea2accf0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -4,11 +4,11 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -57,10 +57,10 @@ function Get-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -182,11 +182,11 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -235,10 +235,10 @@ function Set-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -264,7 +264,6 @@ function Set-TargetResource [Switch] $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters @@ -404,11 +403,11 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -457,10 +456,10 @@ function Test-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof index 2e2fd93a0b..355d2390ba 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof @@ -22,8 +22,8 @@ class MSFT_DeviceEnrollmentPlatformRestriction [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceEnrollmentPlatformRestriction")] class MSFT_IntuneDeviceEnrollmentPlatformRestriction : OMI_BaseResource { - [Write, Description("Identity of the device enrollment platform restriction.")] String Identity; - [Write, Description("Display name of the device enrollment platform restriction.")] String DisplayName; + [Key, Description("Identity of the device enrollment platform restriction.")] String Identity; + [Required, Description("Display name of the device enrollment platform restriction.")] String DisplayName; [Write, Description("Description of the device enrollment platform restriction.")] String Description; [Write, Description("Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration."), ValueMap{"singlePlatformRestriction","platformRestrictions"}, Values{"singlePlatformRestriction","platformRestrictions"}] String DeviceEnrollmentConfigurationType; [Write, Description("Ios restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string IosRestriction; From c9f739e2a90de872cc26566969a13029e684afb4 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sun, 2 Apr 2023 17:37:06 +0100 Subject: [PATCH 144/187] changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 78c9bb4f62..41c2f4cde9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ # UNRELEASED +* IntuneDeviceEnrollmentPlatformRestriction + * [BREAKING CHANGE] Updated resource to manage single and default platform restriction policies + FIXES [#2347](https://github.com/microsoft/Microsoft365DSC/issues/2347) * IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 * Initial Release FIXES [#2830](https://github.com/microsoft/Microsoft365DSC/issues/2830) From 5fdc580e6b3b43d09ac2afbd7144cdfb7fa3c733 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sun, 2 Apr 2023 19:03:39 +0100 Subject: [PATCH 145/187] fixed unit test --- ...t365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 index bf0a4a72a0..f4841ca4e4 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 @@ -106,9 +106,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { return @{ - DisplayName = 'My DSC Restriction' - Description = '' - id = '12345-12345-12345-12345-12345' AdditionalProperties = @{ '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration' PlatformRestriction = @{ From b7cccce64c52f5d58d11d9749155f34867a9cef2 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Sun, 2 Apr 2023 19:21:05 +0000 Subject: [PATCH 146/187] Updated Resources and Cmdlet documentation pages --- ...tuneDeviceEnrollmentPlatformRestriction.md | 117 ++++++++++++------ 1 file changed, 80 insertions(+), 37 deletions(-) diff --git a/docs/docs/resources/intune/IntuneDeviceEnrollmentPlatformRestriction.md b/docs/docs/resources/intune/IntuneDeviceEnrollmentPlatformRestriction.md index 8a002b737e..a59db7e862 100644 --- a/docs/docs/resources/intune/IntuneDeviceEnrollmentPlatformRestriction.md +++ b/docs/docs/resources/intune/IntuneDeviceEnrollmentPlatformRestriction.md @@ -4,28 +4,19 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **DisplayName** | Key | String | Display name of the device enrollment platform restriction. | | +| **Identity** | Key | String | Identity of the device enrollment platform restriction. | | +| **DisplayName** | Required | String | Display name of the device enrollment platform restriction. | | | **Description** | Write | String | Description of the device enrollment platform restriction. | | -| **AndroidPlatformBlocked** | Write | Boolean | N/A | | -| **AndroidPersonalDeviceEnrollmentBlocked** | Write | Boolean | N/A | | -| **AndroidOSMinimumVersion** | Write | String | N/A | | -| **AndroidOSMaximumVersion** | Write | String | N/A | | -| **iOSPlatformBlocked** | Write | Boolean | N/A | | -| **iOSPersonalDeviceEnrollmentBlocked** | Write | Boolean | N/A | | -| **iOSOSMinimumVersion** | Write | String | N/A | | -| **iOSOSMaximumVersion** | Write | String | N/A | | -| **MacPlatformBlocked** | Write | Boolean | N/A | | -| **MacPersonalDeviceEnrollmentBlocked** | Write | Boolean | N/A | | -| **MacOSMinimumVersion** | Write | String | N/A | | -| **MacOSMaximumVersion** | Write | String | N/A | | -| **WindowsPlatformBlocked** | Write | Boolean | N/A | | -| **WindowsPersonalDeviceEnrollmentBlocked** | Write | Boolean | N/A | | -| **WindowsOSMinimumVersion** | Write | String | N/A | | -| **WindowsOSMaximumVersion** | Write | String | N/A | | -| **WindowsMobilePlatformBlocked** | Write | Boolean | N/A | | -| **WindowsMobilePersonalDeviceEnrollmentBlocked** | Write | Boolean | N/A | | -| **WindowsMobileOSMinimumVersion** | Write | String | N/A | | -| **WindowsMobileOSMaximumVersion** | Write | String | N/A | | +| **DeviceEnrollmentConfigurationType** | Write | String | Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration. | `singlePlatformRestriction`, `platformRestrictions` | +| **IosRestriction** | Write | MSFT_DeviceEnrollmentPlatformRestriction | Ios restrictions based on platform, platform operating system version, and device ownership. | | +| **WindowsRestriction** | Write | MSFT_DeviceEnrollmentPlatformRestriction | Windows restrictions based on platform, platform operating system version, and device ownership. | | +| **WindowsHomeSkuRestriction** | Write | MSFT_DeviceEnrollmentPlatformRestriction | Windows home Sku restrictions based on platform, platform operating system version, and device ownership. | | +| **WindowsMobileRestriction** | Write | MSFT_DeviceEnrollmentPlatformRestriction | Windows Mobile restrictions based on platform, platform operating system version, and device ownership. | | +| **AndroidRestriction** | Write | MSFT_DeviceEnrollmentPlatformRestriction | Android Device Administrator restrictions based on platform, platform operating system version, and device ownership. | | +| **AndroidForWorkRestriction** | Write | MSFT_DeviceEnrollmentPlatformRestriction | Android Entreprise restrictions based on platform, platform operating system version, and device ownership. | | +| **MacRestriction** | Write | MSFT_DeviceEnrollmentPlatformRestriction | Mac restrictions based on platform, platform operating system version, and device ownership. | | +| **MacOSRestriction** | Write | MSFT_DeviceEnrollmentPlatformRestriction | Mac OS restrictions based on platform, platform operating system version, and device ownership. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Assignments of the policy. | | | **Ensure** | Write | String | Present ensures the restriction exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Intune Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | @@ -34,6 +25,31 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + +### MSFT_DeviceEnrollmentPlatformRestriction + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **PlatformBlocked** | Write | Boolean | Block the platform from enrolling. | | +| **PersonalDeviceEnrollmentBlocked** | Write | Boolean | Block personally owned devices from enrolling. | | +| **OsMinimumVersion** | Write | String | Min OS version supported. | | +| **OsMaximumVersion** | Write | String | Max OS version supported. | | +| **BlockedManufacturers** | Write | StringArray[] | Collection of blocked Manufacturers. | | +| **BlockedSkus** | Write | StringArray[] | Collection of blocked Skus. | | + ## Description @@ -85,22 +101,49 @@ Configuration Example { IntuneDeviceEnrollmentPlatformRestriction 'DeviceEnrollmentPlatformRestriction' { - DisplayName = 'My DSC Restriction' - AndroidPersonalDeviceEnrollmentBlocked = $False - AndroidPlatformBlocked = $False - Description = '' - iOSOSMaximumVersion = '11.0' - iOSOSMinimumVersion = '9.0' - iOSPersonalDeviceEnrollmentBlocked = $False - iOSPlatformBlocked = $False - MacPersonalDeviceEnrollmentBlocked = $False - MacPlatformBlocked = $True - WindowsMobilePersonalDeviceEnrollmentBlocked = $False - WindowsMobilePlatformBlocked = $True - WindowsPersonalDeviceEnrollmentBlocked = $True - WindowsPlatformBlocked = $False - Ensure = 'Present' - Credential = $credsGlobalAdmin + AndroidForWorkRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + AndroidRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + }); + Credential = $credsGlobalAdmin + Description = "This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership."; + DeviceEnrollmentConfigurationType = "platformRestrictions"; + DisplayName = "All users and all devices"; + Ensure = "Present"; + Identity = "5b0e1dba-4523-455e-9fdd-e36c833b57bf_DefaultPlatformRestrictions"; + IosRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + MacOSRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + MacRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + WindowsHomeSkuRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + WindowsMobileRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $True + personalDeviceEnrollmentBlocked = $False + }; + WindowsRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; } } } From cb864310d17ada82fc37a8422013971f0ac0b988 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 3 Apr 2023 09:22:33 +0200 Subject: [PATCH 147/187] Updated formatting --- .../MSFT_AADAdministrativeUnit.psm1 | 2 +- .../settings.json | 52 +- .../settings.json | 85 +- .../MSFT_AADGroup/MSFT_AADGroup.psm1 | 13 +- .../MSFT_AADGroupsNamingPolicy.psm1 | 2 +- .../MSFT_AADGroupsSettings.psm1 | 2 +- .../MSFT_EXOGroupSettings.psm1 | 28 +- .../MSFT_EXOMailboxSettings.psm1 | 2 +- .../MSFT_EXOManagementRoleAssignment.psm1 | 14 +- .../MSFT_EXOOnPremisesOrganization.psm1 | 2 +- .../MSFT_EXOOrganizationRelationship.psm1 | 2 +- .../MSFT_EXOOutboundConnector.psm1 | 2 +- .../MSFT_EXOOwaMailboxPolicy.psm1 | 2 +- .../MSFT_EXOPartnerApplication.psm1 | 2 +- .../MSFT_EXORemoteDomain.psm1 | 2 +- .../MSFT_EXORoleAssignmentPolicy.psm1 | 2 +- .../MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 | 43 +- .../MSFT_IntuneAppConfigurationPolicy.psm1 | 6 +- ...MSFT_IntuneAppProtectionPolicyAndroid.psm1 | 104 +- ...tuneApplicationControlPolicyWindows10.psm1 | 172 +- ...tionRulesPolicyWindows10ConfigManager.psm1 | 50 +- ...T_IntuneDeviceCompliancePolicyAndroid.psm1 | 8 +- ...iceCompliancePolicyAndroidDeviceOwner.psm1 | 8 +- ...iceCompliancePolicyAndroidWorkProfile.psm1 | 8 +- ...SFT_IntuneDeviceCompliancePolicyMacOS.psm1 | 8 +- ...IntuneDeviceCompliancePolicyWindows10.psm1 | 10 +- .../MSFT_IntuneDeviceCompliancePolicyiOs.psm1 | 12 +- ...onDeliveryOptimizationPolicyWindows10.psm1 | 512 +++--- .../settings.json | 57 +- ...tionEndpointProtectionPolicyWindows10.psm1 | 1550 +++++++++-------- .../settings.json | 57 +- ...onitoringConfigurationPolicyWindows10.psm1 | 180 +- .../settings.json | 57 +- ...tionIdentityProtectionPolicyWindows10.psm1 | 474 ++--- .../settings.json | 57 +- ...urationNetworkBoundaryPolicyWindows10.psm1 | 194 ++- .../settings.json | 57 +- .../settings.json | 2 +- ...ConfigurationPolicyAndroidWorkProfile.psm1 | 8 +- ...uneDeviceConfigurationPolicyWindows10.psm1 | 502 +++--- .../settings.json | 57 +- .../MSFT_IntuneRoleAssignment/settings.json | 69 +- .../MSFT_IntuneRoleDefinition/settings.json | 69 +- .../settings.json | 69 +- .../settings.json | 69 +- .../settings.json | 69 +- .../settings.json | 69 +- .../settings.json | 69 +- .../settings.json | 69 +- ...tDeploymentProfileAzureADHybridJoined.psm1 | 184 +- .../settings.json | 57 +- ...topilotDeploymentProfileAzureADJoined.psm1 | 184 +- .../settings.json | 57 +- .../settings.json | 57 +- .../settings.json | 57 +- .../MSFT_O365OrgSettings.psm1 | 6 +- .../MSFT_PPPowerAppsEnvironment.psm1 | 8 +- .../MSFT_PPTenantIsolationSettings.psm1 | 2 +- .../MSFT_PlannerPlan/MSFT_PlannerPlan.psm1 | 2 +- .../MSFT_PlannerTask/MSFT_PlannerTask.psm1 | 204 ++- .../MSFT_SCDLPCompliancePolicy.psm1 | 66 +- .../MSFT_SPOAccessControlSettings.psm1 | 2 +- .../DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 | 2 +- .../MSFT_SPOSearchManagedProperty.psm1 | 2 +- .../MSFT_SPOSearchResultSource.psm1 | 4 +- .../MSFT_SPOSharingSettings.psm1 | 2 +- .../MSFT_SPOSiteDesign.psm1 | 2 +- .../MSFT_SPOSiteDesignRights.psm1 | 4 +- .../MSFT_SPOStorageEntity.psm1 | 2 +- .../MSFT_SPOUserProfileProperty.psm1 | 4 +- .../MSFT_TeamsAudioConferencingPolicy.psm1 | 12 +- .../MSFT_TeamsCallHoldPolicy.psm1 | 12 +- .../MSFT_TeamsCallParkPolicy.psm1 | 12 +- .../MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 | 4 +- .../MSFT_TeamsChannelTab.psm1 | 2 +- .../MSFT_TeamsComplianceRecordingPolicy.psm1 | 12 +- .../MSFT_TeamsCortanaPolicy.psm1 | 34 +- .../MSFT_TeamsEnhancedEncryptionPolicy.psm1 | 12 +- .../MSFT_TeamsFederationConfiguration.psm1 | 5 +- .../MSFT_TeamsFeedbackPolicy.psm1 | 12 +- .../MSFT_TeamsGroupPolicyAssignment.psm1 | 5 +- .../MSFT_TeamsMobilityPolicy.psm1 | 24 +- .../MSFT_TeamsNetworkRoamingPolicy.psm1 | 12 +- .../MSFT_TeamsOnlineVoiceUser.psm1 | 6 +- .../MSFT_TeamsTenantNetworkRegion.psm1 | 12 +- .../MSFT_TeamsTenantNetworkSite.psm1 | 12 +- .../MSFT_TeamsTenantNetworkSubnet.psm1 | 14 +- .../MSFT_TeamsTenantTrustedIPAddress.psm1 | 20 +- .../settings.json | 3 +- .../MSFT_TeamsTranslationRule.psm1 | 12 +- .../MSFT_TeamsUnassignedNumberTreatment.psm1 | 18 +- .../MSFT_TeamsUpdateManagementPolicy.psm1 | 2 +- .../MSFT_TeamsUser/MSFT_TeamsUser.psm1 | 2 +- .../MSFT_TeamsUserCallingSettings.psm1 | 2 +- .../MSFT_TeamsVdiPolicy.psm1 | 12 +- .../MSFT_TeamsWorkloadPolicy.psm1 | 22 +- 96 files changed, 3083 insertions(+), 3079 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 964e6cd876..8e2ebe8366 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -1025,7 +1025,7 @@ function Export-TargetResource if ($null -ne $Results.Members) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Members' -IsCIMArray $true - $currentDSCBlock = $currentDSCBlock.Replace(",`r`n",'').Replace("`");`r`n", ");`r`n") + $currentDSCBlock = $currentDSCBlock.Replace(",`r`n", '').Replace("`");`r`n", ");`r`n") } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/settings.json index e1aceaae46..213c40b33c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/settings.json @@ -2,31 +2,31 @@ "resourceName": "AADEntitlementManagementAccessPackageAssignmentPolicy", "description": "This resource configures an Azure AD Entitlement Management Access Package Assignment Policy.", "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "EntitlementManagement.Read.All" - } - ], - "update": [ - { - "name": "EntitlementManagement.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "EntitlementManagement.Read.All" - } - ], - "update": [ - { - "name": "EntitlementManagement.ReadWrite.All" - } - ] - } - } + "graph": { + "delegated": { + "read": [ + { + "name": "EntitlementManagement.Read.All" + } + ], + "update": [ + { + "name": "EntitlementManagement.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "EntitlementManagement.Read.All" + } + ], + "update": [ + { + "name": "EntitlementManagement.ReadWrite.All" + } + ] + } + } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/settings.json index 73934eece3..dbe278e0b5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/settings.json @@ -1,45 +1,44 @@ { - "resourceName": "AADEntitlementManagementConnectedOrganization", - "description": "This resource configures an Azure AD Entitlement Management Connected Organization.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "EntitlementManagement.Read.All" - }, - { - "name": "EntitlementManagement.ReadWrite.All" - } - ], - "update": [ - { - "name": "EntitlementManagement.ReadWrite.All" - }, - { - "name": "Directory.Read.All" - } - ] - }, - "application": { - "read": [ - { - "name": "EntitlementManagement.Read.All" - }, - { - "name": "EntitlementManagement.ReadWrite.All" - } - ], - "update": [ - { - "name": "EntitlementManagement.ReadWrite.All" - }, - { - "name": "Directory.Read.All" - } - ] - } - } -} - + "resourceName": "AADEntitlementManagementConnectedOrganization", + "description": "This resource configures an Azure AD Entitlement Management Connected Organization.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "EntitlementManagement.Read.All" + }, + { + "name": "EntitlementManagement.ReadWrite.All" + } + ], + "update": [ + { + "name": "EntitlementManagement.ReadWrite.All" + }, + { + "name": "Directory.Read.All" + } + ] + }, + "application": { + "read": [ + { + "name": "EntitlementManagement.Read.All" + }, + { + "name": "EntitlementManagement.ReadWrite.All" + } + ], + "update": [ + { + "name": "EntitlementManagement.ReadWrite.All" + }, + { + "name": "Directory.Read.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 47e5b15092..06c9810295 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -187,7 +187,7 @@ function Get-TargetResource [Array]$memberOf = Get-MgGroupMemberOf -GroupId $Group.Id -All # result also used for/by AssignedToRole $MemberOfValues = @() # Note: only process security-groups that this group is a member of and not directory roles (if any) - foreach ($member in ($memberOf | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.group' })) + foreach ($member in ($memberOf | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.group' })) { if ($null -ne $member.AdditionalProperties.displayName) { @@ -732,15 +732,16 @@ function Set-TargetResource { $backCurrentAssignedToRole = @() } - $assignedToRoleDiff = Compare-Object -ReferenceObject $backCurrentAssignedToRole -DifferenceObject $desiredAssignedToRoleValue + $assignedToRoleDiff = Compare-Object -ReferenceObject $backCurrentAssignedToRole -DifferenceObject $desiredAssignedToRoleValue foreach ($diff in $assignedToRoleDiff) { try { $role = Get-MgDirectoryRole -Filter "DisplayName eq '$($diff.InputObject)'" # If the role hasn't been activated, we need to get the role template ID to first activate the role - if ($null -eq $role) { - $adminRoleTemplate = Get-MgDirectoryRoleTemplate | Where-Object {$_.DisplayName -eq $diff.InputObject} + if ($null -eq $role) + { + $adminRoleTemplate = Get-MgDirectoryRoleTemplate | Where-Object { $_.DisplayName -eq $diff.InputObject } $role = New-MgDirectoryRole -RoleTemplateId $adminRoleTemplate.Id } } @@ -1016,8 +1017,8 @@ function Export-TargetResource try { [array] $groups = Get-MgGroup -Filter $Filter -All:$true -ErrorAction Stop - $groups = $groups | Where-Object -FilterScript {-not ($_.MailEnabled -and ($null -eq $_.GroupTypes -or $_.GroupTypes.Length -eq 0)) -and - -not ($_.MailEnabled -and $_.SecurityEnabled)} + $groups = $groups | Where-Object -FilterScript { -not ($_.MailEnabled -and ($null -eq $_.GroupTypes -or $_.GroupTypes.Length -eq 0)) -and + -not ($_.MailEnabled -and $_.SecurityEnabled) } $i = 1 $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsNamingPolicy/MSFT_AADGroupsNamingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsNamingPolicy/MSFT_AADGroupsNamingPolicy.psm1 index c9c2b9c00e..f7947e6edd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsNamingPolicy/MSFT_AADGroupsNamingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsNamingPolicy/MSFT_AADGroupsNamingPolicy.psm1 @@ -208,7 +208,7 @@ function Set-TargetResource { $Policy.Values[$index].Value = $PrefixSuffixNamingRequirement } - $index++; + $index++ } Write-Verbose -Message "Updating Groups Naming Policy to {$($Policy.Values -join ',')}" Update-MgDirectorySetting -DirectorySettingId $Policy.id -Values $Policy.Values | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 index 3f8ced5404..c0ddc96796 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 @@ -298,7 +298,7 @@ function Set-TargetResource $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'UsageGuidelinesUrl' } $entry.Value = $UsageGuidelinesUrl } - $index++; + $index++ } Write-Verbose -Message "Updating Policy's Values with $($Policy.Values | Out-String)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 index 7a77eb3f20..8545dc9854 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 @@ -142,7 +142,7 @@ function Get-TargetResource $HiddenFromExchangeClientsEnabled, [Parameter()] - [ValidateSet("Explicit","Implicit","Open","OwnerModerated")] + [ValidateSet('Explicit', 'Implicit', 'Open', 'OwnerModerated')] [System.String] $InformationBarrierMode, @@ -498,7 +498,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet("Explicit","Implicit","Open","OwnerModerated")] + [ValidateSet('Explicit', 'Implicit', 'Open', 'OwnerModerated')] $InformationBarrierMode, [Parameter()] @@ -611,20 +611,20 @@ function Set-TargetResource -InboundParameters $PSBoundParameters $UpdateParameters = ([Hashtable]$PSBoundParameters).Clone() - $UpdateParameters.Add("Identity", $DisplayName) - $UpdateParameters.Remove("DisplayName") | Out-Null - $UpdateParameters.Remove("Credential") | Out-Null - $UpdateParameters.Remove("ApplicationId") | Out-Null - $UpdateParameters.Remove("TenantId") | Out-Null - $UpdateParameters.Remove("CertificateThumbprint") | Out-Null - $UpdateParameters.Remove("CertificatePath") | Out-Null - $UpdateParameters.Remove("CertificatePassword") | Out-Null - $UpdateParameters.Remove("ManagedIdentity") | Out-Null + $UpdateParameters.Add('Identity', $DisplayName) + $UpdateParameters.Remove('DisplayName') | Out-Null + $UpdateParameters.Remove('Credential') | Out-Null + $UpdateParameters.Remove('ApplicationId') | Out-Null + $UpdateParameters.Remove('TenantId') | Out-Null + $UpdateParameters.Remove('CertificateThumbprint') | Out-Null + $UpdateParameters.Remove('CertificatePath') | Out-Null + $UpdateParameters.Remove('CertificatePassword') | Out-Null + $UpdateParameters.Remove('ManagedIdentity') | Out-Null # Cannot use PrimarySmtpAddress and EmailAddresses at the same time. If both are present, then give priority to PrimarySmtpAddress. - if ($UpdateParameters.ContainsKey("PrimarySmtpAddress") -and $null -ne $UpdateParameters.PrimarySmtpAddress) + if ($UpdateParameters.ContainsKey('PrimarySmtpAddress') -and $null -ne $UpdateParameters.PrimarySmtpAddress) { - $UpdateParameters.Remove("EmailAddresses") + $UpdateParameters.Remove('EmailAddresses') } Set-UnifiedGroup @UpdateParameters } @@ -774,7 +774,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet("Explicit","Implicit","Open","OwnerModerated")] + [ValidateSet('Explicit', 'Implicit', 'Open', 'OwnerModerated')] $InformationBarrierMode, [Parameter()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxSettings/MSFT_EXOMailboxSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxSettings/MSFT_EXOMailboxSettings.psm1 index 543e83ca3f..3f08f269a1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxSettings/MSFT_EXOMailboxSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxSettings/MSFT_EXOMailboxSettings.psm1 @@ -182,7 +182,7 @@ function Set-TargetResource $currentMailbox = Get-TargetResource @PSBoundParameters $AllowedTimeZones = (Get-ChildItem 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Time zones' | ` - ForEach-Object { Get-ItemProperty $_.PSPath }).PSChildName + ForEach-Object { Get-ItemProperty $_.PSPath }).PSChildName if ($AllowedTimeZones.Contains($TimeZone) -eq $false) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 index af0c9f7c46..c11267c968 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 @@ -314,11 +314,11 @@ function Set-TargetResource # If the RecipientAdministrativeUnitScope parameter is provided, then retrieve its ID by Name if (-not [System.String]::IsNullOrEmpty($RecipientAdministrativeUnitScope)) { - $NewManagementRoleParams.Remove("CustomRecipientWriteScope") | Out-Null + $NewManagementRoleParams.Remove('CustomRecipientWriteScope') | Out-Null $adminUnit = Get-AdministrativeUnit -Identity $RecipientAdministrativeUnitScope -ErrorAction SilentlyContinue if ($null -eq $adminUnit) { - $adminUnit = Get-AdministrativeUnit | Where-Object -FilterScript {$_.DisplayName -eq $RecipientAdministrativeUnitScope} + $adminUnit = Get-AdministrativeUnit | Where-Object -FilterScript { $_.DisplayName -eq $RecipientAdministrativeUnitScope } } $NewManagementRoleParams.RecipientAdministrativeUnitScope = $adminUnit.Name } @@ -357,7 +357,7 @@ function Set-TargetResource $count = 1 do { - Write-Verbose -Message "Testing to ensure changes were applied." + Write-Verbose -Message 'Testing to ensure changes were applied.' $testResults = Test-TargetResource @PSBoundParameters if (-not $testResults) { @@ -371,11 +371,11 @@ function Set-TargetResource # Need to force reconnect to Exchange for the new permissions to kick in. if ($null -ne $Global:MSCloudLoginConnectionProfile.ExchangeOnline) { - Write-Verbose -Message "Waiting for 20 seconds for new permissions to be effective." + Write-Verbose -Message 'Waiting for 20 seconds for new permissions to be effective.' Start-Sleep 20 - Write-Verbose -Message "Disconnecting from Exchange Online" + Write-Verbose -Message 'Disconnecting from Exchange Online' $Global:MSCloudLoginConnectionProfile.ExchangeOnline.Disconnect() - } + } } function Test-TargetResource @@ -564,7 +564,7 @@ function Export-TargetResource { [array]$roleAssignments = Get-ManagementRoleAssignment | Where-Object -FilterScript { $_.RoleAssigneeType -eq 'ServicePrincipal' -or ` $_.RoleAssigneeType -eq 'User' -or $_.RoleAssigneeType -eq 'RoleAssignmentPolicy' -or $_.RoleAssigneeType -eq 'SecurityGroup' ` - -or $_.RoleAssigneeType -eq 'RoleGroup'} + -or $_.RoleAssigneeType -eq 'RoleGroup' } $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOnPremisesOrganization/MSFT_EXOOnPremisesOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOnPremisesOrganization/MSFT_EXOOnPremisesOrganization.psm1 index b91136e334..8eac15297c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOnPremisesOrganization/MSFT_EXOOnPremisesOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOnPremisesOrganization/MSFT_EXOOnPremisesOrganization.psm1 @@ -490,7 +490,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationRelationship/MSFT_EXOOrganizationRelationship.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationRelationship/MSFT_EXOOrganizationRelationship.psm1 index ce0578285b..86a8b9303e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationRelationship/MSFT_EXOOrganizationRelationship.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationRelationship/MSFT_EXOOrganizationRelationship.psm1 @@ -733,7 +733,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.psm1 index 104a83c2f5..3ed0869650 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.psm1 @@ -612,7 +612,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.psm1 index 153a3d828f..07fde40a7b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.psm1 @@ -1520,7 +1520,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPartnerApplication/MSFT_EXOPartnerApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPartnerApplication/MSFT_EXOPartnerApplication.psm1 index 3e16ec18f5..1916175cc0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPartnerApplication/MSFT_EXOPartnerApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPartnerApplication/MSFT_EXOPartnerApplication.psm1 @@ -464,7 +464,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORemoteDomain/MSFT_EXORemoteDomain.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORemoteDomain/MSFT_EXORemoteDomain.psm1 index c6a066ef4d..8b49f2e15d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORemoteDomain/MSFT_EXORemoteDomain.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORemoteDomain/MSFT_EXORemoteDomain.psm1 @@ -694,7 +694,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleAssignmentPolicy/MSFT_EXORoleAssignmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleAssignmentPolicy/MSFT_EXORoleAssignmentPolicy.psm1 index a514729252..ef2865b028 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleAssignmentPolicy/MSFT_EXORoleAssignmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleAssignmentPolicy/MSFT_EXORoleAssignmentPolicy.psm1 @@ -458,7 +458,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 index 581ab0f02a..b79ab1123a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 @@ -1,4 +1,4 @@ -function Get-TargetResource +function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] @@ -56,13 +56,13 @@ function Get-TargetResource ) Write-Verbose -Message "Getting Role Group configuration for $Name" - if ($Global:CurrentModeIsExport) + if ($Global:CurrentModeIsExport) { $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters ` -SkipModuleReload $true } - else + else { $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters @@ -83,18 +83,18 @@ function Get-TargetResource $nullReturn = $PSBoundParameters $nullReturn.Ensure = 'Absent' - try + try { $AllRoleGroups = Get-RoleGroup -ErrorAction Stop $RoleGroup = $AllRoleGroups | Where-Object -FilterScript { $_.Name -eq $Name } - if ($null -eq $RoleGroup) + if ($null -eq $RoleGroup) { Write-Verbose -Message "Role Group $($Name) does not exist." return $nullReturn } - else + else { # Get RoleGroup Members DN if RoleGroup exists. This is required especially when adding Members like "Exchange Administrator" or "Global Administrator" that have different Names across Tenants $roleGroupMember = Get-RoleGroupMember -Identity $Name | Select-Object DisplayName @@ -118,7 +118,7 @@ function Get-TargetResource return $result } } - catch + catch { New-M365DSCLogEntry -Message 'Error retrieving data:' ` -Exception $_ ` @@ -130,7 +130,7 @@ function Get-TargetResource } } -function Set-TargetResource +function Set-TargetResource { [CmdletBinding()] param @@ -211,27 +211,27 @@ function Set-TargetResource Members = $Members Roles = $Roles Confirm = $false - } + } # Remove Description Parameter if null or Empty as the creation fails with $null parameter - if ([System.String]::IsNullOrEmpty($Description)) + if ([System.String]::IsNullOrEmpty($Description)) { $NewRoleGroupParams.Remove('Description') | Out-Null } # CASE: Role Group doesn't exist but should; - if ($Ensure -eq 'Present' -and $currentRoleGroupConfig.Ensure -eq 'Absent') + if ($Ensure -eq 'Present' -and $currentRoleGroupConfig.Ensure -eq 'Absent') { Write-Verbose -Message "Role Group '$($Name)' does not exist but it should. Create and configure it." # Create Role Group New-RoleGroup @NewRoleGroupParams } # CASE: Role Group exists but it shouldn't; - elseif ($Ensure -eq 'Absent' -and $currentRoleGroupConfig.Ensure -eq 'Present') + elseif ($Ensure -eq 'Absent' -and $currentRoleGroupConfig.Ensure -eq 'Present') { Write-Verbose -Message "Role Group '$($Name)' exists but it shouldn't. Remove it." Remove-RoleGroup -Identity $Name -Confirm:$false -Force } # CASE: Role Group exists and it should, but has different member values than the desired ones - elseif ($Ensure -eq 'Present' -and $currentRoleGroupConfig.Ensure -eq 'Present' -and $null -ne (Compare-Object -ReferenceObject $($currentRoleGroupConfig.Members) -DifferenceObject $Members)) + elseif ($Ensure -eq 'Present' -and $currentRoleGroupConfig.Ensure -eq 'Present' -and $null -ne (Compare-Object -ReferenceObject $($currentRoleGroupConfig.Members) -DifferenceObject $Members)) { Write-Verbose -Message "Role Group '$($Name)' already exists, but members need updating." Write-Verbose -Message "Updating Role Group $($Name) members with values: $(Convert-M365DscHashtableToString -Hashtable $NewRoleGroupParams)" @@ -259,7 +259,7 @@ function Set-TargetResource } } -function Test-TargetResource +function Test-TargetResource { [CmdletBinding()] [OutputType([System.Boolean])] @@ -353,7 +353,7 @@ function Test-TargetResource return $TestResult } -function Export-TargetResource +function Export-TargetResource { [CmdletBinding()] [OutputType([System.String])] @@ -403,21 +403,22 @@ function Export-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - try { - [array]$AllRoleGroups = Get-RoleGroup + try + { + [array]$AllRoleGroups = Get-RoleGroup $dscContent = '' - if ($AllRoleGroups.Length -eq 0) + if ($AllRoleGroups.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } - else + else { Write-Host "`r`n" -NoNewline } $i = 1 - foreach ($RoleGroup in $AllRoleGroups) + foreach ($RoleGroup in $AllRoleGroups) { Write-Host " |---[$i/$($AllRoleGroups.Count)] $($RoleGroup.Name)" -NoNewline $roleGroupMember = Get-RoleGroupMember -Identity $RoleGroup.Name | Select-Object DisplayName @@ -450,7 +451,7 @@ function Export-TargetResource } return $dscContent } - catch + catch { Write-Host $Global:M365DSCEmojiRedX diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 index bf9a60e112..a7b37d2d3f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 @@ -375,7 +375,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -388,7 +388,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -397,7 +397,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 index 6b0650077b..bda65afcd1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 @@ -1245,7 +1245,7 @@ function Set-AppsHash } $AppsHash = @{ - 'AppGroupType' = $AppGroupType; + 'AppGroupType' = $AppGroupType 'Apps' = $appsarray } @@ -1300,9 +1300,9 @@ function Set-ManagedBrowserValues } $ManagedBrowserHash = @{ - 'ManagedBrowser' = $ManagedBrowser; - 'ManagedBrowserToOpenLinksRequired' = $ManagedBrowserToOpenLinksRequired; - 'CustomBrowserDisplayName' = $CustomBrowserDisplayName; + 'ManagedBrowser' = $ManagedBrowser + 'ManagedBrowserToOpenLinksRequired' = $ManagedBrowserToOpenLinksRequired + 'CustomBrowserDisplayName' = $CustomBrowserDisplayName 'CustomBrowserPackageId' = $CustomBrowserPackageId } @@ -1312,54 +1312,54 @@ function Set-ManagedBrowserValues function Get-InputParameters { return @{ - AllowedDataStorageLocations = @{Type = 'Parameter' ; ExportFileType = 'Array'; }; - AllowedInboundDataTransferSources = @{Type = 'Parameter' ; ExportFileType = 'String'; }; - AllowedOutboundClipboardSharingLevel = @{Type = 'Parameter' ; ExportFileType = 'String'; }; - AllowedOutboundDataTransferDestinations = @{Type = 'Parameter' ; ExportFileType = 'String'; }; - ApplicationId = @{Type = 'Credential' ; ExportFileType = 'NA'; }; - ApplicationSecret = @{Type = 'Credential' ; ExportFileType = 'NA'; }; - AppGroupType = @{Type = 'ComplexParameter' ; ExportFileType = 'String'; }; - Apps = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - Assignments = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - CertificateThumbprint = @{Type = 'Credential' ; ExportFileType = 'NA'; }; - Managedidentity = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - ContactSyncBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - Credential = @{Type = 'Credential' ; ExportFileType = 'NA'; }; - CustomBrowserDisplayName = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - CustomBrowserPackageId = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - DataBackupBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - Description = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - DeviceComplianceRequired = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - DisableAppEncryptionIfDeviceEncryptionIsEnabled = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - DisableAppPinIfDevicePinIsSet = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - DisplayName = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - EncryptAppData = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - Ensure = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - ExcludedGroups = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - FingerprintBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - Id = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - IsAssigned = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - ManagedBrowser = @{Type = 'ComplexParameter' ; ExportFileType = 'String'; }; - ManagedBrowserToOpenLinksRequired = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - MaximumPinRetries = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - MinimumPinLength = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - MinimumRequiredAppVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - MinimumRequiredOSVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - MinimumRequiredPatchVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - MinimumWarningAppVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - MinimumWarningOSVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - MinimumWarningPatchVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - OrganizationalCredentialsRequired = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - PeriodBeforePinReset = @{Type = 'Parameter' ; ExportFileType = 'Duration'; }; - PeriodOfflineBeforeAccessCheck = @{Type = 'Parameter' ; ExportFileType = 'Duration'; }; - PeriodOfflineBeforeWipeIsEnforced = @{Type = 'Parameter' ; ExportFileType = 'Duration'; }; - PeriodOnlineBeforeAccessCheck = @{Type = 'Parameter' ; ExportFileType = 'Duration'; }; - PinCharacterSet = @{Type = 'Parameter' ; ExportFileType = 'String'; }; - PinRequired = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - PrintBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - SaveAsBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - ScreenCaptureBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - SimplePinBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; + AllowedDataStorageLocations = @{Type = 'Parameter' ; ExportFileType = 'Array'; } + AllowedInboundDataTransferSources = @{Type = 'Parameter' ; ExportFileType = 'String'; } + AllowedOutboundClipboardSharingLevel = @{Type = 'Parameter' ; ExportFileType = 'String'; } + AllowedOutboundDataTransferDestinations = @{Type = 'Parameter' ; ExportFileType = 'String'; } + ApplicationId = @{Type = 'Credential' ; ExportFileType = 'NA'; } + ApplicationSecret = @{Type = 'Credential' ; ExportFileType = 'NA'; } + AppGroupType = @{Type = 'ComplexParameter' ; ExportFileType = 'String'; } + Apps = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + Assignments = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + CertificateThumbprint = @{Type = 'Credential' ; ExportFileType = 'NA'; } + Managedidentity = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + ContactSyncBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + Credential = @{Type = 'Credential' ; ExportFileType = 'NA'; } + CustomBrowserDisplayName = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + CustomBrowserPackageId = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + DataBackupBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + Description = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + DeviceComplianceRequired = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + DisableAppEncryptionIfDeviceEncryptionIsEnabled = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + DisableAppPinIfDevicePinIsSet = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + DisplayName = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + EncryptAppData = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + Ensure = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + ExcludedGroups = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + FingerprintBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + Id = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + IsAssigned = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + ManagedBrowser = @{Type = 'ComplexParameter' ; ExportFileType = 'String'; } + ManagedBrowserToOpenLinksRequired = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + MaximumPinRetries = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + MinimumPinLength = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + MinimumRequiredAppVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + MinimumRequiredOSVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + MinimumRequiredPatchVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + MinimumWarningAppVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + MinimumWarningOSVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + MinimumWarningPatchVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + OrganizationalCredentialsRequired = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + PeriodBeforePinReset = @{Type = 'Parameter' ; ExportFileType = 'Duration'; } + PeriodOfflineBeforeAccessCheck = @{Type = 'Parameter' ; ExportFileType = 'Duration'; } + PeriodOfflineBeforeWipeIsEnforced = @{Type = 'Parameter' ; ExportFileType = 'Duration'; } + PeriodOnlineBeforeAccessCheck = @{Type = 'Parameter' ; ExportFileType = 'Duration'; } + PinCharacterSet = @{Type = 'Parameter' ; ExportFileType = 'String'; } + PinRequired = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + PrintBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + SaveAsBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + ScreenCaptureBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + SimplePinBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; } TenantId = @{Type = 'Credential' ; ExportFileType = 'NA'; } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 index 6932f20a0d..46507da195 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 @@ -416,7 +416,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -429,7 +429,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -438,7 +438,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } } @@ -766,15 +766,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -782,26 +782,26 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -810,23 +810,23 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -840,37 +840,37 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -879,17 +879,17 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -900,26 +900,26 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -928,11 +928,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -943,32 +943,32 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } return $currentProperty @@ -1020,49 +1020,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1072,7 +1072,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1084,7 +1084,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 index 66cd3e4ce6..b9e8adbccd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 @@ -469,12 +469,12 @@ function Set-TargetResource -TemplateId $templateReferenceId $createParameters = @{ - Name = $DisplayName - Description = $Description - TemplateReference = @{templateId = $templateReferenceId} - Platforms = $platforms - Technologies = $technologies - Settings = $settings + Name = $DisplayName + Description = $Description + TemplateReference = @{templateId = $templateReferenceId } + Platforms = $platforms + Technologies = $technologies + Settings = $settings } New-MgDeviceManagementConfigurationPolicy -bodyParameter $createParameters @@ -933,19 +933,19 @@ function Get-IntuneSettingCatalogPolicySetting $settingInstance = @{} $settingName = $settingDefinition.SettingDefinitionId.split('_') | Select-Object -Last 1 - $settingType = $settingDefinition.AdditionalProperties.'@odata.type'.replace('InstanceTemplate','Instance') + $settingType = $settingDefinition.AdditionalProperties.'@odata.type'.replace('InstanceTemplate', 'Instance') $settingInstance.Add('settingDefinitionId', $settingDefinition.settingDefinitionId) $settingInstance.Add('@odata.type', $settingType) if (-Not [string]::IsNullOrEmpty($settingDefinition.settingInstanceTemplateId)) { - $settingInstance.Add('settingInstanceTemplateReference',@{'settingInstanceTemplateId'=$settingDefinition.settingInstanceTemplateId}) + $settingInstance.Add('settingInstanceTemplateReference', @{'settingInstanceTemplateId' = $settingDefinition.settingInstanceTemplateId }) } - $settingValueName = $settingType.replace('#microsoft.graph.deviceManagementConfiguration','').replace('Instance','Value') - $settingValueName = $settingValueName.Substring(0,1).ToLower() + $settingValueName.Substring(1,$settingValueName.length -1 ) + $settingValueName = $settingType.replace('#microsoft.graph.deviceManagementConfiguration', '').replace('Instance', 'Value') + $settingValueName = $settingValueName.Substring(0, 1).ToLower() + $settingValueName.Substring(1, $settingValueName.length - 1 ) $settingValueType = $settingDefinition.AdditionalProperties."$($settingValueName)Template".'@odata.type' if ($null -ne $settingValueType) { - $settingValueType = $settingValueType.replace('ValueTemplate','Value') + $settingValueType = $settingValueType.replace('ValueTemplate', 'Value') } $settingValueTemplateId = $settingDefinition.AdditionalProperties."$($settingValueName)Template".settingValueTemplateId $settingValue = Get-IntuneSettingCatalogPolicySettingInstanceValue ` @@ -956,10 +956,10 @@ function Get-IntuneSettingCatalogPolicySetting -SettingValueName $settingValueName ` -SettingValueType $settingValueType ` -SettingValueTemplateId $settingValueTemplateId - $settingInstance+=($settingValue) + $settingInstance += ($settingValue) $settingInstances += @{ - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSetting' + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSetting' 'settingInstance' = $settingInstance } } @@ -1000,7 +1000,7 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue ) $settingValueReturn = @{} - switch($settingType) + switch ($settingType) { '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' { @@ -1008,13 +1008,13 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue $groupSettingCollectionValueChildren = @() $groupSettingCollectionDefinitionChildren = $SettingDefinition.AdditionalProperties.groupSettingCollectionValueTemplate.children - foreach($childDefinition in $groupSettingCollectionDefinitionChildren) + foreach ($childDefinition in $groupSettingCollectionDefinitionChildren) { $childSettingName = $childDefinition.settingDefinitionId.split('_') | Select-Object -Last 1 - $childSettingType = $childDefinition.'@odata.type'.replace('InstanceTemplate','Instance') - $childSettingValueName = $childSettingType.replace('#microsoft.graph.deviceManagementConfiguration','').replace('Instance','Value') + $childSettingType = $childDefinition.'@odata.type'.replace('InstanceTemplate', 'Instance') + $childSettingValueName = $childSettingType.replace('#microsoft.graph.deviceManagementConfiguration', '').replace('Instance', 'Value') $childSettingValueType = "#microsoft.graph.deviceManagementConfiguration$($childSettingValueName)" - $childSettingValueName = $childSettingValueName.Substring(0,1).ToLower() + $childSettingValueName.Substring(1,$childSettingValueName.length -1 ) + $childSettingValueName = $childSettingValueName.Substring(0, 1).ToLower() + $childSettingValueName.Substring(1, $childSettingValueName.length - 1 ) $childSettingValueTemplateId = $childDefinition.$childSettingValueName.settingValueTemplateId $childSettingValue = Get-IntuneSettingCatalogPolicySettingInstanceValue ` -DSCParams $DSCParams ` @@ -1035,19 +1035,19 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' { $values = @() - foreach( $key in $DSCParams.Keys) + foreach ( $key in $DSCParams.Keys) { - if($settingName -eq ($key.tolower())) + if ($settingName -eq ($key.tolower())) { $values = $DSCParams[$key] break } } $settingValueCollection = @() - foreach($v in $values) + foreach ($v in $values) { $settingValueCollection += @{ - value = $v + value = $v '@odata.type' = $settingValueType } } @@ -1056,9 +1056,9 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue Default { $value = $null - foreach( $key in $DSCParams.Keys) + foreach ( $key in $DSCParams.Keys) { - if($settingName -eq ($key.tolower())) + if ($settingName -eq ($key.tolower())) { $value = "$($SettingDefinition.settingDefinitionId)_$($DSCParams[$key])" break @@ -1072,7 +1072,7 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue } if (-Not [string]::IsNullOrEmpty($settingValueTemplateId)) { - $settingValue.Add('settingValueTemplateReference',@{'settingValueTemplateId'= $settingValueTemplateId}) + $settingValue.Add('settingValueTemplateReference', @{'settingValueTemplateId' = $settingValueTemplateId }) } $settingValue.add('value', $value) $settingValueReturn.Add($settingValueName, $settingValue) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 index 30fe835b5a..bb08e0b633 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 @@ -235,7 +235,7 @@ function Get-TargetResource } $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id $assignmentResult = @() foreach ($assignmentEntry in $returnAssignments) { @@ -747,7 +747,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -760,7 +760,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -769,7 +769,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 index 8d5bd55249..24a169468f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 @@ -177,7 +177,7 @@ function Get-TargetResource } $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id $assignmentResult = @() foreach ($assignmentEntry in $returnAssignments) { @@ -600,7 +600,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -613,7 +613,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -622,7 +622,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 index e2a42cb6f4..e46c48c10b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 @@ -223,7 +223,7 @@ function Get-TargetResource } $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id $assignmentResult = @() foreach ($assignmentEntry in $returnAssignments) { @@ -710,7 +710,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -723,7 +723,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -732,7 +732,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 index 69775d0515..b3f4b2523c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 @@ -201,7 +201,7 @@ function Get-TargetResource } $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id $assignmentResult = @() foreach ($assignmentEntry in $returnAssignments) { @@ -657,7 +657,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -670,7 +670,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -679,7 +679,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 index 1e97fdbe10..6428809697 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 @@ -773,7 +773,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $CIMAssignmentAsHash = Get-M365DSCAssignmentsAsHashtable -CIMAssignment $source @@ -786,7 +786,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: collectionId {$($assignment.collectionId)} not found" $testResult = $false - break; + break } $CIMAssignmentAsHash = Get-M365DSCAssignmentsAsHashtable -CIMAssignment $source @@ -799,7 +799,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $CIMAssignmentAsHash = Get-M365DSCAssignmentsAsHashtable -CIMAssignment $source } @@ -821,7 +821,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } @@ -1096,7 +1096,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/beta/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 index 744ce1e545..15959bfdc9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 @@ -190,7 +190,7 @@ function Get-TargetResource } $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id $assignmentResult = @() foreach ($assignmentEntry in $returnAssignments) { @@ -633,7 +633,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -1226,7 +1226,7 @@ function Rename-M365DSCCimInstanceODataParameter } $clonedProperties.$key = $values } - break; + break } '*hashtable[[\]]' { @@ -1241,7 +1241,7 @@ function Rename-M365DSCCimInstanceODataParameter } $clonedProperties.$key = $values } - break; + break } '*CimInstance' { @@ -1254,7 +1254,7 @@ function Rename-M365DSCCimInstanceODataParameter $CIMHash.remove('odataType') $clonedProperties.$key = $CIMHash } - break; + break } '*Hashtable' { @@ -1265,7 +1265,7 @@ function Rename-M365DSCCimInstanceODataParameter $Properties.$key.remove('odataType') $clonedProperties.$key = $Properties.$key } - break; + break } Default { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 index 255a85b47b..74e215f94d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 @@ -26,7 +26,7 @@ function Get-TargetResource $CacheServerHostNames, [Parameter()] - [ValidateSet('userDefined','httpOnly','httpWithPeeringNat','httpWithPeeringPrivateGroup','httpWithInternetPeering','simpleDownload','bypassMode')] + [ValidateSet('userDefined', 'httpOnly', 'httpWithPeeringNat', 'httpWithPeeringPrivateGroup', 'httpWithInternetPeering', 'simpleDownload', 'bypassMode')] [System.String] $DeliveryOptimizationMode, @@ -67,12 +67,12 @@ function Get-TargetResource $ModifyCacheLocation, [Parameter()] - [ValidateSet('notConfigured','subnetMask')] + [ValidateSet('notConfigured', 'subnetMask')] [System.String] $RestrictPeerSelectionBy, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $VpnPeerCaching, @@ -150,13 +150,13 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Device Configuration Delivery Optimization Policy for Windows10 with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDeviceManagementDeviceConfiguration ` -Filter "DisplayName eq '$DisplayName'" ` @@ -181,28 +181,28 @@ function Get-TargetResource $complexBandwidthBackgroundPercentageHours.Add('BandwidthEndBusinessHours', $getValue.AdditionalProperties.bandwidthMode.bandwidthBackgroundPercentageHours.bandwidthEndBusinessHours) $complexBandwidthBackgroundPercentageHours.Add('BandwidthPercentageDuringBusinessHours', $getValue.AdditionalProperties.bandwidthMode.bandwidthBackgroundPercentageHours.bandwidthPercentageDuringBusinessHours) $complexBandwidthBackgroundPercentageHours.Add('BandwidthPercentageOutsideBusinessHours', $getValue.AdditionalProperties.bandwidthMode.bandwidthBackgroundPercentageHours.bandwidthPercentageOutsideBusinessHours) - if($complexBandwidthBackgroundPercentageHours.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexBandwidthBackgroundPercentageHours.values.Where({ $null -ne $_ }).count -eq 0) { $complexBandwidthBackgroundPercentageHours = $null } - $complexBandwidthMode.Add('BandwidthBackgroundPercentageHours',$complexBandwidthBackgroundPercentageHours) + $complexBandwidthMode.Add('BandwidthBackgroundPercentageHours', $complexBandwidthBackgroundPercentageHours) $complexBandwidthForegroundPercentageHours = @{} $complexBandwidthForegroundPercentageHours.Add('BandwidthBeginBusinessHours', $getValue.AdditionalProperties.bandwidthMode.bandwidthForegroundPercentageHours.bandwidthBeginBusinessHours) $complexBandwidthForegroundPercentageHours.Add('BandwidthEndBusinessHours', $getValue.AdditionalProperties.bandwidthMode.bandwidthForegroundPercentageHours.bandwidthEndBusinessHours) $complexBandwidthForegroundPercentageHours.Add('BandwidthPercentageDuringBusinessHours', $getValue.AdditionalProperties.bandwidthMode.bandwidthForegroundPercentageHours.bandwidthPercentageDuringBusinessHours) $complexBandwidthForegroundPercentageHours.Add('BandwidthPercentageOutsideBusinessHours', $getValue.AdditionalProperties.bandwidthMode.bandwidthForegroundPercentageHours.bandwidthPercentageOutsideBusinessHours) - if($complexBandwidthForegroundPercentageHours.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexBandwidthForegroundPercentageHours.values.Where({ $null -ne $_ }).count -eq 0) { $complexBandwidthForegroundPercentageHours = $null } - $complexBandwidthMode.Add('BandwidthForegroundPercentageHours',$complexBandwidthForegroundPercentageHours) + $complexBandwidthMode.Add('BandwidthForegroundPercentageHours', $complexBandwidthForegroundPercentageHours) $complexBandwidthMode.Add('MaximumBackgroundBandwidthPercentage', $getValue.AdditionalProperties.bandwidthMode.maximumBackgroundBandwidthPercentage) $complexBandwidthMode.Add('MaximumForegroundBandwidthPercentage', $getValue.AdditionalProperties.bandwidthMode.maximumForegroundBandwidthPercentage) if ($null -ne $getValue.AdditionalProperties.bandwidthMode.'@odata.type') { $complexBandwidthMode.Add('odataType', $getValue.AdditionalProperties.bandwidthMode.'@odata.type'.toString()) } - if($complexBandwidthMode.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexBandwidthMode.values.Where({ $null -ne $_ }).count -eq 0) { $complexBandwidthMode = $null } @@ -217,7 +217,7 @@ function Get-TargetResource { $complexGroupIdSource.Add('odataType', $getValue.AdditionalProperties.groupIdSource.'@odata.type'.toString()) } - if($complexGroupIdSource.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexGroupIdSource.values.Where({ $null -ne $_ }).count -eq 0) { $complexGroupIdSource = $null } @@ -229,7 +229,7 @@ function Get-TargetResource { $complexMaximumCacheSize.Add('odataType', $getValue.AdditionalProperties.maximumCacheSize.'@odata.type'.toString()) } - if($complexMaximumCacheSize.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexMaximumCacheSize.values.Where({ $null -ne $_ }).count -eq 0) { $complexMaximumCacheSize = $null } @@ -294,11 +294,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' - deviceAndAppManagementAssignmentFilterType = $(if($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -345,7 +347,7 @@ function Set-TargetResource $CacheServerHostNames, [Parameter()] - [ValidateSet('userDefined','httpOnly','httpWithPeeringNat','httpWithPeeringPrivateGroup','httpWithInternetPeering','simpleDownload','bypassMode')] + [ValidateSet('userDefined', 'httpOnly', 'httpWithPeeringNat', 'httpWithPeeringPrivateGroup', 'httpWithInternetPeering', 'simpleDownload', 'bypassMode')] [System.String] $DeliveryOptimizationMode, @@ -386,12 +388,12 @@ function Set-TargetResource $ModifyCacheLocation, [Parameter()] - [ValidateSet('notConfigured','subnetMask')] + [ValidateSet('notConfigured', 'subnetMask')] [System.String] $RestrictPeerSelectionBy, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $VpnPeerCaching, @@ -471,32 +473,32 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Delivery Optimization Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsDeliveryOptimizationConfiguration") - $policy=New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $CreateParameters.Add('@odata.type', '#microsoft.graph.windowsDeliveryOptimizationConfiguration') + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - if($policy.id) + if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -505,30 +507,30 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Delivery Optimization Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters $UpdateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsDeliveryOptimizationConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windowsDeliveryOptimizationConfiguration') Update-MgDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` @@ -537,7 +539,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Intune Device Configuration Delivery Optimization Policy for Windows10 with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Removing the Intune Device Configuration Delivery Optimization Policy for Windows10 with Id {$($currentInstance.Id)}" #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion @@ -572,7 +574,7 @@ function Test-TargetResource $CacheServerHostNames, [Parameter()] - [ValidateSet('userDefined','httpOnly','httpWithPeeringNat','httpWithPeeringPrivateGroup','httpWithInternetPeering','simpleDownload','bypassMode')] + [ValidateSet('userDefined', 'httpOnly', 'httpWithPeeringNat', 'httpWithPeeringPrivateGroup', 'httpWithInternetPeering', 'simpleDownload', 'bypassMode')] [System.String] $DeliveryOptimizationMode, @@ -613,12 +615,12 @@ function Test-TargetResource $ModifyCacheLocation, [Parameter()] - [ValidateSet('notConfigured','subnetMask')] + [ValidateSet('notConfigured', 'subnetMask')] [System.String] $RestrictPeerSelectionBy, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $VpnPeerCaching, @@ -713,7 +715,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -797,7 +799,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsDeliveryOptimizationConfiguration' ` - } + } #endregion $i = 1 @@ -820,7 +822,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -837,19 +839,19 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'BandwidthMode' + Name = 'BandwidthMode' CimInstanceName = 'MicrosoftGraphDeliveryOptimizationBandwidth' - IsRequired = $False + IsRequired = $False } @{ - Name = 'BandwidthBackgroundPercentageHours' + Name = 'BandwidthBackgroundPercentageHours' CimInstanceName = 'MicrosoftGraphDeliveryOptimizationBandwidthBusinessHoursLimit' - IsRequired = $False + IsRequired = $False } @{ - Name = 'BandwidthForegroundPercentageHours' + Name = 'BandwidthForegroundPercentageHours' CimInstanceName = 'MicrosoftGraphDeliveryOptimizationBandwidthBusinessHoursLimit' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -857,7 +859,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeliveryOptimizationBandwidth' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.BandwidthMode = $complexTypeStringResult } @@ -871,7 +873,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.GroupIdSource ` -CIMInstanceName 'MicrosoftGraphdeliveryOptimizationGroupIdSource' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.GroupIdSource = $complexTypeStringResult } @@ -885,7 +887,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.MaximumCacheSize ` -CIMInstanceName 'MicrosoftGraphdeliveryOptimizationMaxCacheSize' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.MaximumCacheSize = $complexTypeStringResult } @@ -894,7 +896,7 @@ function Export-TargetResource $Results.Remove('MaximumCacheSize') | Out-Null } } - if($Results.Assignments) + if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) @@ -913,23 +915,23 @@ function Export-TargetResource -Credential $Credential if ($Results.BandwidthMode) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "BandwidthMode" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'BandwidthMode' -IsCIMArray:$False } if ($Results.GroupIdSource) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "GroupIdSource" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'GroupIdSource' -IsCIMArray:$False } if ($Results.MaximumCacheSize) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "MaximumCacheSize" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'MaximumCacheSize' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable - $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) - $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( " ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -967,40 +969,40 @@ function Update-DeviceConfigurationPolicyAssignment [Parameter()] [System.String] - $Repository='deviceManagement/configurationPolicies', + $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] - $APIVersion='beta' + $APIVersion = 'beta' ) try { - $deviceManagementPolicyAssignments=@() - $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach ($target in $targets) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) + $formattedTarget = @{'@odata.type' = $target.dataType } + if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } - if($target.collectionId) + if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } - if($target.deviceAndAppManagementAssignmentFilterType) + if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } - if($target.deviceAndAppManagementAssignmentFilterId) + if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -1019,19 +1021,19 @@ function Update-DeviceConfigurationPolicyAssignment function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" + $keyToRename = @{ + 'odataType' = '@odata.type' } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -1041,34 +1043,34 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values - return ,$result + return , $result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like '*Hashtable') { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -1081,51 +1083,51 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -1142,27 +1144,27 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' ) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -1220,15 +1222,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -1236,26 +1238,26 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -1264,23 +1266,23 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -1294,37 +1296,37 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1333,17 +1335,17 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -1354,26 +1356,26 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1382,11 +1384,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1397,32 +1399,32 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } return $currentProperty @@ -1442,49 +1444,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1494,7 +1496,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1506,7 +1508,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1524,47 +1526,47 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -1574,36 +1576,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1611,16 +1613,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -1630,18 +1632,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1665,47 +1667,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/settings.json index 145d472782..7a4ac875c3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10", "description": "This resource configures an Intune Device Configuration Delivery Optimization Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 index ca7a1593b3..31fa4bb849 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 @@ -38,12 +38,12 @@ function Get-TargetResource $ApplicationGuardAllowVirtualGPU, [Parameter()] - [ValidateSet('notConfigured','blockBoth','blockHostToContainer','blockContainerToHost','blockNone')] + [ValidateSet('notConfigured', 'blockBoth', 'blockHostToContainer', 'blockContainerToHost', 'blockNone')] [System.String] $ApplicationGuardBlockClipboardSharing, [Parameter()] - [ValidateSet('notConfigured','blockImageAndTextFile','blockImageFile','blockNone','blockTextFile')] + [ValidateSet('notConfigured', 'blockImageAndTextFile', 'blockImageFile', 'blockNone', 'blockTextFile')] [System.String] $ApplicationGuardBlockFileTransfer, @@ -60,7 +60,7 @@ function Get-TargetResource $ApplicationGuardEnabled, [Parameter()] - [ValidateSet('notConfigured','enabledForEdge','enabledForOffice','enabledForEdgeAndOffice')] + [ValidateSet('notConfigured', 'enabledForEdge', 'enabledForOffice', 'enabledForEdgeAndOffice')] [System.String] $ApplicationGuardEnabledOptions, @@ -69,7 +69,7 @@ function Get-TargetResource $ApplicationGuardForceAuditing, [Parameter()] - [ValidateSet('notConfigured','enforceComponentsAndStoreApps','auditComponentsAndStoreApps','enforceComponentsStoreAppsAndSmartlocker','auditComponentsStoreAppsAndSmartlocker')] + [ValidateSet('notConfigured', 'enforceComponentsAndStoreApps', 'auditComponentsAndStoreApps', 'enforceComponentsStoreAppsAndSmartlocker', 'auditComponentsStoreAppsAndSmartlocker')] [System.String] $AppLockerApplicationControl, @@ -94,7 +94,7 @@ function Get-TargetResource $BitLockerFixedDrivePolicy, [Parameter()] - [ValidateSet('notConfigured','disabled','enabledForAzureAd','enabledForAzureAdAndHybrid')] + [ValidateSet('notConfigured', 'disabled', 'enabledForAzureAd', 'enabledForAzureAdAndHybrid')] [System.String] $BitLockerRecoveryPasswordRotation, @@ -111,12 +111,12 @@ function Get-TargetResource $DefenderAdditionalGuardedFolders, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdobeReaderLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdvancedRansomewareProtectionType, @@ -173,7 +173,7 @@ function Get-TargetResource $DefenderBlockEndUserAccess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderBlockPersistenceThroughWmiType, @@ -182,7 +182,7 @@ function Get-TargetResource $DefenderCheckForSignaturesBeforeRunningScan, [Parameter()] - [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, @@ -247,12 +247,12 @@ function Get-TargetResource $DefenderDisableScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderEmailContentExecution, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderEmailContentExecutionType, @@ -289,77 +289,77 @@ function Get-TargetResource $DefenderGuardedFoldersAllowedAppPaths, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','blockDiskModification','auditDiskModification')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'blockDiskModification', 'auditDiskModification')] [System.String] $DefenderGuardMyFoldersType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderNetworkProtectionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunch, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunchType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsLaunchChildProcessType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsOtherProcessInjection, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsOtherProcessInjectionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeCommunicationAppsLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeMacroCodeAllowWin32Imports, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeMacroCodeAllowWin32ImportsType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPreventCredentialStealingType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderProcessCreation, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderProcessCreationType, @@ -368,7 +368,7 @@ function Get-TargetResource $DefenderProcessesToExclude, [Parameter()] - [ValidateSet('monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [ValidateSet('monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderScanDirection, @@ -377,7 +377,7 @@ function Get-TargetResource $DefenderScanMaxCpuPercentage, [Parameter()] - [ValidateSet('userDefined','disabled','quick','full')] + [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, @@ -386,7 +386,7 @@ function Get-TargetResource $DefenderScheduledQuickScanTime, [Parameter()] - [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderScheduledScanDay, @@ -395,22 +395,22 @@ function Get-TargetResource $DefenderScheduledScanTime, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptDownloadedPayloadExecution, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptDownloadedPayloadExecutionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptObfuscatedMacroCode, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptObfuscatedMacroCodeType, @@ -483,12 +483,12 @@ function Get-TargetResource $DefenderSecurityCenterHelpURL, [Parameter()] - [ValidateSet('notConfigured','displayInAppAndInNotifications','displayOnlyInApp','displayOnlyInNotifications')] + [ValidateSet('notConfigured', 'displayInAppAndInNotifications', 'displayOnlyInApp', 'displayOnlyInNotifications')] [System.String] $DefenderSecurityCenterITContactDisplay, [Parameter()] - [ValidateSet('notConfigured','blockNoncriticalNotifications','blockAllNotifications')] + [ValidateSet('notConfigured', 'blockNoncriticalNotifications', 'blockAllNotifications')] [System.String] $DefenderSecurityCenterNotificationsFromApp, @@ -501,27 +501,27 @@ function Get-TargetResource $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedExecutable, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedExecutableType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedUSBProcess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedUSBProcessType, @@ -534,22 +534,22 @@ function Get-TargetResource $DeviceGuardEnableVirtualizationBasedSecurity, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $DeviceGuardLaunchSystemGuard, [Parameter()] - [ValidateSet('notConfigured','enableWithUEFILock','enableWithoutUEFILock','disable')] + [ValidateSet('notConfigured', 'enableWithUEFILock', 'enableWithoutUEFILock', 'disable')] [System.String] $DeviceGuardLocalSystemAuthorityCredentialGuardSettings, [Parameter()] - [ValidateSet('notConfigured','withoutDMA','withDMA')] + [ValidateSet('notConfigured', 'withoutDMA', 'withDMA')] [System.String] $DeviceGuardSecureBootWithDMA, [Parameter()] - [ValidateSet('deviceDefault','blockAll','allowAll')] + [ValidateSet('deviceDefault', 'blockAll', 'allowAll')] [System.String] $DmaGuardDeviceEnumerationPolicy, @@ -558,7 +558,7 @@ function Get-TargetResource $FirewallBlockStatefulFTP, [Parameter()] - [ValidateSet('deviceDefault','none','attempt','require')] + [ValidateSet('deviceDefault', 'none', 'attempt', 'require')] [System.String] $FirewallCertificateRevocationListCheckMethod, @@ -591,12 +591,12 @@ function Get-TargetResource $FirewallMergeKeyingModuleSettings, [Parameter()] - [ValidateSet('deviceDefault','disabled','queueInbound','queueOutbound','queueBoth')] + [ValidateSet('deviceDefault', 'disabled', 'queueInbound', 'queueOutbound', 'queueBoth')] [System.String] $FirewallPacketQueueingMethod, [Parameter()] - [ValidateSet('deviceDefault','none','utF8')] + [ValidateSet('deviceDefault', 'none', 'utF8')] [System.String] $FirewallPreSharedKeyEncodingMethod, @@ -617,7 +617,7 @@ function Get-TargetResource $FirewallRules, [Parameter()] - [ValidateSet('lmAndNltm','lmNtlmAndNtlmV2','lmAndNtlmOnly','lmAndNtlmV2','lmNtlmV2AndNotLm','lmNtlmV2AndNotLmOrNtm')] + [ValidateSet('lmAndNltm', 'lmNtlmAndNtlmV2', 'lmAndNtlmOnly', 'lmAndNtlmV2', 'lmNtlmV2AndNotLm', 'lmNtlmV2AndNotLmOrNtm')] [System.String] $LanManagerAuthenticationLevel, @@ -630,7 +630,7 @@ function Get-TargetResource $LocalSecurityOptionsAdministratorAccountName, [Parameter()] - [ValidateSet('notConfigured','elevateWithoutPrompting','promptForCredentialsOnTheSecureDesktop','promptForConsentOnTheSecureDesktop','promptForCredentials','promptForConsent','promptForConsentForNonWindowsBinaries')] + [ValidateSet('notConfigured', 'elevateWithoutPrompting', 'promptForCredentialsOnTheSecureDesktop', 'promptForConsentOnTheSecureDesktop', 'promptForCredentials', 'promptForConsent', 'promptForConsentForNonWindowsBinaries')] [System.String] $LocalSecurityOptionsAdministratorElevationPromptBehavior, @@ -731,7 +731,7 @@ function Get-TargetResource $LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange, [Parameter()] - [ValidateSet('notConfigured','administrators','administratorsAndPowerUsers','administratorsAndInteractiveUsers')] + [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser, @@ -748,12 +748,12 @@ function Get-TargetResource $LocalSecurityOptionsHideUsernameAtSignIn, [Parameter()] - [ValidateSet('notConfigured','administrators','administratorsAndPowerUsers','administratorsAndInteractiveUsers')] + [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsInformationDisplayedOnLockScreen, [Parameter()] - [ValidateSet('notConfigured','userDisplayNameDomainUser','userDisplayNameOnly','doNotDisplayUser')] + [ValidateSet('notConfigured', 'userDisplayNameDomainUser', 'userDisplayNameOnly', 'doNotDisplayUser')] [System.String] $LocalSecurityOptionsInformationShownOnLockScreen, @@ -774,12 +774,12 @@ function Get-TargetResource $LocalSecurityOptionsMachineInactivityLimitInMinutes, [Parameter()] - [ValidateSet('none','requireNtmlV2SessionSecurity','require128BitEncryption','ntlmV2And128BitEncryption')] + [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients, [Parameter()] - [ValidateSet('none','requireNtmlV2SessionSecurity','require128BitEncryption','ntlmV2And128BitEncryption')] + [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers, @@ -792,12 +792,12 @@ function Get-TargetResource $LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares, [Parameter()] - [ValidateSet('noAction','lockWorkstation','forceLogoff','disconnectRemoteDesktopSession')] + [ValidateSet('noAction', 'lockWorkstation', 'forceLogoff', 'disconnectRemoteDesktopSession')] [System.String] $LocalSecurityOptionsSmartCardRemovalBehavior, [Parameter()] - [ValidateSet('notConfigured','automaticallyDenyElevationRequests','promptForCredentialsOnTheSecureDesktop','promptForCredentials')] + [ValidateSet('notConfigured', 'automaticallyDenyElevationRequests', 'promptForCredentialsOnTheSecureDesktop', 'promptForCredentials')] [System.String] $LocalSecurityOptionsStandardUserElevationPromptBehavior, @@ -942,12 +942,12 @@ function Get-TargetResource $UserRightsTakeOwnership, [Parameter()] - [ValidateSet('notConfigured','enable','disable')] + [ValidateSet('notConfigured', 'enable', 'disable')] [System.String] $WindowsDefenderTamperProtection, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesAccessoryManagementServiceStartupMode, @@ -956,17 +956,17 @@ function Get-TargetResource $XboxServicesEnableXboxGameSaveTask, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveAuthManagerServiceStartupMode, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveGameSaveServiceStartupMode, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveNetworkingServiceStartupMode, @@ -1044,13 +1044,13 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Device Configuration Endpoint Protection Policy for Windows10 with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDeviceManagementDeviceConfiguration ` -Filter "DisplayName eq '$DisplayName'" ` @@ -1089,13 +1089,13 @@ function Get-TargetResource { $complexRecoveryOptions.Add('RecoveryPasswordUsage', $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.recoveryOptions.recoveryPasswordUsage.toString()) } - if($complexRecoveryOptions.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexRecoveryOptions.values.Where({ $null -ne $_ }).count -eq 0) { $complexRecoveryOptions = $null } - $complexBitLockerFixedDrivePolicy.Add('RecoveryOptions',$complexRecoveryOptions) + $complexBitLockerFixedDrivePolicy.Add('RecoveryOptions', $complexRecoveryOptions) $complexBitLockerFixedDrivePolicy.Add('RequireEncryptionForWriteAccess', $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.requireEncryptionForWriteAccess) - if($complexBitLockerFixedDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexBitLockerFixedDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) { $complexBitLockerFixedDrivePolicy = $null } @@ -1107,7 +1107,7 @@ function Get-TargetResource $complexBitLockerRemovableDrivePolicy.Add('EncryptionMethod', $getValue.AdditionalProperties.bitLockerRemovableDrivePolicy.encryptionMethod.toString()) } $complexBitLockerRemovableDrivePolicy.Add('RequireEncryptionForWriteAccess', $getValue.AdditionalProperties.bitLockerRemovableDrivePolicy.requireEncryptionForWriteAccess) - if($complexBitLockerRemovableDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexBitLockerRemovableDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) { $complexBitLockerRemovableDrivePolicy = $null } @@ -1138,11 +1138,11 @@ function Get-TargetResource { $complexRecoveryOptions.Add('RecoveryPasswordUsage', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.recoveryOptions.recoveryPasswordUsage.toString()) } - if($complexRecoveryOptions.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexRecoveryOptions.values.Where({ $null -ne $_ }).count -eq 0) { $complexRecoveryOptions = $null } - $complexBitLockerSystemDrivePolicy.Add('RecoveryOptions',$complexRecoveryOptions) + $complexBitLockerSystemDrivePolicy.Add('RecoveryOptions', $complexRecoveryOptions) $complexBitLockerSystemDrivePolicy.Add('StartupAuthenticationBlockWithoutTpmChip', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationBlockWithoutTpmChip) $complexBitLockerSystemDrivePolicy.Add('StartupAuthenticationRequired', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationRequired) if ($null -ne $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationTpmKeyUsage) @@ -1161,7 +1161,7 @@ function Get-TargetResource { $complexBitLockerSystemDrivePolicy.Add('StartupAuthenticationTpmUsage', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationTpmUsage.toString()) } - if($complexBitLockerSystemDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexBitLockerSystemDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) { $complexBitLockerSystemDrivePolicy = $null } @@ -1183,7 +1183,7 @@ function Get-TargetResource { $complexDefenderDetectedMalwareActions.Add('SevereSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity.toString()) } - if($complexDefenderDetectedMalwareActions.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexDefenderDetectedMalwareActions.values.Where({ $null -ne $_ }).count -eq 0) { $complexDefenderDetectedMalwareActions = $null } @@ -1215,7 +1215,7 @@ function Get-TargetResource $complexFirewallProfileDomain.Add('StealthModeRequired', $getValue.AdditionalProperties.firewallProfileDomain.stealthModeRequired) $complexFirewallProfileDomain.Add('UnicastResponsesToMulticastBroadcastsBlocked', $getValue.AdditionalProperties.firewallProfileDomain.unicastResponsesToMulticastBroadcastsBlocked) $complexFirewallProfileDomain.Add('UnicastResponsesToMulticastBroadcastsRequired', $getValue.AdditionalProperties.firewallProfileDomain.unicastResponsesToMulticastBroadcastsRequired) - if($complexFirewallProfileDomain.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexFirewallProfileDomain.values.Where({ $null -ne $_ }).count -eq 0) { $complexFirewallProfileDomain = $null } @@ -1247,7 +1247,7 @@ function Get-TargetResource $complexFirewallProfilePrivate.Add('StealthModeRequired', $getValue.AdditionalProperties.firewallProfilePrivate.stealthModeRequired) $complexFirewallProfilePrivate.Add('UnicastResponsesToMulticastBroadcastsBlocked', $getValue.AdditionalProperties.firewallProfilePrivate.unicastResponsesToMulticastBroadcastsBlocked) $complexFirewallProfilePrivate.Add('UnicastResponsesToMulticastBroadcastsRequired', $getValue.AdditionalProperties.firewallProfilePrivate.unicastResponsesToMulticastBroadcastsRequired) - if($complexFirewallProfilePrivate.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexFirewallProfilePrivate.values.Where({ $null -ne $_ }).count -eq 0) { $complexFirewallProfilePrivate = $null } @@ -1279,13 +1279,13 @@ function Get-TargetResource $complexFirewallProfilePublic.Add('StealthModeRequired', $getValue.AdditionalProperties.firewallProfilePublic.stealthModeRequired) $complexFirewallProfilePublic.Add('UnicastResponsesToMulticastBroadcastsBlocked', $getValue.AdditionalProperties.firewallProfilePublic.unicastResponsesToMulticastBroadcastsBlocked) $complexFirewallProfilePublic.Add('UnicastResponsesToMulticastBroadcastsRequired', $getValue.AdditionalProperties.firewallProfilePublic.unicastResponsesToMulticastBroadcastsRequired) - if($complexFirewallProfilePublic.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexFirewallProfilePublic.values.Where({ $null -ne $_ }).count -eq 0) { $complexFirewallProfilePublic = $null } $complexFirewallRules = @() - foreach($currentfirewallRules in $getValue.AdditionalProperties.firewallRules) + foreach ($currentfirewallRules in $getValue.AdditionalProperties.firewallRules) { $myfirewallRules = @{} if ($null -ne $getValue.AdditionalProperties.firewallRules.action) @@ -1319,7 +1319,7 @@ function Get-TargetResource { $myfirewallRules.Add('TrafficDirection', $getValue.AdditionalProperties.firewallRules.trafficDirection.toString()) } - if($myfirewallRules.values.Where({ $null -ne $_ }).count -gt 0) + if ($myfirewallRules.values.Where({ $null -ne $_ }).count -gt 0) { $complexFirewallRules += $myfirewallRules } @@ -1327,667 +1327,667 @@ function Get-TargetResource $complexUserRightsAccessCredentialManagerAsTrustedCaller = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsAccessCredentialManagerAsTrustedCaller.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsAccessCredentialManagerAsTrustedCaller.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsAccessCredentialManagerAsTrustedCaller.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsAccessCredentialManagerAsTrustedCaller.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsAccessCredentialManagerAsTrustedCaller.state) { $complexUserRightsAccessCredentialManagerAsTrustedCaller.Add('State', $getValue.AdditionalProperties.userRightsAccessCredentialManagerAsTrustedCaller.state.toString()) } - if($complexUserRightsAccessCredentialManagerAsTrustedCaller.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsAccessCredentialManagerAsTrustedCaller.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsAccessCredentialManagerAsTrustedCaller = $null } $complexUserRightsActAsPartOfTheOperatingSystem = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsActAsPartOfTheOperatingSystem.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsActAsPartOfTheOperatingSystem.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsActAsPartOfTheOperatingSystem.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsActAsPartOfTheOperatingSystem.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsActAsPartOfTheOperatingSystem.state) { $complexUserRightsActAsPartOfTheOperatingSystem.Add('State', $getValue.AdditionalProperties.userRightsActAsPartOfTheOperatingSystem.state.toString()) } - if($complexUserRightsActAsPartOfTheOperatingSystem.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsActAsPartOfTheOperatingSystem.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsActAsPartOfTheOperatingSystem = $null } $complexUserRightsAllowAccessFromNetwork = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsAllowAccessFromNetwork.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsAllowAccessFromNetwork.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsAllowAccessFromNetwork.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsAllowAccessFromNetwork.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsAllowAccessFromNetwork.state) { $complexUserRightsAllowAccessFromNetwork.Add('State', $getValue.AdditionalProperties.userRightsAllowAccessFromNetwork.state.toString()) } - if($complexUserRightsAllowAccessFromNetwork.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsAllowAccessFromNetwork.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsAllowAccessFromNetwork = $null } $complexUserRightsBackupData = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsBackupData.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsBackupData.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsBackupData.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsBackupData.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsBackupData.state) { $complexUserRightsBackupData.Add('State', $getValue.AdditionalProperties.userRightsBackupData.state.toString()) } - if($complexUserRightsBackupData.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsBackupData.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsBackupData = $null } $complexUserRightsBlockAccessFromNetwork = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsBlockAccessFromNetwork.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsBlockAccessFromNetwork.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsBlockAccessFromNetwork.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsBlockAccessFromNetwork.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsBlockAccessFromNetwork.state) { $complexUserRightsBlockAccessFromNetwork.Add('State', $getValue.AdditionalProperties.userRightsBlockAccessFromNetwork.state.toString()) } - if($complexUserRightsBlockAccessFromNetwork.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsBlockAccessFromNetwork.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsBlockAccessFromNetwork = $null } $complexUserRightsChangeSystemTime = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsChangeSystemTime.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsChangeSystemTime.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsChangeSystemTime.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsChangeSystemTime.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsChangeSystemTime.state) { $complexUserRightsChangeSystemTime.Add('State', $getValue.AdditionalProperties.userRightsChangeSystemTime.state.toString()) } - if($complexUserRightsChangeSystemTime.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsChangeSystemTime.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsChangeSystemTime = $null } $complexUserRightsCreateGlobalObjects = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateGlobalObjects.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateGlobalObjects.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsCreateGlobalObjects.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsCreateGlobalObjects.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreateGlobalObjects.state) { $complexUserRightsCreateGlobalObjects.Add('State', $getValue.AdditionalProperties.userRightsCreateGlobalObjects.state.toString()) } - if($complexUserRightsCreateGlobalObjects.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsCreateGlobalObjects.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreateGlobalObjects = $null } $complexUserRightsCreatePageFile = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreatePageFile.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreatePageFile.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsCreatePageFile.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsCreatePageFile.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreatePageFile.state) { $complexUserRightsCreatePageFile.Add('State', $getValue.AdditionalProperties.userRightsCreatePageFile.state.toString()) } - if($complexUserRightsCreatePageFile.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsCreatePageFile.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreatePageFile = $null } $complexUserRightsCreatePermanentSharedObjects = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreatePermanentSharedObjects.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreatePermanentSharedObjects.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsCreatePermanentSharedObjects.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsCreatePermanentSharedObjects.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreatePermanentSharedObjects.state) { $complexUserRightsCreatePermanentSharedObjects.Add('State', $getValue.AdditionalProperties.userRightsCreatePermanentSharedObjects.state.toString()) } - if($complexUserRightsCreatePermanentSharedObjects.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsCreatePermanentSharedObjects.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreatePermanentSharedObjects = $null } $complexUserRightsCreateSymbolicLinks = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateSymbolicLinks.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateSymbolicLinks.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsCreateSymbolicLinks.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsCreateSymbolicLinks.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreateSymbolicLinks.state) { $complexUserRightsCreateSymbolicLinks.Add('State', $getValue.AdditionalProperties.userRightsCreateSymbolicLinks.state.toString()) } - if($complexUserRightsCreateSymbolicLinks.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsCreateSymbolicLinks.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreateSymbolicLinks = $null } $complexUserRightsCreateToken = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateToken.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateToken.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsCreateToken.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsCreateToken.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreateToken.state) { $complexUserRightsCreateToken.Add('State', $getValue.AdditionalProperties.userRightsCreateToken.state.toString()) } - if($complexUserRightsCreateToken.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsCreateToken.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreateToken = $null } $complexUserRightsDebugPrograms = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDebugPrograms.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDebugPrograms.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsDebugPrograms.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsDebugPrograms.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsDebugPrograms.state) { $complexUserRightsDebugPrograms.Add('State', $getValue.AdditionalProperties.userRightsDebugPrograms.state.toString()) } - if($complexUserRightsDebugPrograms.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsDebugPrograms.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsDebugPrograms = $null } $complexUserRightsDelegation = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDelegation.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDelegation.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsDelegation.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsDelegation.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsDelegation.state) { $complexUserRightsDelegation.Add('State', $getValue.AdditionalProperties.userRightsDelegation.state.toString()) } - if($complexUserRightsDelegation.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsDelegation.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsDelegation = $null } $complexUserRightsDenyLocalLogOn = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDenyLocalLogOn.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDenyLocalLogOn.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsDenyLocalLogOn.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsDenyLocalLogOn.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsDenyLocalLogOn.state) { $complexUserRightsDenyLocalLogOn.Add('State', $getValue.AdditionalProperties.userRightsDenyLocalLogOn.state.toString()) } - if($complexUserRightsDenyLocalLogOn.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsDenyLocalLogOn.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsDenyLocalLogOn = $null } $complexUserRightsGenerateSecurityAudits = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsGenerateSecurityAudits.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsGenerateSecurityAudits.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsGenerateSecurityAudits.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsGenerateSecurityAudits.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsGenerateSecurityAudits.state) { $complexUserRightsGenerateSecurityAudits.Add('State', $getValue.AdditionalProperties.userRightsGenerateSecurityAudits.state.toString()) } - if($complexUserRightsGenerateSecurityAudits.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsGenerateSecurityAudits.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsGenerateSecurityAudits = $null } $complexUserRightsImpersonateClient = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsImpersonateClient.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsImpersonateClient.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsImpersonateClient.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsImpersonateClient.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsImpersonateClient.state) { $complexUserRightsImpersonateClient.Add('State', $getValue.AdditionalProperties.userRightsImpersonateClient.state.toString()) } - if($complexUserRightsImpersonateClient.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsImpersonateClient.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsImpersonateClient = $null } $complexUserRightsIncreaseSchedulingPriority = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsIncreaseSchedulingPriority.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsIncreaseSchedulingPriority.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsIncreaseSchedulingPriority.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsIncreaseSchedulingPriority.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsIncreaseSchedulingPriority.state) { $complexUserRightsIncreaseSchedulingPriority.Add('State', $getValue.AdditionalProperties.userRightsIncreaseSchedulingPriority.state.toString()) } - if($complexUserRightsIncreaseSchedulingPriority.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsIncreaseSchedulingPriority.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsIncreaseSchedulingPriority = $null } $complexUserRightsLoadUnloadDrivers = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLoadUnloadDrivers.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLoadUnloadDrivers.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsLoadUnloadDrivers.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsLoadUnloadDrivers.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsLoadUnloadDrivers.state) { $complexUserRightsLoadUnloadDrivers.Add('State', $getValue.AdditionalProperties.userRightsLoadUnloadDrivers.state.toString()) } - if($complexUserRightsLoadUnloadDrivers.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsLoadUnloadDrivers.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsLoadUnloadDrivers = $null } $complexUserRightsLocalLogOn = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLocalLogOn.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLocalLogOn.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsLocalLogOn.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsLocalLogOn.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsLocalLogOn.state) { $complexUserRightsLocalLogOn.Add('State', $getValue.AdditionalProperties.userRightsLocalLogOn.state.toString()) } - if($complexUserRightsLocalLogOn.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsLocalLogOn.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsLocalLogOn = $null } $complexUserRightsLockMemory = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLockMemory.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLockMemory.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsLockMemory.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsLockMemory.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsLockMemory.state) { $complexUserRightsLockMemory.Add('State', $getValue.AdditionalProperties.userRightsLockMemory.state.toString()) } - if($complexUserRightsLockMemory.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsLockMemory.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsLockMemory = $null } $complexUserRightsManageAuditingAndSecurityLogs = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsManageAuditingAndSecurityLogs.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsManageAuditingAndSecurityLogs.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsManageAuditingAndSecurityLogs.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsManageAuditingAndSecurityLogs.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsManageAuditingAndSecurityLogs.state) { $complexUserRightsManageAuditingAndSecurityLogs.Add('State', $getValue.AdditionalProperties.userRightsManageAuditingAndSecurityLogs.state.toString()) } - if($complexUserRightsManageAuditingAndSecurityLogs.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsManageAuditingAndSecurityLogs.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsManageAuditingAndSecurityLogs = $null } $complexUserRightsManageVolumes = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsManageVolumes.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsManageVolumes.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsManageVolumes.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsManageVolumes.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsManageVolumes.state) { $complexUserRightsManageVolumes.Add('State', $getValue.AdditionalProperties.userRightsManageVolumes.state.toString()) } - if($complexUserRightsManageVolumes.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsManageVolumes.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsManageVolumes = $null } $complexUserRightsModifyFirmwareEnvironment = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsModifyFirmwareEnvironment.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsModifyFirmwareEnvironment.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsModifyFirmwareEnvironment.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsModifyFirmwareEnvironment.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsModifyFirmwareEnvironment.state) { $complexUserRightsModifyFirmwareEnvironment.Add('State', $getValue.AdditionalProperties.userRightsModifyFirmwareEnvironment.state.toString()) } - if($complexUserRightsModifyFirmwareEnvironment.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsModifyFirmwareEnvironment.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsModifyFirmwareEnvironment = $null } $complexUserRightsModifyObjectLabels = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsModifyObjectLabels.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsModifyObjectLabels.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsModifyObjectLabels.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsModifyObjectLabels.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsModifyObjectLabels.state) { $complexUserRightsModifyObjectLabels.Add('State', $getValue.AdditionalProperties.userRightsModifyObjectLabels.state.toString()) } - if($complexUserRightsModifyObjectLabels.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsModifyObjectLabels.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsModifyObjectLabels = $null } $complexUserRightsProfileSingleProcess = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsProfileSingleProcess.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsProfileSingleProcess.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsProfileSingleProcess.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsProfileSingleProcess.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsProfileSingleProcess.state) { $complexUserRightsProfileSingleProcess.Add('State', $getValue.AdditionalProperties.userRightsProfileSingleProcess.state.toString()) } - if($complexUserRightsProfileSingleProcess.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsProfileSingleProcess.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsProfileSingleProcess = $null } $complexUserRightsRemoteDesktopServicesLogOn = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRemoteDesktopServicesLogOn.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRemoteDesktopServicesLogOn.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsRemoteDesktopServicesLogOn.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsRemoteDesktopServicesLogOn.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsRemoteDesktopServicesLogOn.state) { $complexUserRightsRemoteDesktopServicesLogOn.Add('State', $getValue.AdditionalProperties.userRightsRemoteDesktopServicesLogOn.state.toString()) } - if($complexUserRightsRemoteDesktopServicesLogOn.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsRemoteDesktopServicesLogOn.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsRemoteDesktopServicesLogOn = $null } $complexUserRightsRemoteShutdown = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRemoteShutdown.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRemoteShutdown.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsRemoteShutdown.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsRemoteShutdown.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsRemoteShutdown.state) { $complexUserRightsRemoteShutdown.Add('State', $getValue.AdditionalProperties.userRightsRemoteShutdown.state.toString()) } - if($complexUserRightsRemoteShutdown.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsRemoteShutdown.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsRemoteShutdown = $null } $complexUserRightsRestoreData = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRestoreData.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRestoreData.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsRestoreData.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsRestoreData.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsRestoreData.state) { $complexUserRightsRestoreData.Add('State', $getValue.AdditionalProperties.userRightsRestoreData.state.toString()) } - if($complexUserRightsRestoreData.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsRestoreData.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsRestoreData = $null } $complexUserRightsTakeOwnership = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsTakeOwnership.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsTakeOwnership.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsTakeOwnership.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsTakeOwnership.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsTakeOwnership.state) { $complexUserRightsTakeOwnership.Add('State', $getValue.AdditionalProperties.userRightsTakeOwnership.state.toString()) } - if($complexUserRightsTakeOwnership.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsTakeOwnership.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsTakeOwnership = $null } @@ -2624,11 +2624,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' - deviceAndAppManagementAssignmentFilterType = $(if($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -2687,12 +2689,12 @@ function Set-TargetResource $ApplicationGuardAllowVirtualGPU, [Parameter()] - [ValidateSet('notConfigured','blockBoth','blockHostToContainer','blockContainerToHost','blockNone')] + [ValidateSet('notConfigured', 'blockBoth', 'blockHostToContainer', 'blockContainerToHost', 'blockNone')] [System.String] $ApplicationGuardBlockClipboardSharing, [Parameter()] - [ValidateSet('notConfigured','blockImageAndTextFile','blockImageFile','blockNone','blockTextFile')] + [ValidateSet('notConfigured', 'blockImageAndTextFile', 'blockImageFile', 'blockNone', 'blockTextFile')] [System.String] $ApplicationGuardBlockFileTransfer, @@ -2709,7 +2711,7 @@ function Set-TargetResource $ApplicationGuardEnabled, [Parameter()] - [ValidateSet('notConfigured','enabledForEdge','enabledForOffice','enabledForEdgeAndOffice')] + [ValidateSet('notConfigured', 'enabledForEdge', 'enabledForOffice', 'enabledForEdgeAndOffice')] [System.String] $ApplicationGuardEnabledOptions, @@ -2718,7 +2720,7 @@ function Set-TargetResource $ApplicationGuardForceAuditing, [Parameter()] - [ValidateSet('notConfigured','enforceComponentsAndStoreApps','auditComponentsAndStoreApps','enforceComponentsStoreAppsAndSmartlocker','auditComponentsStoreAppsAndSmartlocker')] + [ValidateSet('notConfigured', 'enforceComponentsAndStoreApps', 'auditComponentsAndStoreApps', 'enforceComponentsStoreAppsAndSmartlocker', 'auditComponentsStoreAppsAndSmartlocker')] [System.String] $AppLockerApplicationControl, @@ -2743,7 +2745,7 @@ function Set-TargetResource $BitLockerFixedDrivePolicy, [Parameter()] - [ValidateSet('notConfigured','disabled','enabledForAzureAd','enabledForAzureAdAndHybrid')] + [ValidateSet('notConfigured', 'disabled', 'enabledForAzureAd', 'enabledForAzureAdAndHybrid')] [System.String] $BitLockerRecoveryPasswordRotation, @@ -2760,12 +2762,12 @@ function Set-TargetResource $DefenderAdditionalGuardedFolders, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdobeReaderLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdvancedRansomewareProtectionType, @@ -2822,7 +2824,7 @@ function Set-TargetResource $DefenderBlockEndUserAccess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderBlockPersistenceThroughWmiType, @@ -2831,7 +2833,7 @@ function Set-TargetResource $DefenderCheckForSignaturesBeforeRunningScan, [Parameter()] - [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, @@ -2896,12 +2898,12 @@ function Set-TargetResource $DefenderDisableScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderEmailContentExecution, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderEmailContentExecutionType, @@ -2938,77 +2940,77 @@ function Set-TargetResource $DefenderGuardedFoldersAllowedAppPaths, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','blockDiskModification','auditDiskModification')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'blockDiskModification', 'auditDiskModification')] [System.String] $DefenderGuardMyFoldersType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderNetworkProtectionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunch, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunchType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsLaunchChildProcessType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsOtherProcessInjection, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsOtherProcessInjectionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeCommunicationAppsLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeMacroCodeAllowWin32Imports, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeMacroCodeAllowWin32ImportsType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPreventCredentialStealingType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderProcessCreation, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderProcessCreationType, @@ -3017,7 +3019,7 @@ function Set-TargetResource $DefenderProcessesToExclude, [Parameter()] - [ValidateSet('monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [ValidateSet('monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderScanDirection, @@ -3026,7 +3028,7 @@ function Set-TargetResource $DefenderScanMaxCpuPercentage, [Parameter()] - [ValidateSet('userDefined','disabled','quick','full')] + [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, @@ -3035,7 +3037,7 @@ function Set-TargetResource $DefenderScheduledQuickScanTime, [Parameter()] - [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderScheduledScanDay, @@ -3044,22 +3046,22 @@ function Set-TargetResource $DefenderScheduledScanTime, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptDownloadedPayloadExecution, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptDownloadedPayloadExecutionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptObfuscatedMacroCode, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptObfuscatedMacroCodeType, @@ -3132,12 +3134,12 @@ function Set-TargetResource $DefenderSecurityCenterHelpURL, [Parameter()] - [ValidateSet('notConfigured','displayInAppAndInNotifications','displayOnlyInApp','displayOnlyInNotifications')] + [ValidateSet('notConfigured', 'displayInAppAndInNotifications', 'displayOnlyInApp', 'displayOnlyInNotifications')] [System.String] $DefenderSecurityCenterITContactDisplay, [Parameter()] - [ValidateSet('notConfigured','blockNoncriticalNotifications','blockAllNotifications')] + [ValidateSet('notConfigured', 'blockNoncriticalNotifications', 'blockAllNotifications')] [System.String] $DefenderSecurityCenterNotificationsFromApp, @@ -3150,27 +3152,27 @@ function Set-TargetResource $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedExecutable, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedExecutableType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedUSBProcess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedUSBProcessType, @@ -3183,22 +3185,22 @@ function Set-TargetResource $DeviceGuardEnableVirtualizationBasedSecurity, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $DeviceGuardLaunchSystemGuard, [Parameter()] - [ValidateSet('notConfigured','enableWithUEFILock','enableWithoutUEFILock','disable')] + [ValidateSet('notConfigured', 'enableWithUEFILock', 'enableWithoutUEFILock', 'disable')] [System.String] $DeviceGuardLocalSystemAuthorityCredentialGuardSettings, [Parameter()] - [ValidateSet('notConfigured','withoutDMA','withDMA')] + [ValidateSet('notConfigured', 'withoutDMA', 'withDMA')] [System.String] $DeviceGuardSecureBootWithDMA, [Parameter()] - [ValidateSet('deviceDefault','blockAll','allowAll')] + [ValidateSet('deviceDefault', 'blockAll', 'allowAll')] [System.String] $DmaGuardDeviceEnumerationPolicy, @@ -3207,7 +3209,7 @@ function Set-TargetResource $FirewallBlockStatefulFTP, [Parameter()] - [ValidateSet('deviceDefault','none','attempt','require')] + [ValidateSet('deviceDefault', 'none', 'attempt', 'require')] [System.String] $FirewallCertificateRevocationListCheckMethod, @@ -3240,12 +3242,12 @@ function Set-TargetResource $FirewallMergeKeyingModuleSettings, [Parameter()] - [ValidateSet('deviceDefault','disabled','queueInbound','queueOutbound','queueBoth')] + [ValidateSet('deviceDefault', 'disabled', 'queueInbound', 'queueOutbound', 'queueBoth')] [System.String] $FirewallPacketQueueingMethod, [Parameter()] - [ValidateSet('deviceDefault','none','utF8')] + [ValidateSet('deviceDefault', 'none', 'utF8')] [System.String] $FirewallPreSharedKeyEncodingMethod, @@ -3266,7 +3268,7 @@ function Set-TargetResource $FirewallRules, [Parameter()] - [ValidateSet('lmAndNltm','lmNtlmAndNtlmV2','lmAndNtlmOnly','lmAndNtlmV2','lmNtlmV2AndNotLm','lmNtlmV2AndNotLmOrNtm')] + [ValidateSet('lmAndNltm', 'lmNtlmAndNtlmV2', 'lmAndNtlmOnly', 'lmAndNtlmV2', 'lmNtlmV2AndNotLm', 'lmNtlmV2AndNotLmOrNtm')] [System.String] $LanManagerAuthenticationLevel, @@ -3279,7 +3281,7 @@ function Set-TargetResource $LocalSecurityOptionsAdministratorAccountName, [Parameter()] - [ValidateSet('notConfigured','elevateWithoutPrompting','promptForCredentialsOnTheSecureDesktop','promptForConsentOnTheSecureDesktop','promptForCredentials','promptForConsent','promptForConsentForNonWindowsBinaries')] + [ValidateSet('notConfigured', 'elevateWithoutPrompting', 'promptForCredentialsOnTheSecureDesktop', 'promptForConsentOnTheSecureDesktop', 'promptForCredentials', 'promptForConsent', 'promptForConsentForNonWindowsBinaries')] [System.String] $LocalSecurityOptionsAdministratorElevationPromptBehavior, @@ -3380,7 +3382,7 @@ function Set-TargetResource $LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange, [Parameter()] - [ValidateSet('notConfigured','administrators','administratorsAndPowerUsers','administratorsAndInteractiveUsers')] + [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser, @@ -3397,12 +3399,12 @@ function Set-TargetResource $LocalSecurityOptionsHideUsernameAtSignIn, [Parameter()] - [ValidateSet('notConfigured','administrators','administratorsAndPowerUsers','administratorsAndInteractiveUsers')] + [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsInformationDisplayedOnLockScreen, [Parameter()] - [ValidateSet('notConfigured','userDisplayNameDomainUser','userDisplayNameOnly','doNotDisplayUser')] + [ValidateSet('notConfigured', 'userDisplayNameDomainUser', 'userDisplayNameOnly', 'doNotDisplayUser')] [System.String] $LocalSecurityOptionsInformationShownOnLockScreen, @@ -3423,12 +3425,12 @@ function Set-TargetResource $LocalSecurityOptionsMachineInactivityLimitInMinutes, [Parameter()] - [ValidateSet('none','requireNtmlV2SessionSecurity','require128BitEncryption','ntlmV2And128BitEncryption')] + [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients, [Parameter()] - [ValidateSet('none','requireNtmlV2SessionSecurity','require128BitEncryption','ntlmV2And128BitEncryption')] + [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers, @@ -3441,12 +3443,12 @@ function Set-TargetResource $LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares, [Parameter()] - [ValidateSet('noAction','lockWorkstation','forceLogoff','disconnectRemoteDesktopSession')] + [ValidateSet('noAction', 'lockWorkstation', 'forceLogoff', 'disconnectRemoteDesktopSession')] [System.String] $LocalSecurityOptionsSmartCardRemovalBehavior, [Parameter()] - [ValidateSet('notConfigured','automaticallyDenyElevationRequests','promptForCredentialsOnTheSecureDesktop','promptForCredentials')] + [ValidateSet('notConfigured', 'automaticallyDenyElevationRequests', 'promptForCredentialsOnTheSecureDesktop', 'promptForCredentials')] [System.String] $LocalSecurityOptionsStandardUserElevationPromptBehavior, @@ -3591,12 +3593,12 @@ function Set-TargetResource $UserRightsTakeOwnership, [Parameter()] - [ValidateSet('notConfigured','enable','disable')] + [ValidateSet('notConfigured', 'enable', 'disable')] [System.String] $WindowsDefenderTamperProtection, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesAccessoryManagementServiceStartupMode, @@ -3605,17 +3607,17 @@ function Set-TargetResource $XboxServicesEnableXboxGameSaveTask, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveAuthManagerServiceStartupMode, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveGameSaveServiceStartupMode, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveNetworkingServiceStartupMode, @@ -3697,32 +3699,32 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Endpoint Protection Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10EndpointProtectionConfiguration") - $policy=New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10EndpointProtectionConfiguration') + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - if($policy.id) + if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -3731,30 +3733,30 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Endpoint Protection Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters $UpdateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10EndpointProtectionConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10EndpointProtectionConfiguration') Update-MgDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` @@ -3810,12 +3812,12 @@ function Test-TargetResource $ApplicationGuardAllowVirtualGPU, [Parameter()] - [ValidateSet('notConfigured','blockBoth','blockHostToContainer','blockContainerToHost','blockNone')] + [ValidateSet('notConfigured', 'blockBoth', 'blockHostToContainer', 'blockContainerToHost', 'blockNone')] [System.String] $ApplicationGuardBlockClipboardSharing, [Parameter()] - [ValidateSet('notConfigured','blockImageAndTextFile','blockImageFile','blockNone','blockTextFile')] + [ValidateSet('notConfigured', 'blockImageAndTextFile', 'blockImageFile', 'blockNone', 'blockTextFile')] [System.String] $ApplicationGuardBlockFileTransfer, @@ -3832,7 +3834,7 @@ function Test-TargetResource $ApplicationGuardEnabled, [Parameter()] - [ValidateSet('notConfigured','enabledForEdge','enabledForOffice','enabledForEdgeAndOffice')] + [ValidateSet('notConfigured', 'enabledForEdge', 'enabledForOffice', 'enabledForEdgeAndOffice')] [System.String] $ApplicationGuardEnabledOptions, @@ -3841,7 +3843,7 @@ function Test-TargetResource $ApplicationGuardForceAuditing, [Parameter()] - [ValidateSet('notConfigured','enforceComponentsAndStoreApps','auditComponentsAndStoreApps','enforceComponentsStoreAppsAndSmartlocker','auditComponentsStoreAppsAndSmartlocker')] + [ValidateSet('notConfigured', 'enforceComponentsAndStoreApps', 'auditComponentsAndStoreApps', 'enforceComponentsStoreAppsAndSmartlocker', 'auditComponentsStoreAppsAndSmartlocker')] [System.String] $AppLockerApplicationControl, @@ -3866,7 +3868,7 @@ function Test-TargetResource $BitLockerFixedDrivePolicy, [Parameter()] - [ValidateSet('notConfigured','disabled','enabledForAzureAd','enabledForAzureAdAndHybrid')] + [ValidateSet('notConfigured', 'disabled', 'enabledForAzureAd', 'enabledForAzureAdAndHybrid')] [System.String] $BitLockerRecoveryPasswordRotation, @@ -3883,12 +3885,12 @@ function Test-TargetResource $DefenderAdditionalGuardedFolders, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdobeReaderLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdvancedRansomewareProtectionType, @@ -3945,7 +3947,7 @@ function Test-TargetResource $DefenderBlockEndUserAccess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderBlockPersistenceThroughWmiType, @@ -3954,7 +3956,7 @@ function Test-TargetResource $DefenderCheckForSignaturesBeforeRunningScan, [Parameter()] - [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, @@ -4019,12 +4021,12 @@ function Test-TargetResource $DefenderDisableScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderEmailContentExecution, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderEmailContentExecutionType, @@ -4061,77 +4063,77 @@ function Test-TargetResource $DefenderGuardedFoldersAllowedAppPaths, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','blockDiskModification','auditDiskModification')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'blockDiskModification', 'auditDiskModification')] [System.String] $DefenderGuardMyFoldersType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderNetworkProtectionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunch, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunchType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsLaunchChildProcessType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsOtherProcessInjection, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsOtherProcessInjectionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeCommunicationAppsLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeMacroCodeAllowWin32Imports, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeMacroCodeAllowWin32ImportsType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPreventCredentialStealingType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderProcessCreation, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderProcessCreationType, @@ -4140,7 +4142,7 @@ function Test-TargetResource $DefenderProcessesToExclude, [Parameter()] - [ValidateSet('monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [ValidateSet('monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderScanDirection, @@ -4149,7 +4151,7 @@ function Test-TargetResource $DefenderScanMaxCpuPercentage, [Parameter()] - [ValidateSet('userDefined','disabled','quick','full')] + [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, @@ -4158,7 +4160,7 @@ function Test-TargetResource $DefenderScheduledQuickScanTime, [Parameter()] - [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderScheduledScanDay, @@ -4167,22 +4169,22 @@ function Test-TargetResource $DefenderScheduledScanTime, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptDownloadedPayloadExecution, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptDownloadedPayloadExecutionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptObfuscatedMacroCode, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptObfuscatedMacroCodeType, @@ -4255,12 +4257,12 @@ function Test-TargetResource $DefenderSecurityCenterHelpURL, [Parameter()] - [ValidateSet('notConfigured','displayInAppAndInNotifications','displayOnlyInApp','displayOnlyInNotifications')] + [ValidateSet('notConfigured', 'displayInAppAndInNotifications', 'displayOnlyInApp', 'displayOnlyInNotifications')] [System.String] $DefenderSecurityCenterITContactDisplay, [Parameter()] - [ValidateSet('notConfigured','blockNoncriticalNotifications','blockAllNotifications')] + [ValidateSet('notConfigured', 'blockNoncriticalNotifications', 'blockAllNotifications')] [System.String] $DefenderSecurityCenterNotificationsFromApp, @@ -4273,27 +4275,27 @@ function Test-TargetResource $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedExecutable, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedExecutableType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedUSBProcess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedUSBProcessType, @@ -4306,22 +4308,22 @@ function Test-TargetResource $DeviceGuardEnableVirtualizationBasedSecurity, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $DeviceGuardLaunchSystemGuard, [Parameter()] - [ValidateSet('notConfigured','enableWithUEFILock','enableWithoutUEFILock','disable')] + [ValidateSet('notConfigured', 'enableWithUEFILock', 'enableWithoutUEFILock', 'disable')] [System.String] $DeviceGuardLocalSystemAuthorityCredentialGuardSettings, [Parameter()] - [ValidateSet('notConfigured','withoutDMA','withDMA')] + [ValidateSet('notConfigured', 'withoutDMA', 'withDMA')] [System.String] $DeviceGuardSecureBootWithDMA, [Parameter()] - [ValidateSet('deviceDefault','blockAll','allowAll')] + [ValidateSet('deviceDefault', 'blockAll', 'allowAll')] [System.String] $DmaGuardDeviceEnumerationPolicy, @@ -4330,7 +4332,7 @@ function Test-TargetResource $FirewallBlockStatefulFTP, [Parameter()] - [ValidateSet('deviceDefault','none','attempt','require')] + [ValidateSet('deviceDefault', 'none', 'attempt', 'require')] [System.String] $FirewallCertificateRevocationListCheckMethod, @@ -4363,12 +4365,12 @@ function Test-TargetResource $FirewallMergeKeyingModuleSettings, [Parameter()] - [ValidateSet('deviceDefault','disabled','queueInbound','queueOutbound','queueBoth')] + [ValidateSet('deviceDefault', 'disabled', 'queueInbound', 'queueOutbound', 'queueBoth')] [System.String] $FirewallPacketQueueingMethod, [Parameter()] - [ValidateSet('deviceDefault','none','utF8')] + [ValidateSet('deviceDefault', 'none', 'utF8')] [System.String] $FirewallPreSharedKeyEncodingMethod, @@ -4389,7 +4391,7 @@ function Test-TargetResource $FirewallRules, [Parameter()] - [ValidateSet('lmAndNltm','lmNtlmAndNtlmV2','lmAndNtlmOnly','lmAndNtlmV2','lmNtlmV2AndNotLm','lmNtlmV2AndNotLmOrNtm')] + [ValidateSet('lmAndNltm', 'lmNtlmAndNtlmV2', 'lmAndNtlmOnly', 'lmAndNtlmV2', 'lmNtlmV2AndNotLm', 'lmNtlmV2AndNotLmOrNtm')] [System.String] $LanManagerAuthenticationLevel, @@ -4402,7 +4404,7 @@ function Test-TargetResource $LocalSecurityOptionsAdministratorAccountName, [Parameter()] - [ValidateSet('notConfigured','elevateWithoutPrompting','promptForCredentialsOnTheSecureDesktop','promptForConsentOnTheSecureDesktop','promptForCredentials','promptForConsent','promptForConsentForNonWindowsBinaries')] + [ValidateSet('notConfigured', 'elevateWithoutPrompting', 'promptForCredentialsOnTheSecureDesktop', 'promptForConsentOnTheSecureDesktop', 'promptForCredentials', 'promptForConsent', 'promptForConsentForNonWindowsBinaries')] [System.String] $LocalSecurityOptionsAdministratorElevationPromptBehavior, @@ -4503,7 +4505,7 @@ function Test-TargetResource $LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange, [Parameter()] - [ValidateSet('notConfigured','administrators','administratorsAndPowerUsers','administratorsAndInteractiveUsers')] + [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser, @@ -4520,12 +4522,12 @@ function Test-TargetResource $LocalSecurityOptionsHideUsernameAtSignIn, [Parameter()] - [ValidateSet('notConfigured','administrators','administratorsAndPowerUsers','administratorsAndInteractiveUsers')] + [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsInformationDisplayedOnLockScreen, [Parameter()] - [ValidateSet('notConfigured','userDisplayNameDomainUser','userDisplayNameOnly','doNotDisplayUser')] + [ValidateSet('notConfigured', 'userDisplayNameDomainUser', 'userDisplayNameOnly', 'doNotDisplayUser')] [System.String] $LocalSecurityOptionsInformationShownOnLockScreen, @@ -4546,12 +4548,12 @@ function Test-TargetResource $LocalSecurityOptionsMachineInactivityLimitInMinutes, [Parameter()] - [ValidateSet('none','requireNtmlV2SessionSecurity','require128BitEncryption','ntlmV2And128BitEncryption')] + [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients, [Parameter()] - [ValidateSet('none','requireNtmlV2SessionSecurity','require128BitEncryption','ntlmV2And128BitEncryption')] + [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers, @@ -4564,12 +4566,12 @@ function Test-TargetResource $LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares, [Parameter()] - [ValidateSet('noAction','lockWorkstation','forceLogoff','disconnectRemoteDesktopSession')] + [ValidateSet('noAction', 'lockWorkstation', 'forceLogoff', 'disconnectRemoteDesktopSession')] [System.String] $LocalSecurityOptionsSmartCardRemovalBehavior, [Parameter()] - [ValidateSet('notConfigured','automaticallyDenyElevationRequests','promptForCredentialsOnTheSecureDesktop','promptForCredentials')] + [ValidateSet('notConfigured', 'automaticallyDenyElevationRequests', 'promptForCredentialsOnTheSecureDesktop', 'promptForCredentials')] [System.String] $LocalSecurityOptionsStandardUserElevationPromptBehavior, @@ -4714,12 +4716,12 @@ function Test-TargetResource $UserRightsTakeOwnership, [Parameter()] - [ValidateSet('notConfigured','enable','disable')] + [ValidateSet('notConfigured', 'enable', 'disable')] [System.String] $WindowsDefenderTamperProtection, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesAccessoryManagementServiceStartupMode, @@ -4728,17 +4730,17 @@ function Test-TargetResource $XboxServicesEnableXboxGameSaveTask, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveAuthManagerServiceStartupMode, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveGameSaveServiceStartupMode, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveNetworkingServiceStartupMode, @@ -4833,7 +4835,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -4917,7 +4919,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10EndpointProtectionConfiguration' ` - } + } #endregion $i = 1 @@ -4957,14 +4959,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'BitLockerFixedDrivePolicy' + Name = 'BitLockerFixedDrivePolicy' CimInstanceName = 'MicrosoftGraphBitLockerFixedDrivePolicy' - IsRequired = $False + IsRequired = $False } @{ - Name = 'RecoveryOptions' + Name = 'RecoveryOptions' CimInstanceName = 'MicrosoftGraphBitLockerRecoveryOptions' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -4972,7 +4974,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphbitLockerFixedDrivePolicy' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.BitLockerFixedDrivePolicy = $complexTypeStringResult } @@ -4986,7 +4988,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.BitLockerRemovableDrivePolicy ` -CIMInstanceName 'MicrosoftGraphbitLockerRemovableDrivePolicy' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.BitLockerRemovableDrivePolicy = $complexTypeStringResult } @@ -4999,14 +5001,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'BitLockerSystemDrivePolicy' + Name = 'BitLockerSystemDrivePolicy' CimInstanceName = 'MicrosoftGraphBitLockerSystemDrivePolicy' - IsRequired = $False + IsRequired = $False } @{ - Name = 'RecoveryOptions' + Name = 'RecoveryOptions' CimInstanceName = 'MicrosoftGraphBitLockerRecoveryOptions' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5014,7 +5016,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphbitLockerSystemDrivePolicy' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.BitLockerSystemDrivePolicy = $complexTypeStringResult } @@ -5028,7 +5030,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.DefenderDetectedMalwareActions ` -CIMInstanceName 'MicrosoftGraphdefenderDetectedMalwareActions' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.DefenderDetectedMalwareActions = $complexTypeStringResult } @@ -5042,7 +5044,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.FirewallProfileDomain ` -CIMInstanceName 'MicrosoftGraphwindowsFirewallNetworkProfile' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.FirewallProfileDomain = $complexTypeStringResult } @@ -5056,7 +5058,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.FirewallProfilePrivate ` -CIMInstanceName 'MicrosoftGraphwindowsFirewallNetworkProfile' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.FirewallProfilePrivate = $complexTypeStringResult } @@ -5070,7 +5072,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.FirewallProfilePublic ` -CIMInstanceName 'MicrosoftGraphwindowsFirewallNetworkProfile' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.FirewallProfilePublic = $complexTypeStringResult } @@ -5084,7 +5086,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.FirewallRules ` -CIMInstanceName 'MicrosoftGraphwindowsFirewallRule' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.FirewallRules = $complexTypeStringResult } @@ -5097,14 +5099,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsAccessCredentialManagerAsTrustedCaller' + Name = 'UserRightsAccessCredentialManagerAsTrustedCaller' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5112,7 +5114,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsAccessCredentialManagerAsTrustedCaller = $complexTypeStringResult } @@ -5125,14 +5127,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsActAsPartOfTheOperatingSystem' + Name = 'UserRightsActAsPartOfTheOperatingSystem' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5140,7 +5142,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsActAsPartOfTheOperatingSystem = $complexTypeStringResult } @@ -5153,14 +5155,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsAllowAccessFromNetwork' + Name = 'UserRightsAllowAccessFromNetwork' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5168,7 +5170,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsAllowAccessFromNetwork = $complexTypeStringResult } @@ -5181,14 +5183,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsBackupData' + Name = 'UserRightsBackupData' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5196,7 +5198,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsBackupData = $complexTypeStringResult } @@ -5209,14 +5211,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsBlockAccessFromNetwork' + Name = 'UserRightsBlockAccessFromNetwork' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5224,7 +5226,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsBlockAccessFromNetwork = $complexTypeStringResult } @@ -5237,14 +5239,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsChangeSystemTime' + Name = 'UserRightsChangeSystemTime' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5252,7 +5254,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsChangeSystemTime = $complexTypeStringResult } @@ -5265,14 +5267,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsCreateGlobalObjects' + Name = 'UserRightsCreateGlobalObjects' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5280,7 +5282,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreateGlobalObjects = $complexTypeStringResult } @@ -5293,14 +5295,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsCreatePageFile' + Name = 'UserRightsCreatePageFile' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5308,7 +5310,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreatePageFile = $complexTypeStringResult } @@ -5321,14 +5323,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsCreatePermanentSharedObjects' + Name = 'UserRightsCreatePermanentSharedObjects' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5336,7 +5338,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreatePermanentSharedObjects = $complexTypeStringResult } @@ -5349,14 +5351,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsCreateSymbolicLinks' + Name = 'UserRightsCreateSymbolicLinks' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5364,7 +5366,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreateSymbolicLinks = $complexTypeStringResult } @@ -5377,14 +5379,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsCreateToken' + Name = 'UserRightsCreateToken' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5392,7 +5394,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreateToken = $complexTypeStringResult } @@ -5405,14 +5407,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsDebugPrograms' + Name = 'UserRightsDebugPrograms' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5420,7 +5422,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsDebugPrograms = $complexTypeStringResult } @@ -5433,14 +5435,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsDelegation' + Name = 'UserRightsDelegation' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5448,7 +5450,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsDelegation = $complexTypeStringResult } @@ -5461,14 +5463,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsDenyLocalLogOn' + Name = 'UserRightsDenyLocalLogOn' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5476,7 +5478,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsDenyLocalLogOn = $complexTypeStringResult } @@ -5489,14 +5491,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsGenerateSecurityAudits' + Name = 'UserRightsGenerateSecurityAudits' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5504,7 +5506,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsGenerateSecurityAudits = $complexTypeStringResult } @@ -5517,14 +5519,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsImpersonateClient' + Name = 'UserRightsImpersonateClient' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5532,7 +5534,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsImpersonateClient = $complexTypeStringResult } @@ -5545,14 +5547,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsIncreaseSchedulingPriority' + Name = 'UserRightsIncreaseSchedulingPriority' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5560,7 +5562,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsIncreaseSchedulingPriority = $complexTypeStringResult } @@ -5573,14 +5575,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsLoadUnloadDrivers' + Name = 'UserRightsLoadUnloadDrivers' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5588,7 +5590,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsLoadUnloadDrivers = $complexTypeStringResult } @@ -5601,14 +5603,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsLocalLogOn' + Name = 'UserRightsLocalLogOn' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5616,7 +5618,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsLocalLogOn = $complexTypeStringResult } @@ -5629,14 +5631,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsLockMemory' + Name = 'UserRightsLockMemory' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5644,7 +5646,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsLockMemory = $complexTypeStringResult } @@ -5657,14 +5659,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsManageAuditingAndSecurityLogs' + Name = 'UserRightsManageAuditingAndSecurityLogs' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5672,7 +5674,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsManageAuditingAndSecurityLogs = $complexTypeStringResult } @@ -5685,14 +5687,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsManageVolumes' + Name = 'UserRightsManageVolumes' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5700,7 +5702,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsManageVolumes = $complexTypeStringResult } @@ -5713,14 +5715,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsModifyFirmwareEnvironment' + Name = 'UserRightsModifyFirmwareEnvironment' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5728,7 +5730,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsModifyFirmwareEnvironment = $complexTypeStringResult } @@ -5741,14 +5743,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsModifyObjectLabels' + Name = 'UserRightsModifyObjectLabels' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5756,7 +5758,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsModifyObjectLabels = $complexTypeStringResult } @@ -5769,14 +5771,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsProfileSingleProcess' + Name = 'UserRightsProfileSingleProcess' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5784,7 +5786,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsProfileSingleProcess = $complexTypeStringResult } @@ -5797,14 +5799,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsRemoteDesktopServicesLogOn' + Name = 'UserRightsRemoteDesktopServicesLogOn' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5812,7 +5814,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsRemoteDesktopServicesLogOn = $complexTypeStringResult } @@ -5825,14 +5827,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsRemoteShutdown' + Name = 'UserRightsRemoteShutdown' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5840,7 +5842,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsRemoteShutdown = $complexTypeStringResult } @@ -5853,14 +5855,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsRestoreData' + Name = 'UserRightsRestoreData' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5868,7 +5870,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsRestoreData = $complexTypeStringResult } @@ -5881,14 +5883,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsTakeOwnership' + Name = 'UserRightsTakeOwnership' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5896,7 +5898,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsTakeOwnership = $complexTypeStringResult } @@ -5905,7 +5907,7 @@ function Export-TargetResource $Results.Remove('UserRightsTakeOwnership') | Out-Null } } - if($Results.Assignments) + if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) @@ -5924,159 +5926,159 @@ function Export-TargetResource -Credential $Credential if ($Results.BitLockerFixedDrivePolicy) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "BitLockerFixedDrivePolicy" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'BitLockerFixedDrivePolicy' -IsCIMArray:$False } if ($Results.BitLockerRemovableDrivePolicy) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "BitLockerRemovableDrivePolicy" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'BitLockerRemovableDrivePolicy' -IsCIMArray:$False } if ($Results.BitLockerSystemDrivePolicy) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "BitLockerSystemDrivePolicy" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'BitLockerSystemDrivePolicy' -IsCIMArray:$False } if ($Results.DefenderDetectedMalwareActions) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DefenderDetectedMalwareActions" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DefenderDetectedMalwareActions' -IsCIMArray:$False } if ($Results.FirewallProfileDomain) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "FirewallProfileDomain" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallProfileDomain' -IsCIMArray:$False } if ($Results.FirewallProfilePrivate) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "FirewallProfilePrivate" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallProfilePrivate' -IsCIMArray:$False } if ($Results.FirewallProfilePublic) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "FirewallProfilePublic" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallProfilePublic' -IsCIMArray:$False } if ($Results.FirewallRules) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "FirewallRules" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallRules' -IsCIMArray:$True } if ($Results.UserRightsAccessCredentialManagerAsTrustedCaller) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsAccessCredentialManagerAsTrustedCaller" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsAccessCredentialManagerAsTrustedCaller' -IsCIMArray:$False } if ($Results.UserRightsActAsPartOfTheOperatingSystem) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsActAsPartOfTheOperatingSystem" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsActAsPartOfTheOperatingSystem' -IsCIMArray:$False } if ($Results.UserRightsAllowAccessFromNetwork) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsAllowAccessFromNetwork" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsAllowAccessFromNetwork' -IsCIMArray:$False } if ($Results.UserRightsBackupData) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsBackupData" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsBackupData' -IsCIMArray:$False } if ($Results.UserRightsBlockAccessFromNetwork) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsBlockAccessFromNetwork" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsBlockAccessFromNetwork' -IsCIMArray:$False } if ($Results.UserRightsChangeSystemTime) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsChangeSystemTime" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsChangeSystemTime' -IsCIMArray:$False } if ($Results.UserRightsCreateGlobalObjects) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsCreateGlobalObjects" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreateGlobalObjects' -IsCIMArray:$False } if ($Results.UserRightsCreatePageFile) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsCreatePageFile" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreatePageFile' -IsCIMArray:$False } if ($Results.UserRightsCreatePermanentSharedObjects) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsCreatePermanentSharedObjects" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreatePermanentSharedObjects' -IsCIMArray:$False } if ($Results.UserRightsCreateSymbolicLinks) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsCreateSymbolicLinks" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreateSymbolicLinks' -IsCIMArray:$False } if ($Results.UserRightsCreateToken) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsCreateToken" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreateToken' -IsCIMArray:$False } if ($Results.UserRightsDebugPrograms) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsDebugPrograms" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsDebugPrograms' -IsCIMArray:$False } if ($Results.UserRightsDelegation) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsDelegation" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsDelegation' -IsCIMArray:$False } if ($Results.UserRightsDenyLocalLogOn) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsDenyLocalLogOn" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsDenyLocalLogOn' -IsCIMArray:$False } if ($Results.UserRightsGenerateSecurityAudits) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsGenerateSecurityAudits" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsGenerateSecurityAudits' -IsCIMArray:$False } if ($Results.UserRightsImpersonateClient) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsImpersonateClient" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsImpersonateClient' -IsCIMArray:$False } if ($Results.UserRightsIncreaseSchedulingPriority) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsIncreaseSchedulingPriority" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsIncreaseSchedulingPriority' -IsCIMArray:$False } if ($Results.UserRightsLoadUnloadDrivers) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsLoadUnloadDrivers" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsLoadUnloadDrivers' -IsCIMArray:$False } if ($Results.UserRightsLocalLogOn) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsLocalLogOn" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsLocalLogOn' -IsCIMArray:$False } if ($Results.UserRightsLockMemory) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsLockMemory" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsLockMemory' -IsCIMArray:$False } if ($Results.UserRightsManageAuditingAndSecurityLogs) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsManageAuditingAndSecurityLogs" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsManageAuditingAndSecurityLogs' -IsCIMArray:$False } if ($Results.UserRightsManageVolumes) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsManageVolumes" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsManageVolumes' -IsCIMArray:$False } if ($Results.UserRightsModifyFirmwareEnvironment) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsModifyFirmwareEnvironment" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsModifyFirmwareEnvironment' -IsCIMArray:$False } if ($Results.UserRightsModifyObjectLabels) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsModifyObjectLabels" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsModifyObjectLabels' -IsCIMArray:$False } if ($Results.UserRightsProfileSingleProcess) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsProfileSingleProcess" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsProfileSingleProcess' -IsCIMArray:$False } if ($Results.UserRightsRemoteDesktopServicesLogOn) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsRemoteDesktopServicesLogOn" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsRemoteDesktopServicesLogOn' -IsCIMArray:$False } if ($Results.UserRightsRemoteShutdown) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsRemoteShutdown" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsRemoteShutdown' -IsCIMArray:$False } if ($Results.UserRightsRestoreData) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsRestoreData" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsRestoreData' -IsCIMArray:$False } if ($Results.UserRightsTakeOwnership) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsTakeOwnership" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsTakeOwnership' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable - $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) - $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( " ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -6098,88 +6100,88 @@ function Export-TargetResource return '' } } - function Update-DeviceConfigurationPolicyAssignment - { - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param ( - [Parameter(Mandatory = 'true')] - [System.String] - $DeviceConfigurationPolicyId, +function Update-DeviceConfigurationPolicyAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, - [Parameter()] - [Array] - $Targets, + [Parameter()] + [Array] + $Targets, - [Parameter()] - [System.String] - $Repository='deviceManagement/configurationPolicies', + [Parameter()] + [System.String] + $Repository = 'deviceManagement/configurationPolicies', - [Parameter()] - [ValidateSet('v1.0','beta')] - [System.String] - $APIVersion='beta' - ) - try - { - $deviceManagementPolicyAssignments=@() + [Parameter()] + [ValidateSet('v1.0', 'beta')] + [System.String] + $APIVersion = 'beta' + ) + try + { + $deviceManagementPolicyAssignments = @() - $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach ($target in $targets) + { + $formattedTarget = @{'@odata.type' = $target.dataType } + if ($target.groupId) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) - { - $formattedTarget.Add('groupId',$target.groupId) - } - if($target.collectionId) - { - $formattedTarget.Add('collectionId',$target.collectionId) - } - if($target.deviceAndAppManagementAssignmentFilterType) - { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) - } - if($target.deviceAndAppManagementAssignmentFilterId) - { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) - } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $formattedTarget.Add('groupId', $target.groupId) } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 - #write-verbose -Message $body - Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - + if ($target.collectionId) + { + $formattedTarget.Add('collectionId', $target.collectionId) + } + if ($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) + } + if ($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - catch - { - New-M365DSCLogEntry -Message 'Error updating data:' - -Exception $_ - -Source $($MyInvocation.MyCommand.Source) - -TenantId $TenantId - -Credential $Credential + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - return $null - } + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' + -Exception $_ + -Source $($MyInvocation.MyCommand.Source) + -TenantId $TenantId + -Credential $Credential + return $null + } - }function Rename-M365DSCCimInstanceParameter + +}function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" + $keyToRename = @{ + 'odataType' = '@odata.type' } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -6189,34 +6191,34 @@ function Export-TargetResource { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values - return ,$result + return , $result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like '*Hashtable') { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -6228,51 +6230,51 @@ function Export-TargetResource function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -6289,27 +6291,27 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' ) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -6367,15 +6369,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -6383,26 +6385,26 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -6411,23 +6413,23 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -6441,37 +6443,37 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -6480,17 +6482,17 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -6501,26 +6503,26 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -6529,11 +6531,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -6544,32 +6546,32 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } return $currentProperty @@ -6589,49 +6591,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -6641,7 +6643,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -6653,7 +6655,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -6671,47 +6673,47 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -6721,36 +6723,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -6758,16 +6760,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -6777,18 +6779,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -6812,47 +6814,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/settings.json index 2b6b168c2f..31fc646302 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneDeviceConfigurationEndpointProtectionPolicyWindows10", "description": "This resource configures an Intune Device Configuration Endpoint Protection Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 index 9f2cda895d..73c7aeee56 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 @@ -6,7 +6,7 @@ function Get-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $AllowDeviceHealthMonitoring, @@ -15,7 +15,7 @@ function Get-TargetResource $ConfigDeviceHealthMonitoringCustomScope, [Parameter()] - [ValidateSet('undefined','healthMonitoring','bootPerformance','windowsUpdates','privilegeManagement')] + [ValidateSet('undefined', 'healthMonitoring', 'bootPerformance', 'windowsUpdates', 'privilegeManagement')] [System.String[]] $ConfigDeviceHealthMonitoringScope, @@ -93,7 +93,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -153,11 +153,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -184,7 +186,7 @@ function Set-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $AllowDeviceHealthMonitoring, @@ -193,7 +195,7 @@ function Set-TargetResource $ConfigDeviceHealthMonitoringCustomScope, [Parameter()] - [ValidateSet('undefined','healthMonitoring','bootPerformance','windowsUpdates','privilegeManagement')] + [ValidateSet('undefined', 'healthMonitoring', 'bootPerformance', 'windowsUpdates', 'privilegeManagement')] [System.String[]] $ConfigDeviceHealthMonitoringScope, @@ -274,7 +276,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -283,14 +285,14 @@ function Set-TargetResource $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } $CreateParameters.ConfigDeviceHealthMonitoringScope = [String[]]$CreateParameters.ConfigDeviceHealthMonitoringScope -join ',' #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsHealthMonitoringConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windowsHealthMonitoringConfiguration') $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = @() foreach ($assignment in $Assignments) @@ -300,7 +302,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -309,7 +311,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -319,14 +321,14 @@ function Set-TargetResource $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } $UpdateParameters.ConfigDeviceHealthMonitoringScope = [String[]]$UpdateParameters.ConfigDeviceHealthMonitoringScope -join ',' #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsHealthMonitoringConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windowsHealthMonitoringConfiguration') Update-MgDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -358,7 +360,7 @@ function Test-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $AllowDeviceHealthMonitoring, @@ -367,7 +369,7 @@ function Test-TargetResource $ConfigDeviceHealthMonitoringCustomScope, [Parameter()] - [ValidateSet('undefined','healthMonitoring','bootPerformance','windowsUpdates','privilegeManagement')] + [ValidateSet('undefined', 'healthMonitoring', 'bootPerformance', 'windowsUpdates', 'privilegeManagement')] [System.String[]] $ConfigDeviceHealthMonitoringScope, @@ -545,7 +547,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsHealthMonitoringConfiguration' ` - } + } #endregion $i = 1 @@ -568,7 +570,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -600,7 +602,7 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -643,7 +645,7 @@ function Update-DeviceConfigurationPolicyAssignment $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] $APIVersion = 'beta' ) @@ -654,26 +656,26 @@ function Update-DeviceConfigurationPolicyAssignment foreach ($target in $targets) { - $formattedTarget = @{"@odata.type" = $target.dataType} + $formattedTarget = @{'@odata.type' = $target.dataType } if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -692,14 +694,14 @@ function Update-DeviceConfigurationPolicyAssignment function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) $keyToRename = @{ - "odataType" = "@odata.type" + 'odataType' = '@odata.type' } $result = $Properties @@ -716,22 +718,22 @@ function Rename-M365DSCCimInstanceParameter } $result = $values - return ,$result + return , $result } #endregion #region Single - if ($type -like "*Hashtable") + if ($type -like '*Hashtable') { $result = ([Hashtable]$Properties).clone() } - if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result $keys = ($hashProperties.clone()).keys foreach ($key in $keys) { - $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { $keyName = $keyToRename.$key @@ -741,7 +743,7 @@ function Rename-M365DSCCimInstanceParameter if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -753,7 +755,7 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject @@ -764,7 +766,7 @@ function Get-M365DSCDRGComplexTypeToHashtable return $null } - if ($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { $results = @() @@ -780,7 +782,7 @@ function Get-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } if ($ComplexObject.getType().fullname -like '*Dictionary*') @@ -797,7 +799,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $keyType = $ComplexObject.$key.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -814,19 +816,19 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if ($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { $keyName = $key - if ($ComplexObject.getType().Fullname -notlike "*hashtable") + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { $keyName = $key.Name } @@ -834,7 +836,7 @@ function Get-M365DSCDRGComplexTypeToHashtable if ($null -ne $ComplexObject.$keyName) { $keyType = $ComplexObject.$keyName.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -913,7 +915,7 @@ function Get-M365DSCDRGComplexTypeToString $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { $currentProperty = @() $IndentLevel++ @@ -926,7 +928,7 @@ function Get-M365DSCDRGComplexTypeToString } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -935,7 +937,7 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } $currentProperty = '' @@ -945,7 +947,7 @@ function Get-M365DSCDRGComplexTypeToString $currentProperty += $indent } - $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ $indent = '' @@ -965,19 +967,19 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() $isArray = $false - if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { $isArray = $true } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] } else @@ -995,7 +997,7 @@ function Get-M365DSCDRGComplexTypeToString if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1004,16 +1006,16 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" @@ -1025,10 +1027,10 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" @@ -1053,7 +1055,7 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } if ($mappedKey -and $mappedKey.isRequired) { @@ -1069,12 +1071,12 @@ function Get-M365DSCDRGComplexTypeToString } } $indent = '' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { $indent += ' ' } $currentProperty += "$indent}" - if ($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } @@ -1083,14 +1085,14 @@ function Get-M365DSCDRGComplexTypeToString if ($IndentLevel -eq 5) { $indent = '' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { $indent += ' ' } $currentProperty += $indent } - $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { $currentProperty = $null @@ -1114,30 +1116,30 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [System.String] $Space = ' ' - ) + ) $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { if ($key -eq '@odata.type') { - $key ='odataType' + $key = 'odataType' } $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue = $Space + $key + " = @(" + $returnValue = $Space + $key + ' = @(' $whitespace = '' $newline = '' if ($Value.count -gt 1) @@ -1146,15 +1148,15 @@ Function Get-M365DSCDRGSimpleObjectTypeToString $whitespace = $Space + ' ' $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1176,7 +1178,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue = $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1194,7 +1196,7 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if ($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } @@ -1216,7 +1218,7 @@ function Compare-M365DSCComplexObject return $false } - if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { if ($source.count -ne $target.count) { @@ -1252,7 +1254,7 @@ function Compare-M365DSCComplexObject return $true } - $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target @@ -1282,7 +1284,7 @@ function Compare-M365DSCComplexObject #Both keys aren't null or empty if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*') { #Recursive call for complex object $compareResult = Compare-M365DSCComplexObject ` @@ -1303,7 +1305,7 @@ function Compare-M365DSCComplexObject #Identifying date from the current values $targetType = ($Target.$tkey.getType()).Name - if ($targetType -like "*Date*") + if ($targetType -like '*Date*') { $compareResult = $true $sourceDate = [DateTime]$Source.$key @@ -1333,13 +1335,13 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if ($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { $results = @() foreach ($item in $ComplexObject) @@ -1352,17 +1354,17 @@ function Convert-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject if ($null -ne $hashComplexObject) { $results = $hashComplexObject.clone() - $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } @@ -1371,7 +1373,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) $propertyValue = $results[$key] $results.remove($key) | Out-Null - $results.add($propertyName,$propertyValue) + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/settings.json index a3c25ab232..876ce379ca 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10", "description": "This resource configures an Intune Device Configuration Health Monitoring Configuration Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 index 63b2cfb5fd..02cb3881ef 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 @@ -14,7 +14,7 @@ function Get-TargetResource $PinExpirationInDays, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinLowercaseCharactersUsage, @@ -35,12 +35,12 @@ function Get-TargetResource $PinRecoveryEnabled, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinSpecialCharactersUsage, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinUppercaseCharactersUsage, @@ -138,13 +138,13 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Device Configuration Identity Protection Policy for Windows10 with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDeviceManagementDeviceConfiguration ` -Filter "DisplayName eq '$DisplayName'" ` @@ -215,11 +215,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' - deviceAndAppManagementAssignmentFilterType = $(if($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -254,7 +256,7 @@ function Set-TargetResource $PinExpirationInDays, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinLowercaseCharactersUsage, @@ -275,12 +277,12 @@ function Set-TargetResource $PinRecoveryEnabled, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinSpecialCharactersUsage, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinUppercaseCharactersUsage, @@ -381,32 +383,32 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Identity Protection Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsIdentityProtectionConfiguration") - $policy=New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $CreateParameters.Add('@odata.type', '#microsoft.graph.windowsIdentityProtectionConfiguration') + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - if($policy.id) + if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -415,30 +417,30 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Identity Protection Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters $UpdateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsIdentityProtectionConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windowsIdentityProtectionConfiguration') Update-MgDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` @@ -470,7 +472,7 @@ function Test-TargetResource $PinExpirationInDays, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinLowercaseCharactersUsage, @@ -491,12 +493,12 @@ function Test-TargetResource $PinRecoveryEnabled, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinSpecialCharactersUsage, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinUppercaseCharactersUsage, @@ -611,7 +613,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -695,7 +697,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsIdentityProtectionConfiguration' ` - } + } #endregion $i = 1 @@ -731,7 +733,7 @@ function Export-TargetResource $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if($Results.Assignments) + if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) @@ -750,7 +752,7 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -789,50 +791,50 @@ function Update-DeviceConfigurationPolicyAssignment [Parameter()] [System.String] - $Repository='deviceManagement/configurationPolicies', + $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] - $APIVersion='beta' + $APIVersion = 'beta' ) try { - $deviceManagementPolicyAssignments=@() - $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach ($target in $targets) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) + $formattedTarget = @{'@odata.type' = $target.dataType } + if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } - if($target.collectionId) + if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } - if($target.deviceAndAppManagementAssignmentFilterType) + if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } - if($target.deviceAndAppManagementAssignmentFilterId) + if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } catch { New-M365DSCLogEntry -Message 'Error updating data:' - -Exception $_ - -Source $($MyInvocation.MyCommand.Source) - -TenantId $TenantId - -Credential $Credential + -Exception $_ + -Source $($MyInvocation.MyCommand.Source) + -TenantId $TenantId + -Credential $Credential return $null } @@ -841,19 +843,19 @@ function Update-DeviceConfigurationPolicyAssignment function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" + $keyToRename = @{ + 'odataType' = '@odata.type' } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -863,34 +865,34 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values - return ,$result + return , $result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like '*Hashtable') { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -903,51 +905,51 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -964,27 +966,27 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' ) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -1042,15 +1044,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -1058,26 +1060,26 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -1086,23 +1088,23 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -1116,37 +1118,37 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1155,17 +1157,17 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -1176,26 +1178,26 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1204,11 +1206,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1219,32 +1221,32 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } return $currentProperty @@ -1264,49 +1266,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1316,7 +1318,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1328,7 +1330,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1346,47 +1348,47 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -1396,36 +1398,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1433,16 +1435,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -1452,18 +1454,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1487,47 +1489,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/settings.json index ffc2c606d7..d5d83f0b7f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneDeviceConfigurationIdentityProtectionPolicyWindows10", "description": "This resource configures an Intune Device Configuration Identity Protection Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 index ccd62709c5..211e2bbe11 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 @@ -83,7 +83,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -95,7 +95,7 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object -FilterScript { ` $_.AdditionalProperties -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' ` - } + } } } #endregion @@ -115,12 +115,12 @@ function Get-TargetResource $myEnterpriseCloudResources = @{} $myEnterpriseCloudResources.Add('IpAddressOrFQDN', $currentEnterpriseCloudResources.ipAddressOrFQDN) $myEnterpriseCloudResources.Add('Proxy', $currentEnterpriseCloudResources.proxy) - if ($myEnterpriseCloudResources.values.Where({$null -ne $_}).count -gt 0) + if ($myEnterpriseCloudResources.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseCloudResources += $myEnterpriseCloudResources } } - $complexWindowsNetworkIsolationPolicy.Add('EnterpriseCloudResources',$complexEnterpriseCloudResources) + $complexWindowsNetworkIsolationPolicy.Add('EnterpriseCloudResources', $complexEnterpriseCloudResources) $complexWindowsNetworkIsolationPolicy.Add('EnterpriseInternalProxyServers', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseInternalProxyServers) $complexEnterpriseIPRanges = @() foreach ($currentEnterpriseIPRanges in $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseIPRanges) @@ -133,18 +133,18 @@ function Get-TargetResource { $myEnterpriseIPRanges.Add('odataType', $currentEnterpriseIPRanges.'@odata.type'.toString()) } - if ($myEnterpriseIPRanges.values.Where({$null -ne $_}).count -gt 0) + if ($myEnterpriseIPRanges.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseIPRanges += $myEnterpriseIPRanges } } - $complexWindowsNetworkIsolationPolicy.Add('EnterpriseIPRanges',$complexEnterpriseIPRanges) + $complexWindowsNetworkIsolationPolicy.Add('EnterpriseIPRanges', $complexEnterpriseIPRanges) $complexWindowsNetworkIsolationPolicy.Add('EnterpriseIPRangesAreAuthoritative', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseIPRangesAreAuthoritative) $complexWindowsNetworkIsolationPolicy.Add('EnterpriseNetworkDomainNames', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseNetworkDomainNames) $complexWindowsNetworkIsolationPolicy.Add('EnterpriseProxyServers', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseProxyServers) $complexWindowsNetworkIsolationPolicy.Add('EnterpriseProxyServersAreAuthoritative', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseProxyServersAreAuthoritative) $complexWindowsNetworkIsolationPolicy.Add('NeutralDomainResources', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.neutralDomainResources) - if ($complexWindowsNetworkIsolationPolicy.values.Where({$null -ne $_}).count -eq 0) + if ($complexWindowsNetworkIsolationPolicy.values.Where({ $null -ne $_ }).count -eq 0) { $complexWindowsNetworkIsolationPolicy = $null } @@ -171,11 +171,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -281,7 +283,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Network Boundary Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -290,13 +292,13 @@ function Set-TargetResource $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10NetworkBoundaryConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10NetworkBoundaryConfiguration') $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = @() foreach ($assignment in $Assignments) @@ -306,7 +308,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -315,7 +317,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Network Boundary Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -325,13 +327,13 @@ function Set-TargetResource $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10NetworkBoundaryConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10NetworkBoundaryConfiguration') Update-MgDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -540,7 +542,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' ` - } + } #endregion $i = 1 @@ -563,7 +565,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -580,19 +582,19 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'WindowsNetworkIsolationPolicy' + Name = 'WindowsNetworkIsolationPolicy' CimInstanceName = 'MicrosoftGraphWindowsNetworkIsolationPolicy' - IsRequired = $False + IsRequired = $False } @{ - Name = 'EnterpriseCloudResources' + Name = 'EnterpriseCloudResources' CimInstanceName = 'MicrosoftGraphProxiedDomain1' - IsRequired = $False + IsRequired = $False } @{ - Name = 'EnterpriseIPRanges' + Name = 'EnterpriseIPRanges' CimInstanceName = 'MicrosoftGraphIpRange1' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -628,11 +630,11 @@ function Export-TargetResource -Credential $Credential if ($Results.WindowsNetworkIsolationPolicy) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "WindowsNetworkIsolationPolicy" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'WindowsNetworkIsolationPolicy' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) @@ -677,7 +679,7 @@ function Update-DeviceConfigurationPolicyAssignment $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] $APIVersion = 'beta' ) @@ -688,26 +690,26 @@ function Update-DeviceConfigurationPolicyAssignment foreach ($target in $targets) { - $formattedTarget = @{"@odata.type" = $target.dataType} + $formattedTarget = @{'@odata.type' = $target.dataType } if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -726,14 +728,14 @@ function Update-DeviceConfigurationPolicyAssignment function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) $keyToRename = @{ - "odataType" = "@odata.type" + 'odataType' = '@odata.type' } $result = $Properties @@ -750,22 +752,22 @@ function Rename-M365DSCCimInstanceParameter } $result = $values - return ,$result + return , $result } #endregion #region Single - if ($type -like "*Hashtable") + if ($type -like '*Hashtable') { $result = ([Hashtable]$Properties).clone() } - if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result $keys = ($hashProperties.clone()).keys foreach ($key in $keys) { - $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { $keyName = $keyToRename.$key @@ -775,7 +777,7 @@ function Rename-M365DSCCimInstanceParameter if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -787,7 +789,7 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject @@ -798,7 +800,7 @@ function Get-M365DSCDRGComplexTypeToHashtable return $null } - if ($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { $results = @() @@ -814,7 +816,7 @@ function Get-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } if ($ComplexObject.getType().fullname -like '*Dictionary*') @@ -831,7 +833,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $keyType = $ComplexObject.$key.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -848,19 +850,19 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if ($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { $keyName = $key - if ($ComplexObject.getType().Fullname -notlike "*hashtable") + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { $keyName = $key.Name } @@ -868,7 +870,7 @@ function Get-M365DSCDRGComplexTypeToHashtable if ($null -ne $ComplexObject.$keyName) { $keyType = $ComplexObject.$keyName.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -947,7 +949,7 @@ function Get-M365DSCDRGComplexTypeToString $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { $currentProperty = @() $IndentLevel++ @@ -960,7 +962,7 @@ function Get-M365DSCDRGComplexTypeToString } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -969,7 +971,7 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } $currentProperty = '' @@ -979,7 +981,7 @@ function Get-M365DSCDRGComplexTypeToString $currentProperty += $indent } - $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ $indent = '' @@ -999,19 +1001,19 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() $isArray = $false - if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { $isArray = $true } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] } else @@ -1029,7 +1031,7 @@ function Get-M365DSCDRGComplexTypeToString if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1038,16 +1040,16 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" @@ -1059,10 +1061,10 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" @@ -1087,7 +1089,7 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } if ($mappedKey -and $mappedKey.isRequired) { @@ -1103,12 +1105,12 @@ function Get-M365DSCDRGComplexTypeToString } } $indent = '' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { $indent += ' ' } $currentProperty += "$indent}" - if ($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } @@ -1117,14 +1119,14 @@ function Get-M365DSCDRGComplexTypeToString if ($IndentLevel -eq 5) { $indent = '' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { $indent += ' ' } $currentProperty += $indent } - $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { $currentProperty = $null @@ -1148,30 +1150,30 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [System.String] $Space = ' ' - ) + ) $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { if ($key -eq '@odata.type') { - $key ='odataType' + $key = 'odataType' } $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue = $Space + $key + " = @(" + $returnValue = $Space + $key + ' = @(' $whitespace = '' $newline = '' if ($Value.count -gt 1) @@ -1180,15 +1182,15 @@ Function Get-M365DSCDRGSimpleObjectTypeToString $whitespace = $Space + ' ' $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1210,7 +1212,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue = $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1228,7 +1230,7 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if ($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } @@ -1250,7 +1252,7 @@ function Compare-M365DSCComplexObject return $false } - if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { if ($source.count -ne $target.count) { @@ -1286,7 +1288,7 @@ function Compare-M365DSCComplexObject return $true } - $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target @@ -1316,7 +1318,7 @@ function Compare-M365DSCComplexObject #Both keys aren't null or empty if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*') { #Recursive call for complex object $compareResult = Compare-M365DSCComplexObject ` @@ -1337,7 +1339,7 @@ function Compare-M365DSCComplexObject #Identifying date from the current values $targetType = ($Target.$tkey.getType()).Name - if ($targetType -like "*Date*") + if ($targetType -like '*Date*') { $compareResult = $true $sourceDate = [DateTime]$Source.$key @@ -1367,13 +1369,13 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if ($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { $results = @() foreach ($item in $ComplexObject) @@ -1386,17 +1388,17 @@ function Convert-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject if ($null -ne $hashComplexObject) { $results = $hashComplexObject.clone() - $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } @@ -1405,7 +1407,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) $propertyValue = $results[$key] $results.remove($key) | Out-Null - $results.add($propertyName,$propertyValue) + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/settings.json index f0cea3ba58..f08c5923b0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10", "description": "This resource configures an Intune Device Configuration Network Boundary Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/settings.json index 98cebce461..d3a3c44787 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/settings.json @@ -29,4 +29,4 @@ } } } -} \ No newline at end of file +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 index 9ed168a880..04e9da2e0b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 @@ -328,7 +328,7 @@ function Get-TargetResource } $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $policy.Id + $returnAssignments += Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $policy.Id $assignmentResult = @() foreach ($assignmentEntry in $returnAssignments) { @@ -969,7 +969,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -982,7 +982,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -991,7 +991,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 index 3176adfabd..d6ba141358 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 @@ -10,7 +10,7 @@ function Get-TargetResource $AccountsBlockAddingNonMicrosoftAccountEmail, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $ActivateAppsWithVoice, @@ -31,7 +31,7 @@ function Get-TargetResource $AppManagementPackageFamilyNamesToLaunchAfterLogOn, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $AppsAllowTrustedAppsSideloading, @@ -48,7 +48,7 @@ function Get-TargetResource $AuthenticationPreferredAzureADTenantDomainName, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $AuthenticationWebSignIn, @@ -93,7 +93,7 @@ function Get-TargetResource $CellularBlockVpnWhenRoaming, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $CellularData, @@ -134,7 +134,7 @@ function Get-TargetResource $DefenderBlockOnAccessProtection, [Parameter()] - [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, @@ -171,17 +171,17 @@ function Get-TargetResource $DefenderFilesAndFoldersToExclude, [Parameter()] - [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderMonitorFileActivity, [Parameter()] - [ValidateSet('deviceDefault','block','audit')] + [ValidateSet('deviceDefault', 'block', 'audit')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppActionSetting, @@ -190,7 +190,7 @@ function Get-TargetResource $DefenderProcessesToExclude, [Parameter()] - [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] [System.String] $DefenderPromptForSampleSubmission, @@ -243,7 +243,7 @@ function Get-TargetResource $DefenderScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined','disabled','quick','full')] + [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, @@ -264,17 +264,17 @@ function Get-TargetResource $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] - [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderSystemScanSchedule, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $DeveloperUnlockSetting, @@ -287,7 +287,7 @@ function Get-TargetResource $DeviceManagementBlockManualUnenroll, [Parameter()] - [ValidateSet('userDefined','none','basic','enhanced','full')] + [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] [System.String] $DiagnosticsDataSubmissionMode, @@ -404,7 +404,7 @@ function Get-TargetResource $EdgeClearBrowsingDataOnExit, [Parameter()] - [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [ValidateSet('userDefined', 'allow', 'blockThirdParty', 'blockAll')] [System.String] $EdgeCookiePolicy, @@ -417,7 +417,7 @@ function Get-TargetResource $EdgeEnterpriseModeSiteListLocation, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $EdgeFavoritesBarVisibility, @@ -442,7 +442,7 @@ function Get-TargetResource $EdgeHomepageUrls, [Parameter()] - [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] + [ValidateSet('notConfigured', 'digitalSignage', 'normalMode', 'publicBrowsingSingleApp', 'publicBrowsingMultiApp')] [System.String] $EdgeKioskModeRestriction, @@ -455,7 +455,7 @@ function Get-TargetResource $EdgeNewTabPageURL, [Parameter()] - [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] + [ValidateSet('notConfigured', 'startPage', 'newTabPage', 'previousPages', 'specificPages')] [System.String] $EdgeOpensWith, @@ -480,7 +480,7 @@ function Get-TargetResource $EdgeSendIntranetTrafficToInternetExplorer, [Parameter()] - [ValidateSet('notConfigured','disabled','enabled','keepGoing')] + [ValidateSet('notConfigured', 'disabled', 'enabled', 'keepGoing')] [System.String] $EdgeShowMessageWhenOpeningInternetExplorerSites, @@ -489,7 +489,7 @@ function Get-TargetResource $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] - [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] + [ValidateSet('notConfigured', 'intranet', 'internet', 'intranetAndInternet')] [System.String] $EdgeTelemetryForMicrosoft365Analytics, @@ -542,12 +542,12 @@ function Get-TargetResource $ExperienceBlockTaskSwitcher, [Parameter()] - [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [ValidateSet('notConfigured', 'blockedWithUserOverride', 'blocked')] [System.String] $ExperienceDoNotSyncBrowserSettings, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $FindMyFiles, @@ -556,12 +556,12 @@ function Get-TargetResource $GameDvrBlocked, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $InkWorkspaceAccess, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $InkWorkspaceAccessState, @@ -578,7 +578,7 @@ function Get-TargetResource $LocationServicesBlocked, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $LockScreenActivateAppsWithVoice, @@ -627,7 +627,7 @@ function Get-TargetResource $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('notConfigured','disabled')] + [ValidateSet('notConfigured', 'disabled')] [System.String] $MicrosoftAccountSignInAssistantSettings, @@ -688,7 +688,7 @@ function Get-TargetResource $PasswordRequired, [Parameter()] - [ValidateSet('deviceDefault','alphanumeric','numeric')] + [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] [System.String] $PasswordRequiredType, @@ -709,42 +709,42 @@ function Get-TargetResource $PersonalizationLockScreenImageUrl, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerButtonActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerButtonActionPluggedIn, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $PowerHybridSleepOnBattery, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $PowerHybridSleepPluggedIn, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerLidCloseActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerLidCloseActionPluggedIn, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerSleepButtonActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerSleepButtonActionPluggedIn, @@ -761,7 +761,7 @@ function Get-TargetResource $PrinterNames, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $PrivacyAdvertisingId, @@ -790,7 +790,7 @@ function Get-TargetResource $ResetProtectionModeBlocked, [Parameter()] - [ValidateSet('userDefined','strict','moderate')] + [ValidateSet('userDefined', 'strict', 'moderate')] [System.String] $SafeSearchFilter, @@ -923,7 +923,7 @@ function Get-TargetResource $SharedUserAppDataAllowed, [Parameter()] - [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] + [ValidateSet('notConfigured', 'anywhere', 'storeOnly', 'recommendations', 'preferStore')] [System.String] $SmartScreenAppInstallControl, @@ -944,7 +944,7 @@ function Get-TargetResource $StartBlockUnpinningAppsFromTaskbar, [Parameter()] - [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] + [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] [System.String] $StartMenuAppListVisibility, @@ -1009,57 +1009,57 @@ function Get-TargetResource $StartMenuLayoutXml, [Parameter()] - [ValidateSet('userDefined','fullScreen','nonFullScreen')] + [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] [System.String] $StartMenuMode, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderDocuments, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderDownloads, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderFileExplorer, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderHomeGroup, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderMusic, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderNetwork, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderPersonalFolder, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderPictures, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderSettings, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderVideos, @@ -1156,7 +1156,7 @@ function Get-TargetResource $WindowsSpotlightBlockWindowsTips, [Parameter()] - [ValidateSet('notConfigured','disabled','enabled')] + [ValidateSet('notConfigured', 'disabled', 'enabled')] [System.String] $WindowsSpotlightConfigureOnLockScreen, @@ -1258,7 +1258,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -1270,8 +1270,8 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10GeneralConfiguration" ` - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' ` + } } } #endregion @@ -1301,7 +1301,7 @@ function Get-TargetResource { $complexDefenderDetectedMalwareActions.Add('SevereSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity.toString()) } - if ($complexDefenderDetectedMalwareActions.values.Where({$null -ne $_}).count -eq 0) + if ($complexDefenderDetectedMalwareActions.values.Where({ $null -ne $_ }).count -eq 0) { $complexDefenderDetectedMalwareActions = $null } @@ -1312,7 +1312,7 @@ function Get-TargetResource { $complexEdgeHomeButtonConfiguration.Add('odataType', $getValue.AdditionalProperties.edgeHomeButtonConfiguration.'@odata.type'.toString()) } - if ($complexEdgeHomeButtonConfiguration.values.Where({$null -ne $_}).count -eq 0) + if ($complexEdgeHomeButtonConfiguration.values.Where({ $null -ne $_ }).count -eq 0) { $complexEdgeHomeButtonConfiguration = $null } @@ -1327,7 +1327,7 @@ function Get-TargetResource { $complexEdgeSearchEngine.Add('odataType', $getValue.AdditionalProperties.edgeSearchEngine.'@odata.type'.toString()) } - if ($complexEdgeSearchEngine.values.Where({$null -ne $_}).count -eq 0) + if ($complexEdgeSearchEngine.values.Where({ $null -ne $_ }).count -eq 0) { $complexEdgeSearchEngine = $null } @@ -1336,7 +1336,7 @@ function Get-TargetResource $complexNetworkProxyServer.Add('Address', $getValue.AdditionalProperties.networkProxyServer.address) $complexNetworkProxyServer.Add('Exceptions', $getValue.AdditionalProperties.networkProxyServer.exceptions) $complexNetworkProxyServer.Add('UseForLocalAddresses', $getValue.AdditionalProperties.networkProxyServer.useForLocalAddresses) - if ($complexNetworkProxyServer.values.Where({$null -ne $_}).count -eq 0) + if ($complexNetworkProxyServer.values.Where({ $null -ne $_ }).count -eq 0) { $complexNetworkProxyServer = $null } @@ -1351,7 +1351,7 @@ function Get-TargetResource { $complexWindows10AppsForceUpdateSchedule.Add('StartDateTime', ([DateTimeOffset]$getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.startDateTime).ToString('o')) } - if ($complexWindows10AppsForceUpdateSchedule.values.Where({$null -ne $_}).count -eq 0) + if ($complexWindows10AppsForceUpdateSchedule.values.Where({ $null -ne $_ }).count -eq 0) { $complexWindows10AppsForceUpdateSchedule = $null } @@ -1981,11 +1981,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -2016,7 +2018,7 @@ function Set-TargetResource $AccountsBlockAddingNonMicrosoftAccountEmail, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $ActivateAppsWithVoice, @@ -2037,7 +2039,7 @@ function Set-TargetResource $AppManagementPackageFamilyNamesToLaunchAfterLogOn, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $AppsAllowTrustedAppsSideloading, @@ -2054,7 +2056,7 @@ function Set-TargetResource $AuthenticationPreferredAzureADTenantDomainName, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $AuthenticationWebSignIn, @@ -2099,7 +2101,7 @@ function Set-TargetResource $CellularBlockVpnWhenRoaming, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $CellularData, @@ -2140,7 +2142,7 @@ function Set-TargetResource $DefenderBlockOnAccessProtection, [Parameter()] - [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, @@ -2177,17 +2179,17 @@ function Set-TargetResource $DefenderFilesAndFoldersToExclude, [Parameter()] - [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderMonitorFileActivity, [Parameter()] - [ValidateSet('deviceDefault','block','audit')] + [ValidateSet('deviceDefault', 'block', 'audit')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppActionSetting, @@ -2196,7 +2198,7 @@ function Set-TargetResource $DefenderProcessesToExclude, [Parameter()] - [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] [System.String] $DefenderPromptForSampleSubmission, @@ -2249,7 +2251,7 @@ function Set-TargetResource $DefenderScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined','disabled','quick','full')] + [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, @@ -2270,17 +2272,17 @@ function Set-TargetResource $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] - [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderSystemScanSchedule, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $DeveloperUnlockSetting, @@ -2293,7 +2295,7 @@ function Set-TargetResource $DeviceManagementBlockManualUnenroll, [Parameter()] - [ValidateSet('userDefined','none','basic','enhanced','full')] + [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] [System.String] $DiagnosticsDataSubmissionMode, @@ -2410,7 +2412,7 @@ function Set-TargetResource $EdgeClearBrowsingDataOnExit, [Parameter()] - [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [ValidateSet('userDefined', 'allow', 'blockThirdParty', 'blockAll')] [System.String] $EdgeCookiePolicy, @@ -2423,7 +2425,7 @@ function Set-TargetResource $EdgeEnterpriseModeSiteListLocation, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $EdgeFavoritesBarVisibility, @@ -2448,7 +2450,7 @@ function Set-TargetResource $EdgeHomepageUrls, [Parameter()] - [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] + [ValidateSet('notConfigured', 'digitalSignage', 'normalMode', 'publicBrowsingSingleApp', 'publicBrowsingMultiApp')] [System.String] $EdgeKioskModeRestriction, @@ -2461,7 +2463,7 @@ function Set-TargetResource $EdgeNewTabPageURL, [Parameter()] - [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] + [ValidateSet('notConfigured', 'startPage', 'newTabPage', 'previousPages', 'specificPages')] [System.String] $EdgeOpensWith, @@ -2486,7 +2488,7 @@ function Set-TargetResource $EdgeSendIntranetTrafficToInternetExplorer, [Parameter()] - [ValidateSet('notConfigured','disabled','enabled','keepGoing')] + [ValidateSet('notConfigured', 'disabled', 'enabled', 'keepGoing')] [System.String] $EdgeShowMessageWhenOpeningInternetExplorerSites, @@ -2495,7 +2497,7 @@ function Set-TargetResource $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] - [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] + [ValidateSet('notConfigured', 'intranet', 'internet', 'intranetAndInternet')] [System.String] $EdgeTelemetryForMicrosoft365Analytics, @@ -2548,12 +2550,12 @@ function Set-TargetResource $ExperienceBlockTaskSwitcher, [Parameter()] - [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [ValidateSet('notConfigured', 'blockedWithUserOverride', 'blocked')] [System.String] $ExperienceDoNotSyncBrowserSettings, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $FindMyFiles, @@ -2562,12 +2564,12 @@ function Set-TargetResource $GameDvrBlocked, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $InkWorkspaceAccess, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $InkWorkspaceAccessState, @@ -2584,7 +2586,7 @@ function Set-TargetResource $LocationServicesBlocked, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $LockScreenActivateAppsWithVoice, @@ -2633,7 +2635,7 @@ function Set-TargetResource $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('notConfigured','disabled')] + [ValidateSet('notConfigured', 'disabled')] [System.String] $MicrosoftAccountSignInAssistantSettings, @@ -2694,7 +2696,7 @@ function Set-TargetResource $PasswordRequired, [Parameter()] - [ValidateSet('deviceDefault','alphanumeric','numeric')] + [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] [System.String] $PasswordRequiredType, @@ -2715,42 +2717,42 @@ function Set-TargetResource $PersonalizationLockScreenImageUrl, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerButtonActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerButtonActionPluggedIn, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $PowerHybridSleepOnBattery, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $PowerHybridSleepPluggedIn, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerLidCloseActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerLidCloseActionPluggedIn, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerSleepButtonActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerSleepButtonActionPluggedIn, @@ -2767,7 +2769,7 @@ function Set-TargetResource $PrinterNames, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $PrivacyAdvertisingId, @@ -2796,7 +2798,7 @@ function Set-TargetResource $ResetProtectionModeBlocked, [Parameter()] - [ValidateSet('userDefined','strict','moderate')] + [ValidateSet('userDefined', 'strict', 'moderate')] [System.String] $SafeSearchFilter, @@ -2929,7 +2931,7 @@ function Set-TargetResource $SharedUserAppDataAllowed, [Parameter()] - [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] + [ValidateSet('notConfigured', 'anywhere', 'storeOnly', 'recommendations', 'preferStore')] [System.String] $SmartScreenAppInstallControl, @@ -2950,7 +2952,7 @@ function Set-TargetResource $StartBlockUnpinningAppsFromTaskbar, [Parameter()] - [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] + [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] [System.String] $StartMenuAppListVisibility, @@ -3015,57 +3017,57 @@ function Set-TargetResource $StartMenuLayoutXml, [Parameter()] - [ValidateSet('userDefined','fullScreen','nonFullScreen')] + [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] [System.String] $StartMenuMode, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderDocuments, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderDownloads, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderFileExplorer, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderHomeGroup, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderMusic, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderNetwork, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderPersonalFolder, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderPictures, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderSettings, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderVideos, @@ -3162,7 +3164,7 @@ function Set-TargetResource $WindowsSpotlightBlockWindowsTips, [Parameter()] - [ValidateSet('notConfigured','disabled','enabled')] + [ValidateSet('notConfigured', 'disabled', 'enabled')] [System.String] $WindowsSpotlightConfigureOnLockScreen, @@ -3266,7 +3268,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -3275,13 +3277,13 @@ function Set-TargetResource $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10GeneralConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10GeneralConfiguration') $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = @() foreach ($assignment in $Assignments) @@ -3291,7 +3293,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -3300,7 +3302,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -3310,13 +3312,13 @@ function Set-TargetResource $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10GeneralConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10GeneralConfiguration') Update-MgDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -3333,7 +3335,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Intune Device Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Removing the Intune Device Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion @@ -3352,7 +3354,7 @@ function Test-TargetResource $AccountsBlockAddingNonMicrosoftAccountEmail, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $ActivateAppsWithVoice, @@ -3373,7 +3375,7 @@ function Test-TargetResource $AppManagementPackageFamilyNamesToLaunchAfterLogOn, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $AppsAllowTrustedAppsSideloading, @@ -3390,7 +3392,7 @@ function Test-TargetResource $AuthenticationPreferredAzureADTenantDomainName, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $AuthenticationWebSignIn, @@ -3435,7 +3437,7 @@ function Test-TargetResource $CellularBlockVpnWhenRoaming, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $CellularData, @@ -3476,7 +3478,7 @@ function Test-TargetResource $DefenderBlockOnAccessProtection, [Parameter()] - [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, @@ -3513,17 +3515,17 @@ function Test-TargetResource $DefenderFilesAndFoldersToExclude, [Parameter()] - [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderMonitorFileActivity, [Parameter()] - [ValidateSet('deviceDefault','block','audit')] + [ValidateSet('deviceDefault', 'block', 'audit')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppActionSetting, @@ -3532,7 +3534,7 @@ function Test-TargetResource $DefenderProcessesToExclude, [Parameter()] - [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] [System.String] $DefenderPromptForSampleSubmission, @@ -3585,7 +3587,7 @@ function Test-TargetResource $DefenderScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined','disabled','quick','full')] + [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, @@ -3606,17 +3608,17 @@ function Test-TargetResource $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] - [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderSystemScanSchedule, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $DeveloperUnlockSetting, @@ -3629,7 +3631,7 @@ function Test-TargetResource $DeviceManagementBlockManualUnenroll, [Parameter()] - [ValidateSet('userDefined','none','basic','enhanced','full')] + [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] [System.String] $DiagnosticsDataSubmissionMode, @@ -3746,7 +3748,7 @@ function Test-TargetResource $EdgeClearBrowsingDataOnExit, [Parameter()] - [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [ValidateSet('userDefined', 'allow', 'blockThirdParty', 'blockAll')] [System.String] $EdgeCookiePolicy, @@ -3759,7 +3761,7 @@ function Test-TargetResource $EdgeEnterpriseModeSiteListLocation, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $EdgeFavoritesBarVisibility, @@ -3784,7 +3786,7 @@ function Test-TargetResource $EdgeHomepageUrls, [Parameter()] - [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] + [ValidateSet('notConfigured', 'digitalSignage', 'normalMode', 'publicBrowsingSingleApp', 'publicBrowsingMultiApp')] [System.String] $EdgeKioskModeRestriction, @@ -3797,7 +3799,7 @@ function Test-TargetResource $EdgeNewTabPageURL, [Parameter()] - [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] + [ValidateSet('notConfigured', 'startPage', 'newTabPage', 'previousPages', 'specificPages')] [System.String] $EdgeOpensWith, @@ -3822,7 +3824,7 @@ function Test-TargetResource $EdgeSendIntranetTrafficToInternetExplorer, [Parameter()] - [ValidateSet('notConfigured','disabled','enabled','keepGoing')] + [ValidateSet('notConfigured', 'disabled', 'enabled', 'keepGoing')] [System.String] $EdgeShowMessageWhenOpeningInternetExplorerSites, @@ -3831,7 +3833,7 @@ function Test-TargetResource $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] - [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] + [ValidateSet('notConfigured', 'intranet', 'internet', 'intranetAndInternet')] [System.String] $EdgeTelemetryForMicrosoft365Analytics, @@ -3884,12 +3886,12 @@ function Test-TargetResource $ExperienceBlockTaskSwitcher, [Parameter()] - [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [ValidateSet('notConfigured', 'blockedWithUserOverride', 'blocked')] [System.String] $ExperienceDoNotSyncBrowserSettings, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $FindMyFiles, @@ -3898,12 +3900,12 @@ function Test-TargetResource $GameDvrBlocked, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $InkWorkspaceAccess, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $InkWorkspaceAccessState, @@ -3920,7 +3922,7 @@ function Test-TargetResource $LocationServicesBlocked, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $LockScreenActivateAppsWithVoice, @@ -3969,7 +3971,7 @@ function Test-TargetResource $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('notConfigured','disabled')] + [ValidateSet('notConfigured', 'disabled')] [System.String] $MicrosoftAccountSignInAssistantSettings, @@ -4030,7 +4032,7 @@ function Test-TargetResource $PasswordRequired, [Parameter()] - [ValidateSet('deviceDefault','alphanumeric','numeric')] + [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] [System.String] $PasswordRequiredType, @@ -4051,42 +4053,42 @@ function Test-TargetResource $PersonalizationLockScreenImageUrl, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerButtonActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerButtonActionPluggedIn, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $PowerHybridSleepOnBattery, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $PowerHybridSleepPluggedIn, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerLidCloseActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerLidCloseActionPluggedIn, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerSleepButtonActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerSleepButtonActionPluggedIn, @@ -4103,7 +4105,7 @@ function Test-TargetResource $PrinterNames, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $PrivacyAdvertisingId, @@ -4132,7 +4134,7 @@ function Test-TargetResource $ResetProtectionModeBlocked, [Parameter()] - [ValidateSet('userDefined','strict','moderate')] + [ValidateSet('userDefined', 'strict', 'moderate')] [System.String] $SafeSearchFilter, @@ -4265,7 +4267,7 @@ function Test-TargetResource $SharedUserAppDataAllowed, [Parameter()] - [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] + [ValidateSet('notConfigured', 'anywhere', 'storeOnly', 'recommendations', 'preferStore')] [System.String] $SmartScreenAppInstallControl, @@ -4286,7 +4288,7 @@ function Test-TargetResource $StartBlockUnpinningAppsFromTaskbar, [Parameter()] - [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] + [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] [System.String] $StartMenuAppListVisibility, @@ -4351,57 +4353,57 @@ function Test-TargetResource $StartMenuLayoutXml, [Parameter()] - [ValidateSet('userDefined','fullScreen','nonFullScreen')] + [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] [System.String] $StartMenuMode, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderDocuments, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderDownloads, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderFileExplorer, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderHomeGroup, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderMusic, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderNetwork, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderPersonalFolder, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderPictures, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderSettings, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderVideos, @@ -4498,7 +4500,7 @@ function Test-TargetResource $WindowsSpotlightBlockWindowsTips, [Parameter()] - [ValidateSet('notConfigured','disabled','enabled')] + [ValidateSet('notConfigured', 'disabled', 'enabled')] [System.String] $WindowsSpotlightConfigureOnLockScreen, @@ -4624,7 +4626,7 @@ function Test-TargetResource } } - $ValuesToCheck.remove("Id") | Out-Null + $ValuesToCheck.remove('Id') | Out-Null $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null @@ -4701,7 +4703,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' ` - } + } #endregion $i = 1 @@ -4724,7 +4726,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -4826,27 +4828,27 @@ function Export-TargetResource -Credential $Credential if ($Results.DefenderDetectedMalwareActions) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DefenderDetectedMalwareActions" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DefenderDetectedMalwareActions' -IsCIMArray:$False } if ($Results.EdgeHomeButtonConfiguration) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EdgeHomeButtonConfiguration" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EdgeHomeButtonConfiguration' -IsCIMArray:$False } if ($Results.EdgeSearchEngine) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EdgeSearchEngine" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EdgeSearchEngine' -IsCIMArray:$False } if ($Results.NetworkProxyServer) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "NetworkProxyServer" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'NetworkProxyServer' -IsCIMArray:$False } if ($Results.Windows10AppsForceUpdateSchedule) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Windows10AppsForceUpdateSchedule" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Windows10AppsForceUpdateSchedule' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) @@ -4891,7 +4893,7 @@ function Update-DeviceConfigurationPolicyAssignment $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] $APIVersion = 'beta' ) @@ -4902,26 +4904,26 @@ function Update-DeviceConfigurationPolicyAssignment foreach ($target in $targets) { - $formattedTarget = @{"@odata.type" = $target.dataType} + $formattedTarget = @{'@odata.type' = $target.dataType } if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -4940,14 +4942,14 @@ function Update-DeviceConfigurationPolicyAssignment function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) $keyToRename = @{ - "odataType" = "@odata.type" + 'odataType' = '@odata.type' } $result = $Properties @@ -4964,22 +4966,22 @@ function Rename-M365DSCCimInstanceParameter } $result = $values - return ,$result + return , $result } #endregion #region Single - if ($type -like "*Hashtable") + if ($type -like '*Hashtable') { $result = ([Hashtable]$Properties).clone() } - if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result $keys = ($hashProperties.clone()).keys foreach ($key in $keys) { - $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { $keyName = $keyToRename.$key @@ -4989,7 +4991,7 @@ function Rename-M365DSCCimInstanceParameter if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -5001,7 +5003,7 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject @@ -5012,7 +5014,7 @@ function Get-M365DSCDRGComplexTypeToHashtable return $null } - if ($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { $results = @() @@ -5028,7 +5030,7 @@ function Get-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } if ($ComplexObject.getType().fullname -like '*Dictionary*') @@ -5045,7 +5047,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $keyType = $ComplexObject.$key.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -5062,19 +5064,19 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if ($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { $keyName = $key - if ($ComplexObject.getType().Fullname -notlike "*hashtable") + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { $keyName = $key.Name } @@ -5082,7 +5084,7 @@ function Get-M365DSCDRGComplexTypeToHashtable if ($null -ne $ComplexObject.$keyName) { $keyType = $ComplexObject.$keyName.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -5161,7 +5163,7 @@ function Get-M365DSCDRGComplexTypeToString $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { $currentProperty = @() $IndentLevel++ @@ -5174,7 +5176,7 @@ function Get-M365DSCDRGComplexTypeToString } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -5183,7 +5185,7 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } $currentProperty = '' @@ -5193,7 +5195,7 @@ function Get-M365DSCDRGComplexTypeToString $currentProperty += $indent } - $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ $indent = '' @@ -5213,19 +5215,19 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() $isArray = $false - if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { $isArray = $true } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] } else @@ -5243,7 +5245,7 @@ function Get-M365DSCDRGComplexTypeToString if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -5252,16 +5254,16 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" @@ -5273,10 +5275,10 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" @@ -5301,7 +5303,7 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } if ($mappedKey -and $mappedKey.isRequired) { @@ -5317,12 +5319,12 @@ function Get-M365DSCDRGComplexTypeToString } } $indent = '' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { $indent += ' ' } $currentProperty += "$indent}" - if ($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } @@ -5331,14 +5333,14 @@ function Get-M365DSCDRGComplexTypeToString if ($IndentLevel -eq 5) { $indent = '' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { $indent += ' ' } $currentProperty += $indent } - $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { $currentProperty = $null @@ -5362,30 +5364,30 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [System.String] $Space = ' ' - ) + ) $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { if ($key -eq '@odata.type') { - $key ='odataType' + $key = 'odataType' } $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue = $Space + $key + " = @(" + $returnValue = $Space + $key + ' = @(' $whitespace = '' $newline = '' if ($Value.count -gt 1) @@ -5394,15 +5396,15 @@ Function Get-M365DSCDRGSimpleObjectTypeToString $whitespace = $Space + ' ' $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -5424,7 +5426,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue = $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -5442,7 +5444,7 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if ($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } @@ -5464,7 +5466,7 @@ function Compare-M365DSCComplexObject return $false } - if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { if ($source.count -ne $target.count) { @@ -5500,7 +5502,7 @@ function Compare-M365DSCComplexObject return $true } - $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target @@ -5530,7 +5532,7 @@ function Compare-M365DSCComplexObject #Both keys aren't null or empty if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*') { #Recursive call for complex object $compareResult = Compare-M365DSCComplexObject ` @@ -5551,7 +5553,7 @@ function Compare-M365DSCComplexObject #Identifying date from the current values $targetType = ($Target.$tkey.getType()).Name - if ($targetType -like "*Date*") + if ($targetType -like '*Date*') { $compareResult = $true $sourceDate = [DateTime]$Source.$key @@ -5581,13 +5583,13 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if ($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { $results = @() foreach ($item in $ComplexObject) @@ -5600,17 +5602,17 @@ function Convert-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject if ($null -ne $hashComplexObject) { $results = $hashComplexObject.clone() - $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } @@ -5619,7 +5621,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) $propertyValue = $results[$key] $results.remove($key) | Out-Null - $results.add($propertyName,$propertyValue) + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json index fd1ad15727..13e3014ede 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneDeviceConfigurationPolicyWindows10", "description": "This resource configures an Intune Device Configuration Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/settings.json index 0867e824da..4fba42c687 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneRoleAssignment", "description": "This resource configures an Intune Role Assignment.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementRBAC.Read.All" - }, - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementRBAC.Read.All" - }, - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementRBAC.Read.All" + }, + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementRBAC.Read.All" + }, + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/settings.json index eb7a1c61f1..748eeb9a1d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneRoleDefinition", "description": "This resource configures an Intune Role Definition.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementRBAC.Read.All" - }, - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementRBAC.Read.All" - }, - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementRBAC.Read.All" + }, + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementRBAC.Read.All" + }, + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/settings.json index 36492c38ac..d0f82b76aa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneWifiConfigurationPolicyAndroidDeviceAdministrator", "description": "This resource configures an Intune Wifi Configuration Policy Android Device Administrator Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/settings.json index 7dde6aee27..8f9b54ea8d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneWifiConfigurationPolicyAndroidForWork", "description": "This resource configures an Intune Wifi Configuration Policy Android For Work Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/settings.json index 25c66a4cd9..25b1573d36 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneWifiConfigurationPolicyAndroidOpenSourceProject", "description": "This resource configures an Intune Wifi Configuration Policy Android Open Source Project Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/settings.json index 4fbe5af6f8..0a7b7b136f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneWifiConfigurationPolicyIOS", "description": "This resource configures an Intune Wifi Configuration Policy for iOS Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/settings.json index 33a39b47ca..1a17e3f848 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneWifiConfigurationPolicyMacOS", "description": "This resource configures an Intune Wifi Configuration Policy for MacOS Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/settings.json index 7548ec4dbc..d05ffbbd82 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneWifiConfigurationPolicyWindows10", "description": "This resource configures an Intune Wifi Configuration Policy for Windows10 Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 index a4cd3d415d..72997e3eec 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 @@ -18,7 +18,7 @@ function Get-TargetResource $DeviceNameTemplate, [Parameter()] - [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [ValidateSet('windowsPc', 'surfaceHub2', 'holoLens', 'surfaceHub2S', 'virtualMachine', 'unknownFutureValue')] [System.String] $DeviceType, @@ -112,7 +112,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -143,7 +143,7 @@ function Get-TargetResource $complexEnrollmentStatusScreenSettings.Add('CustomErrorMessage', $getValue.EnrollmentStatusScreenSettings.customErrorMessage) $complexEnrollmentStatusScreenSettings.Add('HideInstallationProgress', $getValue.EnrollmentStatusScreenSettings.hideInstallationProgress) $complexEnrollmentStatusScreenSettings.Add('InstallProgressTimeoutInMinutes', $getValue.EnrollmentStatusScreenSettings.installProgressTimeoutInMinutes) - if ($complexEnrollmentStatusScreenSettings.values.Where({$null -ne $_}).count -eq 0) + if ($complexEnrollmentStatusScreenSettings.values.Where({ $null -ne $_ }).count -eq 0) { $complexEnrollmentStatusScreenSettings = $null } @@ -161,7 +161,7 @@ function Get-TargetResource { $complexOutOfBoxExperienceSettings.Add('UserType', $getValue.OutOfBoxExperienceSettings.userType.toString()) } - if ($complexOutOfBoxExperienceSettings.values.Where({$null -ne $_}).count -eq 0) + if ($complexOutOfBoxExperienceSettings.values.Where({ $null -ne $_ }).count -eq 0) { $complexOutOfBoxExperienceSettings = $null } @@ -203,11 +203,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -246,7 +248,7 @@ function Set-TargetResource $DeviceNameTemplate, [Parameter()] - [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [ValidateSet('windowsPc', 'surfaceHub2', 'holoLens', 'surfaceHub2S', 'virtualMachine', 'unknownFutureValue')] [System.String] $DeviceType, @@ -342,7 +344,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -351,13 +353,13 @@ function Set-TargetResource $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile") + $CreateParameters.Add('@odata.type', '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile') $policy = New-MgDeviceManagementWindowAutopilotDeploymentProfile -BodyParameter $CreateParameters $assignmentsHash = @() foreach ($assignment in $Assignments) @@ -367,7 +369,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/windowsAutopilotDeploymentProfiles' } @@ -376,7 +378,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -386,13 +388,13 @@ function Set-TargetResource $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile') Update-MgDeviceManagementWindowAutopilotDeploymentProfile ` -WindowsAutopilotDeploymentProfileId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -409,7 +411,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Removing the Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$($currentInstance.Id)}" #region resource generator code Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $currentInstance.Id #endregion @@ -436,7 +438,7 @@ function Test-TargetResource $DeviceNameTemplate, [Parameter()] - [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [ValidateSet('windowsPc', 'surfaceHub2', 'holoLens', 'surfaceHub2S', 'virtualMachine', 'unknownFutureValue')] [System.String] $DeviceType, @@ -630,7 +632,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile' ` - } + } #endregion $i = 1 @@ -653,7 +655,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -713,15 +715,15 @@ function Export-TargetResource -Credential $Credential if ($Results.EnrollmentStatusScreenSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnrollmentStatusScreenSettings" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnrollmentStatusScreenSettings' -IsCIMArray:$False } if ($Results.OutOfBoxExperienceSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "OutOfBoxExperienceSettings" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'OutOfBoxExperienceSettings' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) @@ -766,7 +768,7 @@ function Update-DeviceConfigurationPolicyAssignment $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] $APIVersion = 'beta' ) @@ -777,26 +779,26 @@ function Update-DeviceConfigurationPolicyAssignment foreach ($target in $targets) { - $formattedTarget = @{"@odata.type" = $target.dataType} + $formattedTarget = @{'@odata.type' = $target.dataType } if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -815,14 +817,14 @@ function Update-DeviceConfigurationPolicyAssignment function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) $keyToRename = @{ - "odataType" = "@odata.type" + 'odataType' = '@odata.type' } $result = $Properties @@ -839,22 +841,22 @@ function Rename-M365DSCCimInstanceParameter } $result = $values - return ,$result + return , $result } #endregion #region Single - if ($type -like "*Hashtable") + if ($type -like '*Hashtable') { $result = ([Hashtable]$Properties).clone() } - if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result $keys = ($hashProperties.clone()).keys foreach ($key in $keys) { - $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { $keyName = $keyToRename.$key @@ -864,7 +866,7 @@ function Rename-M365DSCCimInstanceParameter if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -876,7 +878,7 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject @@ -887,7 +889,7 @@ function Get-M365DSCDRGComplexTypeToHashtable return $null } - if ($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { $results = @() @@ -903,7 +905,7 @@ function Get-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } if ($ComplexObject.getType().fullname -like '*Dictionary*') @@ -920,7 +922,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $keyType = $ComplexObject.$key.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -937,19 +939,19 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if ($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { $keyName = $key - if ($ComplexObject.getType().Fullname -notlike "*hashtable") + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { $keyName = $key.Name } @@ -957,7 +959,7 @@ function Get-M365DSCDRGComplexTypeToHashtable if ($null -ne $ComplexObject.$keyName) { $keyType = $ComplexObject.$keyName.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -1036,7 +1038,7 @@ function Get-M365DSCDRGComplexTypeToString $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { $currentProperty = @() $IndentLevel++ @@ -1049,7 +1051,7 @@ function Get-M365DSCDRGComplexTypeToString } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -1058,7 +1060,7 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } $currentProperty = '' @@ -1068,7 +1070,7 @@ function Get-M365DSCDRGComplexTypeToString $currentProperty += $indent } - $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ $indent = '' @@ -1088,19 +1090,19 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() $isArray = $false - if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { $isArray = $true } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] } else @@ -1118,7 +1120,7 @@ function Get-M365DSCDRGComplexTypeToString if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1127,16 +1129,16 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" @@ -1148,10 +1150,10 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" @@ -1176,7 +1178,7 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } if ($mappedKey -and $mappedKey.isRequired) { @@ -1192,12 +1194,12 @@ function Get-M365DSCDRGComplexTypeToString } } $indent = '' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { $indent += ' ' } $currentProperty += "$indent}" - if ($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } @@ -1206,14 +1208,14 @@ function Get-M365DSCDRGComplexTypeToString if ($IndentLevel -eq 5) { $indent = '' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { $indent += ' ' } $currentProperty += $indent } - $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { $currentProperty = $null @@ -1237,30 +1239,30 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [System.String] $Space = ' ' - ) + ) $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { if ($key -eq '@odata.type') { - $key ='odataType' + $key = 'odataType' } $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue = $Space + $key + " = @(" + $returnValue = $Space + $key + ' = @(' $whitespace = '' $newline = '' if ($Value.count -gt 1) @@ -1269,15 +1271,15 @@ Function Get-M365DSCDRGSimpleObjectTypeToString $whitespace = $Space + ' ' $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1299,7 +1301,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue = $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1317,7 +1319,7 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if ($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } @@ -1339,7 +1341,7 @@ function Compare-M365DSCComplexObject return $false } - if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { if ($source.count -ne $target.count) { @@ -1375,7 +1377,7 @@ function Compare-M365DSCComplexObject return $true } - $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target @@ -1405,7 +1407,7 @@ function Compare-M365DSCComplexObject #Both keys aren't null or empty if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*') { #Recursive call for complex object $compareResult = Compare-M365DSCComplexObject ` @@ -1426,7 +1428,7 @@ function Compare-M365DSCComplexObject #Identifying date from the current values $targetType = ($Target.$tkey.getType()).Name - if ($targetType -like "*Date*") + if ($targetType -like '*Date*') { $compareResult = $true $sourceDate = [DateTime]$Source.$key @@ -1456,13 +1458,13 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if ($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { $results = @() foreach ($item in $ComplexObject) @@ -1475,17 +1477,17 @@ function Convert-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject if ($null -ne $hashComplexObject) { $results = $hashComplexObject.clone() - $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } @@ -1494,7 +1496,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) $propertyValue = $results[$key] $results.remove($key) | Out-Null - $results.add($propertyName,$propertyValue) + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json index 58318b4636..47581b03eb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined", "description": "This resource configures an Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementServiceConfig.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementServiceConfig.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementServiceConfig.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementServiceConfig.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementServiceConfig.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementServiceConfig.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementServiceConfig.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementServiceConfig.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 index b45d4c08d5..570a64836e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 @@ -14,7 +14,7 @@ function Get-TargetResource $DeviceNameTemplate, [Parameter()] - [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [ValidateSet('windowsPc', 'surfaceHub2', 'holoLens', 'surfaceHub2S', 'virtualMachine', 'unknownFutureValue')] [System.String] $DeviceType, @@ -108,7 +108,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -139,7 +139,7 @@ function Get-TargetResource $complexEnrollmentStatusScreenSettings.Add('CustomErrorMessage', $getValue.EnrollmentStatusScreenSettings.customErrorMessage) $complexEnrollmentStatusScreenSettings.Add('HideInstallationProgress', $getValue.EnrollmentStatusScreenSettings.hideInstallationProgress) $complexEnrollmentStatusScreenSettings.Add('InstallProgressTimeoutInMinutes', $getValue.EnrollmentStatusScreenSettings.installProgressTimeoutInMinutes) - if ($complexEnrollmentStatusScreenSettings.values.Where({$null -ne $_}).count -eq 0) + if ($complexEnrollmentStatusScreenSettings.values.Where({ $null -ne $_ }).count -eq 0) { $complexEnrollmentStatusScreenSettings = $null } @@ -157,7 +157,7 @@ function Get-TargetResource { $complexOutOfBoxExperienceSettings.Add('UserType', $getValue.OutOfBoxExperienceSettings.userType.toString()) } - if ($complexOutOfBoxExperienceSettings.values.Where({$null -ne $_}).count -eq 0) + if ($complexOutOfBoxExperienceSettings.values.Where({ $null -ne $_ }).count -eq 0) { $complexOutOfBoxExperienceSettings = $null } @@ -198,11 +198,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -237,7 +239,7 @@ function Set-TargetResource $DeviceNameTemplate, [Parameter()] - [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [ValidateSet('windowsPc', 'surfaceHub2', 'holoLens', 'surfaceHub2S', 'virtualMachine', 'unknownFutureValue')] [System.String] $DeviceType, @@ -333,7 +335,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Windows Autopilot Deployment Profile Azure AD Joined with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -342,13 +344,13 @@ function Set-TargetResource $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile") + $CreateParameters.Add('@odata.type', '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile') $policy = New-MgDeviceManagementWindowAutopilotDeploymentProfile -BodyParameter $CreateParameters $assignmentsHash = @() foreach ($assignment in $Assignments) @@ -358,7 +360,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/windowsAutopilotDeploymentProfiles' } @@ -367,7 +369,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Windows Autopilot Deployment Profile Azure AD Joined with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -377,13 +379,13 @@ function Set-TargetResource $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile') Update-MgDeviceManagementWindowAutopilotDeploymentProfile ` -WindowsAutopilotDeploymentProfileId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -400,7 +402,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Intune Windows Autopilot Deployment Profile Azure AD Joined with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Removing the Intune Windows Autopilot Deployment Profile Azure AD Joined with Id {$($currentInstance.Id)}" #region resource generator code Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $currentInstance.Id #endregion @@ -423,7 +425,7 @@ function Test-TargetResource $DeviceNameTemplate, [Parameter()] - [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [ValidateSet('windowsPc', 'surfaceHub2', 'holoLens', 'surfaceHub2S', 'virtualMachine', 'unknownFutureValue')] [System.String] $DeviceType, @@ -617,7 +619,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile' ` - } + } #endregion $i = 1 @@ -640,7 +642,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -700,15 +702,15 @@ function Export-TargetResource -Credential $Credential if ($Results.EnrollmentStatusScreenSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnrollmentStatusScreenSettings" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnrollmentStatusScreenSettings' -IsCIMArray:$False } if ($Results.OutOfBoxExperienceSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "OutOfBoxExperienceSettings" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'OutOfBoxExperienceSettings' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) @@ -753,7 +755,7 @@ function Update-DeviceConfigurationPolicyAssignment $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] $APIVersion = 'beta' ) @@ -764,26 +766,26 @@ function Update-DeviceConfigurationPolicyAssignment foreach ($target in $targets) { - $formattedTarget = @{"@odata.type" = $target.dataType} + $formattedTarget = @{'@odata.type' = $target.dataType } if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -802,14 +804,14 @@ function Update-DeviceConfigurationPolicyAssignment function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) $keyToRename = @{ - "odataType" = "@odata.type" + 'odataType' = '@odata.type' } $result = $Properties @@ -826,22 +828,22 @@ function Rename-M365DSCCimInstanceParameter } $result = $values - return ,$result + return , $result } #endregion #region Single - if ($type -like "*Hashtable") + if ($type -like '*Hashtable') { $result = ([Hashtable]$Properties).clone() } - if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result $keys = ($hashProperties.clone()).keys foreach ($key in $keys) { - $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { $keyName = $keyToRename.$key @@ -851,7 +853,7 @@ function Rename-M365DSCCimInstanceParameter if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -863,7 +865,7 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject @@ -874,7 +876,7 @@ function Get-M365DSCDRGComplexTypeToHashtable return $null } - if ($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { $results = @() @@ -890,7 +892,7 @@ function Get-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } if ($ComplexObject.getType().fullname -like '*Dictionary*') @@ -907,7 +909,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $keyType = $ComplexObject.$key.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -924,19 +926,19 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if ($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { $keyName = $key - if ($ComplexObject.getType().Fullname -notlike "*hashtable") + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { $keyName = $key.Name } @@ -944,7 +946,7 @@ function Get-M365DSCDRGComplexTypeToHashtable if ($null -ne $ComplexObject.$keyName) { $keyType = $ComplexObject.$keyName.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -1023,7 +1025,7 @@ function Get-M365DSCDRGComplexTypeToString $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { $currentProperty = @() $IndentLevel++ @@ -1036,7 +1038,7 @@ function Get-M365DSCDRGComplexTypeToString } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -1045,7 +1047,7 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } $currentProperty = '' @@ -1055,7 +1057,7 @@ function Get-M365DSCDRGComplexTypeToString $currentProperty += $indent } - $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ $indent = '' @@ -1075,19 +1077,19 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() $isArray = $false - if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { $isArray = $true } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] } else @@ -1105,7 +1107,7 @@ function Get-M365DSCDRGComplexTypeToString if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1114,16 +1116,16 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" @@ -1135,10 +1137,10 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" @@ -1163,7 +1165,7 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } if ($mappedKey -and $mappedKey.isRequired) { @@ -1179,12 +1181,12 @@ function Get-M365DSCDRGComplexTypeToString } } $indent = '' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { $indent += ' ' } $currentProperty += "$indent}" - if ($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } @@ -1193,14 +1195,14 @@ function Get-M365DSCDRGComplexTypeToString if ($IndentLevel -eq 5) { $indent = '' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { $indent += ' ' } $currentProperty += $indent } - $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { $currentProperty = $null @@ -1224,30 +1226,30 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [System.String] $Space = ' ' - ) + ) $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { if ($key -eq '@odata.type') { - $key ='odataType' + $key = 'odataType' } $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue = $Space + $key + " = @(" + $returnValue = $Space + $key + ' = @(' $whitespace = '' $newline = '' if ($Value.count -gt 1) @@ -1256,15 +1258,15 @@ Function Get-M365DSCDRGSimpleObjectTypeToString $whitespace = $Space + ' ' $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1286,7 +1288,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue = $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1304,7 +1306,7 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if ($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } @@ -1326,7 +1328,7 @@ function Compare-M365DSCComplexObject return $false } - if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { if ($source.count -ne $target.count) { @@ -1362,7 +1364,7 @@ function Compare-M365DSCComplexObject return $true } - $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target @@ -1392,7 +1394,7 @@ function Compare-M365DSCComplexObject #Both keys aren't null or empty if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*') { #Recursive call for complex object $compareResult = Compare-M365DSCComplexObject ` @@ -1413,7 +1415,7 @@ function Compare-M365DSCComplexObject #Identifying date from the current values $targetType = ($Target.$tkey.getType()).Name - if ($targetType -like "*Date*") + if ($targetType -like '*Date*') { $compareResult = $true $sourceDate = [DateTime]$Source.$key @@ -1443,13 +1445,13 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if ($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { $results = @() foreach ($item in $ComplexObject) @@ -1462,17 +1464,17 @@ function Convert-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject if ($null -ne $hashComplexObject) { $results = $hashComplexObject.clone() - $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } @@ -1481,7 +1483,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) $propertyValue = $results[$key] $results.remove($key) | Out-Null - $results.add($propertyName,$propertyValue) + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json index 1ec0ef7339..4139c67ca6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneWindowsAutopilotDeploymentProfileAzureADJoined", "description": "This resource configures an Intune Windows Autopilot Deployment Profile Azure AD Joined.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementServiceConfig.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementServiceConfig.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementServiceConfig.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementServiceConfig.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementServiceConfig.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementServiceConfig.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementServiceConfig.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementServiceConfig.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/settings.json index b2acb30387..b927219fea 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/settings.json @@ -1,35 +1,30 @@ { "resourceName": "IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled", "description": "This resource configures an Intune Windows Information Protection Policy for Windows10 Mdm Enrolled.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementApps.Read.All" - }, - { - "name": "DeviceManagementApps.ReadWrite.All" - } - ], - "update": [ - - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementApps.Read.All" - }, - { - "name": "DeviceManagementApps.ReadWrite.All" - } - ], - "update": [ - - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementApps.Read.All" + }, + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ], + "update": [] + }, + "application": { + "read": [ + { + "name": "DeviceManagementApps.Read.All" + }, + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ], + "update": [] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/settings.json index 10e2b5f306..ba73714015 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10", "description": "This resource configures an Intune Windows Update For Business Feature Update Profile for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index e41de4fc71..c0ca56f0e8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -171,7 +171,7 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Setting configuration of Office 365 Settings" + Write-Verbose -Message 'Setting configuration of Office 365 Settings' $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` -ProfileName 'v1.0' @@ -181,7 +181,7 @@ function Set-TargetResource if ($M365WebEnableUsersToOpenFilesFrom3PStorage -ne $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled) { Write-Verbose -Message "Setting the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}" - Update-MgservicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) ` + Update-MgServicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) ` -AccountEnabled:$M365WebEnableUsersToOpenFilesFrom3PStorage } @@ -190,7 +190,7 @@ function Set-TargetResource if ($CortanaEnabled -ne $CortanaEnabledValue.AccountEnabled) { Write-Verbose -Message "Setting the Cortana setting to {$CortanaEnabled}" - Update-MgservicePrincipal -ServicePrincipalId $($CortanaEnabledValue.Id) ` + Update-MgServicePrincipal -ServicePrincipalId $($CortanaEnabledValue.Id) ` -AccountEnabled:$CortanaEnabled } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 index 3cfca0af8b..ee92ba7ea0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 @@ -9,7 +9,7 @@ function Get-TargetResource [Parameter(Mandatory = $true)] [System.String] - [ValidateSet('canada', 'unitedstates', 'europe', 'asia', 'australia', 'india', 'japan', 'unitedkingdom', 'unitedstatesfirstrelease', 'southamerica', 'france', 'usgov','unitedarabemirates','germany','switzerland','norway','korea','southafrica')] + [ValidateSet('canada', 'unitedstates', 'europe', 'asia', 'australia', 'india', 'japan', 'unitedkingdom', 'unitedstatesfirstrelease', 'southamerica', 'france', 'usgov', 'unitedarabemirates', 'germany', 'switzerland', 'norway', 'korea', 'southafrica')] $Location, [Parameter(Mandatory = $true)] @@ -112,7 +112,7 @@ function Set-TargetResource [Parameter(Mandatory = $true)] [System.String] - [ValidateSet('canada', 'unitedstates', 'europe', 'asia', 'australia', 'india', 'japan', 'unitedkingdom', 'unitedstatesfirstrelease', 'southamerica', 'france', 'usgov','unitedarabemirates','germany','switzerland','norway','korea','southafrica')] + [ValidateSet('canada', 'unitedstates', 'europe', 'asia', 'australia', 'india', 'japan', 'unitedkingdom', 'unitedstatesfirstrelease', 'southamerica', 'france', 'usgov', 'unitedarabemirates', 'germany', 'switzerland', 'norway', 'korea', 'southafrica')] $Location, [Parameter(Mandatory = $true)] @@ -207,7 +207,7 @@ function Test-TargetResource [Parameter(Mandatory = $true)] [System.String] - [ValidateSet('canada', 'unitedstates', 'europe', 'asia', 'australia', 'india', 'japan', 'unitedkingdom', 'unitedstatesfirstrelease', 'southamerica', 'france', 'usgov','unitedarabemirates','germany','switzerland','norway','korea','southafrica')] + [ValidateSet('canada', 'unitedstates', 'europe', 'asia', 'australia', 'india', 'japan', 'unitedkingdom', 'unitedstatesfirstrelease', 'southamerica', 'france', 'usgov', 'unitedarabemirates', 'germany', 'switzerland', 'norway', 'korea', 'southafrica')] $Location, [Parameter(Mandatory = $true)] @@ -372,7 +372,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 index 73e510dd41..a5f5ddd16e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 @@ -718,7 +718,7 @@ function Get-M365TenantId $TenantName ) - if ($TenantName -notmatch ".onmicrosoft.com$") + if ($TenantName -notmatch '.onmicrosoft.com$') { $TenantName += '.onmicrosoft.com' } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerPlan/MSFT_PlannerPlan.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerPlan/MSFT_PlannerPlan.psm1 index d035d2358d..1e92902137 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerPlan/MSFT_PlannerPlan.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerPlan/MSFT_PlannerPlan.psm1 @@ -103,7 +103,7 @@ function Get-TargetResource { $OwnerGroupValue = $group.DisplayName } - break; + break } } catch diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 index 71ef82c817..907ba0a07f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 @@ -184,7 +184,7 @@ function Get-TargetResource } else { - $NotesValue = "" + $NotesValue = '' if (-not [System.String]::IsNullOrEmpty($taskResponse)) { $NotesValue = $taskDetailsResponse.Description @@ -352,15 +352,15 @@ function Set-TargetResource $currentValues = Get-TargetResource @PSBoundParameters $setParams = ([HashTable]$PSBoundParameters).Clone() - $setParams.Remove("Ensure") | Out-Null - $setParams.Remove("Credential") | Out-Null - $setParams.Remove("ApplicationId") | Out-Null - $setParams.Remove("TenantId") | Out-Null - $setParams.Remove("CertificateThumbprint") | Out-Null - $setParams.Remove("ApplicationSecret") | Out-Null + $setParams.Remove('Ensure') | Out-Null + $setParams.Remove('Credential') | Out-Null + $setParams.Remove('ApplicationId') | Out-Null + $setParams.Remove('TenantId') | Out-Null + $setParams.Remove('CertificateThumbprint') | Out-Null + $setParams.Remove('ApplicationSecret') | Out-Null #region Assignments - Write-Verbose -Message "Converting Assignments into the proper format" + Write-Verbose -Message 'Converting Assignments into the proper format' $assignmentsValue = @{} foreach ($assignment in $setParams.AssignedUsers) { @@ -369,8 +369,8 @@ function Set-TargetResource if ($null -ne $user) { $currentValue += @{ - "@odata.type" = "#microsoft.graph.plannerAssignment" - orderHint = " !" + '@odata.type' = '#microsoft.graph.plannerAssignment' + orderHint = ' !' } $assignmentsValue.Add($user.Id, $currentValue) } @@ -391,14 +391,14 @@ function Set-TargetResource foreach ($checkListItem in $setParams.Checklist) { $currentValue = @{ - "@odata.type" = "#microsoft.graph.plannerChecklistItem" + '@odata.type' = '#microsoft.graph.plannerChecklistItem' isChecked = $checkListItem.Completed title = $checkListItem.Title } - $checkListValues.Add((New-GUID).ToString(), $currentValue) + $checkListValues.Add((New-Guid).ToString(), $currentValue) } $DetailsValue.checklist = $checkListValues - $setParams.Remove("Checklist") | Out-Null + $setParams.Remove('Checklist') | Out-Null #endregion #region Attachments @@ -406,7 +406,7 @@ function Set-TargetResource foreach ($attachment in $setParams.Attachments) { $currentValue = @{ - "@odata.type" = "#microsoft.graph.plannerExternalReference" + '@odata.type' = '#microsoft.graph.plannerExternalReference' alias = $attachment.Alias type = $attachment.Type } @@ -416,8 +416,8 @@ function Set-TargetResource $setParams.Remove('Attachments') | Out-Null #endregion - $setParams.Remove("Description") | Out-Null - $setParams.Add("Details", $DetailsValue) + $setParams.Remove('Description') | Out-Null + $setParams.Add('Details', $DetailsValue) $setParams.Remove('Notes') | Out-Null #region Categories @@ -433,53 +433,53 @@ function Set-TargetResource { $categoriesValue.(GetTaskCategoryNameByColor($category)) = $true } - $setParams.Add("AppliedCategories", $categoriesValue) - $setParams.Remove("Categories") | Out-Null + $setParams.Add('AppliedCategories', $categoriesValue) + $setParams.Remove('Categories') | Out-Null #endregion - $setParams.Add("BucketId", $setParams.Bucket) - $setParams.Remove("Bucket") | Out-Null + $setParams.Add('BucketId', $setParams.Bucket) + $setParams.Remove('Bucket') | Out-Null if ($Ensure -eq 'Present' -and $currentValues.Ensure -eq 'Absent') { - $setParams.Remove("TaskId") | Out-Null + $setParams.Remove('TaskId') | Out-Null Write-Verbose -Message "Planner Task {$Title} doesn't already exist. Creating it with`r`n:$(Convert-M365DscHashtableToString -Hashtable $setParams)" $newTask = New-MgPlannerTask @setParams } elseif ($Ensure -eq 'Present' -and $currentValues.Ensure -eq 'Present') { $taskId = $setParams.TaskId - $setParams.Remove("TaskId") | Out-Null + $setParams.Remove('TaskId') | Out-Null $details = $setParams.Details $setParams.Remove('Details') | Out-Null $setParams.Remove('Verbose') | Out-Null # Fix Casing - $setParams.Add("assignments", $setParams.Assignments) - $setParams.Remove("Assignments") | Out-Null + $setParams.Add('assignments', $setParams.Assignments) + $setParams.Remove('Assignments') | Out-Null - $setParams.Add("appliedCategories", $setParams.AppliedCategories) - $setParams.Remove("AppliedCategories") | Out-Null + $setParams.Add('appliedCategories', $setParams.AppliedCategories) + $setParams.Remove('AppliedCategories') | Out-Null - $setParams.Add("title", $setParams.Title) - $setParams.Remove("Title") | Out-Null + $setParams.Add('title', $setParams.Title) + $setParams.Remove('Title') | Out-Null - $setParams.Add("bucketId", $setParams.BucketId) - $setParams.Remove("BucketId") | Out-Null + $setParams.Add('bucketId', $setParams.BucketId) + $setParams.Remove('BucketId') | Out-Null - $setParams.Add("dueDateTime", [DateTime]::Parse($setParams.DueDateTime).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffK")) - $setParams.Remove("DueDateTime") | Out-Null + $setParams.Add('dueDateTime', [DateTime]::Parse($setParams.DueDateTime).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffK')) + $setParams.Remove('DueDateTime') | Out-Null - $setParams.Add("percentComplete", $setParams.PercentComplete) - $setParams.Remove("PercentComplete") | Out-Null + $setParams.Add('percentComplete', $setParams.PercentComplete) + $setParams.Remove('PercentComplete') | Out-Null - $setParams.Remove("PlanId") | Out-Null + $setParams.Remove('PlanId') | Out-Null - $setParams.Add("priority", $setParams.Priority) - $setParams.Remove("Priority") | Out-Null + $setParams.Add('priority', $setParams.Priority) + $setParams.Remove('Priority') | Out-Null - $setParams.Add("startDateTime", [DateTime]::Parse($setParams.StartDateTime).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffK")) - $setParams.Remove("StartDateTime") | Out-Null + $setParams.Add('startDateTime', [DateTime]::Parse($setParams.StartDateTime).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffK')) + $setParams.Remove('StartDateTime') | Out-Null Write-Verbose -Message "Planner Task {$Title} already exists, but is not in the ` Desired State. Updating it." @@ -500,7 +500,7 @@ function Set-TargetResource $Headers = @{} $currentTaskDetails = Get-MgPlannerTaskDetail -PlannerTaskId $taskId $Headers.Add('If-Match', $currentTaskDetails.AdditionalProperties.'@odata.etag') - $details.Remove("id") | Out-Null + $details.Remove('id') | Out-Null $JSONDetails = (ConvertTo-Json $details) Write-Verbose -Message "Updating Task's details with:`r`n$JSONDetails" Invoke-MgGraphRequest -Method PATCH ` @@ -976,70 +976,82 @@ function Get-M365DSCPlannerTasksFromPlan return $results } - function GetTaskCategoryNameByColor +function GetTaskCategoryNameByColor +{ + [CmdletBinding()] + [OutputType([System.string])] + param( + [Parameter(Mandatory = $true)] + [System.String] + $ColorName + ) + switch ($ColorName) { - [CmdletBinding()] - [OutputType([System.string])] - param( - [Parameter(Mandatory = $true)] - [System.String] - $ColorName - ) - switch ($ColorName) + 'Pink' { - 'Pink' - { return 'category1' - } - 'Red' - { return 'category2' - } - 'Yellow' - { return 'category3' - } - 'Green' - { return 'category4' - } - 'Blue' - { return 'category5' - } - 'Purple' - { return 'category6' - } + return 'category1' + } + 'Red' + { + return 'category2' + } + 'Yellow' + { + return 'category3' + } + 'Green' + { + return 'category4' + } + 'Blue' + { + return 'category5' + } + 'Purple' + { + return 'category6' } - return $null } + return $null +} - function GetTaskColorNameByCategory +function GetTaskColorNameByCategory +{ + [CmdletBinding()] + [OutputType([System.string])] + param( + [Parameter(Mandatory = $true)] + [System.String] + $CategoryName + ) + switch ($CategoryName) { - [CmdletBinding()] - [OutputType([System.string])] - param( - [Parameter(Mandatory = $true)] - [System.String] - $CategoryName - ) - switch ($CategoryName) + 'category1' { - 'category1' - { return 'Pink' - } - 'category2' - { return 'Red' - } - 'category3' - { return 'Yellow' - } - 'category4' - { return 'Green' - } - 'category5' - { return 'Blue' - } - 'category6' - { return 'Purple' - } + return 'Pink' + } + 'category2' + { + return 'Red' + } + 'category3' + { + return 'Yellow' + } + 'category4' + { + return 'Green' + } + 'category5' + { + return 'Blue' + } + 'category6' + { + return 'Purple' } - return $null } + return $null +} Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 index 0813cea153..bf578df467 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 @@ -164,7 +164,7 @@ function Get-TargetResource { foreach ($member in $PolicyObject.ExchangeSenderMemberOf) { - $ExchangeSenderMemberOfValue += (ConvertFrom-JSON $member).PrimarySmtpAddress + $ExchangeSenderMemberOfValue += (ConvertFrom-Json $member).PrimarySmtpAddress } } @@ -173,7 +173,7 @@ function Get-TargetResource { foreach ($member in $PolicyObject.ExchangeSenderMemberOfException) { - $ExchangeSenderMemberOfExceptionValue += (ConvertFrom-JSON $member).PrimarySmtpAddress + $ExchangeSenderMemberOfExceptionValue += (ConvertFrom-Json $member).PrimarySmtpAddress } } @@ -394,14 +394,14 @@ function Set-TargetResource $null -ne $SharePointLocation) { $ToBeRemoved = $CurrentPolicy.SharePointLocation | ` - Where-Object { $SharePointLocation -NotContains $_ } + Where-Object { $SharePointLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveSharePointLocation', $ToBeRemoved) } $ToBeAdded = $SharePointLocation | ` - Where-Object { $CurrentPolicy.SharePointLocation -NotContains $_ } + Where-Object { $CurrentPolicy.SharePointLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddSharePointLocation', $ToBeAdded) @@ -416,14 +416,14 @@ function Set-TargetResource $null -ne $ExchangeLocation) { $ToBeRemoved = $CurrentPolicy.ExchangeLocation | ` - Where-Object { $ExchangeLocation -NotContains $_ } + Where-Object { $ExchangeLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveExchangeLocation', $ToBeRemoved) } $ToBeAdded = $ExchangeLocation | ` - Where-Object { $CurrentPolicy.ExchangeLocation -NotContains $_ } + Where-Object { $CurrentPolicy.ExchangeLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddExchangeLocation', $ToBeAdded) @@ -438,14 +438,14 @@ function Set-TargetResource $null -ne $OneDriveLocation) { $ToBeRemoved = $CurrentPolicy.OneDriveLocation | ` - Where-Object { $OneDriveLocation -NotContains $_ } + Where-Object { $OneDriveLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveOneDriveLocation', $ToBeRemoved) } $ToBeAdded = $OneDriveLocation | ` - Where-Object { $CurrentPolicy.OneDriveLocation -NotContains $_ } + Where-Object { $CurrentPolicy.OneDriveLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddOneDriveLocation', $ToBeAdded) @@ -459,14 +459,14 @@ function Set-TargetResource $null -ne $EndpointDlpLocation) { $ToBeRemoved = $CurrentPolicy.EndpointDlpLocation | ` - Where-Object { $EndpointDlpLocation -NotContains $_ } + Where-Object { $EndpointDlpLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveEndpointDlpLocation', $ToBeRemoved) } $ToBeAdded = $EndpointDlpLocation | ` - Where-Object { $CurrentPolicy.EndpointDlpLocation -NotContains $_ } + Where-Object { $CurrentPolicy.EndpointDlpLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddEndpointDlpLocation', $ToBeAdded) @@ -481,14 +481,14 @@ function Set-TargetResource $null -ne $OnPremisesScannerDlpLocation) { $ToBeRemoved = $CurrentPolicy.OnPremisesScannerDlpLocation | ` - Where-Object { $OnPremisesScannerDlpLocation -NotContains $_ } + Where-Object { $OnPremisesScannerDlpLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveOnPremisesScannerDlpLocation', $ToBeRemoved) } $ToBeAdded = $OnPremisesScannerDlpLocation | ` - Where-Object { $CurrentPolicy.OnPremisesScannerDlpLocation -NotContains $_ } + Where-Object { $CurrentPolicy.OnPremisesScannerDlpLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddOnPremisesScannerDlpLocation', $ToBeAdded) @@ -503,14 +503,14 @@ function Set-TargetResource $null -ne $PowerBIDlpLocation) { $ToBeRemoved = $CurrentPolicy.PowerBIDlpLocation | ` - Where-Object { $PowerBIDlpLocation -NotContains $_ } + Where-Object { $PowerBIDlpLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemovePowerBIDlpLocation', $ToBeRemoved) } $ToBeAdded = $PowerBIDlpLocation | ` - Where-Object { $CurrentPolicy.PowerBIDlpLocation -NotContains $_ } + Where-Object { $CurrentPolicy.PowerBIDlpLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddPowerBIDlpLocation', $ToBeAdded) @@ -525,14 +525,14 @@ function Set-TargetResource $null -ne $TeamsLocation) { $ToBeRemoved = $CurrentPolicy.TeamsLocation | ` - Where-Object { $TeamsLocation -NotContains $_ } + Where-Object { $TeamsLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveTeamsLocation', $ToBeRemoved) } $ToBeAdded = $TeamsLocation | ` - Where-Object { $CurrentPolicy.TeamsLocation -NotContains $_ } + Where-Object { $CurrentPolicy.TeamsLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddTeamsLocation', $ToBeAdded) @@ -546,14 +546,14 @@ function Set-TargetResource $null -ne $ThirdPartyAppDlpLocation) { $ToBeRemoved = $CurrentPolicy.ThirdPartyAppDlpLocation | ` - Where-Object { $ThirdPartyAppDlpLocation -NotContains $_ } + Where-Object { $ThirdPartyAppDlpLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveThirdPartyAppDlpLocation', $ToBeRemoved) } $ToBeAdded = $ThirdPartyAppDlpLocation | ` - Where-Object { $CurrentPolicy.ThirdPartyAppDlpLocation -NotContains $_ } + Where-Object { $CurrentPolicy.ThirdPartyAppDlpLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddThirdPartyAppDlpLocation', $ToBeAdded) @@ -568,14 +568,14 @@ function Set-TargetResource $null -ne $OneDriveLocationException) { $ToBeRemoved = $CurrentPolicy.OneDriveLocationException | ` - Where-Object { $OneDriveLocationException -NotContains $_ } + Where-Object { $OneDriveLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveOneDriveLocationException', $ToBeRemoved) } $ToBeAdded = $OneDriveLocationException | ` - Where-Object { $CurrentPolicy.OneDriveLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.OneDriveLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddOneDriveLocationException', $ToBeAdded) @@ -589,14 +589,14 @@ function Set-TargetResource $null -ne $SharePointLocationException) { $ToBeRemoved = $CurrentPolicy.SharePointLocationException | ` - Where-Object { $SharePointLocationException -NotContains $_ } + Where-Object { $SharePointLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveSharePointLocationException', $ToBeRemoved) } $ToBeAdded = $SharePointLocationException | ` - Where-Object { $CurrentPolicy.SharePointLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.SharePointLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddSharePointLocationException', $ToBeAdded) @@ -610,14 +610,14 @@ function Set-TargetResource $null -ne $TeamsLocationException) { $ToBeRemoved = $CurrentPolicy.TeamsLocationException | ` - Where-Object { $TeamsLocationException -NotContains $_ } + Where-Object { $TeamsLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveTeamsLocationException', $ToBeRemoved) } $ToBeAdded = $TeamsLocationException | ` - Where-Object { $CurrentPolicy.TeamsLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.TeamsLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddTeamsLocationException', $ToBeAdded) @@ -631,14 +631,14 @@ function Set-TargetResource $null -ne $EndpointDlpLocationException) { $ToBeRemoved = $CurrentPolicy.EndpointDlpLocationException | ` - Where-Object { $EndpointDlpLocationException -NotContains $_ } + Where-Object { $EndpointDlpLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveEndpointDlpLocationException', $ToBeRemoved) } $ToBeAdded = $EndpointDlpLocationException | ` - Where-Object { $CurrentPolicy.EndpointDlpLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.EndpointDlpLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddEndpointDlpLocationException', $ToBeAdded) @@ -652,14 +652,14 @@ function Set-TargetResource $null -ne $OnPremisesScannerDlpLocationException) { $ToBeRemoved = $CurrentPolicy.OnPremisesScannerDlpLocationException | ` - Where-Object { $OnPremisesScannerDlpLocationException -NotContains $_ } + Where-Object { $OnPremisesScannerDlpLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveOnPremisesScannerDlpLocationException', $ToBeRemoved) } $ToBeAdded = $OnPremisesScannerDlpLocationException | ` - Where-Object { $CurrentPolicy.OnPremisesScannerDlpLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.OnPremisesScannerDlpLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddOnPremisesScannerDlpLocationException', $ToBeAdded) @@ -673,14 +673,14 @@ function Set-TargetResource $null -ne $PowerBIDlpLocationException) { $ToBeRemoved = $CurrentPolicy.PowerBIDlpLocationException | ` - Where-Object { $PowerBIDlpLocationException -NotContains $_ } + Where-Object { $PowerBIDlpLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemovePowerBIDlpLocationException', $ToBeRemoved) } $ToBeAdded = $PowerBIDlpLocationException | ` - Where-Object { $CurrentPolicy.PowerBIDlpLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.PowerBIDlpLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddPowerBIDlpLocationException', $ToBeAdded) @@ -694,14 +694,14 @@ function Set-TargetResource $null -ne $ThirdPartyAppDlpLocationException) { $ToBeRemoved = $CurrentPolicy.ThirdPartyAppDlpLocationException | ` - Where-Object { $ThirdPartyAppDlpLocationException -NotContains $_ } + Where-Object { $ThirdPartyAppDlpLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveThirdPartyAppDlpLocationException', $ToBeRemoved) } $ToBeAdded = $ThirdPartyAppDlpLocationException | ` - Where-Object { $CurrentPolicy.ThirdPartyAppDlpLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.ThirdPartyAppDlpLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddThirdPartyAppDlpLocationException', $ToBeAdded) @@ -729,7 +729,7 @@ function Set-TargetResource } catch { - New-M365DSCLogEntry -Message $_ ` + New-M365DSCLogEntry -Message $_ ` -Exception $_ ` -Source $MyInvocation.MyCommand.ModuleName } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 index f2eaae8ddc..8a6deac065 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 @@ -507,7 +507,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 index 8b24cf28d7..fc0191e75b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 @@ -453,7 +453,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.psm1 index b05fb2ebbc..e5ca05b501 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.psm1 @@ -653,7 +653,7 @@ function Set-TargetResource $node.InnerText = $currentPID # The order in which we list the properties matters. Pid is to appear right after MappingDisallowed. - $namespaceMgr = New-Object System.Xml.XmlNamespaceManager($SearchConfigXML.NameTable); + $namespaceMgr = New-Object System.Xml.XmlNamespaceManager($SearchConfigXML.NameTable) $namespaceMgr.AddNamespace('d3p1', 'http://schemas.datacontract.org/2004/07/Microsoft.Office.Server.Search.Administration') $previousNode = $SearchConfigXML.SelectSingleNode('//d3p1:MappingDisallowed', $namespaceMgr) $previousNode.ParentNode.InsertAfter($node, $previousNode) | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.psm1 index 71c4553827..e41404458a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.psm1 @@ -128,7 +128,7 @@ function Get-TargetResource $nullReturn = @{ Name = $Name Protocol = $Protocol - Ensure = "Absent" + Ensure = 'Absent' } try @@ -174,7 +174,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent - Ensure = "Present" + Ensure = 'Present' } if ($null -ne $allowPartial) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 index 8d72c85c00..3cda915f96 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 @@ -772,7 +772,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.psm1 index 282f578fb6..82c64b5ca1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.psm1 @@ -523,7 +523,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.psm1 index 7b4e994b3b..1827611002 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.psm1 @@ -87,7 +87,7 @@ function Get-TargetResource Write-Verbose -Message "Site Design ID is $($siteDesign.Id)" $siteDesignRights = Get-PnPSiteDesignRights -Identity $siteDesign.Id -ErrorAction SilentlyContinue | ` - Where-Object -FilterScript { $_.Rights -eq $Rights } + Where-Object -FilterScript { $_.Rights -eq $Rights } if ($null -eq $siteDesignRights) { @@ -480,7 +480,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOStorageEntity/MSFT_SPOStorageEntity.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOStorageEntity/MSFT_SPOStorageEntity.psm1 index 4608328bd7..9b96047666 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOStorageEntity/MSFT_SPOStorageEntity.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOStorageEntity/MSFT_SPOStorageEntity.psm1 @@ -498,7 +498,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOUserProfileProperty/MSFT_SPOUserProfileProperty.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOUserProfileProperty/MSFT_SPOUserProfileProperty.psm1 index ba6486c330..05951e4304 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOUserProfileProperty/MSFT_SPOUserProfileProperty.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOUserProfileProperty/MSFT_SPOUserProfileProperty.psm1 @@ -59,7 +59,7 @@ function Get-TargetResource $nullReturn = @{ UserName = $UserName - Ensure = "Absent" + Ensure = 'Absent' } try @@ -88,7 +88,7 @@ function Get-TargetResource ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent - Ensure = "Present" + Ensure = 'Present' } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAudioConferencingPolicy/MSFT_TeamsAudioConferencingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAudioConferencingPolicy/MSFT_TeamsAudioConferencingPolicy.psm1 index b9db4d2d34..733363ea31 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAudioConferencingPolicy/MSFT_TeamsAudioConferencingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAudioConferencingPolicy/MSFT_TeamsAudioConferencingPolicy.psm1 @@ -316,7 +316,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -354,11 +354,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallHoldPolicy/MSFT_TeamsCallHoldPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallHoldPolicy/MSFT_TeamsCallHoldPolicy.psm1 index d73176b0eb..35a9a80062 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallHoldPolicy/MSFT_TeamsCallHoldPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallHoldPolicy/MSFT_TeamsCallHoldPolicy.psm1 @@ -316,7 +316,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -354,11 +354,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallParkPolicy/MSFT_TeamsCallParkPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallParkPolicy/MSFT_TeamsCallParkPolicy.psm1 index d3582a1425..cb03861727 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallParkPolicy/MSFT_TeamsCallParkPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallParkPolicy/MSFT_TeamsCallParkPolicy.psm1 @@ -355,7 +355,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -393,11 +393,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 index 0adcd32384..990cec49d6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 @@ -225,7 +225,7 @@ function Set-TargetResource } else { - $CurrentParameters.Add("GroupId", $team.GroupId) + $CurrentParameters.Add('GroupId', $team.GroupId) } if ($Ensure -eq 'Present') @@ -422,7 +422,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 index baf558d03b..f945693025 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 @@ -337,7 +337,7 @@ function Set-TargetResource $CurrentParameters.Remove('ChannelName') | Out-Null $CurrentParameters.Add('TeamsTabId', $tabInstance.Id) Write-Verbose -Message "Params: $($CurrentParameters | Out-String)" - Update-MgTeamChannelTab @CurrentParameters | Out-Null + Update-MgTeamChannelTab @CurrentParameters | Out-Null } elseif ($Ensure -eq 'Present' -and ($tab.Ensure -eq 'Absent')) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.psm1 index 07d71341d9..707422b878 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.psm1 @@ -355,7 +355,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -393,11 +393,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCortanaPolicy/MSFT_TeamsCortanaPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCortanaPolicy/MSFT_TeamsCortanaPolicy.psm1 index 163cba4c7f..25f2da7bb7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCortanaPolicy/MSFT_TeamsCortanaPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCortanaPolicy/MSFT_TeamsCortanaPolicy.psm1 @@ -10,7 +10,7 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet("Disabled","PushToTalkUserOverride","WakeWordPushToTalkUserOverride")] + [ValidateSet('Disabled', 'PushToTalkUserOverride', 'WakeWordPushToTalkUserOverride')] $CortanaVoiceInvocationMode, [Parameter()] @@ -66,14 +66,14 @@ function Get-TargetResource Write-Verbose -Message "Found an instance with Identity {$Identity}" $results = @{ - Identity = $instance.Identity - CortanaVoiceInvocationMode = $instance.CortanaVoiceInvocationMode - Description = $instance.Description - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint + Identity = $instance.Identity + CortanaVoiceInvocationMode = $instance.CortanaVoiceInvocationMode + Description = $instance.Description + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } return [System.Collections.Hashtable] $results } @@ -100,7 +100,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet("Disabled","PushToTalkUserOverride","WakeWordPushToTalkUserOverride")] + [ValidateSet('Disabled', 'PushToTalkUserOverride', 'WakeWordPushToTalkUserOverride')] $CortanaVoiceInvocationMode, [Parameter()] @@ -212,7 +212,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet("Disabled","PushToTalkUserOverride","WakeWordPushToTalkUserOverride")] + [ValidateSet('Disabled', 'PushToTalkUserOverride', 'WakeWordPushToTalkUserOverride')] $CortanaVoiceInvocationMode, [Parameter()] @@ -319,7 +319,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -357,11 +357,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsEnhancedEncryptionPolicy/MSFT_TeamsEnhancedEncryptionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsEnhancedEncryptionPolicy/MSFT_TeamsEnhancedEncryptionPolicy.psm1 index 0c594d9b04..09e82d9114 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsEnhancedEncryptionPolicy/MSFT_TeamsEnhancedEncryptionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsEnhancedEncryptionPolicy/MSFT_TeamsEnhancedEncryptionPolicy.psm1 @@ -329,7 +329,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -367,11 +367,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFederationConfiguration/MSFT_TeamsFederationConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFederationConfiguration/MSFT_TeamsFederationConfiguration.psm1 index 06b8e7fd2c..6fe1ae47e6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFederationConfiguration/MSFT_TeamsFederationConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFederationConfiguration/MSFT_TeamsFederationConfiguration.psm1 @@ -224,11 +224,12 @@ function Set-TargetResource $SetParams.Remove('TenantId') | Out-Null $SetParams.Remove('CertificateThumbprint') | Out-Null $SetParams.Remove('AllowedDomains') | Out-Null - if($allowedDomains.Length -gt 0) + if ($allowedDomains.Length -gt 0) { $SetParams.Add('AllowedDomainsAsAList', $AllowedDomains) } - else{ + else + { $AllowAllKnownDomains = New-CsEdgeAllowAllKnownDomains $SetParams.Add('AllowedDomains', $AllowAllKnownDomains) } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 index 6662365b47..20662f46da 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 @@ -368,7 +368,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -406,11 +406,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 index ef834f1ec4..3d50f4fe07 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 @@ -68,12 +68,13 @@ function Get-TargetResource { Write-Verbose -Message "Getting GroupPOlicyAssignment for {$GroupId}" $group = Find-CsGroup -SearchQuery $GroupId - if($group.Length -gt 1) + if ($group.Length -gt 1) { Write-Verbose -Message "Found $($group.Length) groups with the id {$GroupId}" $Group = $Group | Where-Object { $_.DisplayName -eq $GroupDisplayName } } - else{ + else + { Write-Verbose -Message "Getting GroupPolicyAssignment for {$GroupDisplayName}" $Group = Find-CsGroup -SearchQuery $GroupDisplayName if ($group.Length -gt 1) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.psm1 index 3f1676bf10..343e946dda 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.psm1 @@ -14,12 +14,12 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet("WifiOnly","AllNetworks")] + [ValidateSet('WifiOnly', 'AllNetworks')] $IPAudioMobileMode, [Parameter()] [System.String] - [ValidateSet("WifiOnly","AllNetworks")] + [ValidateSet('WifiOnly', 'AllNetworks')] $IPVideoMobileMode, [Parameter()] @@ -115,12 +115,12 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet("WifiOnly","AllNetworks")] + [ValidateSet('WifiOnly', 'AllNetworks')] $IPAudioMobileMode, [Parameter()] [System.String] - [ValidateSet("WifiOnly","AllNetworks")] + [ValidateSet('WifiOnly', 'AllNetworks')] $IPVideoMobileMode, [Parameter()] @@ -236,12 +236,12 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet("WifiOnly","AllNetworks")] + [ValidateSet('WifiOnly', 'AllNetworks')] $IPAudioMobileMode, [Parameter()] [System.String] - [ValidateSet("WifiOnly","AllNetworks")] + [ValidateSet('WifiOnly', 'AllNetworks')] $IPVideoMobileMode, [Parameter()] @@ -348,7 +348,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -386,11 +386,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.psm1 index 0e2d1f4cf4..429d385483 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.psm1 @@ -329,7 +329,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -367,11 +367,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOnlineVoiceUser/MSFT_TeamsOnlineVoiceUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOnlineVoiceUser/MSFT_TeamsOnlineVoiceUser.psm1 index a84ac3b2e5..73d5f8a1a2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOnlineVoiceUser/MSFT_TeamsOnlineVoiceUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOnlineVoiceUser/MSFT_TeamsOnlineVoiceUser.psm1 @@ -72,7 +72,7 @@ function Get-TargetResource if (-not [System.String]::IsNullOrEmpty($telephoneNumberValue)) { - $telephoneNumberValue = $telephoneNumberValue.Replace('tel:+','') + $telephoneNumberValue = $telephoneNumberValue.Replace('tel:+', '') } $numberAssignment = Get-CsPhoneNumberAssignment -AssignedPstnTargetId $Identity @@ -287,7 +287,7 @@ function Export-TargetResource try { $i = 1 - [array]$users = Get-CsOnlineUser -Filter {(FeatureTypes -contains 'PhoneSystem') -and (AccountEnabled -eq $True)} ` + [array]$users = Get-CsOnlineUser -Filter { (FeatureTypes -contains 'PhoneSystem') -and (AccountEnabled -eq $True) } ` -AccountType User ` -ErrorAction Stop $dscContent = '' @@ -322,7 +322,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkRegion/MSFT_TeamsTenantNetworkRegion.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkRegion/MSFT_TeamsTenantNetworkRegion.psm1 index 1b706d82e4..bf582ea221 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkRegion/MSFT_TeamsTenantNetworkRegion.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkRegion/MSFT_TeamsTenantNetworkRegion.psm1 @@ -316,7 +316,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -354,11 +354,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSite/MSFT_TeamsTenantNetworkSite.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSite/MSFT_TeamsTenantNetworkSite.psm1 index a9b020b8a5..9452d501e5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSite/MSFT_TeamsTenantNetworkSite.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSite/MSFT_TeamsTenantNetworkSite.psm1 @@ -394,7 +394,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -432,11 +432,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSubnet/MSFT_TeamsTenantNetworkSubnet.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSubnet/MSFT_TeamsTenantNetworkSubnet.psm1 index 674b1786bb..15b7746e24 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSubnet/MSFT_TeamsTenantNetworkSubnet.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSubnet/MSFT_TeamsTenantNetworkSubnet.psm1 @@ -329,7 +329,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -367,12 +367,12 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - MaskBits = $config.MaskBits - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + MaskBits = $config.MaskBits + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/MSFT_TeamsTenantTrustedIPAddress.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/MSFT_TeamsTenantTrustedIPAddress.psm1 index 3eeee77a2b..047bfbad73 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/MSFT_TeamsTenantTrustedIPAddress.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/MSFT_TeamsTenantTrustedIPAddress.psm1 @@ -37,24 +37,20 @@ function Get-TargetResource [System.String] $CertificateThumbprint ) -Write-Verbose -Message "Entering Get" + Write-Verbose -Message 'Get Teams Tenant Trusted IP Address settings' New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters | Out-Null - Write-Verbose -Message "Flag2" #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies - Write-Verbose -Message "Flag3" #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` -Parameters $PSBoundParameters - Write-Verbose -Message "Flag4" Add-M365DSCTelemetryEvent -Data $data - Write-Verbose -Message "Flag5" #endregion $nullResult = $PSBoundParameters @@ -65,7 +61,7 @@ Write-Verbose -Message "Entering Get" $instance = Get-CsTenantTrustedIPAddress -Identity $Identity -ErrorAction SilentlyContinue if ($null -eq $instance) { - Write-Verbose -Message "No instances found" + Write-Verbose -Message 'No instances found' return $nullResult } @@ -322,7 +318,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -360,11 +356,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/settings.json index 7975b3a1ee..0ae57a3dc3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/settings.json @@ -1,6 +1,5 @@ { "resourceName": "TeamsTenantTrustedIPAddress", "description": "As an Admin, you can use the Windows PowerShell command, New-CsTenantTrustedIPAddress to define external subnets and assign them to the tenant. You can define an unlimited number of external subnets for a tenant..", - "permissions":[] - + "permissions": [] } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTranslationRule/MSFT_TeamsTranslationRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTranslationRule/MSFT_TeamsTranslationRule.psm1 index 45acea956b..f6757f346a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTranslationRule/MSFT_TeamsTranslationRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTranslationRule/MSFT_TeamsTranslationRule.psm1 @@ -329,7 +329,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -367,11 +367,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUnassignedNumberTreatment/MSFT_TeamsUnassignedNumberTreatment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUnassignedNumberTreatment/MSFT_TeamsUnassignedNumberTreatment.psm1 index 9ee00bf512..2fe128ea70 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUnassignedNumberTreatment/MSFT_TeamsUnassignedNumberTreatment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUnassignedNumberTreatment/MSFT_TeamsUnassignedNumberTreatment.psm1 @@ -22,7 +22,7 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet("User", "ResourceAccount", "Announcement")] + [ValidateSet('User', 'ResourceAccount', 'Announcement')] $TargetType, [Parameter()] @@ -127,7 +127,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet("User", "ResourceAccount", "Announcement")] + [ValidateSet('User', 'ResourceAccount', 'Announcement')] $TargetType, [Parameter()] @@ -251,7 +251,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet("User", "ResourceAccount", "Announcement")] + [ValidateSet('User', 'ResourceAccount', 'Announcement')] $TargetType, [Parameter()] @@ -358,7 +358,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -396,11 +396,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 index 8aa7f855cc..82457932d9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 @@ -94,7 +94,7 @@ function Get-TargetResource } Write-Verbose -Message "Found Teams Update Management Policy with Identity {$Identity}" - $results = @{ + $results = @{ Identity = $policy.Identity Description = $policy.Description AllowManagedUpdates = $policy.AllowManagedUpdates diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUser/MSFT_TeamsUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUser/MSFT_TeamsUser.psm1 index 2babd4eb3c..1e2ca71be7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUser/MSFT_TeamsUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUser/MSFT_TeamsUser.psm1 @@ -379,7 +379,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.psm1 index 8b7d5e641d..d0c2c1cf56 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.psm1 @@ -399,7 +399,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsVdiPolicy/MSFT_TeamsVdiPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsVdiPolicy/MSFT_TeamsVdiPolicy.psm1 index 920304aa93..79535d140b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsVdiPolicy/MSFT_TeamsVdiPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsVdiPolicy/MSFT_TeamsVdiPolicy.psm1 @@ -316,7 +316,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -354,11 +354,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsWorkloadPolicy/MSFT_TeamsWorkloadPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsWorkloadPolicy/MSFT_TeamsWorkloadPolicy.psm1 index 96b554e74b..f43356e5b7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsWorkloadPolicy/MSFT_TeamsWorkloadPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsWorkloadPolicy/MSFT_TeamsWorkloadPolicy.psm1 @@ -77,7 +77,7 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' try { - $instance = Get-CsTeamsWorkloadPolicy -Identity $Identity -ErrorAction SilentlyContinue + $instance = Get-CsTeamsWorkLoadPolicy -Identity $Identity -ErrorAction SilentlyContinue if ($null -eq $instance) { return $nullResult @@ -214,7 +214,7 @@ function Set-TargetResource } } Write-Verbose -Message "Creating {$Identity} with Parameters:`r`n$(Convert-M365DscHashtableToString -Hashtable $CreateParameters)" - New-CsTeamsWorkloadPolicy @CreateParameters | Out-Null + New-CsTeamsWorkLoadPolicy @CreateParameters | Out-Null } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -234,12 +234,12 @@ function Set-TargetResource } } - Set-CsTeamsWorkloadPolicy @UpdateParameters | Out-Null + Set-CsTeamsWorkLoadPolicy @UpdateParameters | Out-Null } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$Identity}" - Remove-CsTeamsWorkloadPolicy -Identity $currentInstance.Identity + Remove-CsTeamsWorkLoadPolicy -Identity $currentInstance.Identity } } @@ -381,7 +381,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -398,7 +398,7 @@ function Export-TargetResource try { - [array]$getValue = Get-CsTeamsWorkloadPolicy -ErrorAction Stop + [array]$getValue = Get-CsTeamsWorkLoadPolicy -ErrorAction Stop $i = 1 $dscContent = '' @@ -419,11 +419,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } From cd8800122afc0b977b762e36d81e3eae855b3afc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Mon, 3 Apr 2023 09:29:41 +0200 Subject: [PATCH 148/187] changed displayname to be required --- .../MSFT_TeamsGroupPolicyAssignment.psm1 | 6 +++--- .../MSFT_TeamsGroupPolicyAssignment.schema.mof | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 index 9f200efe49..7b737d91ff 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 @@ -4,7 +4,7 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $GroupDisplayName, @@ -124,7 +124,7 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $GroupDisplayName, @@ -267,7 +267,7 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $GroupDisplayName, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof index ba45cfaecf..9c7e698a66 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("TeamsGroupPolicyAssignment")] class MSFT_TeamsGroupPolicyAssignment : OMI_BaseResource { - [Write, Description("Group Displayname of the group the policys are assigned to")] string GroupDisplayName; + [Key, Description("Group Displayname of the group the policys are assigned to")] string GroupDisplayName; [Key, Description("GroupId, alternatively to Group Displayname")] String GroupId; [Key, Description("Teams PolicyType. The type of the policy to be assigned. Possible values:"), ValueMap{"CallingLineIdentity","TeamsAppSetupPolicy","TeamsAudioConferencingPolicy","TeamsCallingPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TenantDialPlan","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVerticalPackagePolicy"}, Values{"CallingLineIdentity","TeamsAppSetupPolicy","TeamsAudioConferencingPolicy","TeamsCallingPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TenantDialPlan","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVerticalPackagePolicy"}] String PolicyType; [Write, Description("Teams PolicyName. The name of the policy to be assigned.")] string PolicyName; From 56ddc5721f6cba0119273bf436bded9f3a38595e Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Mon, 3 Apr 2023 11:31:26 +0100 Subject: [PATCH 149/187] Fixes extraction of the ScopedRoleMembers property Same as it was done on f60f2b9434db70f86374f9f2b22c612dc96549d8 for the Members property --- .../MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 964e6cd876..c234a9e994 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -984,7 +984,7 @@ function Export-TargetResource $complexMapping = @( @{ Name = 'RoleMemberInfo' - CimInstanceName = 'MicrosoftGraphIdentity' + CimInstanceName = 'MicrosoftGraphMember' } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.ScopedRoleMembers) ` From 39b07ef7e7577dc51ca84fb385523155281e788d Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Mon, 3 Apr 2023 11:37:48 +0100 Subject: [PATCH 150/187] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 41c2f4cde9..c58789e08e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ * AADAdministrativeUnit * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required * Fixes extraction of the Members property. + * Fixes extraction of the ScopedRoleMembers property. * AADApplication * [BREAKING CHANGE] Remove deprecated parameter Oauth2RequirePostResponse * AADConditionalAccessPolicy From d4b42eb0ec610d8021db16f961dd3b173c47ec53 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 3 Apr 2023 10:38:17 +0000 Subject: [PATCH 151/187] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/teams/TeamsGroupPolicyAssignment.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/docs/resources/teams/TeamsGroupPolicyAssignment.md b/docs/docs/resources/teams/TeamsGroupPolicyAssignment.md index c40402b662..9ff89bdf27 100644 --- a/docs/docs/resources/teams/TeamsGroupPolicyAssignment.md +++ b/docs/docs/resources/teams/TeamsGroupPolicyAssignment.md @@ -4,11 +4,11 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **GroupDisplayName** | Write | String | Group Displayname of the group the policys are assigned to | | -| **GroupId** | Write | String | GroupId, alternatively to Group Displayname | | -| **PolicyType** | Write | String | Teams PolicyType. The type of the policy to be assigned. Possible values: | `CallingLineIdentity`, `TeamsAppSetupPolicy`, `TeamsAudioConferencingPolicy`, `TeamsCallingPolicy`, `TeamsCallParkPolicy`, `TeamsChannelsPolicy`, `TeamsComplianceRecordingPolicy`, `TenantDialPlan`, `TeamsMeetingBroadcastPolicy`, `TeamsMeetingPolicy`, `TeamsMessagingPolicy`, `TeamsShiftsPolicy`, `TeamsUpdateManagementPolicy`, `TeamsVerticalPackagePolicy` | +| **GroupDisplayName** | Key | String | Group Displayname of the group the policys are assigned to | | +| **GroupId** | Key | String | GroupId, alternatively to Group Displayname | | +| **PolicyType** | Key | String | Teams PolicyType. The type of the policy to be assigned. Possible values: | `CallingLineIdentity`, `TeamsAppSetupPolicy`, `TeamsAudioConferencingPolicy`, `TeamsCallingPolicy`, `TeamsCallParkPolicy`, `TeamsChannelsPolicy`, `TeamsComplianceRecordingPolicy`, `TenantDialPlan`, `TeamsMeetingBroadcastPolicy`, `TeamsMeetingPolicy`, `TeamsMessagingPolicy`, `TeamsShiftsPolicy`, `TeamsUpdateManagementPolicy`, `TeamsVerticalPackagePolicy` | | **PolicyName** | Write | String | Teams PolicyName. The name of the policy to be assigned. | | -| **Priority** | Key | String | Teams Priority. The rank of the policy assignment, relative to other group policy assignments for the same policy type | | +| **Priority** | Write | String | Teams Priority. The rank of the policy assignment, relative to other group policy assignments for the same policy type | | | **Ensure** | Write | String | Present ensures the group policy assignment exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Teams Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | From 9c69d735bef7d74f7c85bb050dd1828e939a8789 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 3 Apr 2023 08:10:01 -0400 Subject: [PATCH 152/187] Update Unit Tests.yml --- .github/workflows/Unit Tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml index fb8c4eaa74..5e9c3b79c7 100644 --- a/.github/workflows/Unit Tests.yml +++ b/.github/workflows/Unit Tests.yml @@ -27,11 +27,11 @@ jobs: Write-Verbose -Message "Installing module: $($module.ModuleName)" if ($module.AllowPreRelease) { - Install-Module $module.ModuleName -AllowPreRelease -Force -Scope AllUsers + Install-Module $module.ModuleName -AllowPreRelease -Force -Scope CurrentUser } else { - Install-Module $module.ModuleName -RequiredVersion $module.RequiredVersion -Force -Scope AllUsers + Install-Module $module.ModuleName -RequiredVersion $module.RequiredVersion -Force -Scope CurrentUser } Import-Module $module.ModuleName -Force } From 50a6c0f228735fe850c8ffb0553ba499211e0d47 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 3 Apr 2023 08:43:24 -0400 Subject: [PATCH 153/187] Update Unit Tests.yml --- .github/workflows/Unit Tests.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml index 5e9c3b79c7..fc631c3dfe 100644 --- a/.github/workflows/Unit Tests.yml +++ b/.github/workflows/Unit Tests.yml @@ -19,19 +19,19 @@ jobs: - name: Install Modules shell: pwsh run: | - $VerbosePreference = 'Continue' + Install-Module PowerShellGet -Force -Scope AllUsers $Manifest = Import-PowerShellDataFile './Modules/Microsoft365DSC/Dependencies/Manifest.psd1' foreach ($module in $Manifest.Dependencies) { - Write-Verbose -Message "Installing module: $($module.ModuleName)" + Write-Host -Message "Installing module: $($module.ModuleName)" if ($module.AllowPreRelease) { - Install-Module $module.ModuleName -AllowPreRelease -Force -Scope CurrentUser + Install-Module $module.ModuleName -AllowPreRelease -Force -Scope AllUsers } else { - Install-Module $module.ModuleName -RequiredVersion $module.RequiredVersion -Force -Scope CurrentUser + Install-Module $module.ModuleName -RequiredVersion $module.RequiredVersion -Force -Scope AllUsers } Import-Module $module.ModuleName -Force } From e59444ac89a4124546dd317682d8b02a897b5ae6 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 3 Apr 2023 09:00:57 -0400 Subject: [PATCH 154/187] Update Unit Tests.yml --- .github/workflows/Unit Tests.yml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml index fc631c3dfe..8c4294a1ff 100644 --- a/.github/workflows/Unit Tests.yml +++ b/.github/workflows/Unit Tests.yml @@ -19,23 +19,6 @@ jobs: - name: Install Modules shell: pwsh run: | - Install-Module PowerShellGet -Force -Scope AllUsers - $Manifest = Import-PowerShellDataFile './Modules/Microsoft365DSC/Dependencies/Manifest.psd1' - - foreach ($module in $Manifest.Dependencies) - { - Write-Host -Message "Installing module: $($module.ModuleName)" - if ($module.AllowPreRelease) - { - Install-Module $module.ModuleName -AllowPreRelease -Force -Scope AllUsers - } - else - { - Install-Module $module.ModuleName -RequiredVersion $module.RequiredVersion -Force -Scope AllUsers - } - Import-Module $module.ModuleName -Force - } - Install-Module PSDesiredStateConfiguration -Force -Scope AllUsers Install-Module Pester -Force -SkipPublisherCheck -RequiredVersion 5.4.0 -Scope AllUsers [System.Environment]::SetEnvironmentVariable('M365DSCTelemetryEnabled', $false, [System.EnvironmentVariableTarget]::Machine); From 4b1319448303fe47b52f948dcc6c2ace9fca3b39 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 3 Apr 2023 09:16:50 -0400 Subject: [PATCH 155/187] Update Unit Tests.yml --- .github/workflows/Unit Tests.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml index 8c4294a1ff..a75a04b86f 100644 --- a/.github/workflows/Unit Tests.yml +++ b/.github/workflows/Unit Tests.yml @@ -19,6 +19,31 @@ jobs: - name: Install Modules shell: pwsh run: | + $Manifest = Import-PowerShellDataFile './Modules/Microsoft365DSC/Dependencies/Manifest.psd1' + + foreach ($module in $Manifest.Dependencies) + { + Write-Verbose -Message "Installing module: $($module.ModuleName)" + if ($module.AllowPreRelease) + { + try + { + Install-Module $module.ModuleName -AllowPreRelease -Force -Scope AllUsers + } + catch + {} + } + else + { + try + { + Install-Module $module.ModuleName -RequiredVersion $module.RequiredVersion -Force -Scope AllUsers + } + catch + {} + } + Import-Module $module.ModuleName -Force + } Install-Module PSDesiredStateConfiguration -Force -Scope AllUsers Install-Module Pester -Force -SkipPublisherCheck -RequiredVersion 5.4.0 -Scope AllUsers [System.Environment]::SetEnvironmentVariable('M365DSCTelemetryEnabled', $false, [System.EnvironmentVariableTarget]::Machine); From d54090f8a6e7d3b01b9c6f8662a175e15beafb9f Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 3 Apr 2023 09:44:29 -0400 Subject: [PATCH 156/187] Update Unit Tests.yml --- .github/workflows/Unit Tests.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml index a75a04b86f..b300becfad 100644 --- a/.github/workflows/Unit Tests.yml +++ b/.github/workflows/Unit Tests.yml @@ -42,7 +42,6 @@ jobs: catch {} } - Import-Module $module.ModuleName -Force } Install-Module PSDesiredStateConfiguration -Force -Scope AllUsers Install-Module Pester -Force -SkipPublisherCheck -RequiredVersion 5.4.0 -Scope AllUsers From b1888d3c85af5d77122d21cd8fc556182898a073 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 3 Apr 2023 16:31:30 +0200 Subject: [PATCH 157/187] Added missing Write-Host mocks --- ResourceGenerator/UnitTest.Template.ps1 | 32 +- ...tManagementConnectedOrganization.Tests.ps1 | 4 + ...iveryOptimizationPolicyWindows10.Tests.ps1 | 620 +-- ...ndpointProtectionPolicyWindows10.Tests.ps1 | 4 + ...ringConfigurationPolicyWindows10.Tests.ps1 | 4 + ...dentityProtectionPolicyWindows10.Tests.ps1 | 328 +- ...onNetworkBoundaryPolicyWindows10.Tests.ps1 | 386 +- ...viceConfigurationPolicyWindows10.Tests.ps1 | 4548 +++++++++-------- ...iceEnrollmentStatusPageWindows10.Tests.ps1 | 7 +- ...oymentProfileAzureADHybridJoined.Tests.ps1 | 430 +- ...otDeploymentProfileAzureADJoined.Tests.ps1 | 422 +- 11 files changed, 3415 insertions(+), 3370 deletions(-) diff --git a/ResourceGenerator/UnitTest.Template.ps1 b/ResourceGenerator/UnitTest.Template.ps1 index cbf96dc247..b0a2947103 100644 --- a/ResourceGenerator/UnitTest.Template.ps1 +++ b/ResourceGenerator/UnitTest.Template.ps1 @@ -2,16 +2,16 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` + -ChildPath '..\..\Unit' ` -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` + -ChildPath '\Stubs\Microsoft365.psm1' ` -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` + -ChildPath '\Stubs\Generic.psm1' ` -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` @@ -22,7 +22,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -44,6 +44,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { } } # Test contexts @@ -58,7 +62,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -73,7 +77,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name "The exists but it SHOULD NOT" -Fixture { BeforeAll { $testParams = @{ - Ensure = "Absent" + Ensure = 'Absent' Credential = $Credential; } @@ -84,7 +88,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -100,7 +104,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name "The Exists and Values are already in the desired state" -Fixture { BeforeAll { $testParams = @{ - Ensure = "Present" + Ensure = 'Present' Credential = $Credential; } @@ -120,7 +124,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name "The exists and values are NOT in the desired state" -Fixture { BeforeAll { $testParams = @{ - Ensure = "Present" + Ensure = 'Present' Credential = $Credential; } @@ -130,7 +134,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -138,13 +142,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -158,7 +162,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 index a926b208eb..586fc6ae8c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 @@ -57,6 +57,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } # Test contexts Context -Name "The AADEntitlementManagementConnectedOrganization should exist but it DOES NOT" -Fixture { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.Tests.ps1 index 0b637a7706..17f46406e1 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10" -GenericStubModule $GenericStubPath + -DscResource 'IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -43,68 +43,72 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts - Context -Name "The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ - maximumBackgroundBandwidthPercentage = 25 - bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 - } -ClientOnly) - bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ + maximumBackgroundBandwidthPercentage = 25 + bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + maximumForegroundBandwidthPercentage = 25 + odataType = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } -ClientOnly) - maximumForegroundBandwidthPercentage = 25 - odataType = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" - } -ClientOnly) cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 25 cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 25 - cacheServerHostNames = @("FakeStringValue") - deliveryOptimizationMode = "userDefined" - description = "FakeStringValue" - displayName = "FakeStringValue" - groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - odataType = "#microsoft.graph.deliveryOptimizationGroupIdCustom" - } -ClientOnly) - id = "FakeStringValue" - maximumCacheAgeInDays = 25 - maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ - odataType = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" - maximumCacheSizePercentage = 25 - } -ClientOnly) - minimumBatteryPercentageAllowedToUpload = 25 - minimumDiskSizeAllowedToPeerInGigabytes = 25 - minimumFileSizeToCacheInMegabytes = 25 - minimumRamAllowedToPeerInGigabytes = 25 - modifyCacheLocation = "FakeStringValue" - restrictPeerSelectionBy = "notConfigured" - supportsScopeTags = $True - vpnPeerCaching = "notConfigured" - Ensure = "Present" - Credential = $Credential; + cacheServerHostNames = @('FakeStringValue') + deliveryOptimizationMode = 'userDefined' + description = 'FakeStringValue' + displayName = 'FakeStringValue' + groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + odataType = '#microsoft.graph.deliveryOptimizationGroupIdCustom' + } -ClientOnly) + id = 'FakeStringValue' + maximumCacheAgeInDays = 25 + maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ + odataType = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' + maximumCacheSizePercentage = 25 + } -ClientOnly) + minimumBatteryPercentageAllowedToUpload = 25 + minimumDiskSizeAllowedToPeerInGigabytes = 25 + minimumFileSizeToCacheInMegabytes = 25 + minimumRamAllowedToPeerInGigabytes = 25 + modifyCacheLocation = 'FakeStringValue' + restrictPeerSelectionBy = 'notConfigured' + supportsScopeTags = $True + vpnPeerCaching = 'notConfigured' + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -116,108 +120,108 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ - maximumBackgroundBandwidthPercentage = 25 - bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 - } -ClientOnly) - bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ + maximumBackgroundBandwidthPercentage = 25 + bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + maximumForegroundBandwidthPercentage = 25 + odataType = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } -ClientOnly) - maximumForegroundBandwidthPercentage = 25 - odataType = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" - } -ClientOnly) cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 25 cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 25 - cacheServerHostNames = @("FakeStringValue") - deliveryOptimizationMode = "userDefined" - description = "FakeStringValue" - displayName = "FakeStringValue" - groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - odataType = "#microsoft.graph.deliveryOptimizationGroupIdCustom" - } -ClientOnly) - id = "FakeStringValue" - maximumCacheAgeInDays = 25 - maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ - odataType = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" - maximumCacheSizePercentage = 25 - } -ClientOnly) - minimumBatteryPercentageAllowedToUpload = 25 - minimumDiskSizeAllowedToPeerInGigabytes = 25 - minimumFileSizeToCacheInMegabytes = 25 - minimumRamAllowedToPeerInGigabytes = 25 - modifyCacheLocation = "FakeStringValue" - restrictPeerSelectionBy = "notConfigured" - supportsScopeTags = $True - vpnPeerCaching = "notConfigured" - Ensure = "Absent" - Credential = $Credential; + cacheServerHostNames = @('FakeStringValue') + deliveryOptimizationMode = 'userDefined' + description = 'FakeStringValue' + displayName = 'FakeStringValue' + groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + odataType = '#microsoft.graph.deliveryOptimizationGroupIdCustom' + } -ClientOnly) + id = 'FakeStringValue' + maximumCacheAgeInDays = 25 + maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ + odataType = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' + maximumCacheSizePercentage = 25 + } -ClientOnly) + minimumBatteryPercentageAllowedToUpload = 25 + minimumDiskSizeAllowedToPeerInGigabytes = 25 + minimumFileSizeToCacheInMegabytes = 25 + minimumRamAllowedToPeerInGigabytes = 25 + modifyCacheLocation = 'FakeStringValue' + restrictPeerSelectionBy = 'notConfigured' + supportsScopeTags = $True + vpnPeerCaching = 'notConfigured' + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 25 - maximumCacheAgeInDays = 25 - cacheServerHostNames = @("FakeStringValue") - groupIdSource = @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - '@odata.type' = "#microsoft.graph.deliveryOptimizationGroupIdCustom" + maximumCacheAgeInDays = 25 + cacheServerHostNames = @('FakeStringValue') + groupIdSource = @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + '@odata.type' = '#microsoft.graph.deliveryOptimizationGroupIdCustom' } - vpnPeerCaching = "notConfigured" - minimumFileSizeToCacheInMegabytes = 25 - maximumCacheSize = @{ - '@odata.type' = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" + vpnPeerCaching = 'notConfigured' + minimumFileSizeToCacheInMegabytes = 25 + maximumCacheSize = @{ + '@odata.type' = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' maximumCacheSizePercentage = 25 } - '@odata.type' = "#microsoft.graph.windowsDeliveryOptimizationConfiguration" - minimumBatteryPercentageAllowedToUpload = 25 - minimumRamAllowedToPeerInGigabytes = 25 + '@odata.type' = '#microsoft.graph.windowsDeliveryOptimizationConfiguration' + minimumBatteryPercentageAllowedToUpload = 25 + minimumRamAllowedToPeerInGigabytes = 25 cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 25 - deliveryOptimizationMode = "userDefined" - modifyCacheLocation = "FakeStringValue" - bandwidthMode = @{ + deliveryOptimizationMode = 'userDefined' + modifyCacheLocation = 'FakeStringValue' + bandwidthMode = @{ maximumBackgroundBandwidthPercentage = 25 - bandwidthForegroundPercentageHours = @{ - bandwidthBeginBusinessHours = 25 + bandwidthForegroundPercentageHours = @{ + bandwidthBeginBusinessHours = 25 bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 } - bandwidthBackgroundPercentageHours = @{ - bandwidthBeginBusinessHours = 25 + bandwidthBackgroundPercentageHours = @{ + bandwidthBeginBusinessHours = 25 bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 } maximumForegroundBandwidthPercentage = 25 - '@odata.type' = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" + '@odata.type' = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } - minimumDiskSizeAllowedToPeerInGigabytes = 25 - restrictPeerSelectionBy = "notConfigured" + minimumDiskSizeAllowedToPeerInGigabytes = 25 + restrictPeerSelectionBy = 'notConfigured' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -230,102 +234,102 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ - maximumBackgroundBandwidthPercentage = 25 - bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 - } -ClientOnly) - bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ + maximumBackgroundBandwidthPercentage = 25 + bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + maximumForegroundBandwidthPercentage = 25 + odataType = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } -ClientOnly) - maximumForegroundBandwidthPercentage = 25 - odataType = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" - } -ClientOnly) cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 25 cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 25 - cacheServerHostNames = @("FakeStringValue") - deliveryOptimizationMode = "userDefined" - description = "FakeStringValue" - displayName = "FakeStringValue" - groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - odataType = "#microsoft.graph.deliveryOptimizationGroupIdCustom" - } -ClientOnly) - id = "FakeStringValue" - maximumCacheAgeInDays = 25 - maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ - odataType = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" - maximumCacheSizePercentage = 25 - } -ClientOnly) - minimumBatteryPercentageAllowedToUpload = 25 - minimumDiskSizeAllowedToPeerInGigabytes = 25 - minimumFileSizeToCacheInMegabytes = 25 - minimumRamAllowedToPeerInGigabytes = 25 - modifyCacheLocation = "FakeStringValue" - restrictPeerSelectionBy = "notConfigured" - supportsScopeTags = $True - vpnPeerCaching = "notConfigured" - Ensure = "Present" - Credential = $Credential; + cacheServerHostNames = @('FakeStringValue') + deliveryOptimizationMode = 'userDefined' + description = 'FakeStringValue' + displayName = 'FakeStringValue' + groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + odataType = '#microsoft.graph.deliveryOptimizationGroupIdCustom' + } -ClientOnly) + id = 'FakeStringValue' + maximumCacheAgeInDays = 25 + maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ + odataType = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' + maximumCacheSizePercentage = 25 + } -ClientOnly) + minimumBatteryPercentageAllowedToUpload = 25 + minimumDiskSizeAllowedToPeerInGigabytes = 25 + minimumFileSizeToCacheInMegabytes = 25 + minimumRamAllowedToPeerInGigabytes = 25 + modifyCacheLocation = 'FakeStringValue' + restrictPeerSelectionBy = 'notConfigured' + supportsScopeTags = $True + vpnPeerCaching = 'notConfigured' + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 25 - maximumCacheAgeInDays = 25 - cacheServerHostNames = @("FakeStringValue") - groupIdSource = @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - '@odata.type' = "#microsoft.graph.deliveryOptimizationGroupIdCustom" + maximumCacheAgeInDays = 25 + cacheServerHostNames = @('FakeStringValue') + groupIdSource = @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + '@odata.type' = '#microsoft.graph.deliveryOptimizationGroupIdCustom' } - vpnPeerCaching = "notConfigured" - minimumFileSizeToCacheInMegabytes = 25 - maximumCacheSize = @{ - '@odata.type' = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" + vpnPeerCaching = 'notConfigured' + minimumFileSizeToCacheInMegabytes = 25 + maximumCacheSize = @{ + '@odata.type' = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' maximumCacheSizePercentage = 25 } - '@odata.type' = "#microsoft.graph.windowsDeliveryOptimizationConfiguration" - minimumBatteryPercentageAllowedToUpload = 25 - minimumRamAllowedToPeerInGigabytes = 25 + '@odata.type' = '#microsoft.graph.windowsDeliveryOptimizationConfiguration' + minimumBatteryPercentageAllowedToUpload = 25 + minimumRamAllowedToPeerInGigabytes = 25 cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 25 - deliveryOptimizationMode = "userDefined" - modifyCacheLocation = "FakeStringValue" - bandwidthMode = @{ + deliveryOptimizationMode = 'userDefined' + modifyCacheLocation = 'FakeStringValue' + bandwidthMode = @{ maximumBackgroundBandwidthPercentage = 25 - bandwidthForegroundPercentageHours = @{ - bandwidthBeginBusinessHours = 25 + bandwidthForegroundPercentageHours = @{ + bandwidthBeginBusinessHours = 25 bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 } - bandwidthBackgroundPercentageHours = @{ - bandwidthBeginBusinessHours = 25 + bandwidthBackgroundPercentageHours = @{ + bandwidthBeginBusinessHours = 25 bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 } maximumForegroundBandwidthPercentage = 25 - '@odata.type' = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" + '@odata.type' = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } - minimumDiskSizeAllowedToPeerInGigabytes = 25 - restrictPeerSelectionBy = "notConfigured" + minimumDiskSizeAllowedToPeerInGigabytes = 25 + restrictPeerSelectionBy = 'notConfigured' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } @@ -337,106 +341,106 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ - maximumBackgroundBandwidthPercentage = 25 - bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 - } -ClientOnly) - bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ + maximumBackgroundBandwidthPercentage = 25 + bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + maximumForegroundBandwidthPercentage = 25 + odataType = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } -ClientOnly) - maximumForegroundBandwidthPercentage = 25 - odataType = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" - } -ClientOnly) cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 25 cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 25 - cacheServerHostNames = @("FakeStringValue") - deliveryOptimizationMode = "userDefined" - description = "FakeStringValue" - displayName = "FakeStringValue" - groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - odataType = "#microsoft.graph.deliveryOptimizationGroupIdCustom" - } -ClientOnly) - id = "FakeStringValue" - maximumCacheAgeInDays = 25 - maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ - odataType = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" - maximumCacheSizePercentage = 25 - } -ClientOnly) - minimumBatteryPercentageAllowedToUpload = 25 - minimumDiskSizeAllowedToPeerInGigabytes = 25 - minimumFileSizeToCacheInMegabytes = 25 - minimumRamAllowedToPeerInGigabytes = 25 - modifyCacheLocation = "FakeStringValue" - restrictPeerSelectionBy = "notConfigured" - supportsScopeTags = $True - vpnPeerCaching = "notConfigured" - Ensure = "Present" - Credential = $Credential; + cacheServerHostNames = @('FakeStringValue') + deliveryOptimizationMode = 'userDefined' + description = 'FakeStringValue' + displayName = 'FakeStringValue' + groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + odataType = '#microsoft.graph.deliveryOptimizationGroupIdCustom' + } -ClientOnly) + id = 'FakeStringValue' + maximumCacheAgeInDays = 25 + maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ + odataType = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' + maximumCacheSizePercentage = 25 + } -ClientOnly) + minimumBatteryPercentageAllowedToUpload = 25 + minimumDiskSizeAllowedToPeerInGigabytes = 25 + minimumFileSizeToCacheInMegabytes = 25 + minimumRamAllowedToPeerInGigabytes = 25 + modifyCacheLocation = 'FakeStringValue' + restrictPeerSelectionBy = 'notConfigured' + supportsScopeTags = $True + vpnPeerCaching = 'notConfigured' + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 7 - maximumCacheAgeInDays = 7 - cacheServerHostNames = @("FakeStringValue") - groupIdSource = @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - '@odata.type' = "#microsoft.graph.deliveryOptimizationGroupIdCustom" + maximumCacheAgeInDays = 7 + cacheServerHostNames = @('FakeStringValue') + groupIdSource = @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + '@odata.type' = '#microsoft.graph.deliveryOptimizationGroupIdCustom' } - vpnPeerCaching = "notConfigured" - minimumFileSizeToCacheInMegabytes = 7 - maximumCacheSize = @{ - '@odata.type' = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" + vpnPeerCaching = 'notConfigured' + minimumFileSizeToCacheInMegabytes = 7 + maximumCacheSize = @{ + '@odata.type' = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' maximumCacheSizePercentage = 7 } - '@odata.type' = "#microsoft.graph.windowsDeliveryOptimizationConfiguration" - minimumBatteryPercentageAllowedToUpload = 7 - minimumRamAllowedToPeerInGigabytes = 7 + '@odata.type' = '#microsoft.graph.windowsDeliveryOptimizationConfiguration' + minimumBatteryPercentageAllowedToUpload = 7 + minimumRamAllowedToPeerInGigabytes = 7 cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 7 - deliveryOptimizationMode = "userDefined" - modifyCacheLocation = "FakeStringValue" - bandwidthMode = @{ + deliveryOptimizationMode = 'userDefined' + modifyCacheLocation = 'FakeStringValue' + bandwidthMode = @{ maximumBackgroundBandwidthPercentage = 7 - bandwidthForegroundPercentageHours = @{ - bandwidthBeginBusinessHours = 7 + bandwidthForegroundPercentageHours = @{ + bandwidthBeginBusinessHours = 7 bandwidthPercentageOutsideBusinessHours = 7 - bandwidthPercentageDuringBusinessHours = 7 - bandwidthEndBusinessHours = 7 + bandwidthPercentageDuringBusinessHours = 7 + bandwidthEndBusinessHours = 7 } - bandwidthBackgroundPercentageHours = @{ - bandwidthBeginBusinessHours = 7 + bandwidthBackgroundPercentageHours = @{ + bandwidthBeginBusinessHours = 7 bandwidthPercentageOutsideBusinessHours = 7 - bandwidthPercentageDuringBusinessHours = 7 - bandwidthEndBusinessHours = 7 + bandwidthPercentageDuringBusinessHours = 7 + bandwidthEndBusinessHours = 7 } maximumForegroundBandwidthPercentage = 7 - '@odata.type' = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" + '@odata.type' = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } - minimumDiskSizeAllowedToPeerInGigabytes = 7 - restrictPeerSelectionBy = "notConfigured" + minimumDiskSizeAllowedToPeerInGigabytes = 7 + restrictPeerSelectionBy = 'notConfigured' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -444,13 +448,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -462,54 +466,54 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return @{ AdditionalProperties = @{ cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 25 - maximumCacheAgeInDays = 25 - cacheServerHostNames = @("FakeStringValue") - groupIdSource = @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - '@odata.type' = "#microsoft.graph.deliveryOptimizationGroupIdCustom" + maximumCacheAgeInDays = 25 + cacheServerHostNames = @('FakeStringValue') + groupIdSource = @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + '@odata.type' = '#microsoft.graph.deliveryOptimizationGroupIdCustom' } - vpnPeerCaching = "notConfigured" - minimumFileSizeToCacheInMegabytes = 25 - maximumCacheSize = @{ - '@odata.type' = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" + vpnPeerCaching = 'notConfigured' + minimumFileSizeToCacheInMegabytes = 25 + maximumCacheSize = @{ + '@odata.type' = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' maximumCacheSizePercentage = 25 } - '@odata.type' = "#microsoft.graph.windowsDeliveryOptimizationConfiguration" - minimumBatteryPercentageAllowedToUpload = 25 - minimumRamAllowedToPeerInGigabytes = 25 + '@odata.type' = '#microsoft.graph.windowsDeliveryOptimizationConfiguration' + minimumBatteryPercentageAllowedToUpload = 25 + minimumRamAllowedToPeerInGigabytes = 25 cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 25 - deliveryOptimizationMode = "userDefined" - modifyCacheLocation = "FakeStringValue" - bandwidthMode = @{ + deliveryOptimizationMode = 'userDefined' + modifyCacheLocation = 'FakeStringValue' + bandwidthMode = @{ maximumBackgroundBandwidthPercentage = 25 - bandwidthForegroundPercentageHours = @{ - bandwidthBeginBusinessHours = 25 + bandwidthForegroundPercentageHours = @{ + bandwidthBeginBusinessHours = 25 bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 } - bandwidthBackgroundPercentageHours = @{ - bandwidthBeginBusinessHours = 25 + bandwidthBackgroundPercentageHours = @{ + bandwidthBeginBusinessHours = 25 bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 } maximumForegroundBandwidthPercentage = 25 - '@odata.type' = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" + '@odata.type' = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } - minimumDiskSizeAllowedToPeerInGigabytes = 25 - restrictPeerSelectionBy = "notConfigured" + minimumDiskSizeAllowedToPeerInGigabytes = 25 + restrictPeerSelectionBy = 'notConfigured' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.Tests.ps1 index 534e72e587..2ec5c7a8ab 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.Tests.ps1 @@ -49,7 +49,11 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts Context -Name "The IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 should exist but it DOES NOT" -Fixture { BeforeAll { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 index f08ec76c05..df80038317 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 @@ -49,7 +49,11 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts Context -Name 'The IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 index be960b0c79..4e1a04345f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneDeviceConfigurationIdentityProtectionPolicyWindows10" -GenericStubModule $GenericStubPath + -DscResource 'IntuneDeviceConfigurationIdentityProtectionPolicyWindows10' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -43,44 +43,48 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts - Context -Name "The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' EnhancedAntiSpoofingForFacialFeaturesEnabled = $True - Id = "FakeStringValue" - PinExpirationInDays = 25 - PinLowercaseCharactersUsage = "blocked" - PinMaximumLength = 25 - PinMinimumLength = 25 - PinPreviousBlockCount = 25 - PinRecoveryEnabled = $True - PinSpecialCharactersUsage = "blocked" - PinUppercaseCharactersUsage = "blocked" - SecurityDeviceRequired = $True - SupportsScopeTags = $True - UnlockWithBiometricsEnabled = $True - UseCertificatesForOnPremisesAuthEnabled = $True - UseSecurityKeyForSignin = $True - WindowsHelloForBusinessBlocked = $True - Ensure = "Present" - Credential = $Credential; + Id = 'FakeStringValue' + PinExpirationInDays = 25 + PinLowercaseCharactersUsage = 'blocked' + PinMaximumLength = 25 + PinMinimumLength = 25 + PinPreviousBlockCount = 25 + PinRecoveryEnabled = $True + PinSpecialCharactersUsage = 'blocked' + PinUppercaseCharactersUsage = 'blocked' + SecurityDeviceRequired = $True + SupportsScopeTags = $True + UnlockWithBiometricsEnabled = $True + UseCertificatesForOnPremisesAuthEnabled = $True + UseSecurityKeyForSignin = $True + WindowsHelloForBusinessBlocked = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -92,60 +96,60 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' EnhancedAntiSpoofingForFacialFeaturesEnabled = $True - Id = "FakeStringValue" - PinExpirationInDays = 25 - PinLowercaseCharactersUsage = "blocked" - PinMaximumLength = 25 - PinMinimumLength = 25 - PinPreviousBlockCount = 25 - PinRecoveryEnabled = $True - PinSpecialCharactersUsage = "blocked" - PinUppercaseCharactersUsage = "blocked" - SecurityDeviceRequired = $True - SupportsScopeTags = $True - UnlockWithBiometricsEnabled = $True - UseCertificatesForOnPremisesAuthEnabled = $True - UseSecurityKeyForSignin = $True - WindowsHelloForBusinessBlocked = $True - Ensure = "Absent" - Credential = $Credential; + Id = 'FakeStringValue' + PinExpirationInDays = 25 + PinLowercaseCharactersUsage = 'blocked' + PinMaximumLength = 25 + PinMinimumLength = 25 + PinPreviousBlockCount = 25 + PinRecoveryEnabled = $True + PinSpecialCharactersUsage = 'blocked' + PinUppercaseCharactersUsage = 'blocked' + SecurityDeviceRequired = $True + SupportsScopeTags = $True + UnlockWithBiometricsEnabled = $True + UseCertificatesForOnPremisesAuthEnabled = $True + UseSecurityKeyForSignin = $True + WindowsHelloForBusinessBlocked = $True + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - pinRecoveryEnabled = $True - pinExpirationInDays = 25 - pinMinimumLength = 25 - securityDeviceRequired = $True - useCertificatesForOnPremisesAuthEnabled = $True - unlockWithBiometricsEnabled = $True - '@odata.type' = "#microsoft.graph.windowsIdentityProtectionConfiguration" - pinLowercaseCharactersUsage = "blocked" - pinPreviousBlockCount = 25 - windowsHelloForBusinessBlocked = $True - useSecurityKeyForSignin = $True - pinSpecialCharactersUsage = "blocked" - pinMaximumLength = 25 + pinRecoveryEnabled = $True + pinExpirationInDays = 25 + pinMinimumLength = 25 + securityDeviceRequired = $True + useCertificatesForOnPremisesAuthEnabled = $True + unlockWithBiometricsEnabled = $True + '@odata.type' = '#microsoft.graph.windowsIdentityProtectionConfiguration' + pinLowercaseCharactersUsage = 'blocked' + pinPreviousBlockCount = 25 + windowsHelloForBusinessBlocked = $True + useSecurityKeyForSignin = $True + pinSpecialCharactersUsage = 'blocked' + pinMaximumLength = 25 enhancedAntiSpoofingForFacialFeaturesEnabled = $True - pinUppercaseCharactersUsage = "blocked" + pinUppercaseCharactersUsage = 'blocked' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - SupportsScopeTags = $True + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + SupportsScopeTags = $True } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -158,54 +162,54 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' EnhancedAntiSpoofingForFacialFeaturesEnabled = $True - Id = "FakeStringValue" - PinExpirationInDays = 25 - PinLowercaseCharactersUsage = "blocked" - PinMaximumLength = 25 - PinMinimumLength = 25 - PinPreviousBlockCount = 25 - PinRecoveryEnabled = $True - PinSpecialCharactersUsage = "blocked" - PinUppercaseCharactersUsage = "blocked" - SecurityDeviceRequired = $True - SupportsScopeTags = $True - UnlockWithBiometricsEnabled = $True - UseCertificatesForOnPremisesAuthEnabled = $True - UseSecurityKeyForSignin = $True - WindowsHelloForBusinessBlocked = $True - Ensure = "Present" - Credential = $Credential; + Id = 'FakeStringValue' + PinExpirationInDays = 25 + PinLowercaseCharactersUsage = 'blocked' + PinMaximumLength = 25 + PinMinimumLength = 25 + PinPreviousBlockCount = 25 + PinRecoveryEnabled = $True + PinSpecialCharactersUsage = 'blocked' + PinUppercaseCharactersUsage = 'blocked' + SecurityDeviceRequired = $True + SupportsScopeTags = $True + UnlockWithBiometricsEnabled = $True + UseCertificatesForOnPremisesAuthEnabled = $True + UseSecurityKeyForSignin = $True + WindowsHelloForBusinessBlocked = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - pinRecoveryEnabled = $True - pinExpirationInDays = 25 - pinMinimumLength = 25 - securityDeviceRequired = $True - useCertificatesForOnPremisesAuthEnabled = $True - unlockWithBiometricsEnabled = $True - '@odata.type' = "#microsoft.graph.windowsIdentityProtectionConfiguration" - pinLowercaseCharactersUsage = "blocked" - pinPreviousBlockCount = 25 - windowsHelloForBusinessBlocked = $True - useSecurityKeyForSignin = $True - pinSpecialCharactersUsage = "blocked" - pinMaximumLength = 25 + pinRecoveryEnabled = $True + pinExpirationInDays = 25 + pinMinimumLength = 25 + securityDeviceRequired = $True + useCertificatesForOnPremisesAuthEnabled = $True + unlockWithBiometricsEnabled = $True + '@odata.type' = '#microsoft.graph.windowsIdentityProtectionConfiguration' + pinLowercaseCharactersUsage = 'blocked' + pinPreviousBlockCount = 25 + windowsHelloForBusinessBlocked = $True + useSecurityKeyForSignin = $True + pinSpecialCharactersUsage = 'blocked' + pinMaximumLength = 25 enhancedAntiSpoofingForFacialFeaturesEnabled = $True - pinUppercaseCharactersUsage = "blocked" + pinUppercaseCharactersUsage = 'blocked' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - SupportsScopeTags = $True + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + SupportsScopeTags = $True } } @@ -217,51 +221,51 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' EnhancedAntiSpoofingForFacialFeaturesEnabled = $True - Id = "FakeStringValue" - PinExpirationInDays = 25 - PinLowercaseCharactersUsage = "blocked" - PinMaximumLength = 25 - PinMinimumLength = 25 - PinPreviousBlockCount = 25 - PinRecoveryEnabled = $True - PinSpecialCharactersUsage = "blocked" - PinUppercaseCharactersUsage = "blocked" - SecurityDeviceRequired = $True - SupportsScopeTags = $True - UnlockWithBiometricsEnabled = $True - UseCertificatesForOnPremisesAuthEnabled = $True - UseSecurityKeyForSignin = $True - WindowsHelloForBusinessBlocked = $True - Ensure = "Present" - Credential = $Credential; + Id = 'FakeStringValue' + PinExpirationInDays = 25 + PinLowercaseCharactersUsage = 'blocked' + PinMaximumLength = 25 + PinMinimumLength = 25 + PinPreviousBlockCount = 25 + PinRecoveryEnabled = $True + PinSpecialCharactersUsage = 'blocked' + PinUppercaseCharactersUsage = 'blocked' + SecurityDeviceRequired = $True + SupportsScopeTags = $True + UnlockWithBiometricsEnabled = $True + UseCertificatesForOnPremisesAuthEnabled = $True + UseSecurityKeyForSignin = $True + WindowsHelloForBusinessBlocked = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.windowsIdentityProtectionConfiguration" - pinUppercaseCharactersUsage = "blocked" - pinPreviousBlockCount = 7 - pinMinimumLength = 7 - pinSpecialCharactersUsage = "blocked" - pinExpirationInDays = 7 - pinLowercaseCharactersUsage = "blocked" - pinMaximumLength = 7 + '@odata.type' = '#microsoft.graph.windowsIdentityProtectionConfiguration' + pinUppercaseCharactersUsage = 'blocked' + pinPreviousBlockCount = 7 + pinMinimumLength = 7 + pinSpecialCharactersUsage = 'blocked' + pinExpirationInDays = 7 + pinLowercaseCharactersUsage = 'blocked' + pinMaximumLength = 7 } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -269,13 +273,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -286,31 +290,31 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - pinRecoveryEnabled = $True - pinExpirationInDays = 25 - pinMinimumLength = 25 - securityDeviceRequired = $True - useCertificatesForOnPremisesAuthEnabled = $True - unlockWithBiometricsEnabled = $True - '@odata.type' = "#microsoft.graph.windowsIdentityProtectionConfiguration" - pinLowercaseCharactersUsage = "blocked" - pinPreviousBlockCount = 25 - windowsHelloForBusinessBlocked = $True - useSecurityKeyForSignin = $True - pinSpecialCharactersUsage = "blocked" - pinMaximumLength = 25 + pinRecoveryEnabled = $True + pinExpirationInDays = 25 + pinMinimumLength = 25 + securityDeviceRequired = $True + useCertificatesForOnPremisesAuthEnabled = $True + unlockWithBiometricsEnabled = $True + '@odata.type' = '#microsoft.graph.windowsIdentityProtectionConfiguration' + pinLowercaseCharactersUsage = 'blocked' + pinPreviousBlockCount = 25 + windowsHelloForBusinessBlocked = $True + useSecurityKeyForSignin = $True + pinSpecialCharactersUsage = 'blocked' + pinMaximumLength = 25 enhancedAntiSpoofingForFacialFeaturesEnabled = $True - pinUppercaseCharactersUsage = "blocked" + pinUppercaseCharactersUsage = 'blocked' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - SupportsScopeTags = $True + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + SupportsScopeTags = $True } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 index 94c988e736..64392e4dc6 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10" -GenericStubModule $GenericStubPath + -DscResource 'IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -43,52 +43,56 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts - Context -Name "The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True windowsNetworkIsolationPolicy = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy -Property @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseCloudResources = [CimInstance[]]@( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphproxiedDomain1 -Property @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" - } -ClientOnly) - ) - EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = [CimInstance[]]@( + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' + } -ClientOnly) + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphipRange1 -Property @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - odataType = "#microsoft.graph.iPv4CidrRange" - } -ClientOnly) - ) - NeutralDomainResources = @("FakeStringValue") - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + odataType = '#microsoft.graph.iPv4CidrRange' + } -ClientOnly) + ) + NeutralDomainResources = @('FakeStringValue') + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -100,76 +104,76 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True windowsNetworkIsolationPolicy = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy -Property @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseCloudResources = [CimInstance[]]@( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphproxiedDomain1 -Property @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" - } -ClientOnly) - ) - EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = [CimInstance[]]@( + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' + } -ClientOnly) + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphipRange1 -Property @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - odataType = "#microsoft.graph.iPv4CidrRange" - } -ClientOnly) - ) - NeutralDomainResources = @("FakeStringValue") - } -ClientOnly) - Ensure = "Absent" - Credential = $Credential; + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + odataType = '#microsoft.graph.iPv4CidrRange' + } -ClientOnly) + ) + NeutralDomainResources = @('FakeStringValue') + } -ClientOnly) + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ windowsNetworkIsolationPolicy = @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseCloudResources = @( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = @( @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' } ) EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = @( + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = @( @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - '@odata.type' = "#microsoft.graph.iPv4CidrRange" + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.iPv4CidrRange' } ) - NeutralDomainResources = @("FakeStringValue") + NeutralDomainResources = @('FakeStringValue') } - '@odata.type' = "#microsoft.graph.windows10NetworkBoundaryConfiguration" + '@odata.type' = '#microsoft.graph.windows10NetworkBoundaryConfiguration' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -182,70 +186,70 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True windowsNetworkIsolationPolicy = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy -Property @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseCloudResources = [CimInstance[]]@( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphproxiedDomain1 -Property @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" - } -ClientOnly) - ) - EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = [CimInstance[]]@( + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' + } -ClientOnly) + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphipRange1 -Property @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - odataType = "#microsoft.graph.iPv4CidrRange" - } -ClientOnly) - ) - NeutralDomainResources = @("FakeStringValue") - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + odataType = '#microsoft.graph.iPv4CidrRange' + } -ClientOnly) + ) + NeutralDomainResources = @('FakeStringValue') + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ windowsNetworkIsolationPolicy = @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseCloudResources = @( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = @( @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' } ) EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = @( + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = @( @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - '@odata.type' = "#microsoft.graph.iPv4CidrRange" + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.iPv4CidrRange' } ) - NeutralDomainResources = @("FakeStringValue") + NeutralDomainResources = @('FakeStringValue') } - '@odata.type' = "#microsoft.graph.windows10NetworkBoundaryConfiguration" + '@odata.type' = '#microsoft.graph.windows10NetworkBoundaryConfiguration' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } @@ -257,72 +261,72 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True windowsNetworkIsolationPolicy = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy -Property @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseCloudResources = [CimInstance[]]@( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphproxiedDomain1 -Property @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" - } -ClientOnly) - ) - EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = [CimInstance[]]@( + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' + } -ClientOnly) + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphipRange1 -Property @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - odataType = "#microsoft.graph.iPv4CidrRange" - } -ClientOnly) - ) - NeutralDomainResources = @("FakeStringValue") - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + odataType = '#microsoft.graph.iPv4CidrRange' + } -ClientOnly) + ) + NeutralDomainResources = @('FakeStringValue') + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ windowsNetworkIsolationPolicy = @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseCloudResources = @( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseCloudResources = @( @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' } ) - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = @( + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = @( @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - '@odata.type' = "#microsoft.graph.iPv4CidrRange" + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.iPv4CidrRange' } ) - NeutralDomainResources = @("FakeStringValue") + NeutralDomainResources = @('FakeStringValue') } - '@odata.type' = "#microsoft.graph.windows10NetworkBoundaryConfiguration" + '@odata.type' = '#microsoft.graph.windows10NetworkBoundaryConfiguration' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -330,13 +334,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -348,38 +352,38 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return @{ AdditionalProperties = @{ windowsNetworkIsolationPolicy = @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseCloudResources = @( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = @( @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' } ) EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = @( + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = @( @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - '@odata.type' = "#microsoft.graph.iPv4CidrRange" + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.iPv4CidrRange' } ) - NeutralDomainResources = @("FakeStringValue") + NeutralDomainResources = @('FakeStringValue') } - '@odata.type' = "#microsoft.graph.windows10NetworkBoundaryConfiguration" + '@odata.type' = '#microsoft.graph.windows10NetworkBoundaryConfiguration' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 index 09048ca2b6..28141f1a4c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneDeviceConfigurationPolicyWindows10" -GenericStubModule $GenericStubPath + -DscResource 'IntuneDeviceConfigurationPolicyWindows10' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -43,332 +43,336 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts - Context -Name "The IntuneDeviceConfigurationPolicyWindows10 should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationPolicyWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - AccountsBlockAddingNonMicrosoftAccountEmail = $True - ActivateAppsWithVoice = "notConfigured" - AntiTheftModeBlocked = $True - AppManagementMSIAllowUserControlOverInstall = $True - AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True - AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - AppsAllowTrustedAppsSideloading = "notConfigured" - AppsBlockWindowsStoreOriginatedApps = $True - AuthenticationAllowSecondaryDevice = $True - AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" - AuthenticationWebSignIn = "notConfigured" - BluetoothAllowedServices = @("FakeStringValue") - BluetoothBlockAdvertising = $True - BluetoothBlockDiscoverableMode = $True - BluetoothBlocked = $True - BluetoothBlockPrePairing = $True - BluetoothBlockPromptedProximalConnections = $True - CameraBlocked = $True - CellularBlockDataWhenRoaming = $True - CellularBlockVpn = $True - CellularBlockVpnWhenRoaming = $True - CellularData = "blocked" - CertificatesBlockManualRootCertificateInstallation = $True - ConfigureTimeZone = "FakeStringValue" - ConnectedDevicesServiceBlocked = $True - CopyPasteBlocked = $True - CortanaBlocked = $True - CryptographyAllowFipsAlgorithmPolicy = $True - DataProtectionBlockDirectMemoryAccess = $True - DefenderBlockEndUserAccess = $True - DefenderBlockOnAccessProtection = $True - DefenderCloudBlockLevel = "notConfigured" - DefenderCloudExtendedTimeout = 25 - DefenderCloudExtendedTimeoutInSeconds = 25 - DefenderDaysBeforeDeletingQuarantinedMalware = 25 - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" - } -ClientOnly) - defenderDisableCatchupFullScan = $True - defenderDisableCatchupQuickScan = $True - defenderFileExtensionsToExclude = @("FakeStringValue") - defenderFilesAndFoldersToExclude = @("FakeStringValue") - defenderMonitorFileActivity = "userDefined" - defenderPotentiallyUnwantedAppAction = "deviceDefault" - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderProcessesToExclude = @("FakeStringValue") - defenderPromptForSampleSubmission = "userDefined" - defenderRequireBehaviorMonitoring = $True - defenderRequireCloudProtection = $True - defenderRequireNetworkInspectionSystem = $True - defenderRequireRealTimeMonitoring = $True - defenderScanArchiveFiles = $True - defenderScanDownloads = $True - defenderScanIncomingMail = $True - defenderScanMappedNetworkDrivesDuringFullScan = $True - defenderScanMaxCpu = 25 - defenderScanNetworkFiles = $True - defenderScanRemovableDrivesDuringFullScan = $True - defenderScanScriptsLoadedInInternetExplorer = $True - defenderScanType = "userDefined" - defenderScheduledQuickScanTime = "00:00:00" - defenderScheduledScanTime = "00:00:00" - defenderScheduleScanEnableLowCpuPriority = $True - defenderSignatureUpdateIntervalInHours = 25 - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - defenderSystemScanSchedule = "userDefined" - description = "FakeStringValue" - developerUnlockSetting = "notConfigured" - deviceManagementBlockFactoryResetOnMobile = $True - deviceManagementBlockManualUnenroll = $True - diagnosticsDataSubmissionMode = "userDefined" - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - displayName = "FakeStringValue" - edgeAllowStartPagesModification = $True - edgeBlockAccessToAboutFlags = $True - edgeBlockAddressBarDropdown = $True - edgeBlockAutofill = $True - edgeBlockCompatibilityList = $True - edgeBlockDeveloperTools = $True - edgeBlocked = $True - edgeBlockEditFavorites = $True - edgeBlockExtensions = $True - edgeBlockFullScreenMode = $True - edgeBlockInPrivateBrowsing = $True - edgeBlockJavaScript = $True - edgeBlockLiveTileDataCollection = $True - edgeBlockPasswordManager = $True - edgeBlockPopups = $True - edgeBlockPrelaunch = $True - edgeBlockPrinting = $True - edgeBlockSavingHistory = $True - edgeBlockSearchEngineCustomization = $True - edgeBlockSearchSuggestions = $True - edgeBlockSendingDoNotTrackHeader = $True - edgeBlockSendingIntranetTrafficToInternetExplorer = $True - edgeBlockSideloadingExtensions = $True - edgeBlockTabPreloading = $True - edgeBlockWebContentOnNewTabPage = $True - edgeClearBrowsingDataOnExit = $True - edgeCookiePolicy = "userDefined" - edgeDisableFirstRunPage = $True - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - edgeFavoritesBarVisibility = "notConfigured" - edgeFavoritesListLocation = "FakeStringValue" - edgeFirstRunUrl = "FakeStringValue" - edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ - odataType = "#microsoft.graph.edgeHomeButtonHidden" - homeButtonCustomURL = "FakeStringValue" - } -ClientOnly) - edgeHomeButtonConfigurationEnabled = $True - edgeHomepageUrls = @("FakeStringValue") - edgeKioskModeRestriction = "notConfigured" - edgeKioskResetAfterIdleTimeInMinutes = 25 - edgeNewTabPageURL = "FakeStringValue" - edgeOpensWith = "notConfigured" - edgePreventCertificateErrorOverride = $True - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - edgeRequireSmartScreen = $True - edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - odataType = "#microsoft.graph.edgeSearchEngine" - } -ClientOnly) - edgeSendIntranetTrafficToInternetExplorer = $True - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - edgeSyncFavoritesWithInternetExplorer = $True - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - enableAutomaticRedeployment = $True - energySaverOnBatteryThresholdPercentage = 25 - energySaverPluggedInThresholdPercentage = 25 - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - enterpriseCloudPrintDiscoveryMaxLimit = 25 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - experienceBlockDeviceDiscovery = $True - experienceBlockErrorDialogWhenNoSIM = $True - experienceBlockTaskSwitcher = $True - experienceDoNotSyncBrowserSettings = "notConfigured" - findMyFiles = "notConfigured" - gameDvrBlocked = $True - id = "FakeStringValue" - inkWorkspaceAccess = "notConfigured" - inkWorkspaceAccessState = "notConfigured" - inkWorkspaceBlockSuggestedApps = $True - internetSharingBlocked = $True - locationServicesBlocked = $True - lockScreenActivateAppsWithVoice = "notConfigured" - lockScreenAllowTimeoutConfiguration = $True - lockScreenBlockActionCenterNotifications = $True - lockScreenBlockCortana = $True - lockScreenBlockToastNotifications = $True - lockScreenTimeoutInSeconds = 25 - logonBlockFastUserSwitching = $True - messagingBlockMMS = $True - messagingBlockRichCommunicationServices = $True - messagingBlockSync = $True - microsoftAccountBlocked = $True - microsoftAccountBlockSettingsSync = $True - microsoftAccountSignInAssistantSettings = "notConfigured" - networkProxyApplySettingsDeviceWide = $True - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - networkProxyDisableAutoDetect = $True - networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ - useForLocalAddresses = $True - exceptions = @("FakeStringValue") - address = "FakeStringValue" - } -ClientOnly) - nfcBlocked = $True - oneDriveDisableFileSync = $True - passwordBlockSimple = $True - passwordExpirationDays = 25 - passwordMinimumAgeInDays = 25 - passwordMinimumCharacterSetCount = 25 - passwordMinimumLength = 25 - passwordMinutesOfInactivityBeforeScreenTimeout = 25 - passwordPreviousPasswordBlockCount = 25 - passwordRequired = $True - passwordRequiredType = "deviceDefault" - passwordRequireWhenResumeFromIdleState = $True - passwordSignInFailureCountBeforeFactoryReset = 25 - personalizationDesktopImageUrl = "FakeStringValue" - personalizationLockScreenImageUrl = "FakeStringValue" - powerButtonActionOnBattery = "notConfigured" - powerButtonActionPluggedIn = "notConfigured" - powerHybridSleepOnBattery = "notConfigured" - powerHybridSleepPluggedIn = "notConfigured" - powerLidCloseActionOnBattery = "notConfigured" - powerLidCloseActionPluggedIn = "notConfigured" - powerSleepButtonActionOnBattery = "notConfigured" - powerSleepButtonActionPluggedIn = "notConfigured" - printerBlockAddition = $True - printerDefaultName = "FakeStringValue" - printerNames = @("FakeStringValue") - privacyAdvertisingId = "notConfigured" - privacyAutoAcceptPairingAndConsentPrompts = $True - privacyBlockActivityFeed = $True - privacyBlockInputPersonalization = $True - privacyBlockPublishUserActivities = $True - privacyDisableLaunchExperience = $True - resetProtectionModeBlocked = $True - safeSearchFilter = "userDefined" - screenCaptureBlocked = $True - searchBlockDiacritics = $True - searchBlockWebResults = $True - searchDisableAutoLanguageDetection = $True - searchDisableIndexerBackoff = $True - searchDisableIndexingEncryptedItems = $True - searchDisableIndexingRemovableDrive = $True - searchDisableLocation = $True - searchDisableUseLocation = $True - searchEnableAutomaticIndexSizeManangement = $True - searchEnableRemoteQueries = $True - securityBlockAzureADJoinedDevicesAutoEncryption = $True - settingsBlockAccountsPage = $True - settingsBlockAddProvisioningPackage = $True - settingsBlockAppsPage = $True - settingsBlockChangeLanguage = $True - settingsBlockChangePowerSleep = $True - settingsBlockChangeRegion = $True - settingsBlockChangeSystemTime = $True - settingsBlockDevicesPage = $True - settingsBlockEaseOfAccessPage = $True - settingsBlockEditDeviceName = $True - settingsBlockGamingPage = $True - settingsBlockNetworkInternetPage = $True - settingsBlockPersonalizationPage = $True - settingsBlockPrivacyPage = $True - settingsBlockRemoveProvisioningPackage = $True - settingsBlockSettingsApp = $True - settingsBlockSystemPage = $True - settingsBlockTimeLanguagePage = $True - settingsBlockUpdateSecurityPage = $True - sharedUserAppDataAllowed = $True - smartScreenAppInstallControl = "notConfigured" - smartScreenBlockPromptOverride = $True - smartScreenBlockPromptOverrideForFiles = $True - smartScreenEnableAppInstallControl = $True - startBlockUnpinningAppsFromTaskbar = $True - startMenuAppListVisibility = "userDefined" - startMenuHideChangeAccountSettings = $True - startMenuHideFrequentlyUsedApps = $True - startMenuHideHibernate = $True - startMenuHideLock = $True - startMenuHidePowerButton = $True - startMenuHideRecentJumpLists = $True - startMenuHideRecentlyAddedApps = $True - startMenuHideRestartOptions = $True - startMenuHideShutDown = $True - startMenuHideSignOut = $True - startMenuHideSleep = $True - startMenuHideSwitchAccount = $True - startMenuHideUserTile = $True - startMenuLayoutEdgeAssetsXml = $True - startMenuLayoutXml = $True - startMenuMode = "userDefined" - startMenuPinnedFolderDocuments = "notConfigured" - startMenuPinnedFolderDownloads = "notConfigured" - startMenuPinnedFolderFileExplorer = "notConfigured" - startMenuPinnedFolderHomeGroup = "notConfigured" - startMenuPinnedFolderMusic = "notConfigured" - startMenuPinnedFolderNetwork = "notConfigured" - startMenuPinnedFolderPersonalFolder = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - startMenuPinnedFolderSettings = "notConfigured" - startMenuPinnedFolderVideos = "notConfigured" - storageBlockRemovableStorage = $True - storageRequireMobileDeviceEncryption = $True - storageRestrictAppDataToSystemVolume = $True - storageRestrictAppInstallToSystemVolume = $True - supportsScopeTags = $True - systemTelemetryProxyServer = "FakeStringValue" - taskManagerBlockEndTask = $True - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True - uninstallBuiltInApps = $True - usbBlocked = $True - voiceRecordingBlocked = $True - webRtcBlockLocalhostIpAddress = $True - wiFiBlockAutomaticConnectHotspots = $True - wiFiBlocked = $True - wiFiBlockManualConfiguration = $True - wiFiScanInterval = 25 - windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ - runImmediatelyIfAfterStartDateTime = $True - recurrence = "none" - startDateTime = "2023-01-01T00:00:00.0000000+00:00" - } -ClientOnly) - windowsSpotlightBlockConsumerSpecificFeatures = $True - windowsSpotlightBlocked = $True - windowsSpotlightBlockOnActionCenter = $True - windowsSpotlightBlockTailoredExperiences = $True - windowsSpotlightBlockThirdPartyNotifications = $True - windowsSpotlightBlockWelcomeExperience = $True - windowsSpotlightBlockWindowsTips = $True - windowsSpotlightConfigureOnLockScreen = "notConfigured" - windowsStoreBlockAutoUpdate = $True - windowsStoreBlocked = $True - windowsStoreEnablePrivateStoreOnly = $True - wirelessDisplayBlockProjectionToThisDevice = $True - wirelessDisplayBlockUserInputFromReceiver = $True - wirelessDisplayRequirePinForPairing = $True - Ensure = "Present" - Credential = $Credential; + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = 'notConfigured' + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + AppsAllowTrustedAppsSideloading = 'notConfigured' + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + AuthenticationWebSignIn = 'notConfigured' + BluetoothAllowedServices = @('FakeStringValue') + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = 'blocked' + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = 'FakeStringValue' + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = 'notConfigured' + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @('FakeStringValue') + defenderFilesAndFoldersToExclude = @('FakeStringValue') + defenderMonitorFileActivity = 'userDefined' + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderProcessesToExclude = @('FakeStringValue') + defenderPromptForSampleSubmission = 'userDefined' + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = 'userDefined' + defenderScheduledQuickScanTime = '00:00:00' + defenderScheduledScanTime = '00:00:00' + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + defenderSystemScanSchedule = 'userDefined' + description = 'FakeStringValue' + developerUnlockSetting = 'notConfigured' + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = 'userDefined' + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + displayName = 'FakeStringValue' + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = 'userDefined' + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + edgeFavoritesBarVisibility = 'notConfigured' + edgeFavoritesListLocation = 'FakeStringValue' + edgeFirstRunUrl = 'FakeStringValue' + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = '#microsoft.graph.edgeHomeButtonHidden' + homeButtonCustomURL = 'FakeStringValue' + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @('FakeStringValue') + edgeKioskModeRestriction = 'notConfigured' + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = 'FakeStringValue' + edgeOpensWith = 'notConfigured' + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + odataType = '#microsoft.graph.edgeSearchEngine' + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = 'notConfigured' + findMyFiles = 'notConfigured' + gameDvrBlocked = $True + id = 'FakeStringValue' + inkWorkspaceAccess = 'notConfigured' + inkWorkspaceAccessState = 'notConfigured' + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = 'notConfigured' + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = 'notConfigured' + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @('FakeStringValue') + address = 'FakeStringValue' + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = 'deviceDefault' + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = 'FakeStringValue' + personalizationLockScreenImageUrl = 'FakeStringValue' + powerButtonActionOnBattery = 'notConfigured' + powerButtonActionPluggedIn = 'notConfigured' + powerHybridSleepOnBattery = 'notConfigured' + powerHybridSleepPluggedIn = 'notConfigured' + powerLidCloseActionOnBattery = 'notConfigured' + powerLidCloseActionPluggedIn = 'notConfigured' + powerSleepButtonActionOnBattery = 'notConfigured' + powerSleepButtonActionPluggedIn = 'notConfigured' + printerBlockAddition = $True + printerDefaultName = 'FakeStringValue' + printerNames = @('FakeStringValue') + privacyAdvertisingId = 'notConfigured' + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = 'userDefined' + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = 'notConfigured' + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = 'userDefined' + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = 'userDefined' + startMenuPinnedFolderDocuments = 'notConfigured' + startMenuPinnedFolderDownloads = 'notConfigured' + startMenuPinnedFolderFileExplorer = 'notConfigured' + startMenuPinnedFolderHomeGroup = 'notConfigured' + startMenuPinnedFolderMusic = 'notConfigured' + startMenuPinnedFolderNetwork = 'notConfigured' + startMenuPinnedFolderPersonalFolder = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + startMenuPinnedFolderSettings = 'notConfigured' + startMenuPinnedFolderVideos = 'notConfigured' + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = 'FakeStringValue' + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = 'none' + startDateTime = '2023-01-01T00:00:00.0000000+00:00' + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -380,636 +384,636 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationPolicyWindows10 exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationPolicyWindows10 exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - AccountsBlockAddingNonMicrosoftAccountEmail = $True - ActivateAppsWithVoice = "notConfigured" - AntiTheftModeBlocked = $True - AppManagementMSIAllowUserControlOverInstall = $True - AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True - AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - AppsAllowTrustedAppsSideloading = "notConfigured" - AppsBlockWindowsStoreOriginatedApps = $True - AuthenticationAllowSecondaryDevice = $True - AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" - AuthenticationWebSignIn = "notConfigured" - BluetoothAllowedServices = @("FakeStringValue") - BluetoothBlockAdvertising = $True - BluetoothBlockDiscoverableMode = $True - BluetoothBlocked = $True - BluetoothBlockPrePairing = $True - BluetoothBlockPromptedProximalConnections = $True - CameraBlocked = $True - CellularBlockDataWhenRoaming = $True - CellularBlockVpn = $True - CellularBlockVpnWhenRoaming = $True - CellularData = "blocked" - CertificatesBlockManualRootCertificateInstallation = $True - ConfigureTimeZone = "FakeStringValue" - ConnectedDevicesServiceBlocked = $True - CopyPasteBlocked = $True - CortanaBlocked = $True - CryptographyAllowFipsAlgorithmPolicy = $True - DataProtectionBlockDirectMemoryAccess = $True - DefenderBlockEndUserAccess = $True - DefenderBlockOnAccessProtection = $True - DefenderCloudBlockLevel = "notConfigured" - DefenderCloudExtendedTimeout = 25 - DefenderCloudExtendedTimeoutInSeconds = 25 - DefenderDaysBeforeDeletingQuarantinedMalware = 25 - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" - } -ClientOnly) - defenderDisableCatchupFullScan = $True - defenderDisableCatchupQuickScan = $True - defenderFileExtensionsToExclude = @("FakeStringValue") - defenderFilesAndFoldersToExclude = @("FakeStringValue") - defenderMonitorFileActivity = "userDefined" - defenderPotentiallyUnwantedAppAction = "deviceDefault" - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderProcessesToExclude = @("FakeStringValue") - defenderPromptForSampleSubmission = "userDefined" - defenderRequireBehaviorMonitoring = $True - defenderRequireCloudProtection = $True - defenderRequireNetworkInspectionSystem = $True - defenderRequireRealTimeMonitoring = $True - defenderScanArchiveFiles = $True - defenderScanDownloads = $True - defenderScanIncomingMail = $True - defenderScanMappedNetworkDrivesDuringFullScan = $True - defenderScanMaxCpu = 25 - defenderScanNetworkFiles = $True - defenderScanRemovableDrivesDuringFullScan = $True - defenderScanScriptsLoadedInInternetExplorer = $True - defenderScanType = "userDefined" - defenderScheduledQuickScanTime = "00:00:00" - defenderScheduledScanTime = "00:00:00" - defenderScheduleScanEnableLowCpuPriority = $True - defenderSignatureUpdateIntervalInHours = 25 - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - defenderSystemScanSchedule = "userDefined" - description = "FakeStringValue" - developerUnlockSetting = "notConfigured" - deviceManagementBlockFactoryResetOnMobile = $True - deviceManagementBlockManualUnenroll = $True - diagnosticsDataSubmissionMode = "userDefined" - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - displayName = "FakeStringValue" - edgeAllowStartPagesModification = $True - edgeBlockAccessToAboutFlags = $True - edgeBlockAddressBarDropdown = $True - edgeBlockAutofill = $True - edgeBlockCompatibilityList = $True - edgeBlockDeveloperTools = $True - edgeBlocked = $True - edgeBlockEditFavorites = $True - edgeBlockExtensions = $True - edgeBlockFullScreenMode = $True - edgeBlockInPrivateBrowsing = $True - edgeBlockJavaScript = $True - edgeBlockLiveTileDataCollection = $True - edgeBlockPasswordManager = $True - edgeBlockPopups = $True - edgeBlockPrelaunch = $True - edgeBlockPrinting = $True - edgeBlockSavingHistory = $True - edgeBlockSearchEngineCustomization = $True - edgeBlockSearchSuggestions = $True - edgeBlockSendingDoNotTrackHeader = $True - edgeBlockSendingIntranetTrafficToInternetExplorer = $True - edgeBlockSideloadingExtensions = $True - edgeBlockTabPreloading = $True - edgeBlockWebContentOnNewTabPage = $True - edgeClearBrowsingDataOnExit = $True - edgeCookiePolicy = "userDefined" - edgeDisableFirstRunPage = $True - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - edgeFavoritesBarVisibility = "notConfigured" - edgeFavoritesListLocation = "FakeStringValue" - edgeFirstRunUrl = "FakeStringValue" - edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ - odataType = "#microsoft.graph.edgeHomeButtonHidden" - homeButtonCustomURL = "FakeStringValue" - } -ClientOnly) - edgeHomeButtonConfigurationEnabled = $True - edgeHomepageUrls = @("FakeStringValue") - edgeKioskModeRestriction = "notConfigured" - edgeKioskResetAfterIdleTimeInMinutes = 25 - edgeNewTabPageURL = "FakeStringValue" - edgeOpensWith = "notConfigured" - edgePreventCertificateErrorOverride = $True - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - edgeRequireSmartScreen = $True - edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - odataType = "#microsoft.graph.edgeSearchEngine" - } -ClientOnly) - edgeSendIntranetTrafficToInternetExplorer = $True - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - edgeSyncFavoritesWithInternetExplorer = $True - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - enableAutomaticRedeployment = $True - energySaverOnBatteryThresholdPercentage = 25 - energySaverPluggedInThresholdPercentage = 25 - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - enterpriseCloudPrintDiscoveryMaxLimit = 25 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - experienceBlockDeviceDiscovery = $True - experienceBlockErrorDialogWhenNoSIM = $True - experienceBlockTaskSwitcher = $True - experienceDoNotSyncBrowserSettings = "notConfigured" - findMyFiles = "notConfigured" - gameDvrBlocked = $True - id = "FakeStringValue" - inkWorkspaceAccess = "notConfigured" - inkWorkspaceAccessState = "notConfigured" - inkWorkspaceBlockSuggestedApps = $True - internetSharingBlocked = $True - locationServicesBlocked = $True - lockScreenActivateAppsWithVoice = "notConfigured" - lockScreenAllowTimeoutConfiguration = $True - lockScreenBlockActionCenterNotifications = $True - lockScreenBlockCortana = $True - lockScreenBlockToastNotifications = $True - lockScreenTimeoutInSeconds = 25 - logonBlockFastUserSwitching = $True - messagingBlockMMS = $True - messagingBlockRichCommunicationServices = $True - messagingBlockSync = $True - microsoftAccountBlocked = $True - microsoftAccountBlockSettingsSync = $True - microsoftAccountSignInAssistantSettings = "notConfigured" - networkProxyApplySettingsDeviceWide = $True - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - networkProxyDisableAutoDetect = $True - networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ - useForLocalAddresses = $True - exceptions = @("FakeStringValue") - address = "FakeStringValue" - } -ClientOnly) - nfcBlocked = $True - oneDriveDisableFileSync = $True - passwordBlockSimple = $True - passwordExpirationDays = 25 - passwordMinimumAgeInDays = 25 - passwordMinimumCharacterSetCount = 25 - passwordMinimumLength = 25 - passwordMinutesOfInactivityBeforeScreenTimeout = 25 - passwordPreviousPasswordBlockCount = 25 - passwordRequired = $True - passwordRequiredType = "deviceDefault" - passwordRequireWhenResumeFromIdleState = $True - passwordSignInFailureCountBeforeFactoryReset = 25 - personalizationDesktopImageUrl = "FakeStringValue" - personalizationLockScreenImageUrl = "FakeStringValue" - powerButtonActionOnBattery = "notConfigured" - powerButtonActionPluggedIn = "notConfigured" - powerHybridSleepOnBattery = "notConfigured" - powerHybridSleepPluggedIn = "notConfigured" - powerLidCloseActionOnBattery = "notConfigured" - powerLidCloseActionPluggedIn = "notConfigured" - powerSleepButtonActionOnBattery = "notConfigured" - powerSleepButtonActionPluggedIn = "notConfigured" - printerBlockAddition = $True - printerDefaultName = "FakeStringValue" - printerNames = @("FakeStringValue") - privacyAdvertisingId = "notConfigured" - privacyAutoAcceptPairingAndConsentPrompts = $True - privacyBlockActivityFeed = $True - privacyBlockInputPersonalization = $True - privacyBlockPublishUserActivities = $True - privacyDisableLaunchExperience = $True - resetProtectionModeBlocked = $True - safeSearchFilter = "userDefined" - screenCaptureBlocked = $True - searchBlockDiacritics = $True - searchBlockWebResults = $True - searchDisableAutoLanguageDetection = $True - searchDisableIndexerBackoff = $True - searchDisableIndexingEncryptedItems = $True - searchDisableIndexingRemovableDrive = $True - searchDisableLocation = $True - searchDisableUseLocation = $True - searchEnableAutomaticIndexSizeManangement = $True - searchEnableRemoteQueries = $True - securityBlockAzureADJoinedDevicesAutoEncryption = $True - settingsBlockAccountsPage = $True - settingsBlockAddProvisioningPackage = $True - settingsBlockAppsPage = $True - settingsBlockChangeLanguage = $True - settingsBlockChangePowerSleep = $True - settingsBlockChangeRegion = $True - settingsBlockChangeSystemTime = $True - settingsBlockDevicesPage = $True - settingsBlockEaseOfAccessPage = $True - settingsBlockEditDeviceName = $True - settingsBlockGamingPage = $True - settingsBlockNetworkInternetPage = $True - settingsBlockPersonalizationPage = $True - settingsBlockPrivacyPage = $True - settingsBlockRemoveProvisioningPackage = $True - settingsBlockSettingsApp = $True - settingsBlockSystemPage = $True - settingsBlockTimeLanguagePage = $True - settingsBlockUpdateSecurityPage = $True - sharedUserAppDataAllowed = $True - smartScreenAppInstallControl = "notConfigured" - smartScreenBlockPromptOverride = $True - smartScreenBlockPromptOverrideForFiles = $True - smartScreenEnableAppInstallControl = $True - startBlockUnpinningAppsFromTaskbar = $True - startMenuAppListVisibility = "userDefined" - startMenuHideChangeAccountSettings = $True - startMenuHideFrequentlyUsedApps = $True - startMenuHideHibernate = $True - startMenuHideLock = $True - startMenuHidePowerButton = $True - startMenuHideRecentJumpLists = $True - startMenuHideRecentlyAddedApps = $True - startMenuHideRestartOptions = $True - startMenuHideShutDown = $True - startMenuHideSignOut = $True - startMenuHideSleep = $True - startMenuHideSwitchAccount = $True - startMenuHideUserTile = $True - startMenuLayoutEdgeAssetsXml = $True - startMenuLayoutXml = $True - startMenuMode = "userDefined" - startMenuPinnedFolderDocuments = "notConfigured" - startMenuPinnedFolderDownloads = "notConfigured" - startMenuPinnedFolderFileExplorer = "notConfigured" - startMenuPinnedFolderHomeGroup = "notConfigured" - startMenuPinnedFolderMusic = "notConfigured" - startMenuPinnedFolderNetwork = "notConfigured" - startMenuPinnedFolderPersonalFolder = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - startMenuPinnedFolderSettings = "notConfigured" - startMenuPinnedFolderVideos = "notConfigured" - storageBlockRemovableStorage = $True - storageRequireMobileDeviceEncryption = $True - storageRestrictAppDataToSystemVolume = $True - storageRestrictAppInstallToSystemVolume = $True - supportsScopeTags = $True - systemTelemetryProxyServer = "FakeStringValue" - taskManagerBlockEndTask = $True - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True - uninstallBuiltInApps = $True - usbBlocked = $True - voiceRecordingBlocked = $True - webRtcBlockLocalhostIpAddress = $True - wiFiBlockAutomaticConnectHotspots = $True - wiFiBlocked = $True - wiFiBlockManualConfiguration = $True - wiFiScanInterval = 25 - windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ - runImmediatelyIfAfterStartDateTime = $True - recurrence = "none" - startDateTime = "2023-01-01T00:00:00.0000000+00:00" - } -ClientOnly) - windowsSpotlightBlockConsumerSpecificFeatures = $True - windowsSpotlightBlocked = $True - windowsSpotlightBlockOnActionCenter = $True - windowsSpotlightBlockTailoredExperiences = $True - windowsSpotlightBlockThirdPartyNotifications = $True - windowsSpotlightBlockWelcomeExperience = $True - windowsSpotlightBlockWindowsTips = $True - windowsSpotlightConfigureOnLockScreen = "notConfigured" - windowsStoreBlockAutoUpdate = $True - windowsStoreBlocked = $True - windowsStoreEnablePrivateStoreOnly = $True - wirelessDisplayBlockProjectionToThisDevice = $True - wirelessDisplayBlockUserInputFromReceiver = $True - wirelessDisplayRequirePinForPairing = $True - Ensure = "Absent" - Credential = $Credential; + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = 'notConfigured' + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + AppsAllowTrustedAppsSideloading = 'notConfigured' + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + AuthenticationWebSignIn = 'notConfigured' + BluetoothAllowedServices = @('FakeStringValue') + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = 'blocked' + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = 'FakeStringValue' + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = 'notConfigured' + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @('FakeStringValue') + defenderFilesAndFoldersToExclude = @('FakeStringValue') + defenderMonitorFileActivity = 'userDefined' + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderProcessesToExclude = @('FakeStringValue') + defenderPromptForSampleSubmission = 'userDefined' + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = 'userDefined' + defenderScheduledQuickScanTime = '00:00:00' + defenderScheduledScanTime = '00:00:00' + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + defenderSystemScanSchedule = 'userDefined' + description = 'FakeStringValue' + developerUnlockSetting = 'notConfigured' + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = 'userDefined' + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + displayName = 'FakeStringValue' + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = 'userDefined' + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + edgeFavoritesBarVisibility = 'notConfigured' + edgeFavoritesListLocation = 'FakeStringValue' + edgeFirstRunUrl = 'FakeStringValue' + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = '#microsoft.graph.edgeHomeButtonHidden' + homeButtonCustomURL = 'FakeStringValue' + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @('FakeStringValue') + edgeKioskModeRestriction = 'notConfigured' + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = 'FakeStringValue' + edgeOpensWith = 'notConfigured' + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + odataType = '#microsoft.graph.edgeSearchEngine' + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = 'notConfigured' + findMyFiles = 'notConfigured' + gameDvrBlocked = $True + id = 'FakeStringValue' + inkWorkspaceAccess = 'notConfigured' + inkWorkspaceAccessState = 'notConfigured' + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = 'notConfigured' + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = 'notConfigured' + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @('FakeStringValue') + address = 'FakeStringValue' + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = 'deviceDefault' + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = 'FakeStringValue' + personalizationLockScreenImageUrl = 'FakeStringValue' + powerButtonActionOnBattery = 'notConfigured' + powerButtonActionPluggedIn = 'notConfigured' + powerHybridSleepOnBattery = 'notConfigured' + powerHybridSleepPluggedIn = 'notConfigured' + powerLidCloseActionOnBattery = 'notConfigured' + powerLidCloseActionPluggedIn = 'notConfigured' + powerSleepButtonActionOnBattery = 'notConfigured' + powerSleepButtonActionPluggedIn = 'notConfigured' + printerBlockAddition = $True + printerDefaultName = 'FakeStringValue' + printerNames = @('FakeStringValue') + privacyAdvertisingId = 'notConfigured' + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = 'userDefined' + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = 'notConfigured' + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = 'userDefined' + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = 'userDefined' + startMenuPinnedFolderDocuments = 'notConfigured' + startMenuPinnedFolderDownloads = 'notConfigured' + startMenuPinnedFolderFileExplorer = 'notConfigured' + startMenuPinnedFolderHomeGroup = 'notConfigured' + startMenuPinnedFolderMusic = 'notConfigured' + startMenuPinnedFolderNetwork = 'notConfigured' + startMenuPinnedFolderPersonalFolder = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + startMenuPinnedFolderSettings = 'notConfigured' + startMenuPinnedFolderVideos = 'notConfigured' + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = 'FakeStringValue' + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = 'none' + startDateTime = '2023-01-01T00:00:00.0000000+00:00' + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - startMenuHideSwitchAccount = $True - defenderBlockEndUserAccess = $True - searchEnableAutomaticIndexSizeManangement = $True - defenderRequireNetworkInspectionSystem = $True - settingsBlockGamingPage = $True - smartScreenBlockPromptOverrideForFiles = $True - passwordBlockSimple = $True - powerLidCloseActionPluggedIn = "notConfigured" - defenderRequireCloudProtection = $True - defenderFilesAndFoldersToExclude = @("FakeStringValue") - resetProtectionModeBlocked = $True - startBlockUnpinningAppsFromTaskbar = $True - networkProxyApplySettingsDeviceWide = $True - bluetoothAllowedServices = @("FakeStringValue") - defenderScanArchiveFiles = $True - lockScreenActivateAppsWithVoice = "notConfigured" - defenderScanIncomingMail = $True - edgeBlockAutofill = $True - authenticationAllowSecondaryDevice = $True - edgeRequireSmartScreen = $True - windowsSpotlightBlockOnActionCenter = $True - usbBlocked = $True - enableAutomaticRedeployment = $True - microsoftAccountSignInAssistantSettings = "notConfigured" - deviceManagementBlockFactoryResetOnMobile = $True - defenderPotentiallyUnwantedAppAction = "deviceDefault" - powerButtonActionOnBattery = "notConfigured" - startMenuAppListVisibility = "userDefined" - lockScreenBlockCortana = $True - windowsSpotlightConfigureOnLockScreen = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - screenCaptureBlocked = $True - webRtcBlockLocalhostIpAddress = $True - safeSearchFilter = "userDefined" - searchDisableLocation = $True - edgeBlockInPrivateBrowsing = $True - appManagementMSIAllowUserControlOverInstall = $True - defenderSignatureUpdateIntervalInHours = 25 - startMenuHideSleep = $True - voiceRecordingBlocked = $True - edgeFavoritesListLocation = "FakeStringValue" - startMenuHideLock = $True - wiFiBlockManualConfiguration = $True - edgeBlockTabPreloading = $True - configureTimeZone = "FakeStringValue" - edgeBlocked = $True - taskManagerBlockEndTask = $True - settingsBlockAppsPage = $True - settingsBlockChangePowerSleep = $True - copyPasteBlocked = $True - settingsBlockNetworkInternetPage = $True - privacyBlockInputPersonalization = $True - appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - powerLidCloseActionOnBattery = "notConfigured" - searchDisableIndexerBackoff = $True - edgeBlockFullScreenMode = $True - lockScreenTimeoutInSeconds = 25 - developerUnlockSetting = "notConfigured" - storageRestrictAppDataToSystemVolume = $True - cellularBlockVpn = $True - powerHybridSleepPluggedIn = "notConfigured" - settingsBlockChangeLanguage = $True - powerSleepButtonActionOnBattery = "notConfigured" - antiTheftModeBlocked = $True - defenderMonitorFileActivity = "userDefined" - defenderFileExtensionsToExclude = @("FakeStringValue") - bluetoothBlockDiscoverableMode = $True - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - diagnosticsDataSubmissionMode = "userDefined" - uninstallBuiltInApps = $True - oneDriveDisableFileSync = $True - startMenuHideUserTile = $True - startMenuHideSignOut = $True - defenderDaysBeforeDeletingQuarantinedMalware = 25 - privacyAutoAcceptPairingAndConsentPrompts = $True - settingsBlockChangeRegion = $True - passwordMinimumAgeInDays = 25 - powerHybridSleepOnBattery = "notConfigured" - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - edgeBlockSearchSuggestions = $True - settingsBlockSystemPage = $True - defenderRequireBehaviorMonitoring = $True - microsoftAccountBlockSettingsSync = $True - windowsSpotlightBlockWindowsTips = $True - startMenuHideRecentlyAddedApps = $True - inkWorkspaceBlockSuggestedApps = $True - personalizationDesktopImageUrl = "FakeStringValue" - edgeHomeButtonConfigurationEnabled = $True - passwordRequiredType = "deviceDefault" - startMenuPinnedFolderSettings = "notConfigured" - connectedDevicesServiceBlocked = $True - edgeBlockExtensions = $True - edgeBlockAddressBarDropdown = $True - findMyFiles = "notConfigured" - privacyBlockPublishUserActivities = $True - startMenuHideFrequentlyUsedApps = $True - '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" - powerSleepButtonActionPluggedIn = "notConfigured" - internetSharingBlocked = $True - startMenuHidePowerButton = $True - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - personalizationLockScreenImageUrl = "FakeStringValue" - bluetoothBlockPrePairing = $True - windowsSpotlightBlockWelcomeExperience = $True - startMenuHideShutDown = $True - storageRestrictAppInstallToSystemVolume = $True - windowsSpotlightBlockThirdPartyNotifications = $True - searchDisableAutoLanguageDetection = $True - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - appsAllowTrustedAppsSideloading = "notConfigured" - edgeBlockLiveTileDataCollection = $True - wirelessDisplayBlockProjectionToThisDevice = $True - startMenuHideRestartOptions = $True - edgeSendIntranetTrafficToInternetExplorer = $True - startMenuPinnedFolderHomeGroup = "notConfigured" - edgeBlockWebContentOnNewTabPage = $True - startMenuLayoutXml = $True - searchBlockDiacritics = $True - storageBlockRemovableStorage = $True - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - wirelessDisplayRequirePinForPairing = $True - defenderScheduledQuickScanTime = "00:00:00" - edgeAllowStartPagesModification = $True - defenderRequireRealTimeMonitoring = $True - authenticationWebSignIn = "notConfigured" - lockScreenBlockToastNotifications = $True - energySaverPluggedInThresholdPercentage = 25 - defenderScanMappedNetworkDrivesDuringFullScan = $True - smartScreenBlockPromptOverride = $True - edgeBlockSendingIntranetTrafficToInternetExplorer = $True - authenticationPreferredAzureADTenantDomainName = "FakeStringValue" - defenderScanType = "userDefined" - bluetoothBlockAdvertising = $True - enterpriseCloudPrintDiscoveryMaxLimit = 25 - logonBlockFastUserSwitching = $True - networkProxyDisableAutoDetect = $True - cameraBlocked = $True - wiFiScanInterval = 25 - edgeBlockSideloadingExtensions = $True - settingsBlockEaseOfAccessPage = $True - microsoftAccountBlocked = $True - defenderScanRemovableDrivesDuringFullScan = $True - energySaverOnBatteryThresholdPercentage = 25 - startMenuHideHibernate = $True - defenderScanDownloads = $True - defenderBlockOnAccessProtection = $True - defenderCloudBlockLevel = "notConfigured" - storageRequireMobileDeviceEncryption = $True - windowsStoreEnablePrivateStoreOnly = $True - edgeBlockCompatibilityList = $True - wiFiBlockAutomaticConnectHotspots = $True - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderCloudExtendedTimeout = 25 - edgeHomepageUrls = @("FakeStringValue") - cellularBlockDataWhenRoaming = $True - securityBlockAzureADJoinedDevicesAutoEncryption = $True - smartScreenAppInstallControl = "notConfigured" - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - bluetoothBlockPromptedProximalConnections = $True - settingsBlockPrivacyPage = $True - windowsSpotlightBlocked = $True - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True - startMenuPinnedFolderDocuments = "notConfigured" - systemTelemetryProxyServer = "FakeStringValue" - lockScreenAllowTimeoutConfiguration = $True - defenderSystemScanSchedule = "userDefined" - windowsSpotlightBlockConsumerSpecificFeatures = $True - searchDisableUseLocation = $True - appsBlockWindowsStoreOriginatedApps = $True - startMenuPinnedFolderNetwork = "notConfigured" - edgeBlockPrinting = $True - settingsBlockEditDeviceName = $True - printerNames = @("FakeStringValue") - settingsBlockUpdateSecurityPage = $True - startMenuMode = "userDefined" - searchBlockWebResults = $True - edgePreventCertificateErrorOverride = $True - passwordRequired = $True - defenderScanNetworkFiles = $True - startMenuPinnedFolderMusic = "notConfigured" - cortanaBlocked = $True - searchEnableRemoteQueries = $True - messagingBlockSync = $True - startMenuPinnedFolderVideos = "notConfigured" - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - experienceDoNotSyncBrowserSettings = "notConfigured" - edgeDisableFirstRunPage = $True - edgeCookiePolicy = "userDefined" - inkWorkspaceAccessState = "notConfigured" - windows10AppsForceUpdateSchedule = @{ + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = 'notConfigured' + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @('FakeStringValue') + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @('FakeStringValue') + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = 'notConfigured' + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = 'notConfigured' + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + powerButtonActionOnBattery = 'notConfigured' + startMenuAppListVisibility = 'userDefined' + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = 'userDefined' + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = 'FakeStringValue' + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = 'FakeStringValue' + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + powerLidCloseActionOnBattery = 'notConfigured' + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = 'notConfigured' + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = 'notConfigured' + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = 'notConfigured' + antiTheftModeBlocked = $True + defenderMonitorFileActivity = 'userDefined' + defenderFileExtensionsToExclude = @('FakeStringValue') + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + diagnosticsDataSubmissionMode = 'userDefined' + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = 'notConfigured' + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = 'FakeStringValue' + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = 'deviceDefault' + startMenuPinnedFolderSettings = 'notConfigured' + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = 'notConfigured' + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' + powerSleepButtonActionPluggedIn = 'notConfigured' + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + personalizationLockScreenImageUrl = 'FakeStringValue' + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + appsAllowTrustedAppsSideloading = 'notConfigured' + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = 'notConfigured' + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = '00:00:00' + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = 'notConfigured' + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + defenderScanType = 'userDefined' + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = 'notConfigured' + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @('FakeStringValue') + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = 'notConfigured' + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = 'notConfigured' + systemTelemetryProxyServer = 'FakeStringValue' + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = 'userDefined' + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = 'notConfigured' + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @('FakeStringValue') + settingsBlockUpdateSecurityPage = $True + startMenuMode = 'userDefined' + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = 'notConfigured' + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = 'notConfigured' + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + experienceDoNotSyncBrowserSettings = 'notConfigured' + edgeDisableFirstRunPage = $True + edgeCookiePolicy = 'userDefined' + inkWorkspaceAccessState = 'notConfigured' + windows10AppsForceUpdateSchedule = @{ runImmediatelyIfAfterStartDateTime = $True - recurrence = "none" - startDateTime = "2023-01-01T00:00:00.0000000+00:00" + recurrence = 'none' + startDateTime = '2023-01-01T00:00:00.0000000+00:00' } - dataProtectionBlockDirectMemoryAccess = $True - experienceBlockErrorDialogWhenNoSIM = $True - settingsBlockPersonalizationPage = $True - wirelessDisplayBlockUserInputFromReceiver = $True - startMenuPinnedFolderPersonalFolder = "notConfigured" - activateAppsWithVoice = "notConfigured" - edgeClearBrowsingDataOnExit = $True - passwordPreviousPasswordBlockCount = 25 - edgeBlockSearchEngineCustomization = $True - deviceManagementBlockManualUnenroll = $True - edgeBlockSavingHistory = $True - inkWorkspaceAccess = "notConfigured" - startMenuHideRecentJumpLists = $True - privacyBlockActivityFeed = $True - settingsBlockChangeSystemTime = $True - defenderDisableCatchupQuickScan = $True - smartScreenEnableAppInstallControl = $True - edgeBlockDeveloperTools = $True - edgeKioskModeRestriction = "notConfigured" - lockScreenBlockActionCenterNotifications = $True - privacyAdvertisingId = "notConfigured" - settingsBlockSettingsApp = $True - settingsBlockAccountsPage = $True - certificatesBlockManualRootCertificateInstallation = $True - edgeBlockJavaScript = $True - edgeSyncFavoritesWithInternetExplorer = $True - startMenuLayoutEdgeAssetsXml = $True - windowsSpotlightBlockTailoredExperiences = $True - defenderPromptForSampleSubmission = "userDefined" - edgeBlockAccessToAboutFlags = $True - messagingBlockMMS = $True - edgeBlockEditFavorites = $True - printerDefaultName = "FakeStringValue" - experienceBlockDeviceDiscovery = $True - privacyDisableLaunchExperience = $True - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - nfcBlocked = $True - searchDisableIndexingRemovableDrive = $True - powerButtonActionPluggedIn = "notConfigured" - settingsBlockRemoveProvisioningPackage = $True - edgeKioskResetAfterIdleTimeInMinutes = 25 - passwordMinutesOfInactivityBeforeScreenTimeout = 25 - printerBlockAddition = $True - defenderScanScriptsLoadedInInternetExplorer = $True - defenderDisableCatchupFullScan = $True - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - bluetoothBlocked = $True - settingsBlockAddProvisioningPackage = $True - passwordMinimumLength = 25 - startMenuHideChangeAccountSettings = $True - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - edgeBlockPopups = $True - networkProxyServer = @{ + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = 'notConfigured' + activateAppsWithVoice = 'notConfigured' + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = 'notConfigured' + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = 'notConfigured' + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = 'notConfigured' + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = 'userDefined' + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = 'FakeStringValue' + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = 'notConfigured' + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + edgeBlockPopups = $True + networkProxyServer = @{ useForLocalAddresses = $True - exceptions = @("FakeStringValue") - address = "FakeStringValue" + exceptions = @('FakeStringValue') + address = 'FakeStringValue' } - startMenuPinnedFolderDownloads = "notConfigured" - settingsBlockDevicesPage = $True - wiFiBlocked = $True - windowsStoreBlocked = $True - edgeBlockPrelaunch = $True - gameDvrBlocked = $True - experienceBlockTaskSwitcher = $True - edgeBlockPasswordManager = $True - passwordSignInFailureCountBeforeFactoryReset = 25 - passwordMinimumCharacterSetCount = 25 - searchDisableIndexingEncryptedItems = $True - appManagementMSIAlwaysInstallWithElevatedPrivileges = $True - cellularData = "blocked" - defenderScheduledScanTime = "00:00:00" - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - defenderProcessesToExclude = @("FakeStringValue") - defenderDetectedMalwareActions = @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" + startMenuPinnedFolderDownloads = 'notConfigured' + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = 'blocked' + defenderScheduledScanTime = '00:00:00' + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + defenderProcessesToExclude = @('FakeStringValue') + defenderDetectedMalwareActions = @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' } - edgeHomeButtonConfiguration = @{ - homeButtonCustomURL = "FakeStringValue" - '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.edgeHomeButtonHidden' } - cryptographyAllowFipsAlgorithmPolicy = $True - sharedUserAppDataAllowed = $True - edgeFirstRunUrl = "FakeStringValue" - edgeBlockSendingDoNotTrackHeader = $True - edgeOpensWith = "notConfigured" - defenderScheduleScanEnableLowCpuPriority = $True - windowsStoreBlockAutoUpdate = $True - messagingBlockRichCommunicationServices = $True - edgeNewTabPageURL = "FakeStringValue" - passwordRequireWhenResumeFromIdleState = $True - passwordExpirationDays = 25 - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - settingsBlockTimeLanguagePage = $True - locationServicesBlocked = $True - defenderScanMaxCpu = 25 - edgeFavoritesBarVisibility = "notConfigured" - accountsBlockAddingNonMicrosoftAccountEmail = $True - defenderCloudExtendedTimeoutInSeconds = 25 - cellularBlockVpnWhenRoaming = $True - startMenuPinnedFolderFileExplorer = "notConfigured" - edgeSearchEngine = @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - '@odata.type' = "#microsoft.graph.edgeSearchEngine" + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = 'FakeStringValue' + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = 'notConfigured' + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = 'FakeStringValue' + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = 'notConfigured' + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = 'notConfigured' + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + '@odata.type' = '#microsoft.graph.edgeSearchEngine' } } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -1022,630 +1026,630 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "The IntuneDeviceConfigurationPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationPolicyWindows10 Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - AccountsBlockAddingNonMicrosoftAccountEmail = $True - ActivateAppsWithVoice = "notConfigured" - AntiTheftModeBlocked = $True - AppManagementMSIAllowUserControlOverInstall = $True - AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True - AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - AppsAllowTrustedAppsSideloading = "notConfigured" - AppsBlockWindowsStoreOriginatedApps = $True - AuthenticationAllowSecondaryDevice = $True - AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" - AuthenticationWebSignIn = "notConfigured" - BluetoothAllowedServices = @("FakeStringValue") - BluetoothBlockAdvertising = $True - BluetoothBlockDiscoverableMode = $True - BluetoothBlocked = $True - BluetoothBlockPrePairing = $True - BluetoothBlockPromptedProximalConnections = $True - CameraBlocked = $True - CellularBlockDataWhenRoaming = $True - CellularBlockVpn = $True - CellularBlockVpnWhenRoaming = $True - CellularData = "blocked" - CertificatesBlockManualRootCertificateInstallation = $True - ConfigureTimeZone = "FakeStringValue" - ConnectedDevicesServiceBlocked = $True - CopyPasteBlocked = $True - CortanaBlocked = $True - CryptographyAllowFipsAlgorithmPolicy = $True - DataProtectionBlockDirectMemoryAccess = $True - DefenderBlockEndUserAccess = $True - DefenderBlockOnAccessProtection = $True - DefenderCloudBlockLevel = "notConfigured" - DefenderCloudExtendedTimeout = 25 - DefenderCloudExtendedTimeoutInSeconds = 25 - DefenderDaysBeforeDeletingQuarantinedMalware = 25 - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" - } -ClientOnly) - defenderDisableCatchupFullScan = $True - defenderDisableCatchupQuickScan = $True - defenderFileExtensionsToExclude = @("FakeStringValue") - defenderFilesAndFoldersToExclude = @("FakeStringValue") - defenderMonitorFileActivity = "userDefined" - defenderPotentiallyUnwantedAppAction = "deviceDefault" - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderProcessesToExclude = @("FakeStringValue") - defenderPromptForSampleSubmission = "userDefined" - defenderRequireBehaviorMonitoring = $True - defenderRequireCloudProtection = $True - defenderRequireNetworkInspectionSystem = $True - defenderRequireRealTimeMonitoring = $True - defenderScanArchiveFiles = $True - defenderScanDownloads = $True - defenderScanIncomingMail = $True - defenderScanMappedNetworkDrivesDuringFullScan = $True - defenderScanMaxCpu = 25 - defenderScanNetworkFiles = $True - defenderScanRemovableDrivesDuringFullScan = $True - defenderScanScriptsLoadedInInternetExplorer = $True - defenderScanType = "userDefined" - defenderScheduledQuickScanTime = "00:00:00" - defenderScheduledScanTime = "00:00:00" - defenderScheduleScanEnableLowCpuPriority = $True - defenderSignatureUpdateIntervalInHours = 25 - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - defenderSystemScanSchedule = "userDefined" - description = "FakeStringValue" - developerUnlockSetting = "notConfigured" - deviceManagementBlockFactoryResetOnMobile = $True - deviceManagementBlockManualUnenroll = $True - diagnosticsDataSubmissionMode = "userDefined" - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - displayName = "FakeStringValue" - edgeAllowStartPagesModification = $True - edgeBlockAccessToAboutFlags = $True - edgeBlockAddressBarDropdown = $True - edgeBlockAutofill = $True - edgeBlockCompatibilityList = $True - edgeBlockDeveloperTools = $True - edgeBlocked = $True - edgeBlockEditFavorites = $True - edgeBlockExtensions = $True - edgeBlockFullScreenMode = $True - edgeBlockInPrivateBrowsing = $True - edgeBlockJavaScript = $True - edgeBlockLiveTileDataCollection = $True - edgeBlockPasswordManager = $True - edgeBlockPopups = $True - edgeBlockPrelaunch = $True - edgeBlockPrinting = $True - edgeBlockSavingHistory = $True - edgeBlockSearchEngineCustomization = $True - edgeBlockSearchSuggestions = $True - edgeBlockSendingDoNotTrackHeader = $True - edgeBlockSendingIntranetTrafficToInternetExplorer = $True - edgeBlockSideloadingExtensions = $True - edgeBlockTabPreloading = $True - edgeBlockWebContentOnNewTabPage = $True - edgeClearBrowsingDataOnExit = $True - edgeCookiePolicy = "userDefined" - edgeDisableFirstRunPage = $True - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - edgeFavoritesBarVisibility = "notConfigured" - edgeFavoritesListLocation = "FakeStringValue" - edgeFirstRunUrl = "FakeStringValue" - edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ - odataType = "#microsoft.graph.edgeHomeButtonHidden" - homeButtonCustomURL = "FakeStringValue" - } -ClientOnly) - edgeHomeButtonConfigurationEnabled = $True - edgeHomepageUrls = @("FakeStringValue") - edgeKioskModeRestriction = "notConfigured" - edgeKioskResetAfterIdleTimeInMinutes = 25 - edgeNewTabPageURL = "FakeStringValue" - edgeOpensWith = "notConfigured" - edgePreventCertificateErrorOverride = $True - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - edgeRequireSmartScreen = $True - edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - odataType = "#microsoft.graph.edgeSearchEngine" - } -ClientOnly) - edgeSendIntranetTrafficToInternetExplorer = $True - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - edgeSyncFavoritesWithInternetExplorer = $True - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - enableAutomaticRedeployment = $True - energySaverOnBatteryThresholdPercentage = 25 - energySaverPluggedInThresholdPercentage = 25 - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - enterpriseCloudPrintDiscoveryMaxLimit = 25 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - experienceBlockDeviceDiscovery = $True - experienceBlockErrorDialogWhenNoSIM = $True - experienceBlockTaskSwitcher = $True - experienceDoNotSyncBrowserSettings = "notConfigured" - findMyFiles = "notConfigured" - gameDvrBlocked = $True - id = "FakeStringValue" - inkWorkspaceAccess = "notConfigured" - inkWorkspaceAccessState = "notConfigured" - inkWorkspaceBlockSuggestedApps = $True - internetSharingBlocked = $True - locationServicesBlocked = $True - lockScreenActivateAppsWithVoice = "notConfigured" - lockScreenAllowTimeoutConfiguration = $True - lockScreenBlockActionCenterNotifications = $True - lockScreenBlockCortana = $True - lockScreenBlockToastNotifications = $True - lockScreenTimeoutInSeconds = 25 - logonBlockFastUserSwitching = $True - messagingBlockMMS = $True - messagingBlockRichCommunicationServices = $True - messagingBlockSync = $True - microsoftAccountBlocked = $True - microsoftAccountBlockSettingsSync = $True - microsoftAccountSignInAssistantSettings = "notConfigured" - networkProxyApplySettingsDeviceWide = $True - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - networkProxyDisableAutoDetect = $True - networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ - useForLocalAddresses = $True - exceptions = @("FakeStringValue") - address = "FakeStringValue" - } -ClientOnly) - nfcBlocked = $True - oneDriveDisableFileSync = $True - passwordBlockSimple = $True - passwordExpirationDays = 25 - passwordMinimumAgeInDays = 25 - passwordMinimumCharacterSetCount = 25 - passwordMinimumLength = 25 - passwordMinutesOfInactivityBeforeScreenTimeout = 25 - passwordPreviousPasswordBlockCount = 25 - passwordRequired = $True - passwordRequiredType = "deviceDefault" - passwordRequireWhenResumeFromIdleState = $True - passwordSignInFailureCountBeforeFactoryReset = 25 - personalizationDesktopImageUrl = "FakeStringValue" - personalizationLockScreenImageUrl = "FakeStringValue" - powerButtonActionOnBattery = "notConfigured" - powerButtonActionPluggedIn = "notConfigured" - powerHybridSleepOnBattery = "notConfigured" - powerHybridSleepPluggedIn = "notConfigured" - powerLidCloseActionOnBattery = "notConfigured" - powerLidCloseActionPluggedIn = "notConfigured" - powerSleepButtonActionOnBattery = "notConfigured" - powerSleepButtonActionPluggedIn = "notConfigured" - printerBlockAddition = $True - printerDefaultName = "FakeStringValue" - printerNames = @("FakeStringValue") - privacyAdvertisingId = "notConfigured" - privacyAutoAcceptPairingAndConsentPrompts = $True - privacyBlockActivityFeed = $True - privacyBlockInputPersonalization = $True - privacyBlockPublishUserActivities = $True - privacyDisableLaunchExperience = $True - resetProtectionModeBlocked = $True - safeSearchFilter = "userDefined" - screenCaptureBlocked = $True - searchBlockDiacritics = $True - searchBlockWebResults = $True - searchDisableAutoLanguageDetection = $True - searchDisableIndexerBackoff = $True - searchDisableIndexingEncryptedItems = $True - searchDisableIndexingRemovableDrive = $True - searchDisableLocation = $True - searchDisableUseLocation = $True - searchEnableAutomaticIndexSizeManangement = $True - searchEnableRemoteQueries = $True - securityBlockAzureADJoinedDevicesAutoEncryption = $True - settingsBlockAccountsPage = $True - settingsBlockAddProvisioningPackage = $True - settingsBlockAppsPage = $True - settingsBlockChangeLanguage = $True - settingsBlockChangePowerSleep = $True - settingsBlockChangeRegion = $True - settingsBlockChangeSystemTime = $True - settingsBlockDevicesPage = $True - settingsBlockEaseOfAccessPage = $True - settingsBlockEditDeviceName = $True - settingsBlockGamingPage = $True - settingsBlockNetworkInternetPage = $True - settingsBlockPersonalizationPage = $True - settingsBlockPrivacyPage = $True - settingsBlockRemoveProvisioningPackage = $True - settingsBlockSettingsApp = $True - settingsBlockSystemPage = $True - settingsBlockTimeLanguagePage = $True - settingsBlockUpdateSecurityPage = $True - sharedUserAppDataAllowed = $True - smartScreenAppInstallControl = "notConfigured" - smartScreenBlockPromptOverride = $True - smartScreenBlockPromptOverrideForFiles = $True - smartScreenEnableAppInstallControl = $True - startBlockUnpinningAppsFromTaskbar = $True - startMenuAppListVisibility = "userDefined" - startMenuHideChangeAccountSettings = $True - startMenuHideFrequentlyUsedApps = $True - startMenuHideHibernate = $True - startMenuHideLock = $True - startMenuHidePowerButton = $True - startMenuHideRecentJumpLists = $True - startMenuHideRecentlyAddedApps = $True - startMenuHideRestartOptions = $True - startMenuHideShutDown = $True - startMenuHideSignOut = $True - startMenuHideSleep = $True - startMenuHideSwitchAccount = $True - startMenuHideUserTile = $True - startMenuLayoutEdgeAssetsXml = $True - startMenuLayoutXml = $True - startMenuMode = "userDefined" - startMenuPinnedFolderDocuments = "notConfigured" - startMenuPinnedFolderDownloads = "notConfigured" - startMenuPinnedFolderFileExplorer = "notConfigured" - startMenuPinnedFolderHomeGroup = "notConfigured" - startMenuPinnedFolderMusic = "notConfigured" - startMenuPinnedFolderNetwork = "notConfigured" - startMenuPinnedFolderPersonalFolder = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - startMenuPinnedFolderSettings = "notConfigured" - startMenuPinnedFolderVideos = "notConfigured" - storageBlockRemovableStorage = $True - storageRequireMobileDeviceEncryption = $True - storageRestrictAppDataToSystemVolume = $True - storageRestrictAppInstallToSystemVolume = $True - supportsScopeTags = $True - systemTelemetryProxyServer = "FakeStringValue" - taskManagerBlockEndTask = $True - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True - uninstallBuiltInApps = $True - usbBlocked = $True - voiceRecordingBlocked = $True - webRtcBlockLocalhostIpAddress = $True - wiFiBlockAutomaticConnectHotspots = $True - wiFiBlocked = $True - wiFiBlockManualConfiguration = $True - wiFiScanInterval = 25 - windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ - runImmediatelyIfAfterStartDateTime = $True - recurrence = "none" - startDateTime = "2023-01-01T00:00:00.0000000+00:00" - } -ClientOnly) - windowsSpotlightBlockConsumerSpecificFeatures = $True - windowsSpotlightBlocked = $True - windowsSpotlightBlockOnActionCenter = $True - windowsSpotlightBlockTailoredExperiences = $True - windowsSpotlightBlockThirdPartyNotifications = $True - windowsSpotlightBlockWelcomeExperience = $True - windowsSpotlightBlockWindowsTips = $True - windowsSpotlightConfigureOnLockScreen = "notConfigured" - windowsStoreBlockAutoUpdate = $True - windowsStoreBlocked = $True - windowsStoreEnablePrivateStoreOnly = $True - wirelessDisplayBlockProjectionToThisDevice = $True - wirelessDisplayBlockUserInputFromReceiver = $True - wirelessDisplayRequirePinForPairing = $True - Ensure = "Present" - Credential = $Credential; + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = 'notConfigured' + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + AppsAllowTrustedAppsSideloading = 'notConfigured' + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + AuthenticationWebSignIn = 'notConfigured' + BluetoothAllowedServices = @('FakeStringValue') + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = 'blocked' + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = 'FakeStringValue' + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = 'notConfigured' + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @('FakeStringValue') + defenderFilesAndFoldersToExclude = @('FakeStringValue') + defenderMonitorFileActivity = 'userDefined' + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderProcessesToExclude = @('FakeStringValue') + defenderPromptForSampleSubmission = 'userDefined' + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = 'userDefined' + defenderScheduledQuickScanTime = '00:00:00' + defenderScheduledScanTime = '00:00:00' + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + defenderSystemScanSchedule = 'userDefined' + description = 'FakeStringValue' + developerUnlockSetting = 'notConfigured' + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = 'userDefined' + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + displayName = 'FakeStringValue' + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = 'userDefined' + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + edgeFavoritesBarVisibility = 'notConfigured' + edgeFavoritesListLocation = 'FakeStringValue' + edgeFirstRunUrl = 'FakeStringValue' + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = '#microsoft.graph.edgeHomeButtonHidden' + homeButtonCustomURL = 'FakeStringValue' + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @('FakeStringValue') + edgeKioskModeRestriction = 'notConfigured' + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = 'FakeStringValue' + edgeOpensWith = 'notConfigured' + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + odataType = '#microsoft.graph.edgeSearchEngine' + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = 'notConfigured' + findMyFiles = 'notConfigured' + gameDvrBlocked = $True + id = 'FakeStringValue' + inkWorkspaceAccess = 'notConfigured' + inkWorkspaceAccessState = 'notConfigured' + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = 'notConfigured' + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = 'notConfigured' + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @('FakeStringValue') + address = 'FakeStringValue' + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = 'deviceDefault' + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = 'FakeStringValue' + personalizationLockScreenImageUrl = 'FakeStringValue' + powerButtonActionOnBattery = 'notConfigured' + powerButtonActionPluggedIn = 'notConfigured' + powerHybridSleepOnBattery = 'notConfigured' + powerHybridSleepPluggedIn = 'notConfigured' + powerLidCloseActionOnBattery = 'notConfigured' + powerLidCloseActionPluggedIn = 'notConfigured' + powerSleepButtonActionOnBattery = 'notConfigured' + powerSleepButtonActionPluggedIn = 'notConfigured' + printerBlockAddition = $True + printerDefaultName = 'FakeStringValue' + printerNames = @('FakeStringValue') + privacyAdvertisingId = 'notConfigured' + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = 'userDefined' + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = 'notConfigured' + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = 'userDefined' + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = 'userDefined' + startMenuPinnedFolderDocuments = 'notConfigured' + startMenuPinnedFolderDownloads = 'notConfigured' + startMenuPinnedFolderFileExplorer = 'notConfigured' + startMenuPinnedFolderHomeGroup = 'notConfigured' + startMenuPinnedFolderMusic = 'notConfigured' + startMenuPinnedFolderNetwork = 'notConfigured' + startMenuPinnedFolderPersonalFolder = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + startMenuPinnedFolderSettings = 'notConfigured' + startMenuPinnedFolderVideos = 'notConfigured' + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = 'FakeStringValue' + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = 'none' + startDateTime = '2023-01-01T00:00:00.0000000+00:00' + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - startMenuHideSwitchAccount = $True - defenderBlockEndUserAccess = $True - searchEnableAutomaticIndexSizeManangement = $True - defenderRequireNetworkInspectionSystem = $True - settingsBlockGamingPage = $True - smartScreenBlockPromptOverrideForFiles = $True - passwordBlockSimple = $True - powerLidCloseActionPluggedIn = "notConfigured" - defenderRequireCloudProtection = $True - defenderFilesAndFoldersToExclude = @("FakeStringValue") - resetProtectionModeBlocked = $True - startBlockUnpinningAppsFromTaskbar = $True - networkProxyApplySettingsDeviceWide = $True - bluetoothAllowedServices = @("FakeStringValue") - defenderScanArchiveFiles = $True - lockScreenActivateAppsWithVoice = "notConfigured" - defenderScanIncomingMail = $True - edgeBlockAutofill = $True - authenticationAllowSecondaryDevice = $True - edgeRequireSmartScreen = $True - windowsSpotlightBlockOnActionCenter = $True - usbBlocked = $True - enableAutomaticRedeployment = $True - microsoftAccountSignInAssistantSettings = "notConfigured" - deviceManagementBlockFactoryResetOnMobile = $True - defenderPotentiallyUnwantedAppAction = "deviceDefault" - powerButtonActionOnBattery = "notConfigured" - startMenuAppListVisibility = "userDefined" - lockScreenBlockCortana = $True - windowsSpotlightConfigureOnLockScreen = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - screenCaptureBlocked = $True - webRtcBlockLocalhostIpAddress = $True - safeSearchFilter = "userDefined" - searchDisableLocation = $True - edgeBlockInPrivateBrowsing = $True - appManagementMSIAllowUserControlOverInstall = $True - defenderSignatureUpdateIntervalInHours = 25 - startMenuHideSleep = $True - voiceRecordingBlocked = $True - edgeFavoritesListLocation = "FakeStringValue" - startMenuHideLock = $True - wiFiBlockManualConfiguration = $True - edgeBlockTabPreloading = $True - configureTimeZone = "FakeStringValue" - edgeBlocked = $True - taskManagerBlockEndTask = $True - settingsBlockAppsPage = $True - settingsBlockChangePowerSleep = $True - copyPasteBlocked = $True - settingsBlockNetworkInternetPage = $True - privacyBlockInputPersonalization = $True - appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - powerLidCloseActionOnBattery = "notConfigured" - searchDisableIndexerBackoff = $True - edgeBlockFullScreenMode = $True - lockScreenTimeoutInSeconds = 25 - developerUnlockSetting = "notConfigured" - storageRestrictAppDataToSystemVolume = $True - cellularBlockVpn = $True - powerHybridSleepPluggedIn = "notConfigured" - settingsBlockChangeLanguage = $True - powerSleepButtonActionOnBattery = "notConfigured" - antiTheftModeBlocked = $True - defenderMonitorFileActivity = "userDefined" - defenderFileExtensionsToExclude = @("FakeStringValue") - bluetoothBlockDiscoverableMode = $True - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - diagnosticsDataSubmissionMode = "userDefined" - uninstallBuiltInApps = $True - oneDriveDisableFileSync = $True - startMenuHideUserTile = $True - startMenuHideSignOut = $True - defenderDaysBeforeDeletingQuarantinedMalware = 25 - privacyAutoAcceptPairingAndConsentPrompts = $True - settingsBlockChangeRegion = $True - passwordMinimumAgeInDays = 25 - powerHybridSleepOnBattery = "notConfigured" - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - edgeBlockSearchSuggestions = $True - settingsBlockSystemPage = $True - defenderRequireBehaviorMonitoring = $True - microsoftAccountBlockSettingsSync = $True - windowsSpotlightBlockWindowsTips = $True - startMenuHideRecentlyAddedApps = $True - inkWorkspaceBlockSuggestedApps = $True - personalizationDesktopImageUrl = "FakeStringValue" - edgeHomeButtonConfigurationEnabled = $True - passwordRequiredType = "deviceDefault" - startMenuPinnedFolderSettings = "notConfigured" - connectedDevicesServiceBlocked = $True - edgeBlockExtensions = $True - edgeBlockAddressBarDropdown = $True - findMyFiles = "notConfigured" - privacyBlockPublishUserActivities = $True - startMenuHideFrequentlyUsedApps = $True - '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" - powerSleepButtonActionPluggedIn = "notConfigured" - internetSharingBlocked = $True - startMenuHidePowerButton = $True - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - personalizationLockScreenImageUrl = "FakeStringValue" - bluetoothBlockPrePairing = $True - windowsSpotlightBlockWelcomeExperience = $True - startMenuHideShutDown = $True - storageRestrictAppInstallToSystemVolume = $True - windowsSpotlightBlockThirdPartyNotifications = $True - searchDisableAutoLanguageDetection = $True - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - appsAllowTrustedAppsSideloading = "notConfigured" - edgeBlockLiveTileDataCollection = $True - wirelessDisplayBlockProjectionToThisDevice = $True - startMenuHideRestartOptions = $True - edgeSendIntranetTrafficToInternetExplorer = $True - startMenuPinnedFolderHomeGroup = "notConfigured" - edgeBlockWebContentOnNewTabPage = $True - startMenuLayoutXml = $True - searchBlockDiacritics = $True - storageBlockRemovableStorage = $True - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - wirelessDisplayRequirePinForPairing = $True - defenderScheduledQuickScanTime = "00:00:00" - edgeAllowStartPagesModification = $True - defenderRequireRealTimeMonitoring = $True - authenticationWebSignIn = "notConfigured" - lockScreenBlockToastNotifications = $True - energySaverPluggedInThresholdPercentage = 25 - defenderScanMappedNetworkDrivesDuringFullScan = $True - smartScreenBlockPromptOverride = $True - edgeBlockSendingIntranetTrafficToInternetExplorer = $True - authenticationPreferredAzureADTenantDomainName = "FakeStringValue" - defenderScanType = "userDefined" - bluetoothBlockAdvertising = $True - enterpriseCloudPrintDiscoveryMaxLimit = 25 - logonBlockFastUserSwitching = $True - networkProxyDisableAutoDetect = $True - cameraBlocked = $True - wiFiScanInterval = 25 - edgeBlockSideloadingExtensions = $True - settingsBlockEaseOfAccessPage = $True - microsoftAccountBlocked = $True - defenderScanRemovableDrivesDuringFullScan = $True - energySaverOnBatteryThresholdPercentage = 25 - startMenuHideHibernate = $True - defenderScanDownloads = $True - defenderBlockOnAccessProtection = $True - defenderCloudBlockLevel = "notConfigured" - storageRequireMobileDeviceEncryption = $True - windowsStoreEnablePrivateStoreOnly = $True - edgeBlockCompatibilityList = $True - wiFiBlockAutomaticConnectHotspots = $True - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderCloudExtendedTimeout = 25 - edgeHomepageUrls = @("FakeStringValue") - cellularBlockDataWhenRoaming = $True - securityBlockAzureADJoinedDevicesAutoEncryption = $True - smartScreenAppInstallControl = "notConfigured" - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - bluetoothBlockPromptedProximalConnections = $True - settingsBlockPrivacyPage = $True - windowsSpotlightBlocked = $True - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True - startMenuPinnedFolderDocuments = "notConfigured" - systemTelemetryProxyServer = "FakeStringValue" - lockScreenAllowTimeoutConfiguration = $True - defenderSystemScanSchedule = "userDefined" - windowsSpotlightBlockConsumerSpecificFeatures = $True - searchDisableUseLocation = $True - appsBlockWindowsStoreOriginatedApps = $True - startMenuPinnedFolderNetwork = "notConfigured" - edgeBlockPrinting = $True - settingsBlockEditDeviceName = $True - printerNames = @("FakeStringValue") - settingsBlockUpdateSecurityPage = $True - startMenuMode = "userDefined" - searchBlockWebResults = $True - edgePreventCertificateErrorOverride = $True - passwordRequired = $True - defenderScanNetworkFiles = $True - startMenuPinnedFolderMusic = "notConfigured" - cortanaBlocked = $True - searchEnableRemoteQueries = $True - messagingBlockSync = $True - startMenuPinnedFolderVideos = "notConfigured" - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - experienceDoNotSyncBrowserSettings = "notConfigured" - edgeDisableFirstRunPage = $True - edgeCookiePolicy = "userDefined" - inkWorkspaceAccessState = "notConfigured" - windows10AppsForceUpdateSchedule = @{ + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = 'notConfigured' + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @('FakeStringValue') + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @('FakeStringValue') + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = 'notConfigured' + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = 'notConfigured' + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + powerButtonActionOnBattery = 'notConfigured' + startMenuAppListVisibility = 'userDefined' + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = 'userDefined' + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = 'FakeStringValue' + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = 'FakeStringValue' + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + powerLidCloseActionOnBattery = 'notConfigured' + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = 'notConfigured' + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = 'notConfigured' + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = 'notConfigured' + antiTheftModeBlocked = $True + defenderMonitorFileActivity = 'userDefined' + defenderFileExtensionsToExclude = @('FakeStringValue') + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + diagnosticsDataSubmissionMode = 'userDefined' + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = 'notConfigured' + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = 'FakeStringValue' + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = 'deviceDefault' + startMenuPinnedFolderSettings = 'notConfigured' + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = 'notConfigured' + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' + powerSleepButtonActionPluggedIn = 'notConfigured' + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + personalizationLockScreenImageUrl = 'FakeStringValue' + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + appsAllowTrustedAppsSideloading = 'notConfigured' + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = 'notConfigured' + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = '00:00:00' + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = 'notConfigured' + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + defenderScanType = 'userDefined' + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = 'notConfigured' + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @('FakeStringValue') + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = 'notConfigured' + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = 'notConfigured' + systemTelemetryProxyServer = 'FakeStringValue' + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = 'userDefined' + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = 'notConfigured' + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @('FakeStringValue') + settingsBlockUpdateSecurityPage = $True + startMenuMode = 'userDefined' + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = 'notConfigured' + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = 'notConfigured' + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + experienceDoNotSyncBrowserSettings = 'notConfigured' + edgeDisableFirstRunPage = $True + edgeCookiePolicy = 'userDefined' + inkWorkspaceAccessState = 'notConfigured' + windows10AppsForceUpdateSchedule = @{ runImmediatelyIfAfterStartDateTime = $True - recurrence = "none" - startDateTime = "2023-01-01T00:00:00.0000000+00:00" + recurrence = 'none' + startDateTime = '2023-01-01T00:00:00.0000000+00:00' } - dataProtectionBlockDirectMemoryAccess = $True - experienceBlockErrorDialogWhenNoSIM = $True - settingsBlockPersonalizationPage = $True - wirelessDisplayBlockUserInputFromReceiver = $True - startMenuPinnedFolderPersonalFolder = "notConfigured" - activateAppsWithVoice = "notConfigured" - edgeClearBrowsingDataOnExit = $True - passwordPreviousPasswordBlockCount = 25 - edgeBlockSearchEngineCustomization = $True - deviceManagementBlockManualUnenroll = $True - edgeBlockSavingHistory = $True - inkWorkspaceAccess = "notConfigured" - startMenuHideRecentJumpLists = $True - privacyBlockActivityFeed = $True - settingsBlockChangeSystemTime = $True - defenderDisableCatchupQuickScan = $True - smartScreenEnableAppInstallControl = $True - edgeBlockDeveloperTools = $True - edgeKioskModeRestriction = "notConfigured" - lockScreenBlockActionCenterNotifications = $True - privacyAdvertisingId = "notConfigured" - settingsBlockSettingsApp = $True - settingsBlockAccountsPage = $True - certificatesBlockManualRootCertificateInstallation = $True - edgeBlockJavaScript = $True - edgeSyncFavoritesWithInternetExplorer = $True - startMenuLayoutEdgeAssetsXml = $True - windowsSpotlightBlockTailoredExperiences = $True - defenderPromptForSampleSubmission = "userDefined" - edgeBlockAccessToAboutFlags = $True - messagingBlockMMS = $True - edgeBlockEditFavorites = $True - printerDefaultName = "FakeStringValue" - experienceBlockDeviceDiscovery = $True - privacyDisableLaunchExperience = $True - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - nfcBlocked = $True - searchDisableIndexingRemovableDrive = $True - powerButtonActionPluggedIn = "notConfigured" - settingsBlockRemoveProvisioningPackage = $True - edgeKioskResetAfterIdleTimeInMinutes = 25 - passwordMinutesOfInactivityBeforeScreenTimeout = 25 - printerBlockAddition = $True - defenderScanScriptsLoadedInInternetExplorer = $True - defenderDisableCatchupFullScan = $True - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - bluetoothBlocked = $True - settingsBlockAddProvisioningPackage = $True - passwordMinimumLength = 25 - startMenuHideChangeAccountSettings = $True - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - edgeBlockPopups = $True - networkProxyServer = @{ + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = 'notConfigured' + activateAppsWithVoice = 'notConfigured' + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = 'notConfigured' + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = 'notConfigured' + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = 'notConfigured' + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = 'userDefined' + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = 'FakeStringValue' + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = 'notConfigured' + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + edgeBlockPopups = $True + networkProxyServer = @{ useForLocalAddresses = $True - exceptions = @("FakeStringValue") - address = "FakeStringValue" + exceptions = @('FakeStringValue') + address = 'FakeStringValue' } - startMenuPinnedFolderDownloads = "notConfigured" - settingsBlockDevicesPage = $True - wiFiBlocked = $True - windowsStoreBlocked = $True - edgeBlockPrelaunch = $True - gameDvrBlocked = $True - experienceBlockTaskSwitcher = $True - edgeBlockPasswordManager = $True - passwordSignInFailureCountBeforeFactoryReset = 25 - passwordMinimumCharacterSetCount = 25 - searchDisableIndexingEncryptedItems = $True - appManagementMSIAlwaysInstallWithElevatedPrivileges = $True - cellularData = "blocked" - defenderScheduledScanTime = "00:00:00" - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - defenderProcessesToExclude = @("FakeStringValue") - defenderDetectedMalwareActions = @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" + startMenuPinnedFolderDownloads = 'notConfigured' + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = 'blocked' + defenderScheduledScanTime = '00:00:00' + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + defenderProcessesToExclude = @('FakeStringValue') + defenderDetectedMalwareActions = @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' } - edgeHomeButtonConfiguration = @{ - homeButtonCustomURL = "FakeStringValue" - '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.edgeHomeButtonHidden' } - cryptographyAllowFipsAlgorithmPolicy = $True - sharedUserAppDataAllowed = $True - edgeFirstRunUrl = "FakeStringValue" - edgeBlockSendingDoNotTrackHeader = $True - edgeOpensWith = "notConfigured" - defenderScheduleScanEnableLowCpuPriority = $True - windowsStoreBlockAutoUpdate = $True - messagingBlockRichCommunicationServices = $True - edgeNewTabPageURL = "FakeStringValue" - passwordRequireWhenResumeFromIdleState = $True - passwordExpirationDays = 25 - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - settingsBlockTimeLanguagePage = $True - locationServicesBlocked = $True - defenderScanMaxCpu = 25 - edgeFavoritesBarVisibility = "notConfigured" - accountsBlockAddingNonMicrosoftAccountEmail = $True - defenderCloudExtendedTimeoutInSeconds = 25 - cellularBlockVpnWhenRoaming = $True - startMenuPinnedFolderFileExplorer = "notConfigured" - edgeSearchEngine = @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - '@odata.type' = "#microsoft.graph.edgeSearchEngine" + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = 'FakeStringValue' + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = 'notConfigured' + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = 'FakeStringValue' + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = 'notConfigured' + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = 'notConfigured' + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + '@odata.type' = '#microsoft.graph.edgeSearchEngine' } } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } @@ -1657,452 +1661,452 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationPolicyWindows10 exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - AccountsBlockAddingNonMicrosoftAccountEmail = $True - ActivateAppsWithVoice = "notConfigured" - AntiTheftModeBlocked = $True - AppManagementMSIAllowUserControlOverInstall = $True - AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True - AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - AppsAllowTrustedAppsSideloading = "notConfigured" - AppsBlockWindowsStoreOriginatedApps = $True - AuthenticationAllowSecondaryDevice = $True - AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" - AuthenticationWebSignIn = "notConfigured" - BluetoothAllowedServices = @("FakeStringValue") - BluetoothBlockAdvertising = $True - BluetoothBlockDiscoverableMode = $True - BluetoothBlocked = $True - BluetoothBlockPrePairing = $True - BluetoothBlockPromptedProximalConnections = $True - CameraBlocked = $True - CellularBlockDataWhenRoaming = $True - CellularBlockVpn = $True - CellularBlockVpnWhenRoaming = $True - CellularData = "blocked" - CertificatesBlockManualRootCertificateInstallation = $True - ConfigureTimeZone = "FakeStringValue" - ConnectedDevicesServiceBlocked = $True - CopyPasteBlocked = $True - CortanaBlocked = $True - CryptographyAllowFipsAlgorithmPolicy = $True - DataProtectionBlockDirectMemoryAccess = $True - DefenderBlockEndUserAccess = $True - DefenderBlockOnAccessProtection = $True - DefenderCloudBlockLevel = "notConfigured" - DefenderCloudExtendedTimeout = 25 - DefenderCloudExtendedTimeoutInSeconds = 25 - DefenderDaysBeforeDeletingQuarantinedMalware = 25 - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" - } -ClientOnly) - defenderDisableCatchupFullScan = $True - defenderDisableCatchupQuickScan = $True - defenderFileExtensionsToExclude = @("FakeStringValue") - defenderFilesAndFoldersToExclude = @("FakeStringValue") - defenderMonitorFileActivity = "userDefined" - defenderPotentiallyUnwantedAppAction = "deviceDefault" - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderProcessesToExclude = @("FakeStringValue") - defenderPromptForSampleSubmission = "userDefined" - defenderRequireBehaviorMonitoring = $True - defenderRequireCloudProtection = $True - defenderRequireNetworkInspectionSystem = $True - defenderRequireRealTimeMonitoring = $True - defenderScanArchiveFiles = $True - defenderScanDownloads = $True - defenderScanIncomingMail = $True - defenderScanMappedNetworkDrivesDuringFullScan = $True - defenderScanMaxCpu = 25 - defenderScanNetworkFiles = $True - defenderScanRemovableDrivesDuringFullScan = $True - defenderScanScriptsLoadedInInternetExplorer = $True - defenderScanType = "userDefined" - defenderScheduledQuickScanTime = "00:00:00" - defenderScheduledScanTime = "00:00:00" - defenderScheduleScanEnableLowCpuPriority = $True - defenderSignatureUpdateIntervalInHours = 25 - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - defenderSystemScanSchedule = "userDefined" - description = "FakeStringValue" - developerUnlockSetting = "notConfigured" - deviceManagementBlockFactoryResetOnMobile = $True - deviceManagementBlockManualUnenroll = $True - diagnosticsDataSubmissionMode = "userDefined" - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - displayName = "FakeStringValue" - edgeAllowStartPagesModification = $True - edgeBlockAccessToAboutFlags = $True - edgeBlockAddressBarDropdown = $True - edgeBlockAutofill = $True - edgeBlockCompatibilityList = $True - edgeBlockDeveloperTools = $True - edgeBlocked = $True - edgeBlockEditFavorites = $True - edgeBlockExtensions = $True - edgeBlockFullScreenMode = $True - edgeBlockInPrivateBrowsing = $True - edgeBlockJavaScript = $True - edgeBlockLiveTileDataCollection = $True - edgeBlockPasswordManager = $True - edgeBlockPopups = $True - edgeBlockPrelaunch = $True - edgeBlockPrinting = $True - edgeBlockSavingHistory = $True - edgeBlockSearchEngineCustomization = $True - edgeBlockSearchSuggestions = $True - edgeBlockSendingDoNotTrackHeader = $True - edgeBlockSendingIntranetTrafficToInternetExplorer = $True - edgeBlockSideloadingExtensions = $True - edgeBlockTabPreloading = $True - edgeBlockWebContentOnNewTabPage = $True - edgeClearBrowsingDataOnExit = $True - edgeCookiePolicy = "userDefined" - edgeDisableFirstRunPage = $True - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - edgeFavoritesBarVisibility = "notConfigured" - edgeFavoritesListLocation = "FakeStringValue" - edgeFirstRunUrl = "FakeStringValue" - edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ - odataType = "#microsoft.graph.edgeHomeButtonHidden" - homeButtonCustomURL = "FakeStringValue" - } -ClientOnly) - edgeHomeButtonConfigurationEnabled = $True - edgeHomepageUrls = @("FakeStringValue") - edgeKioskModeRestriction = "notConfigured" - edgeKioskResetAfterIdleTimeInMinutes = 25 - edgeNewTabPageURL = "FakeStringValue" - edgeOpensWith = "notConfigured" - edgePreventCertificateErrorOverride = $True - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - edgeRequireSmartScreen = $True - edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - odataType = "#microsoft.graph.edgeSearchEngine" - } -ClientOnly) - edgeSendIntranetTrafficToInternetExplorer = $True - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - edgeSyncFavoritesWithInternetExplorer = $True - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - enableAutomaticRedeployment = $True - energySaverOnBatteryThresholdPercentage = 25 - energySaverPluggedInThresholdPercentage = 25 - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - enterpriseCloudPrintDiscoveryMaxLimit = 25 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - experienceBlockDeviceDiscovery = $True - experienceBlockErrorDialogWhenNoSIM = $True - experienceBlockTaskSwitcher = $True - experienceDoNotSyncBrowserSettings = "notConfigured" - findMyFiles = "notConfigured" - gameDvrBlocked = $True - id = "FakeStringValue" - inkWorkspaceAccess = "notConfigured" - inkWorkspaceAccessState = "notConfigured" - inkWorkspaceBlockSuggestedApps = $True - internetSharingBlocked = $True - locationServicesBlocked = $True - lockScreenActivateAppsWithVoice = "notConfigured" - lockScreenAllowTimeoutConfiguration = $True - lockScreenBlockActionCenterNotifications = $True - lockScreenBlockCortana = $True - lockScreenBlockToastNotifications = $True - lockScreenTimeoutInSeconds = 25 - logonBlockFastUserSwitching = $True - messagingBlockMMS = $True - messagingBlockRichCommunicationServices = $True - messagingBlockSync = $True - microsoftAccountBlocked = $True - microsoftAccountBlockSettingsSync = $True - microsoftAccountSignInAssistantSettings = "notConfigured" - networkProxyApplySettingsDeviceWide = $True - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - networkProxyDisableAutoDetect = $True - networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ - useForLocalAddresses = $True - exceptions = @("FakeStringValue") - address = "FakeStringValue" - } -ClientOnly) - nfcBlocked = $True - oneDriveDisableFileSync = $True - passwordBlockSimple = $True - passwordExpirationDays = 25 - passwordMinimumAgeInDays = 25 - passwordMinimumCharacterSetCount = 25 - passwordMinimumLength = 25 - passwordMinutesOfInactivityBeforeScreenTimeout = 25 - passwordPreviousPasswordBlockCount = 25 - passwordRequired = $True - passwordRequiredType = "deviceDefault" - passwordRequireWhenResumeFromIdleState = $True - passwordSignInFailureCountBeforeFactoryReset = 25 - personalizationDesktopImageUrl = "FakeStringValue" - personalizationLockScreenImageUrl = "FakeStringValue" - powerButtonActionOnBattery = "notConfigured" - powerButtonActionPluggedIn = "notConfigured" - powerHybridSleepOnBattery = "notConfigured" - powerHybridSleepPluggedIn = "notConfigured" - powerLidCloseActionOnBattery = "notConfigured" - powerLidCloseActionPluggedIn = "notConfigured" - powerSleepButtonActionOnBattery = "notConfigured" - powerSleepButtonActionPluggedIn = "notConfigured" - printerBlockAddition = $True - printerDefaultName = "FakeStringValue" - printerNames = @("FakeStringValue") - privacyAdvertisingId = "notConfigured" - privacyAutoAcceptPairingAndConsentPrompts = $True - privacyBlockActivityFeed = $True - privacyBlockInputPersonalization = $True - privacyBlockPublishUserActivities = $True - privacyDisableLaunchExperience = $True - resetProtectionModeBlocked = $True - safeSearchFilter = "userDefined" - screenCaptureBlocked = $True - searchBlockDiacritics = $True - searchBlockWebResults = $True - searchDisableAutoLanguageDetection = $True - searchDisableIndexerBackoff = $True - searchDisableIndexingEncryptedItems = $True - searchDisableIndexingRemovableDrive = $True - searchDisableLocation = $True - searchDisableUseLocation = $True - searchEnableAutomaticIndexSizeManangement = $True - searchEnableRemoteQueries = $True - securityBlockAzureADJoinedDevicesAutoEncryption = $True - settingsBlockAccountsPage = $True - settingsBlockAddProvisioningPackage = $True - settingsBlockAppsPage = $True - settingsBlockChangeLanguage = $True - settingsBlockChangePowerSleep = $True - settingsBlockChangeRegion = $True - settingsBlockChangeSystemTime = $True - settingsBlockDevicesPage = $True - settingsBlockEaseOfAccessPage = $True - settingsBlockEditDeviceName = $True - settingsBlockGamingPage = $True - settingsBlockNetworkInternetPage = $True - settingsBlockPersonalizationPage = $True - settingsBlockPrivacyPage = $True - settingsBlockRemoveProvisioningPackage = $True - settingsBlockSettingsApp = $True - settingsBlockSystemPage = $True - settingsBlockTimeLanguagePage = $True - settingsBlockUpdateSecurityPage = $True - sharedUserAppDataAllowed = $True - smartScreenAppInstallControl = "notConfigured" - smartScreenBlockPromptOverride = $True - smartScreenBlockPromptOverrideForFiles = $True - smartScreenEnableAppInstallControl = $True - startBlockUnpinningAppsFromTaskbar = $True - startMenuAppListVisibility = "userDefined" - startMenuHideChangeAccountSettings = $True - startMenuHideFrequentlyUsedApps = $True - startMenuHideHibernate = $True - startMenuHideLock = $True - startMenuHidePowerButton = $True - startMenuHideRecentJumpLists = $True - startMenuHideRecentlyAddedApps = $True - startMenuHideRestartOptions = $True - startMenuHideShutDown = $True - startMenuHideSignOut = $True - startMenuHideSleep = $True - startMenuHideSwitchAccount = $True - startMenuHideUserTile = $True - startMenuLayoutEdgeAssetsXml = $True - startMenuLayoutXml = $True - startMenuMode = "userDefined" - startMenuPinnedFolderDocuments = "notConfigured" - startMenuPinnedFolderDownloads = "notConfigured" - startMenuPinnedFolderFileExplorer = "notConfigured" - startMenuPinnedFolderHomeGroup = "notConfigured" - startMenuPinnedFolderMusic = "notConfigured" - startMenuPinnedFolderNetwork = "notConfigured" - startMenuPinnedFolderPersonalFolder = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - startMenuPinnedFolderSettings = "notConfigured" - startMenuPinnedFolderVideos = "notConfigured" - storageBlockRemovableStorage = $True - storageRequireMobileDeviceEncryption = $True - storageRestrictAppDataToSystemVolume = $True - storageRestrictAppInstallToSystemVolume = $True - supportsScopeTags = $True - systemTelemetryProxyServer = "FakeStringValue" - taskManagerBlockEndTask = $True - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True - uninstallBuiltInApps = $True - usbBlocked = $True - voiceRecordingBlocked = $True - webRtcBlockLocalhostIpAddress = $True - wiFiBlockAutomaticConnectHotspots = $True - wiFiBlocked = $True - wiFiBlockManualConfiguration = $True - wiFiScanInterval = 25 - windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ - runImmediatelyIfAfterStartDateTime = $True - recurrence = "none" - startDateTime = "2023-01-01T00:00:00.0000000+00:00" - } -ClientOnly) - windowsSpotlightBlockConsumerSpecificFeatures = $True - windowsSpotlightBlocked = $True - windowsSpotlightBlockOnActionCenter = $True - windowsSpotlightBlockTailoredExperiences = $True - windowsSpotlightBlockThirdPartyNotifications = $True - windowsSpotlightBlockWelcomeExperience = $True - windowsSpotlightBlockWindowsTips = $True - windowsSpotlightConfigureOnLockScreen = "notConfigured" - windowsStoreBlockAutoUpdate = $True - windowsStoreBlocked = $True - windowsStoreEnablePrivateStoreOnly = $True - wirelessDisplayBlockProjectionToThisDevice = $True - wirelessDisplayBlockUserInputFromReceiver = $True - wirelessDisplayRequirePinForPairing = $True - Ensure = "Present" - Credential = $Credential; + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = 'notConfigured' + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + AppsAllowTrustedAppsSideloading = 'notConfigured' + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + AuthenticationWebSignIn = 'notConfigured' + BluetoothAllowedServices = @('FakeStringValue') + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = 'blocked' + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = 'FakeStringValue' + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = 'notConfigured' + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @('FakeStringValue') + defenderFilesAndFoldersToExclude = @('FakeStringValue') + defenderMonitorFileActivity = 'userDefined' + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderProcessesToExclude = @('FakeStringValue') + defenderPromptForSampleSubmission = 'userDefined' + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = 'userDefined' + defenderScheduledQuickScanTime = '00:00:00' + defenderScheduledScanTime = '00:00:00' + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + defenderSystemScanSchedule = 'userDefined' + description = 'FakeStringValue' + developerUnlockSetting = 'notConfigured' + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = 'userDefined' + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + displayName = 'FakeStringValue' + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = 'userDefined' + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + edgeFavoritesBarVisibility = 'notConfigured' + edgeFavoritesListLocation = 'FakeStringValue' + edgeFirstRunUrl = 'FakeStringValue' + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = '#microsoft.graph.edgeHomeButtonHidden' + homeButtonCustomURL = 'FakeStringValue' + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @('FakeStringValue') + edgeKioskModeRestriction = 'notConfigured' + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = 'FakeStringValue' + edgeOpensWith = 'notConfigured' + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + odataType = '#microsoft.graph.edgeSearchEngine' + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = 'notConfigured' + findMyFiles = 'notConfigured' + gameDvrBlocked = $True + id = 'FakeStringValue' + inkWorkspaceAccess = 'notConfigured' + inkWorkspaceAccessState = 'notConfigured' + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = 'notConfigured' + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = 'notConfigured' + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @('FakeStringValue') + address = 'FakeStringValue' + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = 'deviceDefault' + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = 'FakeStringValue' + personalizationLockScreenImageUrl = 'FakeStringValue' + powerButtonActionOnBattery = 'notConfigured' + powerButtonActionPluggedIn = 'notConfigured' + powerHybridSleepOnBattery = 'notConfigured' + powerHybridSleepPluggedIn = 'notConfigured' + powerLidCloseActionOnBattery = 'notConfigured' + powerLidCloseActionPluggedIn = 'notConfigured' + powerSleepButtonActionOnBattery = 'notConfigured' + powerSleepButtonActionPluggedIn = 'notConfigured' + printerBlockAddition = $True + printerDefaultName = 'FakeStringValue' + printerNames = @('FakeStringValue') + privacyAdvertisingId = 'notConfigured' + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = 'userDefined' + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = 'notConfigured' + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = 'userDefined' + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = 'userDefined' + startMenuPinnedFolderDocuments = 'notConfigured' + startMenuPinnedFolderDownloads = 'notConfigured' + startMenuPinnedFolderFileExplorer = 'notConfigured' + startMenuPinnedFolderHomeGroup = 'notConfigured' + startMenuPinnedFolderMusic = 'notConfigured' + startMenuPinnedFolderNetwork = 'notConfigured' + startMenuPinnedFolderPersonalFolder = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + startMenuPinnedFolderSettings = 'notConfigured' + startMenuPinnedFolderVideos = 'notConfigured' + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = 'FakeStringValue' + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = 'none' + startDateTime = '2023-01-01T00:00:00.0000000+00:00' + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - energySaverOnBatteryThresholdPercentage = 7 - edgeHomepageUrls = @("FakeStringValue") - startMenuPinnedFolderSettings = "notConfigured" - powerLidCloseActionPluggedIn = "notConfigured" - passwordMinimumLength = 7 - configureTimeZone = "FakeStringValue" - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - safeSearchFilter = "userDefined" - edgeKioskModeRestriction = "notConfigured" - defenderDetectedMalwareActions = @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" + energySaverOnBatteryThresholdPercentage = 7 + edgeHomepageUrls = @('FakeStringValue') + startMenuPinnedFolderSettings = 'notConfigured' + powerLidCloseActionPluggedIn = 'notConfigured' + passwordMinimumLength = 7 + configureTimeZone = 'FakeStringValue' + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + safeSearchFilter = 'userDefined' + edgeKioskModeRestriction = 'notConfigured' + defenderDetectedMalwareActions = @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' } - personalizationLockScreenImageUrl = "FakeStringValue" - startMenuPinnedFolderDocuments = "notConfigured" - startMenuPinnedFolderDownloads = "notConfigured" - diagnosticsDataSubmissionMode = "userDefined" - '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" - cellularData = "blocked" - defenderScanMaxCpu = 7 - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - passwordMinimumCharacterSetCount = 7 - edgeOpensWith = "notConfigured" - defenderScanType = "userDefined" - printerNames = @("FakeStringValue") - authenticationWebSignIn = "notConfigured" - defenderPromptForSampleSubmission = "userDefined" - powerHybridSleepOnBattery = "notConfigured" - powerButtonActionPluggedIn = "notConfigured" - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - lockScreenTimeoutInSeconds = 7 - defenderSystemScanSchedule = "userDefined" - powerHybridSleepPluggedIn = "notConfigured" - passwordMinimumAgeInDays = 7 - startMenuPinnedFolderVideos = "notConfigured" - privacyAdvertisingId = "notConfigured" - edgeCookiePolicy = "userDefined" - wiFiScanInterval = 7 - findMyFiles = "notConfigured" - powerLidCloseActionOnBattery = "notConfigured" - inkWorkspaceAccessState = "notConfigured" - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - appsAllowTrustedAppsSideloading = "notConfigured" - defenderFilesAndFoldersToExclude = @("FakeStringValue") - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - developerUnlockSetting = "notConfigured" - defenderFileExtensionsToExclude = @("FakeStringValue") - systemTelemetryProxyServer = "FakeStringValue" - startMenuMode = "userDefined" - edgeHomeButtonConfiguration = @{ - homeButtonCustomURL = "FakeStringValue" - '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + personalizationLockScreenImageUrl = 'FakeStringValue' + startMenuPinnedFolderDocuments = 'notConfigured' + startMenuPinnedFolderDownloads = 'notConfigured' + diagnosticsDataSubmissionMode = 'userDefined' + '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' + cellularData = 'blocked' + defenderScanMaxCpu = 7 + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + passwordMinimumCharacterSetCount = 7 + edgeOpensWith = 'notConfigured' + defenderScanType = 'userDefined' + printerNames = @('FakeStringValue') + authenticationWebSignIn = 'notConfigured' + defenderPromptForSampleSubmission = 'userDefined' + powerHybridSleepOnBattery = 'notConfigured' + powerButtonActionPluggedIn = 'notConfigured' + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + lockScreenTimeoutInSeconds = 7 + defenderSystemScanSchedule = 'userDefined' + powerHybridSleepPluggedIn = 'notConfigured' + passwordMinimumAgeInDays = 7 + startMenuPinnedFolderVideos = 'notConfigured' + privacyAdvertisingId = 'notConfigured' + edgeCookiePolicy = 'userDefined' + wiFiScanInterval = 7 + findMyFiles = 'notConfigured' + powerLidCloseActionOnBattery = 'notConfigured' + inkWorkspaceAccessState = 'notConfigured' + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + appsAllowTrustedAppsSideloading = 'notConfigured' + defenderFilesAndFoldersToExclude = @('FakeStringValue') + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + developerUnlockSetting = 'notConfigured' + defenderFileExtensionsToExclude = @('FakeStringValue') + systemTelemetryProxyServer = 'FakeStringValue' + startMenuMode = 'userDefined' + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.edgeHomeButtonHidden' } - windowsSpotlightConfigureOnLockScreen = "notConfigured" - experienceDoNotSyncBrowserSettings = "notConfigured" - powerSleepButtonActionOnBattery = "notConfigured" - defenderSignatureUpdateIntervalInHours = 7 - enterpriseCloudPrintDiscoveryMaxLimit = 7 - startMenuPinnedFolderPersonalFolder = "notConfigured" - edgeNewTabPageURL = "FakeStringValue" - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - defenderCloudBlockLevel = "notConfigured" - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - defenderCloudExtendedTimeoutInSeconds = 7 - edgeFavoritesListLocation = "FakeStringValue" - startMenuPinnedFolderNetwork = "notConfigured" - powerButtonActionOnBattery = "notConfigured" - passwordRequiredType = "deviceDefault" - powerSleepButtonActionPluggedIn = "notConfigured" - appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - lockScreenActivateAppsWithVoice = "notConfigured" - edgeFavoritesBarVisibility = "notConfigured" - edgeSearchEngine = @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - '@odata.type' = "#microsoft.graph.edgeSearchEngine" + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + experienceDoNotSyncBrowserSettings = 'notConfigured' + powerSleepButtonActionOnBattery = 'notConfigured' + defenderSignatureUpdateIntervalInHours = 7 + enterpriseCloudPrintDiscoveryMaxLimit = 7 + startMenuPinnedFolderPersonalFolder = 'notConfigured' + edgeNewTabPageURL = 'FakeStringValue' + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + defenderCloudBlockLevel = 'notConfigured' + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + defenderCloudExtendedTimeoutInSeconds = 7 + edgeFavoritesListLocation = 'FakeStringValue' + startMenuPinnedFolderNetwork = 'notConfigured' + powerButtonActionOnBattery = 'notConfigured' + passwordRequiredType = 'deviceDefault' + powerSleepButtonActionPluggedIn = 'notConfigured' + appManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + lockScreenActivateAppsWithVoice = 'notConfigured' + edgeFavoritesBarVisibility = 'notConfigured' + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + '@odata.type' = '#microsoft.graph.edgeSearchEngine' } - energySaverPluggedInThresholdPercentage = 7 - inkWorkspaceAccess = "notConfigured" - activateAppsWithVoice = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - authenticationPreferredAzureADTenantDomainName = "FakeStringValue" - defenderScheduledQuickScanTime = "00:00:00" - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - startMenuAppListVisibility = "userDefined" - windows10AppsForceUpdateSchedule = @{ - startDateTime = "2023-01-01T00:00:00.0000000+00:00" - recurrence = "none" + energySaverPluggedInThresholdPercentage = 7 + inkWorkspaceAccess = 'notConfigured' + activateAppsWithVoice = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + authenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + defenderScheduledQuickScanTime = '00:00:00' + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + startMenuAppListVisibility = 'userDefined' + windows10AppsForceUpdateSchedule = @{ + startDateTime = '2023-01-01T00:00:00.0000000+00:00' + recurrence = 'none' } - networkProxyServer = @{ - exceptions = @("FakeStringValue") - address = "FakeStringValue" + networkProxyServer = @{ + exceptions = @('FakeStringValue') + address = 'FakeStringValue' } - startMenuPinnedFolderMusic = "notConfigured" - passwordExpirationDays = 7 - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - printerDefaultName = "FakeStringValue" - personalizationDesktopImageUrl = "FakeStringValue" - microsoftAccountSignInAssistantSettings = "notConfigured" - edgeFirstRunUrl = "FakeStringValue" - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - defenderPotentiallyUnwantedAppAction = "deviceDefault" - bluetoothAllowedServices = @("FakeStringValue") - defenderCloudExtendedTimeout = 7 - startMenuPinnedFolderFileExplorer = "notConfigured" - passwordMinutesOfInactivityBeforeScreenTimeout = 7 - smartScreenAppInstallControl = "notConfigured" - startMenuPinnedFolderHomeGroup = "notConfigured" - passwordSignInFailureCountBeforeFactoryReset = 7 - defenderMonitorFileActivity = "userDefined" - edgeKioskResetAfterIdleTimeInMinutes = 7 - defenderProcessesToExclude = @("FakeStringValue") - defenderDaysBeforeDeletingQuarantinedMalware = 7 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderScheduledScanTime = "00:00:00" - passwordPreviousPasswordBlockCount = 7 + startMenuPinnedFolderMusic = 'notConfigured' + passwordExpirationDays = 7 + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + printerDefaultName = 'FakeStringValue' + personalizationDesktopImageUrl = 'FakeStringValue' + microsoftAccountSignInAssistantSettings = 'notConfigured' + edgeFirstRunUrl = 'FakeStringValue' + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + bluetoothAllowedServices = @('FakeStringValue') + defenderCloudExtendedTimeout = 7 + startMenuPinnedFolderFileExplorer = 'notConfigured' + passwordMinutesOfInactivityBeforeScreenTimeout = 7 + smartScreenAppInstallControl = 'notConfigured' + startMenuPinnedFolderHomeGroup = 'notConfigured' + passwordSignInFailureCountBeforeFactoryReset = 7 + defenderMonitorFileActivity = 'userDefined' + edgeKioskResetAfterIdleTimeInMinutes = 7 + defenderProcessesToExclude = @('FakeStringValue') + defenderDaysBeforeDeletingQuarantinedMalware = 7 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderScheduledScanTime = '00:00:00' + passwordPreviousPasswordBlockCount = 7 } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -2110,13 +2114,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -2127,319 +2131,319 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - startMenuHideSwitchAccount = $True - defenderBlockEndUserAccess = $True - searchEnableAutomaticIndexSizeManangement = $True - defenderRequireNetworkInspectionSystem = $True - settingsBlockGamingPage = $True - smartScreenBlockPromptOverrideForFiles = $True - passwordBlockSimple = $True - powerLidCloseActionPluggedIn = "notConfigured" - defenderRequireCloudProtection = $True - defenderFilesAndFoldersToExclude = @("FakeStringValue") - resetProtectionModeBlocked = $True - startBlockUnpinningAppsFromTaskbar = $True - networkProxyApplySettingsDeviceWide = $True - bluetoothAllowedServices = @("FakeStringValue") - defenderScanArchiveFiles = $True - lockScreenActivateAppsWithVoice = "notConfigured" - defenderScanIncomingMail = $True - edgeBlockAutofill = $True - authenticationAllowSecondaryDevice = $True - edgeRequireSmartScreen = $True - windowsSpotlightBlockOnActionCenter = $True - usbBlocked = $True - enableAutomaticRedeployment = $True - microsoftAccountSignInAssistantSettings = "notConfigured" - deviceManagementBlockFactoryResetOnMobile = $True - defenderPotentiallyUnwantedAppAction = "deviceDefault" - powerButtonActionOnBattery = "notConfigured" - startMenuAppListVisibility = "userDefined" - lockScreenBlockCortana = $True - windowsSpotlightConfigureOnLockScreen = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - screenCaptureBlocked = $True - webRtcBlockLocalhostIpAddress = $True - safeSearchFilter = "userDefined" - searchDisableLocation = $True - edgeBlockInPrivateBrowsing = $True - appManagementMSIAllowUserControlOverInstall = $True - defenderSignatureUpdateIntervalInHours = 25 - startMenuHideSleep = $True - voiceRecordingBlocked = $True - edgeFavoritesListLocation = "FakeStringValue" - startMenuHideLock = $True - wiFiBlockManualConfiguration = $True - edgeBlockTabPreloading = $True - configureTimeZone = "FakeStringValue" - edgeBlocked = $True - taskManagerBlockEndTask = $True - settingsBlockAppsPage = $True - settingsBlockChangePowerSleep = $True - copyPasteBlocked = $True - settingsBlockNetworkInternetPage = $True - privacyBlockInputPersonalization = $True - appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - powerLidCloseActionOnBattery = "notConfigured" - searchDisableIndexerBackoff = $True - edgeBlockFullScreenMode = $True - lockScreenTimeoutInSeconds = 25 - developerUnlockSetting = "notConfigured" - storageRestrictAppDataToSystemVolume = $True - cellularBlockVpn = $True - powerHybridSleepPluggedIn = "notConfigured" - settingsBlockChangeLanguage = $True - powerSleepButtonActionOnBattery = "notConfigured" - antiTheftModeBlocked = $True - defenderMonitorFileActivity = "userDefined" - defenderFileExtensionsToExclude = @("FakeStringValue") - bluetoothBlockDiscoverableMode = $True - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - diagnosticsDataSubmissionMode = "userDefined" - uninstallBuiltInApps = $True - oneDriveDisableFileSync = $True - startMenuHideUserTile = $True - startMenuHideSignOut = $True - defenderDaysBeforeDeletingQuarantinedMalware = 25 - privacyAutoAcceptPairingAndConsentPrompts = $True - settingsBlockChangeRegion = $True - passwordMinimumAgeInDays = 25 - powerHybridSleepOnBattery = "notConfigured" - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - edgeBlockSearchSuggestions = $True - settingsBlockSystemPage = $True - defenderRequireBehaviorMonitoring = $True - microsoftAccountBlockSettingsSync = $True - windowsSpotlightBlockWindowsTips = $True - startMenuHideRecentlyAddedApps = $True - inkWorkspaceBlockSuggestedApps = $True - personalizationDesktopImageUrl = "FakeStringValue" - edgeHomeButtonConfigurationEnabled = $True - passwordRequiredType = "deviceDefault" - startMenuPinnedFolderSettings = "notConfigured" - connectedDevicesServiceBlocked = $True - edgeBlockExtensions = $True - edgeBlockAddressBarDropdown = $True - findMyFiles = "notConfigured" - privacyBlockPublishUserActivities = $True - startMenuHideFrequentlyUsedApps = $True - '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" - powerSleepButtonActionPluggedIn = "notConfigured" - internetSharingBlocked = $True - startMenuHidePowerButton = $True - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - personalizationLockScreenImageUrl = "FakeStringValue" - bluetoothBlockPrePairing = $True - windowsSpotlightBlockWelcomeExperience = $True - startMenuHideShutDown = $True - storageRestrictAppInstallToSystemVolume = $True - windowsSpotlightBlockThirdPartyNotifications = $True - searchDisableAutoLanguageDetection = $True - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - appsAllowTrustedAppsSideloading = "notConfigured" - edgeBlockLiveTileDataCollection = $True - wirelessDisplayBlockProjectionToThisDevice = $True - startMenuHideRestartOptions = $True - edgeSendIntranetTrafficToInternetExplorer = $True - startMenuPinnedFolderHomeGroup = "notConfigured" - edgeBlockWebContentOnNewTabPage = $True - startMenuLayoutXml = $True - searchBlockDiacritics = $True - storageBlockRemovableStorage = $True - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - wirelessDisplayRequirePinForPairing = $True - defenderScheduledQuickScanTime = "00:00:00" - edgeAllowStartPagesModification = $True - defenderRequireRealTimeMonitoring = $True - authenticationWebSignIn = "notConfigured" - lockScreenBlockToastNotifications = $True - energySaverPluggedInThresholdPercentage = 25 - defenderScanMappedNetworkDrivesDuringFullScan = $True - smartScreenBlockPromptOverride = $True - edgeBlockSendingIntranetTrafficToInternetExplorer = $True - authenticationPreferredAzureADTenantDomainName = "FakeStringValue" - defenderScanType = "userDefined" - bluetoothBlockAdvertising = $True - enterpriseCloudPrintDiscoveryMaxLimit = 25 - logonBlockFastUserSwitching = $True - networkProxyDisableAutoDetect = $True - cameraBlocked = $True - wiFiScanInterval = 25 - edgeBlockSideloadingExtensions = $True - settingsBlockEaseOfAccessPage = $True - microsoftAccountBlocked = $True - defenderScanRemovableDrivesDuringFullScan = $True - energySaverOnBatteryThresholdPercentage = 25 - startMenuHideHibernate = $True - defenderScanDownloads = $True - defenderBlockOnAccessProtection = $True - defenderCloudBlockLevel = "notConfigured" - storageRequireMobileDeviceEncryption = $True - windowsStoreEnablePrivateStoreOnly = $True - edgeBlockCompatibilityList = $True - wiFiBlockAutomaticConnectHotspots = $True - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderCloudExtendedTimeout = 25 - edgeHomepageUrls = @("FakeStringValue") - cellularBlockDataWhenRoaming = $True - securityBlockAzureADJoinedDevicesAutoEncryption = $True - smartScreenAppInstallControl = "notConfigured" - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - bluetoothBlockPromptedProximalConnections = $True - settingsBlockPrivacyPage = $True - windowsSpotlightBlocked = $True - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True - startMenuPinnedFolderDocuments = "notConfigured" - systemTelemetryProxyServer = "FakeStringValue" - lockScreenAllowTimeoutConfiguration = $True - defenderSystemScanSchedule = "userDefined" - windowsSpotlightBlockConsumerSpecificFeatures = $True - searchDisableUseLocation = $True - appsBlockWindowsStoreOriginatedApps = $True - startMenuPinnedFolderNetwork = "notConfigured" - edgeBlockPrinting = $True - settingsBlockEditDeviceName = $True - printerNames = @("FakeStringValue") - settingsBlockUpdateSecurityPage = $True - startMenuMode = "userDefined" - searchBlockWebResults = $True - edgePreventCertificateErrorOverride = $True - passwordRequired = $True - defenderScanNetworkFiles = $True - startMenuPinnedFolderMusic = "notConfigured" - cortanaBlocked = $True - searchEnableRemoteQueries = $True - messagingBlockSync = $True - startMenuPinnedFolderVideos = "notConfigured" - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - experienceDoNotSyncBrowserSettings = "notConfigured" - edgeDisableFirstRunPage = $True - edgeCookiePolicy = "userDefined" - inkWorkspaceAccessState = "notConfigured" - windows10AppsForceUpdateSchedule = @{ + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = 'notConfigured' + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @('FakeStringValue') + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @('FakeStringValue') + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = 'notConfigured' + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = 'notConfigured' + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + powerButtonActionOnBattery = 'notConfigured' + startMenuAppListVisibility = 'userDefined' + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = 'userDefined' + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = 'FakeStringValue' + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = 'FakeStringValue' + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + powerLidCloseActionOnBattery = 'notConfigured' + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = 'notConfigured' + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = 'notConfigured' + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = 'notConfigured' + antiTheftModeBlocked = $True + defenderMonitorFileActivity = 'userDefined' + defenderFileExtensionsToExclude = @('FakeStringValue') + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + diagnosticsDataSubmissionMode = 'userDefined' + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = 'notConfigured' + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = 'FakeStringValue' + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = 'deviceDefault' + startMenuPinnedFolderSettings = 'notConfigured' + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = 'notConfigured' + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' + powerSleepButtonActionPluggedIn = 'notConfigured' + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + personalizationLockScreenImageUrl = 'FakeStringValue' + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + appsAllowTrustedAppsSideloading = 'notConfigured' + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = 'notConfigured' + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = '00:00:00' + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = 'notConfigured' + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + defenderScanType = 'userDefined' + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = 'notConfigured' + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @('FakeStringValue') + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = 'notConfigured' + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = 'notConfigured' + systemTelemetryProxyServer = 'FakeStringValue' + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = 'userDefined' + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = 'notConfigured' + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @('FakeStringValue') + settingsBlockUpdateSecurityPage = $True + startMenuMode = 'userDefined' + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = 'notConfigured' + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = 'notConfigured' + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + experienceDoNotSyncBrowserSettings = 'notConfigured' + edgeDisableFirstRunPage = $True + edgeCookiePolicy = 'userDefined' + inkWorkspaceAccessState = 'notConfigured' + windows10AppsForceUpdateSchedule = @{ runImmediatelyIfAfterStartDateTime = $True - recurrence = "none" - startDateTime = "2023-01-01T00:00:00.0000000+00:00" + recurrence = 'none' + startDateTime = '2023-01-01T00:00:00.0000000+00:00' } - dataProtectionBlockDirectMemoryAccess = $True - experienceBlockErrorDialogWhenNoSIM = $True - settingsBlockPersonalizationPage = $True - wirelessDisplayBlockUserInputFromReceiver = $True - startMenuPinnedFolderPersonalFolder = "notConfigured" - activateAppsWithVoice = "notConfigured" - edgeClearBrowsingDataOnExit = $True - passwordPreviousPasswordBlockCount = 25 - edgeBlockSearchEngineCustomization = $True - deviceManagementBlockManualUnenroll = $True - edgeBlockSavingHistory = $True - inkWorkspaceAccess = "notConfigured" - startMenuHideRecentJumpLists = $True - privacyBlockActivityFeed = $True - settingsBlockChangeSystemTime = $True - defenderDisableCatchupQuickScan = $True - smartScreenEnableAppInstallControl = $True - edgeBlockDeveloperTools = $True - edgeKioskModeRestriction = "notConfigured" - lockScreenBlockActionCenterNotifications = $True - privacyAdvertisingId = "notConfigured" - settingsBlockSettingsApp = $True - settingsBlockAccountsPage = $True - certificatesBlockManualRootCertificateInstallation = $True - edgeBlockJavaScript = $True - edgeSyncFavoritesWithInternetExplorer = $True - startMenuLayoutEdgeAssetsXml = $True - windowsSpotlightBlockTailoredExperiences = $True - defenderPromptForSampleSubmission = "userDefined" - edgeBlockAccessToAboutFlags = $True - messagingBlockMMS = $True - edgeBlockEditFavorites = $True - printerDefaultName = "FakeStringValue" - experienceBlockDeviceDiscovery = $True - privacyDisableLaunchExperience = $True - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - nfcBlocked = $True - searchDisableIndexingRemovableDrive = $True - powerButtonActionPluggedIn = "notConfigured" - settingsBlockRemoveProvisioningPackage = $True - edgeKioskResetAfterIdleTimeInMinutes = 25 - passwordMinutesOfInactivityBeforeScreenTimeout = 25 - printerBlockAddition = $True - defenderScanScriptsLoadedInInternetExplorer = $True - defenderDisableCatchupFullScan = $True - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - bluetoothBlocked = $True - settingsBlockAddProvisioningPackage = $True - passwordMinimumLength = 25 - startMenuHideChangeAccountSettings = $True - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - edgeBlockPopups = $True - networkProxyServer = @{ + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = 'notConfigured' + activateAppsWithVoice = 'notConfigured' + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = 'notConfigured' + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = 'notConfigured' + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = 'notConfigured' + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = 'userDefined' + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = 'FakeStringValue' + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = 'notConfigured' + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + edgeBlockPopups = $True + networkProxyServer = @{ useForLocalAddresses = $True - exceptions = @("FakeStringValue") - address = "FakeStringValue" + exceptions = @('FakeStringValue') + address = 'FakeStringValue' } - startMenuPinnedFolderDownloads = "notConfigured" - settingsBlockDevicesPage = $True - wiFiBlocked = $True - windowsStoreBlocked = $True - edgeBlockPrelaunch = $True - gameDvrBlocked = $True - experienceBlockTaskSwitcher = $True - edgeBlockPasswordManager = $True - passwordSignInFailureCountBeforeFactoryReset = 25 - passwordMinimumCharacterSetCount = 25 - searchDisableIndexingEncryptedItems = $True - appManagementMSIAlwaysInstallWithElevatedPrivileges = $True - cellularData = "blocked" - defenderScheduledScanTime = "00:00:00" - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - defenderProcessesToExclude = @("FakeStringValue") - defenderDetectedMalwareActions = @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" + startMenuPinnedFolderDownloads = 'notConfigured' + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = 'blocked' + defenderScheduledScanTime = '00:00:00' + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + defenderProcessesToExclude = @('FakeStringValue') + defenderDetectedMalwareActions = @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' } - edgeHomeButtonConfiguration = @{ - homeButtonCustomURL = "FakeStringValue" - '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.edgeHomeButtonHidden' } - cryptographyAllowFipsAlgorithmPolicy = $True - sharedUserAppDataAllowed = $True - edgeFirstRunUrl = "FakeStringValue" - edgeBlockSendingDoNotTrackHeader = $True - edgeOpensWith = "notConfigured" - defenderScheduleScanEnableLowCpuPriority = $True - windowsStoreBlockAutoUpdate = $True - messagingBlockRichCommunicationServices = $True - edgeNewTabPageURL = "FakeStringValue" - passwordRequireWhenResumeFromIdleState = $True - passwordExpirationDays = 25 - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - settingsBlockTimeLanguagePage = $True - locationServicesBlocked = $True - defenderScanMaxCpu = 25 - edgeFavoritesBarVisibility = "notConfigured" - accountsBlockAddingNonMicrosoftAccountEmail = $True - defenderCloudExtendedTimeoutInSeconds = 25 - cellularBlockVpnWhenRoaming = $True - startMenuPinnedFolderFileExplorer = "notConfigured" - edgeSearchEngine = @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - '@odata.type' = "#microsoft.graph.edgeSearchEngine" + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = 'FakeStringValue' + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = 'notConfigured' + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = 'FakeStringValue' + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = 'notConfigured' + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = 'notConfigured' + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + '@odata.type' = '#microsoft.graph.edgeSearchEngine' } } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 index d932b50699..0dab9ca01c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 @@ -52,7 +52,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock Update-DeviceEnrollmentConfigurationPriority { } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts Context -Name 'The IntuneDeviceEnrollmentStatusPageWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { @@ -82,7 +87,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName New-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { return @{ - Id = 'FakeStringValue' + Id = 'FakeStringValue' Priority = 1 } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 index 1ea64bc5e4..918d8c93d7 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined" -GenericStubModule $GenericStubPath + -DscResource 'IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -43,53 +43,57 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfileAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True - EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True HybridAzureADJoinSkipConnectivityCheck = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -101,78 +105,78 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True - EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True HybridAzureADJoinSkipConnectivityCheck = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Absent" - Credential = $Credential; + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - AdditionalProperties = @{ + AdditionalProperties = @{ hybridAzureADJoinSkipConnectivityCheck = $True - '@odata.type' = "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile" + '@odata.type' = '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile' } - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True } - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' SkipKeyboardSelectionPage = $True - UserType = "administrator" + UserType = 'administrator' } } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -185,71 +189,71 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -Exactly 1 } } - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True - EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True HybridAzureADJoinSkipConnectivityCheck = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - AdditionalProperties = @{ + AdditionalProperties = @{ hybridAzureADJoinSkipConnectivityCheck = $True - '@odata.type' = "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile" + '@odata.type' = '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile' } - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True } - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' SkipKeyboardSelectionPage = $True - UserType = "administrator" + UserType = 'administrator' } } @@ -262,62 +266,62 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True - EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True HybridAzureADJoinSkipConnectivityCheck = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' EnrollmentStatusScreenSettings = @{ InstallProgressTimeoutInMinutes = 7 - CustomErrorMessage = "FakeStringValue" + CustomErrorMessage = 'FakeStringValue' } - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - DeviceUsageType = "singleUser" - UserType = "administrator" + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + DeviceUsageType = 'singleUser' + UserType = 'administrator' } } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -325,13 +329,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementWindowAutopilotDeploymentProfile -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -341,41 +345,41 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - AdditionalProperties = @{ + AdditionalProperties = @{ hybridAzureADJoinSkipConnectivityCheck = $True - '@odata.type' = "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile" + '@odata.type' = '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile' } - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True } - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' SkipKeyboardSelectionPage = $True - UserType = "administrator" + UserType = 'administrator' } } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 index 20f5fda876..39cf6241d7 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneWindowsAutopilotDeploymentProfileAzureADJoined" -GenericStubModule $GenericStubPath + -DscResource 'IntuneWindowsAutopilotDeploymentProfileAzureADJoined' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -43,52 +43,56 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfileAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADJoined should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADJoined should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1 -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -100,76 +104,76 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADJoined exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADJoined exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1 -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Absent" - Credential = $Credential; + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile' } - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True } - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' SkipKeyboardSelectionPage = $True - UserType = "administrator" + UserType = 'administrator' } } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -182,69 +186,69 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -Exactly 1 } } - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADJoined Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADJoined Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1 -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile' } - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True } - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' SkipKeyboardSelectionPage = $True - UserType = "administrator" + UserType = 'administrator' } } @@ -257,61 +261,61 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADJoined exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADJoined exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1 -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' EnrollmentStatusScreenSettings = @{ InstallProgressTimeoutInMinutes = 7 - CustomErrorMessage = "FakeStringValue" + CustomErrorMessage = 'FakeStringValue' } - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - DeviceUsageType = "singleUser" - UserType = "administrator" + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + DeviceUsageType = 'singleUser' + UserType = 'administrator' } } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -319,13 +323,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementWindowAutopilotDeploymentProfile -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -335,40 +339,40 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile' } - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True } - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' SkipKeyboardSelectionPage = $True - UserType = "administrator" + UserType = 'administrator' } } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } From 7082f1297edfb3faaf963be008c3ea74ddf0fd85 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 3 Apr 2023 09:22:33 +0200 Subject: [PATCH 158/187] Updated formatting --- .../MSFT_AADAdministrativeUnit.psm1 | 2 +- .../settings.json | 52 +- .../settings.json | 85 +- .../MSFT_AADGroup/MSFT_AADGroup.psm1 | 13 +- .../MSFT_AADGroupsNamingPolicy.psm1 | 2 +- .../MSFT_AADGroupsSettings.psm1 | 2 +- .../MSFT_EXOGroupSettings.psm1 | 28 +- .../MSFT_EXOMailboxSettings.psm1 | 2 +- .../MSFT_EXOManagementRoleAssignment.psm1 | 14 +- .../MSFT_EXOOnPremisesOrganization.psm1 | 2 +- .../MSFT_EXOOrganizationRelationship.psm1 | 2 +- .../MSFT_EXOOutboundConnector.psm1 | 2 +- .../MSFT_EXOOwaMailboxPolicy.psm1 | 2 +- .../MSFT_EXOPartnerApplication.psm1 | 2 +- .../MSFT_EXORemoteDomain.psm1 | 2 +- .../MSFT_EXORoleAssignmentPolicy.psm1 | 2 +- .../MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 | 43 +- .../MSFT_IntuneAppConfigurationPolicy.psm1 | 6 +- ...MSFT_IntuneAppProtectionPolicyAndroid.psm1 | 104 +- ...tuneApplicationControlPolicyWindows10.psm1 | 172 +- ...tionRulesPolicyWindows10ConfigManager.psm1 | 50 +- ...T_IntuneDeviceCompliancePolicyAndroid.psm1 | 8 +- ...iceCompliancePolicyAndroidDeviceOwner.psm1 | 8 +- ...iceCompliancePolicyAndroidWorkProfile.psm1 | 8 +- ...SFT_IntuneDeviceCompliancePolicyMacOS.psm1 | 8 +- ...IntuneDeviceCompliancePolicyWindows10.psm1 | 10 +- .../MSFT_IntuneDeviceCompliancePolicyiOs.psm1 | 12 +- ...onDeliveryOptimizationPolicyWindows10.psm1 | 512 +++--- .../settings.json | 57 +- ...tionEndpointProtectionPolicyWindows10.psm1 | 1550 +++++++++-------- .../settings.json | 57 +- ...onitoringConfigurationPolicyWindows10.psm1 | 180 +- .../settings.json | 57 +- ...tionIdentityProtectionPolicyWindows10.psm1 | 474 ++--- .../settings.json | 57 +- ...urationNetworkBoundaryPolicyWindows10.psm1 | 194 ++- .../settings.json | 57 +- .../settings.json | 2 +- ...ConfigurationPolicyAndroidWorkProfile.psm1 | 8 +- ...uneDeviceConfigurationPolicyWindows10.psm1 | 502 +++--- .../settings.json | 57 +- .../MSFT_IntuneRoleAssignment/settings.json | 69 +- .../MSFT_IntuneRoleDefinition/settings.json | 69 +- .../settings.json | 69 +- .../settings.json | 69 +- .../settings.json | 69 +- .../settings.json | 69 +- .../settings.json | 69 +- .../settings.json | 69 +- ...tDeploymentProfileAzureADHybridJoined.psm1 | 184 +- .../settings.json | 57 +- ...topilotDeploymentProfileAzureADJoined.psm1 | 184 +- .../settings.json | 57 +- .../settings.json | 57 +- .../settings.json | 57 +- .../MSFT_O365OrgSettings.psm1 | 6 +- .../MSFT_PPPowerAppsEnvironment.psm1 | 8 +- .../MSFT_PPTenantIsolationSettings.psm1 | 2 +- .../MSFT_PlannerPlan/MSFT_PlannerPlan.psm1 | 2 +- .../MSFT_PlannerTask/MSFT_PlannerTask.psm1 | 204 ++- .../MSFT_SCDLPCompliancePolicy.psm1 | 66 +- .../MSFT_SPOAccessControlSettings.psm1 | 2 +- .../DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 | 2 +- .../MSFT_SPOSearchManagedProperty.psm1 | 2 +- .../MSFT_SPOSearchResultSource.psm1 | 4 +- .../MSFT_SPOSharingSettings.psm1 | 2 +- .../MSFT_SPOSiteDesign.psm1 | 2 +- .../MSFT_SPOSiteDesignRights.psm1 | 4 +- .../MSFT_SPOStorageEntity.psm1 | 2 +- .../MSFT_SPOUserProfileProperty.psm1 | 4 +- .../MSFT_TeamsAudioConferencingPolicy.psm1 | 12 +- .../MSFT_TeamsCallHoldPolicy.psm1 | 12 +- .../MSFT_TeamsCallParkPolicy.psm1 | 12 +- .../MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 | 4 +- .../MSFT_TeamsChannelTab.psm1 | 2 +- .../MSFT_TeamsComplianceRecordingPolicy.psm1 | 12 +- .../MSFT_TeamsCortanaPolicy.psm1 | 34 +- .../MSFT_TeamsEnhancedEncryptionPolicy.psm1 | 12 +- .../MSFT_TeamsFederationConfiguration.psm1 | 5 +- .../MSFT_TeamsFeedbackPolicy.psm1 | 12 +- .../MSFT_TeamsGroupPolicyAssignment.psm1 | 5 +- .../MSFT_TeamsMobilityPolicy.psm1 | 24 +- .../MSFT_TeamsNetworkRoamingPolicy.psm1 | 12 +- .../MSFT_TeamsOnlineVoiceUser.psm1 | 6 +- .../MSFT_TeamsTenantNetworkRegion.psm1 | 12 +- .../MSFT_TeamsTenantNetworkSite.psm1 | 12 +- .../MSFT_TeamsTenantNetworkSubnet.psm1 | 14 +- .../MSFT_TeamsTenantTrustedIPAddress.psm1 | 20 +- .../settings.json | 3 +- .../MSFT_TeamsTranslationRule.psm1 | 12 +- .../MSFT_TeamsUnassignedNumberTreatment.psm1 | 18 +- .../MSFT_TeamsUpdateManagementPolicy.psm1 | 2 +- .../MSFT_TeamsUser/MSFT_TeamsUser.psm1 | 2 +- .../MSFT_TeamsUserCallingSettings.psm1 | 2 +- .../MSFT_TeamsVdiPolicy.psm1 | 12 +- .../MSFT_TeamsWorkloadPolicy.psm1 | 22 +- 96 files changed, 3083 insertions(+), 3079 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index c234a9e994..c6a920cbcd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -1025,7 +1025,7 @@ function Export-TargetResource if ($null -ne $Results.Members) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Members' -IsCIMArray $true - $currentDSCBlock = $currentDSCBlock.Replace(",`r`n",'').Replace("`");`r`n", ");`r`n") + $currentDSCBlock = $currentDSCBlock.Replace(",`r`n", '').Replace("`");`r`n", ");`r`n") } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/settings.json index e1aceaae46..213c40b33c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/settings.json @@ -2,31 +2,31 @@ "resourceName": "AADEntitlementManagementAccessPackageAssignmentPolicy", "description": "This resource configures an Azure AD Entitlement Management Access Package Assignment Policy.", "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "EntitlementManagement.Read.All" - } - ], - "update": [ - { - "name": "EntitlementManagement.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "EntitlementManagement.Read.All" - } - ], - "update": [ - { - "name": "EntitlementManagement.ReadWrite.All" - } - ] - } - } + "graph": { + "delegated": { + "read": [ + { + "name": "EntitlementManagement.Read.All" + } + ], + "update": [ + { + "name": "EntitlementManagement.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "EntitlementManagement.Read.All" + } + ], + "update": [ + { + "name": "EntitlementManagement.ReadWrite.All" + } + ] + } + } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/settings.json index 73934eece3..dbe278e0b5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/settings.json @@ -1,45 +1,44 @@ { - "resourceName": "AADEntitlementManagementConnectedOrganization", - "description": "This resource configures an Azure AD Entitlement Management Connected Organization.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "EntitlementManagement.Read.All" - }, - { - "name": "EntitlementManagement.ReadWrite.All" - } - ], - "update": [ - { - "name": "EntitlementManagement.ReadWrite.All" - }, - { - "name": "Directory.Read.All" - } - ] - }, - "application": { - "read": [ - { - "name": "EntitlementManagement.Read.All" - }, - { - "name": "EntitlementManagement.ReadWrite.All" - } - ], - "update": [ - { - "name": "EntitlementManagement.ReadWrite.All" - }, - { - "name": "Directory.Read.All" - } - ] - } - } -} - + "resourceName": "AADEntitlementManagementConnectedOrganization", + "description": "This resource configures an Azure AD Entitlement Management Connected Organization.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "EntitlementManagement.Read.All" + }, + { + "name": "EntitlementManagement.ReadWrite.All" + } + ], + "update": [ + { + "name": "EntitlementManagement.ReadWrite.All" + }, + { + "name": "Directory.Read.All" + } + ] + }, + "application": { + "read": [ + { + "name": "EntitlementManagement.Read.All" + }, + { + "name": "EntitlementManagement.ReadWrite.All" + } + ], + "update": [ + { + "name": "EntitlementManagement.ReadWrite.All" + }, + { + "name": "Directory.Read.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 47e5b15092..06c9810295 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -187,7 +187,7 @@ function Get-TargetResource [Array]$memberOf = Get-MgGroupMemberOf -GroupId $Group.Id -All # result also used for/by AssignedToRole $MemberOfValues = @() # Note: only process security-groups that this group is a member of and not directory roles (if any) - foreach ($member in ($memberOf | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.group' })) + foreach ($member in ($memberOf | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.group' })) { if ($null -ne $member.AdditionalProperties.displayName) { @@ -732,15 +732,16 @@ function Set-TargetResource { $backCurrentAssignedToRole = @() } - $assignedToRoleDiff = Compare-Object -ReferenceObject $backCurrentAssignedToRole -DifferenceObject $desiredAssignedToRoleValue + $assignedToRoleDiff = Compare-Object -ReferenceObject $backCurrentAssignedToRole -DifferenceObject $desiredAssignedToRoleValue foreach ($diff in $assignedToRoleDiff) { try { $role = Get-MgDirectoryRole -Filter "DisplayName eq '$($diff.InputObject)'" # If the role hasn't been activated, we need to get the role template ID to first activate the role - if ($null -eq $role) { - $adminRoleTemplate = Get-MgDirectoryRoleTemplate | Where-Object {$_.DisplayName -eq $diff.InputObject} + if ($null -eq $role) + { + $adminRoleTemplate = Get-MgDirectoryRoleTemplate | Where-Object { $_.DisplayName -eq $diff.InputObject } $role = New-MgDirectoryRole -RoleTemplateId $adminRoleTemplate.Id } } @@ -1016,8 +1017,8 @@ function Export-TargetResource try { [array] $groups = Get-MgGroup -Filter $Filter -All:$true -ErrorAction Stop - $groups = $groups | Where-Object -FilterScript {-not ($_.MailEnabled -and ($null -eq $_.GroupTypes -or $_.GroupTypes.Length -eq 0)) -and - -not ($_.MailEnabled -and $_.SecurityEnabled)} + $groups = $groups | Where-Object -FilterScript { -not ($_.MailEnabled -and ($null -eq $_.GroupTypes -or $_.GroupTypes.Length -eq 0)) -and + -not ($_.MailEnabled -and $_.SecurityEnabled) } $i = 1 $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsNamingPolicy/MSFT_AADGroupsNamingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsNamingPolicy/MSFT_AADGroupsNamingPolicy.psm1 index c9c2b9c00e..f7947e6edd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsNamingPolicy/MSFT_AADGroupsNamingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsNamingPolicy/MSFT_AADGroupsNamingPolicy.psm1 @@ -208,7 +208,7 @@ function Set-TargetResource { $Policy.Values[$index].Value = $PrefixSuffixNamingRequirement } - $index++; + $index++ } Write-Verbose -Message "Updating Groups Naming Policy to {$($Policy.Values -join ',')}" Update-MgDirectorySetting -DirectorySettingId $Policy.id -Values $Policy.Values | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 index 3f8ced5404..c0ddc96796 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsSettings/MSFT_AADGroupsSettings.psm1 @@ -298,7 +298,7 @@ function Set-TargetResource $entry = $Policy.Values | Where-Object -FilterScript { $_.Name -eq 'UsageGuidelinesUrl' } $entry.Value = $UsageGuidelinesUrl } - $index++; + $index++ } Write-Verbose -Message "Updating Policy's Values with $($Policy.Values | Out-String)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 index 7a77eb3f20..8545dc9854 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 @@ -142,7 +142,7 @@ function Get-TargetResource $HiddenFromExchangeClientsEnabled, [Parameter()] - [ValidateSet("Explicit","Implicit","Open","OwnerModerated")] + [ValidateSet('Explicit', 'Implicit', 'Open', 'OwnerModerated')] [System.String] $InformationBarrierMode, @@ -498,7 +498,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet("Explicit","Implicit","Open","OwnerModerated")] + [ValidateSet('Explicit', 'Implicit', 'Open', 'OwnerModerated')] $InformationBarrierMode, [Parameter()] @@ -611,20 +611,20 @@ function Set-TargetResource -InboundParameters $PSBoundParameters $UpdateParameters = ([Hashtable]$PSBoundParameters).Clone() - $UpdateParameters.Add("Identity", $DisplayName) - $UpdateParameters.Remove("DisplayName") | Out-Null - $UpdateParameters.Remove("Credential") | Out-Null - $UpdateParameters.Remove("ApplicationId") | Out-Null - $UpdateParameters.Remove("TenantId") | Out-Null - $UpdateParameters.Remove("CertificateThumbprint") | Out-Null - $UpdateParameters.Remove("CertificatePath") | Out-Null - $UpdateParameters.Remove("CertificatePassword") | Out-Null - $UpdateParameters.Remove("ManagedIdentity") | Out-Null + $UpdateParameters.Add('Identity', $DisplayName) + $UpdateParameters.Remove('DisplayName') | Out-Null + $UpdateParameters.Remove('Credential') | Out-Null + $UpdateParameters.Remove('ApplicationId') | Out-Null + $UpdateParameters.Remove('TenantId') | Out-Null + $UpdateParameters.Remove('CertificateThumbprint') | Out-Null + $UpdateParameters.Remove('CertificatePath') | Out-Null + $UpdateParameters.Remove('CertificatePassword') | Out-Null + $UpdateParameters.Remove('ManagedIdentity') | Out-Null # Cannot use PrimarySmtpAddress and EmailAddresses at the same time. If both are present, then give priority to PrimarySmtpAddress. - if ($UpdateParameters.ContainsKey("PrimarySmtpAddress") -and $null -ne $UpdateParameters.PrimarySmtpAddress) + if ($UpdateParameters.ContainsKey('PrimarySmtpAddress') -and $null -ne $UpdateParameters.PrimarySmtpAddress) { - $UpdateParameters.Remove("EmailAddresses") + $UpdateParameters.Remove('EmailAddresses') } Set-UnifiedGroup @UpdateParameters } @@ -774,7 +774,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet("Explicit","Implicit","Open","OwnerModerated")] + [ValidateSet('Explicit', 'Implicit', 'Open', 'OwnerModerated')] $InformationBarrierMode, [Parameter()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxSettings/MSFT_EXOMailboxSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxSettings/MSFT_EXOMailboxSettings.psm1 index 543e83ca3f..3f08f269a1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxSettings/MSFT_EXOMailboxSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxSettings/MSFT_EXOMailboxSettings.psm1 @@ -182,7 +182,7 @@ function Set-TargetResource $currentMailbox = Get-TargetResource @PSBoundParameters $AllowedTimeZones = (Get-ChildItem 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Time zones' | ` - ForEach-Object { Get-ItemProperty $_.PSPath }).PSChildName + ForEach-Object { Get-ItemProperty $_.PSPath }).PSChildName if ($AllowedTimeZones.Contains($TimeZone) -eq $false) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 index af0c9f7c46..c11267c968 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 @@ -314,11 +314,11 @@ function Set-TargetResource # If the RecipientAdministrativeUnitScope parameter is provided, then retrieve its ID by Name if (-not [System.String]::IsNullOrEmpty($RecipientAdministrativeUnitScope)) { - $NewManagementRoleParams.Remove("CustomRecipientWriteScope") | Out-Null + $NewManagementRoleParams.Remove('CustomRecipientWriteScope') | Out-Null $adminUnit = Get-AdministrativeUnit -Identity $RecipientAdministrativeUnitScope -ErrorAction SilentlyContinue if ($null -eq $adminUnit) { - $adminUnit = Get-AdministrativeUnit | Where-Object -FilterScript {$_.DisplayName -eq $RecipientAdministrativeUnitScope} + $adminUnit = Get-AdministrativeUnit | Where-Object -FilterScript { $_.DisplayName -eq $RecipientAdministrativeUnitScope } } $NewManagementRoleParams.RecipientAdministrativeUnitScope = $adminUnit.Name } @@ -357,7 +357,7 @@ function Set-TargetResource $count = 1 do { - Write-Verbose -Message "Testing to ensure changes were applied." + Write-Verbose -Message 'Testing to ensure changes were applied.' $testResults = Test-TargetResource @PSBoundParameters if (-not $testResults) { @@ -371,11 +371,11 @@ function Set-TargetResource # Need to force reconnect to Exchange for the new permissions to kick in. if ($null -ne $Global:MSCloudLoginConnectionProfile.ExchangeOnline) { - Write-Verbose -Message "Waiting for 20 seconds for new permissions to be effective." + Write-Verbose -Message 'Waiting for 20 seconds for new permissions to be effective.' Start-Sleep 20 - Write-Verbose -Message "Disconnecting from Exchange Online" + Write-Verbose -Message 'Disconnecting from Exchange Online' $Global:MSCloudLoginConnectionProfile.ExchangeOnline.Disconnect() - } + } } function Test-TargetResource @@ -564,7 +564,7 @@ function Export-TargetResource { [array]$roleAssignments = Get-ManagementRoleAssignment | Where-Object -FilterScript { $_.RoleAssigneeType -eq 'ServicePrincipal' -or ` $_.RoleAssigneeType -eq 'User' -or $_.RoleAssigneeType -eq 'RoleAssignmentPolicy' -or $_.RoleAssigneeType -eq 'SecurityGroup' ` - -or $_.RoleAssigneeType -eq 'RoleGroup'} + -or $_.RoleAssigneeType -eq 'RoleGroup' } $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOnPremisesOrganization/MSFT_EXOOnPremisesOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOnPremisesOrganization/MSFT_EXOOnPremisesOrganization.psm1 index b91136e334..8eac15297c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOnPremisesOrganization/MSFT_EXOOnPremisesOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOnPremisesOrganization/MSFT_EXOOnPremisesOrganization.psm1 @@ -490,7 +490,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationRelationship/MSFT_EXOOrganizationRelationship.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationRelationship/MSFT_EXOOrganizationRelationship.psm1 index ce0578285b..86a8b9303e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationRelationship/MSFT_EXOOrganizationRelationship.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOrganizationRelationship/MSFT_EXOOrganizationRelationship.psm1 @@ -733,7 +733,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.psm1 index 104a83c2f5..3ed0869650 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOutboundConnector/MSFT_EXOOutboundConnector.psm1 @@ -612,7 +612,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.psm1 index 153a3d828f..07fde40a7b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOOwaMailboxPolicy/MSFT_EXOOwaMailboxPolicy.psm1 @@ -1520,7 +1520,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPartnerApplication/MSFT_EXOPartnerApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPartnerApplication/MSFT_EXOPartnerApplication.psm1 index 3e16ec18f5..1916175cc0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPartnerApplication/MSFT_EXOPartnerApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOPartnerApplication/MSFT_EXOPartnerApplication.psm1 @@ -464,7 +464,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORemoteDomain/MSFT_EXORemoteDomain.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORemoteDomain/MSFT_EXORemoteDomain.psm1 index c6a066ef4d..8b49f2e15d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORemoteDomain/MSFT_EXORemoteDomain.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORemoteDomain/MSFT_EXORemoteDomain.psm1 @@ -694,7 +694,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleAssignmentPolicy/MSFT_EXORoleAssignmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleAssignmentPolicy/MSFT_EXORoleAssignmentPolicy.psm1 index a514729252..ef2865b028 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleAssignmentPolicy/MSFT_EXORoleAssignmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleAssignmentPolicy/MSFT_EXORoleAssignmentPolicy.psm1 @@ -458,7 +458,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 index 581ab0f02a..b79ab1123a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 @@ -1,4 +1,4 @@ -function Get-TargetResource +function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] @@ -56,13 +56,13 @@ function Get-TargetResource ) Write-Verbose -Message "Getting Role Group configuration for $Name" - if ($Global:CurrentModeIsExport) + if ($Global:CurrentModeIsExport) { $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters ` -SkipModuleReload $true } - else + else { $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters @@ -83,18 +83,18 @@ function Get-TargetResource $nullReturn = $PSBoundParameters $nullReturn.Ensure = 'Absent' - try + try { $AllRoleGroups = Get-RoleGroup -ErrorAction Stop $RoleGroup = $AllRoleGroups | Where-Object -FilterScript { $_.Name -eq $Name } - if ($null -eq $RoleGroup) + if ($null -eq $RoleGroup) { Write-Verbose -Message "Role Group $($Name) does not exist." return $nullReturn } - else + else { # Get RoleGroup Members DN if RoleGroup exists. This is required especially when adding Members like "Exchange Administrator" or "Global Administrator" that have different Names across Tenants $roleGroupMember = Get-RoleGroupMember -Identity $Name | Select-Object DisplayName @@ -118,7 +118,7 @@ function Get-TargetResource return $result } } - catch + catch { New-M365DSCLogEntry -Message 'Error retrieving data:' ` -Exception $_ ` @@ -130,7 +130,7 @@ function Get-TargetResource } } -function Set-TargetResource +function Set-TargetResource { [CmdletBinding()] param @@ -211,27 +211,27 @@ function Set-TargetResource Members = $Members Roles = $Roles Confirm = $false - } + } # Remove Description Parameter if null or Empty as the creation fails with $null parameter - if ([System.String]::IsNullOrEmpty($Description)) + if ([System.String]::IsNullOrEmpty($Description)) { $NewRoleGroupParams.Remove('Description') | Out-Null } # CASE: Role Group doesn't exist but should; - if ($Ensure -eq 'Present' -and $currentRoleGroupConfig.Ensure -eq 'Absent') + if ($Ensure -eq 'Present' -and $currentRoleGroupConfig.Ensure -eq 'Absent') { Write-Verbose -Message "Role Group '$($Name)' does not exist but it should. Create and configure it." # Create Role Group New-RoleGroup @NewRoleGroupParams } # CASE: Role Group exists but it shouldn't; - elseif ($Ensure -eq 'Absent' -and $currentRoleGroupConfig.Ensure -eq 'Present') + elseif ($Ensure -eq 'Absent' -and $currentRoleGroupConfig.Ensure -eq 'Present') { Write-Verbose -Message "Role Group '$($Name)' exists but it shouldn't. Remove it." Remove-RoleGroup -Identity $Name -Confirm:$false -Force } # CASE: Role Group exists and it should, but has different member values than the desired ones - elseif ($Ensure -eq 'Present' -and $currentRoleGroupConfig.Ensure -eq 'Present' -and $null -ne (Compare-Object -ReferenceObject $($currentRoleGroupConfig.Members) -DifferenceObject $Members)) + elseif ($Ensure -eq 'Present' -and $currentRoleGroupConfig.Ensure -eq 'Present' -and $null -ne (Compare-Object -ReferenceObject $($currentRoleGroupConfig.Members) -DifferenceObject $Members)) { Write-Verbose -Message "Role Group '$($Name)' already exists, but members need updating." Write-Verbose -Message "Updating Role Group $($Name) members with values: $(Convert-M365DscHashtableToString -Hashtable $NewRoleGroupParams)" @@ -259,7 +259,7 @@ function Set-TargetResource } } -function Test-TargetResource +function Test-TargetResource { [CmdletBinding()] [OutputType([System.Boolean])] @@ -353,7 +353,7 @@ function Test-TargetResource return $TestResult } -function Export-TargetResource +function Export-TargetResource { [CmdletBinding()] [OutputType([System.String])] @@ -403,21 +403,22 @@ function Export-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - try { - [array]$AllRoleGroups = Get-RoleGroup + try + { + [array]$AllRoleGroups = Get-RoleGroup $dscContent = '' - if ($AllRoleGroups.Length -eq 0) + if ($AllRoleGroups.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } - else + else { Write-Host "`r`n" -NoNewline } $i = 1 - foreach ($RoleGroup in $AllRoleGroups) + foreach ($RoleGroup in $AllRoleGroups) { Write-Host " |---[$i/$($AllRoleGroups.Count)] $($RoleGroup.Name)" -NoNewline $roleGroupMember = Get-RoleGroupMember -Identity $RoleGroup.Name | Select-Object DisplayName @@ -450,7 +451,7 @@ function Export-TargetResource } return $dscContent } - catch + catch { Write-Host $Global:M365DSCEmojiRedX diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 index bf9a60e112..a7b37d2d3f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 @@ -375,7 +375,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -388,7 +388,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -397,7 +397,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 index 6b0650077b..bda65afcd1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 @@ -1245,7 +1245,7 @@ function Set-AppsHash } $AppsHash = @{ - 'AppGroupType' = $AppGroupType; + 'AppGroupType' = $AppGroupType 'Apps' = $appsarray } @@ -1300,9 +1300,9 @@ function Set-ManagedBrowserValues } $ManagedBrowserHash = @{ - 'ManagedBrowser' = $ManagedBrowser; - 'ManagedBrowserToOpenLinksRequired' = $ManagedBrowserToOpenLinksRequired; - 'CustomBrowserDisplayName' = $CustomBrowserDisplayName; + 'ManagedBrowser' = $ManagedBrowser + 'ManagedBrowserToOpenLinksRequired' = $ManagedBrowserToOpenLinksRequired + 'CustomBrowserDisplayName' = $CustomBrowserDisplayName 'CustomBrowserPackageId' = $CustomBrowserPackageId } @@ -1312,54 +1312,54 @@ function Set-ManagedBrowserValues function Get-InputParameters { return @{ - AllowedDataStorageLocations = @{Type = 'Parameter' ; ExportFileType = 'Array'; }; - AllowedInboundDataTransferSources = @{Type = 'Parameter' ; ExportFileType = 'String'; }; - AllowedOutboundClipboardSharingLevel = @{Type = 'Parameter' ; ExportFileType = 'String'; }; - AllowedOutboundDataTransferDestinations = @{Type = 'Parameter' ; ExportFileType = 'String'; }; - ApplicationId = @{Type = 'Credential' ; ExportFileType = 'NA'; }; - ApplicationSecret = @{Type = 'Credential' ; ExportFileType = 'NA'; }; - AppGroupType = @{Type = 'ComplexParameter' ; ExportFileType = 'String'; }; - Apps = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - Assignments = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - CertificateThumbprint = @{Type = 'Credential' ; ExportFileType = 'NA'; }; - Managedidentity = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - ContactSyncBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - Credential = @{Type = 'Credential' ; ExportFileType = 'NA'; }; - CustomBrowserDisplayName = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - CustomBrowserPackageId = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - DataBackupBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - Description = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - DeviceComplianceRequired = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - DisableAppEncryptionIfDeviceEncryptionIsEnabled = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - DisableAppPinIfDevicePinIsSet = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - DisplayName = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - EncryptAppData = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - Ensure = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - ExcludedGroups = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - FingerprintBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - Id = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - IsAssigned = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - ManagedBrowser = @{Type = 'ComplexParameter' ; ExportFileType = 'String'; }; - ManagedBrowserToOpenLinksRequired = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; }; - MaximumPinRetries = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - MinimumPinLength = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - MinimumRequiredAppVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - MinimumRequiredOSVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - MinimumRequiredPatchVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - MinimumWarningAppVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - MinimumWarningOSVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - MinimumWarningPatchVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - OrganizationalCredentialsRequired = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - PeriodBeforePinReset = @{Type = 'Parameter' ; ExportFileType = 'Duration'; }; - PeriodOfflineBeforeAccessCheck = @{Type = 'Parameter' ; ExportFileType = 'Duration'; }; - PeriodOfflineBeforeWipeIsEnforced = @{Type = 'Parameter' ; ExportFileType = 'Duration'; }; - PeriodOnlineBeforeAccessCheck = @{Type = 'Parameter' ; ExportFileType = 'Duration'; }; - PinCharacterSet = @{Type = 'Parameter' ; ExportFileType = 'String'; }; - PinRequired = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - PrintBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - SaveAsBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - ScreenCaptureBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; - SimplePinBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; }; + AllowedDataStorageLocations = @{Type = 'Parameter' ; ExportFileType = 'Array'; } + AllowedInboundDataTransferSources = @{Type = 'Parameter' ; ExportFileType = 'String'; } + AllowedOutboundClipboardSharingLevel = @{Type = 'Parameter' ; ExportFileType = 'String'; } + AllowedOutboundDataTransferDestinations = @{Type = 'Parameter' ; ExportFileType = 'String'; } + ApplicationId = @{Type = 'Credential' ; ExportFileType = 'NA'; } + ApplicationSecret = @{Type = 'Credential' ; ExportFileType = 'NA'; } + AppGroupType = @{Type = 'ComplexParameter' ; ExportFileType = 'String'; } + Apps = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + Assignments = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + CertificateThumbprint = @{Type = 'Credential' ; ExportFileType = 'NA'; } + Managedidentity = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + ContactSyncBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + Credential = @{Type = 'Credential' ; ExportFileType = 'NA'; } + CustomBrowserDisplayName = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + CustomBrowserPackageId = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + DataBackupBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + Description = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + DeviceComplianceRequired = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + DisableAppEncryptionIfDeviceEncryptionIsEnabled = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + DisableAppPinIfDevicePinIsSet = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + DisplayName = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + EncryptAppData = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + Ensure = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + ExcludedGroups = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + FingerprintBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + Id = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + IsAssigned = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + ManagedBrowser = @{Type = 'ComplexParameter' ; ExportFileType = 'String'; } + ManagedBrowserToOpenLinksRequired = @{Type = 'ComplexParameter' ; ExportFileType = 'NA'; } + MaximumPinRetries = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + MinimumPinLength = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + MinimumRequiredAppVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + MinimumRequiredOSVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + MinimumRequiredPatchVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + MinimumWarningAppVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + MinimumWarningOSVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + MinimumWarningPatchVersion = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + OrganizationalCredentialsRequired = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + PeriodBeforePinReset = @{Type = 'Parameter' ; ExportFileType = 'Duration'; } + PeriodOfflineBeforeAccessCheck = @{Type = 'Parameter' ; ExportFileType = 'Duration'; } + PeriodOfflineBeforeWipeIsEnforced = @{Type = 'Parameter' ; ExportFileType = 'Duration'; } + PeriodOnlineBeforeAccessCheck = @{Type = 'Parameter' ; ExportFileType = 'Duration'; } + PinCharacterSet = @{Type = 'Parameter' ; ExportFileType = 'String'; } + PinRequired = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + PrintBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + SaveAsBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + ScreenCaptureBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; } + SimplePinBlocked = @{Type = 'Parameter' ; ExportFileType = 'NA'; } TenantId = @{Type = 'Credential' ; ExportFileType = 'NA'; } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 index 6932f20a0d..46507da195 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 @@ -416,7 +416,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -429,7 +429,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -438,7 +438,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } } @@ -766,15 +766,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -782,26 +782,26 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -810,23 +810,23 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -840,37 +840,37 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -879,17 +879,17 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -900,26 +900,26 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -928,11 +928,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -943,32 +943,32 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } return $currentProperty @@ -1020,49 +1020,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1072,7 +1072,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1084,7 +1084,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 index 66cd3e4ce6..b9e8adbccd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 @@ -469,12 +469,12 @@ function Set-TargetResource -TemplateId $templateReferenceId $createParameters = @{ - Name = $DisplayName - Description = $Description - TemplateReference = @{templateId = $templateReferenceId} - Platforms = $platforms - Technologies = $technologies - Settings = $settings + Name = $DisplayName + Description = $Description + TemplateReference = @{templateId = $templateReferenceId } + Platforms = $platforms + Technologies = $technologies + Settings = $settings } New-MgDeviceManagementConfigurationPolicy -bodyParameter $createParameters @@ -933,19 +933,19 @@ function Get-IntuneSettingCatalogPolicySetting $settingInstance = @{} $settingName = $settingDefinition.SettingDefinitionId.split('_') | Select-Object -Last 1 - $settingType = $settingDefinition.AdditionalProperties.'@odata.type'.replace('InstanceTemplate','Instance') + $settingType = $settingDefinition.AdditionalProperties.'@odata.type'.replace('InstanceTemplate', 'Instance') $settingInstance.Add('settingDefinitionId', $settingDefinition.settingDefinitionId) $settingInstance.Add('@odata.type', $settingType) if (-Not [string]::IsNullOrEmpty($settingDefinition.settingInstanceTemplateId)) { - $settingInstance.Add('settingInstanceTemplateReference',@{'settingInstanceTemplateId'=$settingDefinition.settingInstanceTemplateId}) + $settingInstance.Add('settingInstanceTemplateReference', @{'settingInstanceTemplateId' = $settingDefinition.settingInstanceTemplateId }) } - $settingValueName = $settingType.replace('#microsoft.graph.deviceManagementConfiguration','').replace('Instance','Value') - $settingValueName = $settingValueName.Substring(0,1).ToLower() + $settingValueName.Substring(1,$settingValueName.length -1 ) + $settingValueName = $settingType.replace('#microsoft.graph.deviceManagementConfiguration', '').replace('Instance', 'Value') + $settingValueName = $settingValueName.Substring(0, 1).ToLower() + $settingValueName.Substring(1, $settingValueName.length - 1 ) $settingValueType = $settingDefinition.AdditionalProperties."$($settingValueName)Template".'@odata.type' if ($null -ne $settingValueType) { - $settingValueType = $settingValueType.replace('ValueTemplate','Value') + $settingValueType = $settingValueType.replace('ValueTemplate', 'Value') } $settingValueTemplateId = $settingDefinition.AdditionalProperties."$($settingValueName)Template".settingValueTemplateId $settingValue = Get-IntuneSettingCatalogPolicySettingInstanceValue ` @@ -956,10 +956,10 @@ function Get-IntuneSettingCatalogPolicySetting -SettingValueName $settingValueName ` -SettingValueType $settingValueType ` -SettingValueTemplateId $settingValueTemplateId - $settingInstance+=($settingValue) + $settingInstance += ($settingValue) $settingInstances += @{ - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSetting' + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSetting' 'settingInstance' = $settingInstance } } @@ -1000,7 +1000,7 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue ) $settingValueReturn = @{} - switch($settingType) + switch ($settingType) { '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' { @@ -1008,13 +1008,13 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue $groupSettingCollectionValueChildren = @() $groupSettingCollectionDefinitionChildren = $SettingDefinition.AdditionalProperties.groupSettingCollectionValueTemplate.children - foreach($childDefinition in $groupSettingCollectionDefinitionChildren) + foreach ($childDefinition in $groupSettingCollectionDefinitionChildren) { $childSettingName = $childDefinition.settingDefinitionId.split('_') | Select-Object -Last 1 - $childSettingType = $childDefinition.'@odata.type'.replace('InstanceTemplate','Instance') - $childSettingValueName = $childSettingType.replace('#microsoft.graph.deviceManagementConfiguration','').replace('Instance','Value') + $childSettingType = $childDefinition.'@odata.type'.replace('InstanceTemplate', 'Instance') + $childSettingValueName = $childSettingType.replace('#microsoft.graph.deviceManagementConfiguration', '').replace('Instance', 'Value') $childSettingValueType = "#microsoft.graph.deviceManagementConfiguration$($childSettingValueName)" - $childSettingValueName = $childSettingValueName.Substring(0,1).ToLower() + $childSettingValueName.Substring(1,$childSettingValueName.length -1 ) + $childSettingValueName = $childSettingValueName.Substring(0, 1).ToLower() + $childSettingValueName.Substring(1, $childSettingValueName.length - 1 ) $childSettingValueTemplateId = $childDefinition.$childSettingValueName.settingValueTemplateId $childSettingValue = Get-IntuneSettingCatalogPolicySettingInstanceValue ` -DSCParams $DSCParams ` @@ -1035,19 +1035,19 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue '#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance' { $values = @() - foreach( $key in $DSCParams.Keys) + foreach ( $key in $DSCParams.Keys) { - if($settingName -eq ($key.tolower())) + if ($settingName -eq ($key.tolower())) { $values = $DSCParams[$key] break } } $settingValueCollection = @() - foreach($v in $values) + foreach ($v in $values) { $settingValueCollection += @{ - value = $v + value = $v '@odata.type' = $settingValueType } } @@ -1056,9 +1056,9 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue Default { $value = $null - foreach( $key in $DSCParams.Keys) + foreach ( $key in $DSCParams.Keys) { - if($settingName -eq ($key.tolower())) + if ($settingName -eq ($key.tolower())) { $value = "$($SettingDefinition.settingDefinitionId)_$($DSCParams[$key])" break @@ -1072,7 +1072,7 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue } if (-Not [string]::IsNullOrEmpty($settingValueTemplateId)) { - $settingValue.Add('settingValueTemplateReference',@{'settingValueTemplateId'= $settingValueTemplateId}) + $settingValue.Add('settingValueTemplateReference', @{'settingValueTemplateId' = $settingValueTemplateId }) } $settingValue.add('value', $value) $settingValueReturn.Add($settingValueName, $settingValue) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 index 30fe835b5a..bb08e0b633 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 @@ -235,7 +235,7 @@ function Get-TargetResource } $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id $assignmentResult = @() foreach ($assignmentEntry in $returnAssignments) { @@ -747,7 +747,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -760,7 +760,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -769,7 +769,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 index 8d5bd55249..24a169468f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 @@ -177,7 +177,7 @@ function Get-TargetResource } $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id $assignmentResult = @() foreach ($assignmentEntry in $returnAssignments) { @@ -600,7 +600,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -613,7 +613,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -622,7 +622,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 index e2a42cb6f4..e46c48c10b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 @@ -223,7 +223,7 @@ function Get-TargetResource } $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id $assignmentResult = @() foreach ($assignmentEntry in $returnAssignments) { @@ -710,7 +710,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -723,7 +723,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -732,7 +732,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 index 69775d0515..b3f4b2523c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 @@ -201,7 +201,7 @@ function Get-TargetResource } $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id $assignmentResult = @() foreach ($assignmentEntry in $returnAssignments) { @@ -657,7 +657,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -670,7 +670,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -679,7 +679,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 index 1e97fdbe10..6428809697 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 @@ -773,7 +773,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $CIMAssignmentAsHash = Get-M365DSCAssignmentsAsHashtable -CIMAssignment $source @@ -786,7 +786,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: collectionId {$($assignment.collectionId)} not found" $testResult = $false - break; + break } $CIMAssignmentAsHash = Get-M365DSCAssignmentsAsHashtable -CIMAssignment $source @@ -799,7 +799,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $CIMAssignmentAsHash = Get-M365DSCAssignmentsAsHashtable -CIMAssignment $source } @@ -821,7 +821,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } @@ -1096,7 +1096,7 @@ function Get-MgDeviceManagementPolicyAssignments $deviceManagementPolicyAssignments = @() $Uri = "https://graph.microsoft.com/beta/deviceManagement/$Repository/$DeviceManagementPolicyId/assignments" - $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + $results = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop foreach ($result in $results.value.target) { $deviceManagementPolicyAssignments += @{ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 index 744ce1e545..15959bfdc9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 @@ -190,7 +190,7 @@ function Get-TargetResource } $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id + $returnAssignments += Get-MgDeviceManagementDeviceCompliancePolicyAssignment -DeviceCompliancePolicyId $devicePolicy.Id $assignmentResult = @() foreach ($assignmentEntry in $returnAssignments) { @@ -633,7 +633,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -1226,7 +1226,7 @@ function Rename-M365DSCCimInstanceODataParameter } $clonedProperties.$key = $values } - break; + break } '*hashtable[[\]]' { @@ -1241,7 +1241,7 @@ function Rename-M365DSCCimInstanceODataParameter } $clonedProperties.$key = $values } - break; + break } '*CimInstance' { @@ -1254,7 +1254,7 @@ function Rename-M365DSCCimInstanceODataParameter $CIMHash.remove('odataType') $clonedProperties.$key = $CIMHash } - break; + break } '*Hashtable' { @@ -1265,7 +1265,7 @@ function Rename-M365DSCCimInstanceODataParameter $Properties.$key.remove('odataType') $clonedProperties.$key = $Properties.$key } - break; + break } Default { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 index 255a85b47b..74e215f94d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 @@ -26,7 +26,7 @@ function Get-TargetResource $CacheServerHostNames, [Parameter()] - [ValidateSet('userDefined','httpOnly','httpWithPeeringNat','httpWithPeeringPrivateGroup','httpWithInternetPeering','simpleDownload','bypassMode')] + [ValidateSet('userDefined', 'httpOnly', 'httpWithPeeringNat', 'httpWithPeeringPrivateGroup', 'httpWithInternetPeering', 'simpleDownload', 'bypassMode')] [System.String] $DeliveryOptimizationMode, @@ -67,12 +67,12 @@ function Get-TargetResource $ModifyCacheLocation, [Parameter()] - [ValidateSet('notConfigured','subnetMask')] + [ValidateSet('notConfigured', 'subnetMask')] [System.String] $RestrictPeerSelectionBy, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $VpnPeerCaching, @@ -150,13 +150,13 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Device Configuration Delivery Optimization Policy for Windows10 with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDeviceManagementDeviceConfiguration ` -Filter "DisplayName eq '$DisplayName'" ` @@ -181,28 +181,28 @@ function Get-TargetResource $complexBandwidthBackgroundPercentageHours.Add('BandwidthEndBusinessHours', $getValue.AdditionalProperties.bandwidthMode.bandwidthBackgroundPercentageHours.bandwidthEndBusinessHours) $complexBandwidthBackgroundPercentageHours.Add('BandwidthPercentageDuringBusinessHours', $getValue.AdditionalProperties.bandwidthMode.bandwidthBackgroundPercentageHours.bandwidthPercentageDuringBusinessHours) $complexBandwidthBackgroundPercentageHours.Add('BandwidthPercentageOutsideBusinessHours', $getValue.AdditionalProperties.bandwidthMode.bandwidthBackgroundPercentageHours.bandwidthPercentageOutsideBusinessHours) - if($complexBandwidthBackgroundPercentageHours.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexBandwidthBackgroundPercentageHours.values.Where({ $null -ne $_ }).count -eq 0) { $complexBandwidthBackgroundPercentageHours = $null } - $complexBandwidthMode.Add('BandwidthBackgroundPercentageHours',$complexBandwidthBackgroundPercentageHours) + $complexBandwidthMode.Add('BandwidthBackgroundPercentageHours', $complexBandwidthBackgroundPercentageHours) $complexBandwidthForegroundPercentageHours = @{} $complexBandwidthForegroundPercentageHours.Add('BandwidthBeginBusinessHours', $getValue.AdditionalProperties.bandwidthMode.bandwidthForegroundPercentageHours.bandwidthBeginBusinessHours) $complexBandwidthForegroundPercentageHours.Add('BandwidthEndBusinessHours', $getValue.AdditionalProperties.bandwidthMode.bandwidthForegroundPercentageHours.bandwidthEndBusinessHours) $complexBandwidthForegroundPercentageHours.Add('BandwidthPercentageDuringBusinessHours', $getValue.AdditionalProperties.bandwidthMode.bandwidthForegroundPercentageHours.bandwidthPercentageDuringBusinessHours) $complexBandwidthForegroundPercentageHours.Add('BandwidthPercentageOutsideBusinessHours', $getValue.AdditionalProperties.bandwidthMode.bandwidthForegroundPercentageHours.bandwidthPercentageOutsideBusinessHours) - if($complexBandwidthForegroundPercentageHours.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexBandwidthForegroundPercentageHours.values.Where({ $null -ne $_ }).count -eq 0) { $complexBandwidthForegroundPercentageHours = $null } - $complexBandwidthMode.Add('BandwidthForegroundPercentageHours',$complexBandwidthForegroundPercentageHours) + $complexBandwidthMode.Add('BandwidthForegroundPercentageHours', $complexBandwidthForegroundPercentageHours) $complexBandwidthMode.Add('MaximumBackgroundBandwidthPercentage', $getValue.AdditionalProperties.bandwidthMode.maximumBackgroundBandwidthPercentage) $complexBandwidthMode.Add('MaximumForegroundBandwidthPercentage', $getValue.AdditionalProperties.bandwidthMode.maximumForegroundBandwidthPercentage) if ($null -ne $getValue.AdditionalProperties.bandwidthMode.'@odata.type') { $complexBandwidthMode.Add('odataType', $getValue.AdditionalProperties.bandwidthMode.'@odata.type'.toString()) } - if($complexBandwidthMode.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexBandwidthMode.values.Where({ $null -ne $_ }).count -eq 0) { $complexBandwidthMode = $null } @@ -217,7 +217,7 @@ function Get-TargetResource { $complexGroupIdSource.Add('odataType', $getValue.AdditionalProperties.groupIdSource.'@odata.type'.toString()) } - if($complexGroupIdSource.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexGroupIdSource.values.Where({ $null -ne $_ }).count -eq 0) { $complexGroupIdSource = $null } @@ -229,7 +229,7 @@ function Get-TargetResource { $complexMaximumCacheSize.Add('odataType', $getValue.AdditionalProperties.maximumCacheSize.'@odata.type'.toString()) } - if($complexMaximumCacheSize.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexMaximumCacheSize.values.Where({ $null -ne $_ }).count -eq 0) { $complexMaximumCacheSize = $null } @@ -294,11 +294,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' - deviceAndAppManagementAssignmentFilterType = $(if($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -345,7 +347,7 @@ function Set-TargetResource $CacheServerHostNames, [Parameter()] - [ValidateSet('userDefined','httpOnly','httpWithPeeringNat','httpWithPeeringPrivateGroup','httpWithInternetPeering','simpleDownload','bypassMode')] + [ValidateSet('userDefined', 'httpOnly', 'httpWithPeeringNat', 'httpWithPeeringPrivateGroup', 'httpWithInternetPeering', 'simpleDownload', 'bypassMode')] [System.String] $DeliveryOptimizationMode, @@ -386,12 +388,12 @@ function Set-TargetResource $ModifyCacheLocation, [Parameter()] - [ValidateSet('notConfigured','subnetMask')] + [ValidateSet('notConfigured', 'subnetMask')] [System.String] $RestrictPeerSelectionBy, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $VpnPeerCaching, @@ -471,32 +473,32 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Delivery Optimization Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsDeliveryOptimizationConfiguration") - $policy=New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $CreateParameters.Add('@odata.type', '#microsoft.graph.windowsDeliveryOptimizationConfiguration') + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - if($policy.id) + if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -505,30 +507,30 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Delivery Optimization Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters $UpdateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsDeliveryOptimizationConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windowsDeliveryOptimizationConfiguration') Update-MgDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` @@ -537,7 +539,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Intune Device Configuration Delivery Optimization Policy for Windows10 with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Removing the Intune Device Configuration Delivery Optimization Policy for Windows10 with Id {$($currentInstance.Id)}" #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion @@ -572,7 +574,7 @@ function Test-TargetResource $CacheServerHostNames, [Parameter()] - [ValidateSet('userDefined','httpOnly','httpWithPeeringNat','httpWithPeeringPrivateGroup','httpWithInternetPeering','simpleDownload','bypassMode')] + [ValidateSet('userDefined', 'httpOnly', 'httpWithPeeringNat', 'httpWithPeeringPrivateGroup', 'httpWithInternetPeering', 'simpleDownload', 'bypassMode')] [System.String] $DeliveryOptimizationMode, @@ -613,12 +615,12 @@ function Test-TargetResource $ModifyCacheLocation, [Parameter()] - [ValidateSet('notConfigured','subnetMask')] + [ValidateSet('notConfigured', 'subnetMask')] [System.String] $RestrictPeerSelectionBy, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $VpnPeerCaching, @@ -713,7 +715,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -797,7 +799,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsDeliveryOptimizationConfiguration' ` - } + } #endregion $i = 1 @@ -820,7 +822,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -837,19 +839,19 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'BandwidthMode' + Name = 'BandwidthMode' CimInstanceName = 'MicrosoftGraphDeliveryOptimizationBandwidth' - IsRequired = $False + IsRequired = $False } @{ - Name = 'BandwidthBackgroundPercentageHours' + Name = 'BandwidthBackgroundPercentageHours' CimInstanceName = 'MicrosoftGraphDeliveryOptimizationBandwidthBusinessHoursLimit' - IsRequired = $False + IsRequired = $False } @{ - Name = 'BandwidthForegroundPercentageHours' + Name = 'BandwidthForegroundPercentageHours' CimInstanceName = 'MicrosoftGraphDeliveryOptimizationBandwidthBusinessHoursLimit' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -857,7 +859,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeliveryOptimizationBandwidth' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.BandwidthMode = $complexTypeStringResult } @@ -871,7 +873,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.GroupIdSource ` -CIMInstanceName 'MicrosoftGraphdeliveryOptimizationGroupIdSource' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.GroupIdSource = $complexTypeStringResult } @@ -885,7 +887,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.MaximumCacheSize ` -CIMInstanceName 'MicrosoftGraphdeliveryOptimizationMaxCacheSize' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.MaximumCacheSize = $complexTypeStringResult } @@ -894,7 +896,7 @@ function Export-TargetResource $Results.Remove('MaximumCacheSize') | Out-Null } } - if($Results.Assignments) + if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) @@ -913,23 +915,23 @@ function Export-TargetResource -Credential $Credential if ($Results.BandwidthMode) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "BandwidthMode" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'BandwidthMode' -IsCIMArray:$False } if ($Results.GroupIdSource) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "GroupIdSource" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'GroupIdSource' -IsCIMArray:$False } if ($Results.MaximumCacheSize) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "MaximumCacheSize" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'MaximumCacheSize' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable - $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) - $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( " ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -967,40 +969,40 @@ function Update-DeviceConfigurationPolicyAssignment [Parameter()] [System.String] - $Repository='deviceManagement/configurationPolicies', + $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] - $APIVersion='beta' + $APIVersion = 'beta' ) try { - $deviceManagementPolicyAssignments=@() - $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach ($target in $targets) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) + $formattedTarget = @{'@odata.type' = $target.dataType } + if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } - if($target.collectionId) + if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } - if($target.deviceAndAppManagementAssignmentFilterType) + if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } - if($target.deviceAndAppManagementAssignmentFilterId) + if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -1019,19 +1021,19 @@ function Update-DeviceConfigurationPolicyAssignment function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" + $keyToRename = @{ + 'odataType' = '@odata.type' } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -1041,34 +1043,34 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values - return ,$result + return , $result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like '*Hashtable') { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -1081,51 +1083,51 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -1142,27 +1144,27 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' ) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -1220,15 +1222,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -1236,26 +1238,26 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -1264,23 +1266,23 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -1294,37 +1296,37 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1333,17 +1335,17 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -1354,26 +1356,26 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1382,11 +1384,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1397,32 +1399,32 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } return $currentProperty @@ -1442,49 +1444,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1494,7 +1496,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1506,7 +1508,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1524,47 +1526,47 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -1574,36 +1576,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1611,16 +1613,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -1630,18 +1632,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1665,47 +1667,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/settings.json index 145d472782..7a4ac875c3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10", "description": "This resource configures an Intune Device Configuration Delivery Optimization Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 index ca7a1593b3..31fa4bb849 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 @@ -38,12 +38,12 @@ function Get-TargetResource $ApplicationGuardAllowVirtualGPU, [Parameter()] - [ValidateSet('notConfigured','blockBoth','blockHostToContainer','blockContainerToHost','blockNone')] + [ValidateSet('notConfigured', 'blockBoth', 'blockHostToContainer', 'blockContainerToHost', 'blockNone')] [System.String] $ApplicationGuardBlockClipboardSharing, [Parameter()] - [ValidateSet('notConfigured','blockImageAndTextFile','blockImageFile','blockNone','blockTextFile')] + [ValidateSet('notConfigured', 'blockImageAndTextFile', 'blockImageFile', 'blockNone', 'blockTextFile')] [System.String] $ApplicationGuardBlockFileTransfer, @@ -60,7 +60,7 @@ function Get-TargetResource $ApplicationGuardEnabled, [Parameter()] - [ValidateSet('notConfigured','enabledForEdge','enabledForOffice','enabledForEdgeAndOffice')] + [ValidateSet('notConfigured', 'enabledForEdge', 'enabledForOffice', 'enabledForEdgeAndOffice')] [System.String] $ApplicationGuardEnabledOptions, @@ -69,7 +69,7 @@ function Get-TargetResource $ApplicationGuardForceAuditing, [Parameter()] - [ValidateSet('notConfigured','enforceComponentsAndStoreApps','auditComponentsAndStoreApps','enforceComponentsStoreAppsAndSmartlocker','auditComponentsStoreAppsAndSmartlocker')] + [ValidateSet('notConfigured', 'enforceComponentsAndStoreApps', 'auditComponentsAndStoreApps', 'enforceComponentsStoreAppsAndSmartlocker', 'auditComponentsStoreAppsAndSmartlocker')] [System.String] $AppLockerApplicationControl, @@ -94,7 +94,7 @@ function Get-TargetResource $BitLockerFixedDrivePolicy, [Parameter()] - [ValidateSet('notConfigured','disabled','enabledForAzureAd','enabledForAzureAdAndHybrid')] + [ValidateSet('notConfigured', 'disabled', 'enabledForAzureAd', 'enabledForAzureAdAndHybrid')] [System.String] $BitLockerRecoveryPasswordRotation, @@ -111,12 +111,12 @@ function Get-TargetResource $DefenderAdditionalGuardedFolders, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdobeReaderLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdvancedRansomewareProtectionType, @@ -173,7 +173,7 @@ function Get-TargetResource $DefenderBlockEndUserAccess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderBlockPersistenceThroughWmiType, @@ -182,7 +182,7 @@ function Get-TargetResource $DefenderCheckForSignaturesBeforeRunningScan, [Parameter()] - [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, @@ -247,12 +247,12 @@ function Get-TargetResource $DefenderDisableScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderEmailContentExecution, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderEmailContentExecutionType, @@ -289,77 +289,77 @@ function Get-TargetResource $DefenderGuardedFoldersAllowedAppPaths, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','blockDiskModification','auditDiskModification')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'blockDiskModification', 'auditDiskModification')] [System.String] $DefenderGuardMyFoldersType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderNetworkProtectionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunch, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunchType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsLaunchChildProcessType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsOtherProcessInjection, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsOtherProcessInjectionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeCommunicationAppsLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeMacroCodeAllowWin32Imports, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeMacroCodeAllowWin32ImportsType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPreventCredentialStealingType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderProcessCreation, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderProcessCreationType, @@ -368,7 +368,7 @@ function Get-TargetResource $DefenderProcessesToExclude, [Parameter()] - [ValidateSet('monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [ValidateSet('monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderScanDirection, @@ -377,7 +377,7 @@ function Get-TargetResource $DefenderScanMaxCpuPercentage, [Parameter()] - [ValidateSet('userDefined','disabled','quick','full')] + [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, @@ -386,7 +386,7 @@ function Get-TargetResource $DefenderScheduledQuickScanTime, [Parameter()] - [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderScheduledScanDay, @@ -395,22 +395,22 @@ function Get-TargetResource $DefenderScheduledScanTime, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptDownloadedPayloadExecution, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptDownloadedPayloadExecutionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptObfuscatedMacroCode, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptObfuscatedMacroCodeType, @@ -483,12 +483,12 @@ function Get-TargetResource $DefenderSecurityCenterHelpURL, [Parameter()] - [ValidateSet('notConfigured','displayInAppAndInNotifications','displayOnlyInApp','displayOnlyInNotifications')] + [ValidateSet('notConfigured', 'displayInAppAndInNotifications', 'displayOnlyInApp', 'displayOnlyInNotifications')] [System.String] $DefenderSecurityCenterITContactDisplay, [Parameter()] - [ValidateSet('notConfigured','blockNoncriticalNotifications','blockAllNotifications')] + [ValidateSet('notConfigured', 'blockNoncriticalNotifications', 'blockAllNotifications')] [System.String] $DefenderSecurityCenterNotificationsFromApp, @@ -501,27 +501,27 @@ function Get-TargetResource $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedExecutable, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedExecutableType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedUSBProcess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedUSBProcessType, @@ -534,22 +534,22 @@ function Get-TargetResource $DeviceGuardEnableVirtualizationBasedSecurity, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $DeviceGuardLaunchSystemGuard, [Parameter()] - [ValidateSet('notConfigured','enableWithUEFILock','enableWithoutUEFILock','disable')] + [ValidateSet('notConfigured', 'enableWithUEFILock', 'enableWithoutUEFILock', 'disable')] [System.String] $DeviceGuardLocalSystemAuthorityCredentialGuardSettings, [Parameter()] - [ValidateSet('notConfigured','withoutDMA','withDMA')] + [ValidateSet('notConfigured', 'withoutDMA', 'withDMA')] [System.String] $DeviceGuardSecureBootWithDMA, [Parameter()] - [ValidateSet('deviceDefault','blockAll','allowAll')] + [ValidateSet('deviceDefault', 'blockAll', 'allowAll')] [System.String] $DmaGuardDeviceEnumerationPolicy, @@ -558,7 +558,7 @@ function Get-TargetResource $FirewallBlockStatefulFTP, [Parameter()] - [ValidateSet('deviceDefault','none','attempt','require')] + [ValidateSet('deviceDefault', 'none', 'attempt', 'require')] [System.String] $FirewallCertificateRevocationListCheckMethod, @@ -591,12 +591,12 @@ function Get-TargetResource $FirewallMergeKeyingModuleSettings, [Parameter()] - [ValidateSet('deviceDefault','disabled','queueInbound','queueOutbound','queueBoth')] + [ValidateSet('deviceDefault', 'disabled', 'queueInbound', 'queueOutbound', 'queueBoth')] [System.String] $FirewallPacketQueueingMethod, [Parameter()] - [ValidateSet('deviceDefault','none','utF8')] + [ValidateSet('deviceDefault', 'none', 'utF8')] [System.String] $FirewallPreSharedKeyEncodingMethod, @@ -617,7 +617,7 @@ function Get-TargetResource $FirewallRules, [Parameter()] - [ValidateSet('lmAndNltm','lmNtlmAndNtlmV2','lmAndNtlmOnly','lmAndNtlmV2','lmNtlmV2AndNotLm','lmNtlmV2AndNotLmOrNtm')] + [ValidateSet('lmAndNltm', 'lmNtlmAndNtlmV2', 'lmAndNtlmOnly', 'lmAndNtlmV2', 'lmNtlmV2AndNotLm', 'lmNtlmV2AndNotLmOrNtm')] [System.String] $LanManagerAuthenticationLevel, @@ -630,7 +630,7 @@ function Get-TargetResource $LocalSecurityOptionsAdministratorAccountName, [Parameter()] - [ValidateSet('notConfigured','elevateWithoutPrompting','promptForCredentialsOnTheSecureDesktop','promptForConsentOnTheSecureDesktop','promptForCredentials','promptForConsent','promptForConsentForNonWindowsBinaries')] + [ValidateSet('notConfigured', 'elevateWithoutPrompting', 'promptForCredentialsOnTheSecureDesktop', 'promptForConsentOnTheSecureDesktop', 'promptForCredentials', 'promptForConsent', 'promptForConsentForNonWindowsBinaries')] [System.String] $LocalSecurityOptionsAdministratorElevationPromptBehavior, @@ -731,7 +731,7 @@ function Get-TargetResource $LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange, [Parameter()] - [ValidateSet('notConfigured','administrators','administratorsAndPowerUsers','administratorsAndInteractiveUsers')] + [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser, @@ -748,12 +748,12 @@ function Get-TargetResource $LocalSecurityOptionsHideUsernameAtSignIn, [Parameter()] - [ValidateSet('notConfigured','administrators','administratorsAndPowerUsers','administratorsAndInteractiveUsers')] + [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsInformationDisplayedOnLockScreen, [Parameter()] - [ValidateSet('notConfigured','userDisplayNameDomainUser','userDisplayNameOnly','doNotDisplayUser')] + [ValidateSet('notConfigured', 'userDisplayNameDomainUser', 'userDisplayNameOnly', 'doNotDisplayUser')] [System.String] $LocalSecurityOptionsInformationShownOnLockScreen, @@ -774,12 +774,12 @@ function Get-TargetResource $LocalSecurityOptionsMachineInactivityLimitInMinutes, [Parameter()] - [ValidateSet('none','requireNtmlV2SessionSecurity','require128BitEncryption','ntlmV2And128BitEncryption')] + [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients, [Parameter()] - [ValidateSet('none','requireNtmlV2SessionSecurity','require128BitEncryption','ntlmV2And128BitEncryption')] + [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers, @@ -792,12 +792,12 @@ function Get-TargetResource $LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares, [Parameter()] - [ValidateSet('noAction','lockWorkstation','forceLogoff','disconnectRemoteDesktopSession')] + [ValidateSet('noAction', 'lockWorkstation', 'forceLogoff', 'disconnectRemoteDesktopSession')] [System.String] $LocalSecurityOptionsSmartCardRemovalBehavior, [Parameter()] - [ValidateSet('notConfigured','automaticallyDenyElevationRequests','promptForCredentialsOnTheSecureDesktop','promptForCredentials')] + [ValidateSet('notConfigured', 'automaticallyDenyElevationRequests', 'promptForCredentialsOnTheSecureDesktop', 'promptForCredentials')] [System.String] $LocalSecurityOptionsStandardUserElevationPromptBehavior, @@ -942,12 +942,12 @@ function Get-TargetResource $UserRightsTakeOwnership, [Parameter()] - [ValidateSet('notConfigured','enable','disable')] + [ValidateSet('notConfigured', 'enable', 'disable')] [System.String] $WindowsDefenderTamperProtection, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesAccessoryManagementServiceStartupMode, @@ -956,17 +956,17 @@ function Get-TargetResource $XboxServicesEnableXboxGameSaveTask, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveAuthManagerServiceStartupMode, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveGameSaveServiceStartupMode, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveNetworkingServiceStartupMode, @@ -1044,13 +1044,13 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Device Configuration Endpoint Protection Policy for Windows10 with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDeviceManagementDeviceConfiguration ` -Filter "DisplayName eq '$DisplayName'" ` @@ -1089,13 +1089,13 @@ function Get-TargetResource { $complexRecoveryOptions.Add('RecoveryPasswordUsage', $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.recoveryOptions.recoveryPasswordUsage.toString()) } - if($complexRecoveryOptions.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexRecoveryOptions.values.Where({ $null -ne $_ }).count -eq 0) { $complexRecoveryOptions = $null } - $complexBitLockerFixedDrivePolicy.Add('RecoveryOptions',$complexRecoveryOptions) + $complexBitLockerFixedDrivePolicy.Add('RecoveryOptions', $complexRecoveryOptions) $complexBitLockerFixedDrivePolicy.Add('RequireEncryptionForWriteAccess', $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.requireEncryptionForWriteAccess) - if($complexBitLockerFixedDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexBitLockerFixedDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) { $complexBitLockerFixedDrivePolicy = $null } @@ -1107,7 +1107,7 @@ function Get-TargetResource $complexBitLockerRemovableDrivePolicy.Add('EncryptionMethod', $getValue.AdditionalProperties.bitLockerRemovableDrivePolicy.encryptionMethod.toString()) } $complexBitLockerRemovableDrivePolicy.Add('RequireEncryptionForWriteAccess', $getValue.AdditionalProperties.bitLockerRemovableDrivePolicy.requireEncryptionForWriteAccess) - if($complexBitLockerRemovableDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexBitLockerRemovableDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) { $complexBitLockerRemovableDrivePolicy = $null } @@ -1138,11 +1138,11 @@ function Get-TargetResource { $complexRecoveryOptions.Add('RecoveryPasswordUsage', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.recoveryOptions.recoveryPasswordUsage.toString()) } - if($complexRecoveryOptions.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexRecoveryOptions.values.Where({ $null -ne $_ }).count -eq 0) { $complexRecoveryOptions = $null } - $complexBitLockerSystemDrivePolicy.Add('RecoveryOptions',$complexRecoveryOptions) + $complexBitLockerSystemDrivePolicy.Add('RecoveryOptions', $complexRecoveryOptions) $complexBitLockerSystemDrivePolicy.Add('StartupAuthenticationBlockWithoutTpmChip', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationBlockWithoutTpmChip) $complexBitLockerSystemDrivePolicy.Add('StartupAuthenticationRequired', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationRequired) if ($null -ne $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationTpmKeyUsage) @@ -1161,7 +1161,7 @@ function Get-TargetResource { $complexBitLockerSystemDrivePolicy.Add('StartupAuthenticationTpmUsage', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationTpmUsage.toString()) } - if($complexBitLockerSystemDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexBitLockerSystemDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) { $complexBitLockerSystemDrivePolicy = $null } @@ -1183,7 +1183,7 @@ function Get-TargetResource { $complexDefenderDetectedMalwareActions.Add('SevereSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity.toString()) } - if($complexDefenderDetectedMalwareActions.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexDefenderDetectedMalwareActions.values.Where({ $null -ne $_ }).count -eq 0) { $complexDefenderDetectedMalwareActions = $null } @@ -1215,7 +1215,7 @@ function Get-TargetResource $complexFirewallProfileDomain.Add('StealthModeRequired', $getValue.AdditionalProperties.firewallProfileDomain.stealthModeRequired) $complexFirewallProfileDomain.Add('UnicastResponsesToMulticastBroadcastsBlocked', $getValue.AdditionalProperties.firewallProfileDomain.unicastResponsesToMulticastBroadcastsBlocked) $complexFirewallProfileDomain.Add('UnicastResponsesToMulticastBroadcastsRequired', $getValue.AdditionalProperties.firewallProfileDomain.unicastResponsesToMulticastBroadcastsRequired) - if($complexFirewallProfileDomain.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexFirewallProfileDomain.values.Where({ $null -ne $_ }).count -eq 0) { $complexFirewallProfileDomain = $null } @@ -1247,7 +1247,7 @@ function Get-TargetResource $complexFirewallProfilePrivate.Add('StealthModeRequired', $getValue.AdditionalProperties.firewallProfilePrivate.stealthModeRequired) $complexFirewallProfilePrivate.Add('UnicastResponsesToMulticastBroadcastsBlocked', $getValue.AdditionalProperties.firewallProfilePrivate.unicastResponsesToMulticastBroadcastsBlocked) $complexFirewallProfilePrivate.Add('UnicastResponsesToMulticastBroadcastsRequired', $getValue.AdditionalProperties.firewallProfilePrivate.unicastResponsesToMulticastBroadcastsRequired) - if($complexFirewallProfilePrivate.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexFirewallProfilePrivate.values.Where({ $null -ne $_ }).count -eq 0) { $complexFirewallProfilePrivate = $null } @@ -1279,13 +1279,13 @@ function Get-TargetResource $complexFirewallProfilePublic.Add('StealthModeRequired', $getValue.AdditionalProperties.firewallProfilePublic.stealthModeRequired) $complexFirewallProfilePublic.Add('UnicastResponsesToMulticastBroadcastsBlocked', $getValue.AdditionalProperties.firewallProfilePublic.unicastResponsesToMulticastBroadcastsBlocked) $complexFirewallProfilePublic.Add('UnicastResponsesToMulticastBroadcastsRequired', $getValue.AdditionalProperties.firewallProfilePublic.unicastResponsesToMulticastBroadcastsRequired) - if($complexFirewallProfilePublic.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexFirewallProfilePublic.values.Where({ $null -ne $_ }).count -eq 0) { $complexFirewallProfilePublic = $null } $complexFirewallRules = @() - foreach($currentfirewallRules in $getValue.AdditionalProperties.firewallRules) + foreach ($currentfirewallRules in $getValue.AdditionalProperties.firewallRules) { $myfirewallRules = @{} if ($null -ne $getValue.AdditionalProperties.firewallRules.action) @@ -1319,7 +1319,7 @@ function Get-TargetResource { $myfirewallRules.Add('TrafficDirection', $getValue.AdditionalProperties.firewallRules.trafficDirection.toString()) } - if($myfirewallRules.values.Where({ $null -ne $_ }).count -gt 0) + if ($myfirewallRules.values.Where({ $null -ne $_ }).count -gt 0) { $complexFirewallRules += $myfirewallRules } @@ -1327,667 +1327,667 @@ function Get-TargetResource $complexUserRightsAccessCredentialManagerAsTrustedCaller = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsAccessCredentialManagerAsTrustedCaller.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsAccessCredentialManagerAsTrustedCaller.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsAccessCredentialManagerAsTrustedCaller.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsAccessCredentialManagerAsTrustedCaller.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsAccessCredentialManagerAsTrustedCaller.state) { $complexUserRightsAccessCredentialManagerAsTrustedCaller.Add('State', $getValue.AdditionalProperties.userRightsAccessCredentialManagerAsTrustedCaller.state.toString()) } - if($complexUserRightsAccessCredentialManagerAsTrustedCaller.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsAccessCredentialManagerAsTrustedCaller.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsAccessCredentialManagerAsTrustedCaller = $null } $complexUserRightsActAsPartOfTheOperatingSystem = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsActAsPartOfTheOperatingSystem.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsActAsPartOfTheOperatingSystem.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsActAsPartOfTheOperatingSystem.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsActAsPartOfTheOperatingSystem.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsActAsPartOfTheOperatingSystem.state) { $complexUserRightsActAsPartOfTheOperatingSystem.Add('State', $getValue.AdditionalProperties.userRightsActAsPartOfTheOperatingSystem.state.toString()) } - if($complexUserRightsActAsPartOfTheOperatingSystem.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsActAsPartOfTheOperatingSystem.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsActAsPartOfTheOperatingSystem = $null } $complexUserRightsAllowAccessFromNetwork = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsAllowAccessFromNetwork.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsAllowAccessFromNetwork.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsAllowAccessFromNetwork.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsAllowAccessFromNetwork.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsAllowAccessFromNetwork.state) { $complexUserRightsAllowAccessFromNetwork.Add('State', $getValue.AdditionalProperties.userRightsAllowAccessFromNetwork.state.toString()) } - if($complexUserRightsAllowAccessFromNetwork.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsAllowAccessFromNetwork.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsAllowAccessFromNetwork = $null } $complexUserRightsBackupData = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsBackupData.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsBackupData.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsBackupData.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsBackupData.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsBackupData.state) { $complexUserRightsBackupData.Add('State', $getValue.AdditionalProperties.userRightsBackupData.state.toString()) } - if($complexUserRightsBackupData.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsBackupData.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsBackupData = $null } $complexUserRightsBlockAccessFromNetwork = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsBlockAccessFromNetwork.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsBlockAccessFromNetwork.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsBlockAccessFromNetwork.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsBlockAccessFromNetwork.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsBlockAccessFromNetwork.state) { $complexUserRightsBlockAccessFromNetwork.Add('State', $getValue.AdditionalProperties.userRightsBlockAccessFromNetwork.state.toString()) } - if($complexUserRightsBlockAccessFromNetwork.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsBlockAccessFromNetwork.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsBlockAccessFromNetwork = $null } $complexUserRightsChangeSystemTime = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsChangeSystemTime.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsChangeSystemTime.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsChangeSystemTime.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsChangeSystemTime.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsChangeSystemTime.state) { $complexUserRightsChangeSystemTime.Add('State', $getValue.AdditionalProperties.userRightsChangeSystemTime.state.toString()) } - if($complexUserRightsChangeSystemTime.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsChangeSystemTime.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsChangeSystemTime = $null } $complexUserRightsCreateGlobalObjects = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateGlobalObjects.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateGlobalObjects.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsCreateGlobalObjects.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsCreateGlobalObjects.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreateGlobalObjects.state) { $complexUserRightsCreateGlobalObjects.Add('State', $getValue.AdditionalProperties.userRightsCreateGlobalObjects.state.toString()) } - if($complexUserRightsCreateGlobalObjects.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsCreateGlobalObjects.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreateGlobalObjects = $null } $complexUserRightsCreatePageFile = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreatePageFile.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreatePageFile.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsCreatePageFile.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsCreatePageFile.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreatePageFile.state) { $complexUserRightsCreatePageFile.Add('State', $getValue.AdditionalProperties.userRightsCreatePageFile.state.toString()) } - if($complexUserRightsCreatePageFile.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsCreatePageFile.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreatePageFile = $null } $complexUserRightsCreatePermanentSharedObjects = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreatePermanentSharedObjects.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreatePermanentSharedObjects.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsCreatePermanentSharedObjects.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsCreatePermanentSharedObjects.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreatePermanentSharedObjects.state) { $complexUserRightsCreatePermanentSharedObjects.Add('State', $getValue.AdditionalProperties.userRightsCreatePermanentSharedObjects.state.toString()) } - if($complexUserRightsCreatePermanentSharedObjects.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsCreatePermanentSharedObjects.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreatePermanentSharedObjects = $null } $complexUserRightsCreateSymbolicLinks = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateSymbolicLinks.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateSymbolicLinks.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsCreateSymbolicLinks.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsCreateSymbolicLinks.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreateSymbolicLinks.state) { $complexUserRightsCreateSymbolicLinks.Add('State', $getValue.AdditionalProperties.userRightsCreateSymbolicLinks.state.toString()) } - if($complexUserRightsCreateSymbolicLinks.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsCreateSymbolicLinks.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreateSymbolicLinks = $null } $complexUserRightsCreateToken = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateToken.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateToken.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsCreateToken.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsCreateToken.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreateToken.state) { $complexUserRightsCreateToken.Add('State', $getValue.AdditionalProperties.userRightsCreateToken.state.toString()) } - if($complexUserRightsCreateToken.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsCreateToken.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreateToken = $null } $complexUserRightsDebugPrograms = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDebugPrograms.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDebugPrograms.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsDebugPrograms.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsDebugPrograms.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsDebugPrograms.state) { $complexUserRightsDebugPrograms.Add('State', $getValue.AdditionalProperties.userRightsDebugPrograms.state.toString()) } - if($complexUserRightsDebugPrograms.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsDebugPrograms.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsDebugPrograms = $null } $complexUserRightsDelegation = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDelegation.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDelegation.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsDelegation.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsDelegation.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsDelegation.state) { $complexUserRightsDelegation.Add('State', $getValue.AdditionalProperties.userRightsDelegation.state.toString()) } - if($complexUserRightsDelegation.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsDelegation.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsDelegation = $null } $complexUserRightsDenyLocalLogOn = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDenyLocalLogOn.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDenyLocalLogOn.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsDenyLocalLogOn.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsDenyLocalLogOn.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsDenyLocalLogOn.state) { $complexUserRightsDenyLocalLogOn.Add('State', $getValue.AdditionalProperties.userRightsDenyLocalLogOn.state.toString()) } - if($complexUserRightsDenyLocalLogOn.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsDenyLocalLogOn.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsDenyLocalLogOn = $null } $complexUserRightsGenerateSecurityAudits = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsGenerateSecurityAudits.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsGenerateSecurityAudits.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsGenerateSecurityAudits.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsGenerateSecurityAudits.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsGenerateSecurityAudits.state) { $complexUserRightsGenerateSecurityAudits.Add('State', $getValue.AdditionalProperties.userRightsGenerateSecurityAudits.state.toString()) } - if($complexUserRightsGenerateSecurityAudits.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsGenerateSecurityAudits.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsGenerateSecurityAudits = $null } $complexUserRightsImpersonateClient = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsImpersonateClient.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsImpersonateClient.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsImpersonateClient.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsImpersonateClient.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsImpersonateClient.state) { $complexUserRightsImpersonateClient.Add('State', $getValue.AdditionalProperties.userRightsImpersonateClient.state.toString()) } - if($complexUserRightsImpersonateClient.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsImpersonateClient.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsImpersonateClient = $null } $complexUserRightsIncreaseSchedulingPriority = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsIncreaseSchedulingPriority.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsIncreaseSchedulingPriority.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsIncreaseSchedulingPriority.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsIncreaseSchedulingPriority.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsIncreaseSchedulingPriority.state) { $complexUserRightsIncreaseSchedulingPriority.Add('State', $getValue.AdditionalProperties.userRightsIncreaseSchedulingPriority.state.toString()) } - if($complexUserRightsIncreaseSchedulingPriority.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsIncreaseSchedulingPriority.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsIncreaseSchedulingPriority = $null } $complexUserRightsLoadUnloadDrivers = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLoadUnloadDrivers.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLoadUnloadDrivers.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsLoadUnloadDrivers.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsLoadUnloadDrivers.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsLoadUnloadDrivers.state) { $complexUserRightsLoadUnloadDrivers.Add('State', $getValue.AdditionalProperties.userRightsLoadUnloadDrivers.state.toString()) } - if($complexUserRightsLoadUnloadDrivers.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsLoadUnloadDrivers.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsLoadUnloadDrivers = $null } $complexUserRightsLocalLogOn = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLocalLogOn.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLocalLogOn.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsLocalLogOn.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsLocalLogOn.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsLocalLogOn.state) { $complexUserRightsLocalLogOn.Add('State', $getValue.AdditionalProperties.userRightsLocalLogOn.state.toString()) } - if($complexUserRightsLocalLogOn.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsLocalLogOn.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsLocalLogOn = $null } $complexUserRightsLockMemory = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLockMemory.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLockMemory.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsLockMemory.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsLockMemory.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsLockMemory.state) { $complexUserRightsLockMemory.Add('State', $getValue.AdditionalProperties.userRightsLockMemory.state.toString()) } - if($complexUserRightsLockMemory.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsLockMemory.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsLockMemory = $null } $complexUserRightsManageAuditingAndSecurityLogs = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsManageAuditingAndSecurityLogs.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsManageAuditingAndSecurityLogs.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsManageAuditingAndSecurityLogs.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsManageAuditingAndSecurityLogs.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsManageAuditingAndSecurityLogs.state) { $complexUserRightsManageAuditingAndSecurityLogs.Add('State', $getValue.AdditionalProperties.userRightsManageAuditingAndSecurityLogs.state.toString()) } - if($complexUserRightsManageAuditingAndSecurityLogs.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsManageAuditingAndSecurityLogs.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsManageAuditingAndSecurityLogs = $null } $complexUserRightsManageVolumes = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsManageVolumes.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsManageVolumes.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsManageVolumes.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsManageVolumes.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsManageVolumes.state) { $complexUserRightsManageVolumes.Add('State', $getValue.AdditionalProperties.userRightsManageVolumes.state.toString()) } - if($complexUserRightsManageVolumes.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsManageVolumes.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsManageVolumes = $null } $complexUserRightsModifyFirmwareEnvironment = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsModifyFirmwareEnvironment.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsModifyFirmwareEnvironment.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsModifyFirmwareEnvironment.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsModifyFirmwareEnvironment.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsModifyFirmwareEnvironment.state) { $complexUserRightsModifyFirmwareEnvironment.Add('State', $getValue.AdditionalProperties.userRightsModifyFirmwareEnvironment.state.toString()) } - if($complexUserRightsModifyFirmwareEnvironment.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsModifyFirmwareEnvironment.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsModifyFirmwareEnvironment = $null } $complexUserRightsModifyObjectLabels = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsModifyObjectLabels.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsModifyObjectLabels.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsModifyObjectLabels.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsModifyObjectLabels.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsModifyObjectLabels.state) { $complexUserRightsModifyObjectLabels.Add('State', $getValue.AdditionalProperties.userRightsModifyObjectLabels.state.toString()) } - if($complexUserRightsModifyObjectLabels.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsModifyObjectLabels.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsModifyObjectLabels = $null } $complexUserRightsProfileSingleProcess = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsProfileSingleProcess.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsProfileSingleProcess.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsProfileSingleProcess.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsProfileSingleProcess.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsProfileSingleProcess.state) { $complexUserRightsProfileSingleProcess.Add('State', $getValue.AdditionalProperties.userRightsProfileSingleProcess.state.toString()) } - if($complexUserRightsProfileSingleProcess.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsProfileSingleProcess.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsProfileSingleProcess = $null } $complexUserRightsRemoteDesktopServicesLogOn = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRemoteDesktopServicesLogOn.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRemoteDesktopServicesLogOn.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsRemoteDesktopServicesLogOn.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsRemoteDesktopServicesLogOn.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsRemoteDesktopServicesLogOn.state) { $complexUserRightsRemoteDesktopServicesLogOn.Add('State', $getValue.AdditionalProperties.userRightsRemoteDesktopServicesLogOn.state.toString()) } - if($complexUserRightsRemoteDesktopServicesLogOn.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsRemoteDesktopServicesLogOn.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsRemoteDesktopServicesLogOn = $null } $complexUserRightsRemoteShutdown = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRemoteShutdown.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRemoteShutdown.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsRemoteShutdown.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsRemoteShutdown.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsRemoteShutdown.state) { $complexUserRightsRemoteShutdown.Add('State', $getValue.AdditionalProperties.userRightsRemoteShutdown.state.toString()) } - if($complexUserRightsRemoteShutdown.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsRemoteShutdown.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsRemoteShutdown = $null } $complexUserRightsRestoreData = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRestoreData.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRestoreData.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsRestoreData.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsRestoreData.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsRestoreData.state) { $complexUserRightsRestoreData.Add('State', $getValue.AdditionalProperties.userRightsRestoreData.state.toString()) } - if($complexUserRightsRestoreData.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsRestoreData.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsRestoreData = $null } $complexUserRightsTakeOwnership = @{} $complexLocalUsersOrGroups = @() - foreach($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsTakeOwnership.localUsersOrGroups) + foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsTakeOwnership.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) - if($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) + if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } - $complexUserRightsTakeOwnership.Add('LocalUsersOrGroups',$complexLocalUsersOrGroups) + $complexUserRightsTakeOwnership.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsTakeOwnership.state) { $complexUserRightsTakeOwnership.Add('State', $getValue.AdditionalProperties.userRightsTakeOwnership.state.toString()) } - if($complexUserRightsTakeOwnership.values.Where({ $null -ne $_ }).count -eq 0) + if ($complexUserRightsTakeOwnership.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsTakeOwnership = $null } @@ -2624,11 +2624,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' - deviceAndAppManagementAssignmentFilterType = $(if($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -2687,12 +2689,12 @@ function Set-TargetResource $ApplicationGuardAllowVirtualGPU, [Parameter()] - [ValidateSet('notConfigured','blockBoth','blockHostToContainer','blockContainerToHost','blockNone')] + [ValidateSet('notConfigured', 'blockBoth', 'blockHostToContainer', 'blockContainerToHost', 'blockNone')] [System.String] $ApplicationGuardBlockClipboardSharing, [Parameter()] - [ValidateSet('notConfigured','blockImageAndTextFile','blockImageFile','blockNone','blockTextFile')] + [ValidateSet('notConfigured', 'blockImageAndTextFile', 'blockImageFile', 'blockNone', 'blockTextFile')] [System.String] $ApplicationGuardBlockFileTransfer, @@ -2709,7 +2711,7 @@ function Set-TargetResource $ApplicationGuardEnabled, [Parameter()] - [ValidateSet('notConfigured','enabledForEdge','enabledForOffice','enabledForEdgeAndOffice')] + [ValidateSet('notConfigured', 'enabledForEdge', 'enabledForOffice', 'enabledForEdgeAndOffice')] [System.String] $ApplicationGuardEnabledOptions, @@ -2718,7 +2720,7 @@ function Set-TargetResource $ApplicationGuardForceAuditing, [Parameter()] - [ValidateSet('notConfigured','enforceComponentsAndStoreApps','auditComponentsAndStoreApps','enforceComponentsStoreAppsAndSmartlocker','auditComponentsStoreAppsAndSmartlocker')] + [ValidateSet('notConfigured', 'enforceComponentsAndStoreApps', 'auditComponentsAndStoreApps', 'enforceComponentsStoreAppsAndSmartlocker', 'auditComponentsStoreAppsAndSmartlocker')] [System.String] $AppLockerApplicationControl, @@ -2743,7 +2745,7 @@ function Set-TargetResource $BitLockerFixedDrivePolicy, [Parameter()] - [ValidateSet('notConfigured','disabled','enabledForAzureAd','enabledForAzureAdAndHybrid')] + [ValidateSet('notConfigured', 'disabled', 'enabledForAzureAd', 'enabledForAzureAdAndHybrid')] [System.String] $BitLockerRecoveryPasswordRotation, @@ -2760,12 +2762,12 @@ function Set-TargetResource $DefenderAdditionalGuardedFolders, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdobeReaderLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdvancedRansomewareProtectionType, @@ -2822,7 +2824,7 @@ function Set-TargetResource $DefenderBlockEndUserAccess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderBlockPersistenceThroughWmiType, @@ -2831,7 +2833,7 @@ function Set-TargetResource $DefenderCheckForSignaturesBeforeRunningScan, [Parameter()] - [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, @@ -2896,12 +2898,12 @@ function Set-TargetResource $DefenderDisableScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderEmailContentExecution, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderEmailContentExecutionType, @@ -2938,77 +2940,77 @@ function Set-TargetResource $DefenderGuardedFoldersAllowedAppPaths, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','blockDiskModification','auditDiskModification')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'blockDiskModification', 'auditDiskModification')] [System.String] $DefenderGuardMyFoldersType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderNetworkProtectionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunch, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunchType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsLaunchChildProcessType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsOtherProcessInjection, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsOtherProcessInjectionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeCommunicationAppsLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeMacroCodeAllowWin32Imports, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeMacroCodeAllowWin32ImportsType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPreventCredentialStealingType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderProcessCreation, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderProcessCreationType, @@ -3017,7 +3019,7 @@ function Set-TargetResource $DefenderProcessesToExclude, [Parameter()] - [ValidateSet('monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [ValidateSet('monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderScanDirection, @@ -3026,7 +3028,7 @@ function Set-TargetResource $DefenderScanMaxCpuPercentage, [Parameter()] - [ValidateSet('userDefined','disabled','quick','full')] + [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, @@ -3035,7 +3037,7 @@ function Set-TargetResource $DefenderScheduledQuickScanTime, [Parameter()] - [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderScheduledScanDay, @@ -3044,22 +3046,22 @@ function Set-TargetResource $DefenderScheduledScanTime, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptDownloadedPayloadExecution, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptDownloadedPayloadExecutionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptObfuscatedMacroCode, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptObfuscatedMacroCodeType, @@ -3132,12 +3134,12 @@ function Set-TargetResource $DefenderSecurityCenterHelpURL, [Parameter()] - [ValidateSet('notConfigured','displayInAppAndInNotifications','displayOnlyInApp','displayOnlyInNotifications')] + [ValidateSet('notConfigured', 'displayInAppAndInNotifications', 'displayOnlyInApp', 'displayOnlyInNotifications')] [System.String] $DefenderSecurityCenterITContactDisplay, [Parameter()] - [ValidateSet('notConfigured','blockNoncriticalNotifications','blockAllNotifications')] + [ValidateSet('notConfigured', 'blockNoncriticalNotifications', 'blockAllNotifications')] [System.String] $DefenderSecurityCenterNotificationsFromApp, @@ -3150,27 +3152,27 @@ function Set-TargetResource $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedExecutable, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedExecutableType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedUSBProcess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedUSBProcessType, @@ -3183,22 +3185,22 @@ function Set-TargetResource $DeviceGuardEnableVirtualizationBasedSecurity, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $DeviceGuardLaunchSystemGuard, [Parameter()] - [ValidateSet('notConfigured','enableWithUEFILock','enableWithoutUEFILock','disable')] + [ValidateSet('notConfigured', 'enableWithUEFILock', 'enableWithoutUEFILock', 'disable')] [System.String] $DeviceGuardLocalSystemAuthorityCredentialGuardSettings, [Parameter()] - [ValidateSet('notConfigured','withoutDMA','withDMA')] + [ValidateSet('notConfigured', 'withoutDMA', 'withDMA')] [System.String] $DeviceGuardSecureBootWithDMA, [Parameter()] - [ValidateSet('deviceDefault','blockAll','allowAll')] + [ValidateSet('deviceDefault', 'blockAll', 'allowAll')] [System.String] $DmaGuardDeviceEnumerationPolicy, @@ -3207,7 +3209,7 @@ function Set-TargetResource $FirewallBlockStatefulFTP, [Parameter()] - [ValidateSet('deviceDefault','none','attempt','require')] + [ValidateSet('deviceDefault', 'none', 'attempt', 'require')] [System.String] $FirewallCertificateRevocationListCheckMethod, @@ -3240,12 +3242,12 @@ function Set-TargetResource $FirewallMergeKeyingModuleSettings, [Parameter()] - [ValidateSet('deviceDefault','disabled','queueInbound','queueOutbound','queueBoth')] + [ValidateSet('deviceDefault', 'disabled', 'queueInbound', 'queueOutbound', 'queueBoth')] [System.String] $FirewallPacketQueueingMethod, [Parameter()] - [ValidateSet('deviceDefault','none','utF8')] + [ValidateSet('deviceDefault', 'none', 'utF8')] [System.String] $FirewallPreSharedKeyEncodingMethod, @@ -3266,7 +3268,7 @@ function Set-TargetResource $FirewallRules, [Parameter()] - [ValidateSet('lmAndNltm','lmNtlmAndNtlmV2','lmAndNtlmOnly','lmAndNtlmV2','lmNtlmV2AndNotLm','lmNtlmV2AndNotLmOrNtm')] + [ValidateSet('lmAndNltm', 'lmNtlmAndNtlmV2', 'lmAndNtlmOnly', 'lmAndNtlmV2', 'lmNtlmV2AndNotLm', 'lmNtlmV2AndNotLmOrNtm')] [System.String] $LanManagerAuthenticationLevel, @@ -3279,7 +3281,7 @@ function Set-TargetResource $LocalSecurityOptionsAdministratorAccountName, [Parameter()] - [ValidateSet('notConfigured','elevateWithoutPrompting','promptForCredentialsOnTheSecureDesktop','promptForConsentOnTheSecureDesktop','promptForCredentials','promptForConsent','promptForConsentForNonWindowsBinaries')] + [ValidateSet('notConfigured', 'elevateWithoutPrompting', 'promptForCredentialsOnTheSecureDesktop', 'promptForConsentOnTheSecureDesktop', 'promptForCredentials', 'promptForConsent', 'promptForConsentForNonWindowsBinaries')] [System.String] $LocalSecurityOptionsAdministratorElevationPromptBehavior, @@ -3380,7 +3382,7 @@ function Set-TargetResource $LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange, [Parameter()] - [ValidateSet('notConfigured','administrators','administratorsAndPowerUsers','administratorsAndInteractiveUsers')] + [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser, @@ -3397,12 +3399,12 @@ function Set-TargetResource $LocalSecurityOptionsHideUsernameAtSignIn, [Parameter()] - [ValidateSet('notConfigured','administrators','administratorsAndPowerUsers','administratorsAndInteractiveUsers')] + [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsInformationDisplayedOnLockScreen, [Parameter()] - [ValidateSet('notConfigured','userDisplayNameDomainUser','userDisplayNameOnly','doNotDisplayUser')] + [ValidateSet('notConfigured', 'userDisplayNameDomainUser', 'userDisplayNameOnly', 'doNotDisplayUser')] [System.String] $LocalSecurityOptionsInformationShownOnLockScreen, @@ -3423,12 +3425,12 @@ function Set-TargetResource $LocalSecurityOptionsMachineInactivityLimitInMinutes, [Parameter()] - [ValidateSet('none','requireNtmlV2SessionSecurity','require128BitEncryption','ntlmV2And128BitEncryption')] + [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients, [Parameter()] - [ValidateSet('none','requireNtmlV2SessionSecurity','require128BitEncryption','ntlmV2And128BitEncryption')] + [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers, @@ -3441,12 +3443,12 @@ function Set-TargetResource $LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares, [Parameter()] - [ValidateSet('noAction','lockWorkstation','forceLogoff','disconnectRemoteDesktopSession')] + [ValidateSet('noAction', 'lockWorkstation', 'forceLogoff', 'disconnectRemoteDesktopSession')] [System.String] $LocalSecurityOptionsSmartCardRemovalBehavior, [Parameter()] - [ValidateSet('notConfigured','automaticallyDenyElevationRequests','promptForCredentialsOnTheSecureDesktop','promptForCredentials')] + [ValidateSet('notConfigured', 'automaticallyDenyElevationRequests', 'promptForCredentialsOnTheSecureDesktop', 'promptForCredentials')] [System.String] $LocalSecurityOptionsStandardUserElevationPromptBehavior, @@ -3591,12 +3593,12 @@ function Set-TargetResource $UserRightsTakeOwnership, [Parameter()] - [ValidateSet('notConfigured','enable','disable')] + [ValidateSet('notConfigured', 'enable', 'disable')] [System.String] $WindowsDefenderTamperProtection, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesAccessoryManagementServiceStartupMode, @@ -3605,17 +3607,17 @@ function Set-TargetResource $XboxServicesEnableXboxGameSaveTask, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveAuthManagerServiceStartupMode, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveGameSaveServiceStartupMode, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveNetworkingServiceStartupMode, @@ -3697,32 +3699,32 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Endpoint Protection Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10EndpointProtectionConfiguration") - $policy=New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10EndpointProtectionConfiguration') + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - if($policy.id) + if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -3731,30 +3733,30 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Endpoint Protection Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters $UpdateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10EndpointProtectionConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10EndpointProtectionConfiguration') Update-MgDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` @@ -3810,12 +3812,12 @@ function Test-TargetResource $ApplicationGuardAllowVirtualGPU, [Parameter()] - [ValidateSet('notConfigured','blockBoth','blockHostToContainer','blockContainerToHost','blockNone')] + [ValidateSet('notConfigured', 'blockBoth', 'blockHostToContainer', 'blockContainerToHost', 'blockNone')] [System.String] $ApplicationGuardBlockClipboardSharing, [Parameter()] - [ValidateSet('notConfigured','blockImageAndTextFile','blockImageFile','blockNone','blockTextFile')] + [ValidateSet('notConfigured', 'blockImageAndTextFile', 'blockImageFile', 'blockNone', 'blockTextFile')] [System.String] $ApplicationGuardBlockFileTransfer, @@ -3832,7 +3834,7 @@ function Test-TargetResource $ApplicationGuardEnabled, [Parameter()] - [ValidateSet('notConfigured','enabledForEdge','enabledForOffice','enabledForEdgeAndOffice')] + [ValidateSet('notConfigured', 'enabledForEdge', 'enabledForOffice', 'enabledForEdgeAndOffice')] [System.String] $ApplicationGuardEnabledOptions, @@ -3841,7 +3843,7 @@ function Test-TargetResource $ApplicationGuardForceAuditing, [Parameter()] - [ValidateSet('notConfigured','enforceComponentsAndStoreApps','auditComponentsAndStoreApps','enforceComponentsStoreAppsAndSmartlocker','auditComponentsStoreAppsAndSmartlocker')] + [ValidateSet('notConfigured', 'enforceComponentsAndStoreApps', 'auditComponentsAndStoreApps', 'enforceComponentsStoreAppsAndSmartlocker', 'auditComponentsStoreAppsAndSmartlocker')] [System.String] $AppLockerApplicationControl, @@ -3866,7 +3868,7 @@ function Test-TargetResource $BitLockerFixedDrivePolicy, [Parameter()] - [ValidateSet('notConfigured','disabled','enabledForAzureAd','enabledForAzureAdAndHybrid')] + [ValidateSet('notConfigured', 'disabled', 'enabledForAzureAd', 'enabledForAzureAdAndHybrid')] [System.String] $BitLockerRecoveryPasswordRotation, @@ -3883,12 +3885,12 @@ function Test-TargetResource $DefenderAdditionalGuardedFolders, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdobeReaderLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdvancedRansomewareProtectionType, @@ -3945,7 +3947,7 @@ function Test-TargetResource $DefenderBlockEndUserAccess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderBlockPersistenceThroughWmiType, @@ -3954,7 +3956,7 @@ function Test-TargetResource $DefenderCheckForSignaturesBeforeRunningScan, [Parameter()] - [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, @@ -4019,12 +4021,12 @@ function Test-TargetResource $DefenderDisableScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderEmailContentExecution, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderEmailContentExecutionType, @@ -4061,77 +4063,77 @@ function Test-TargetResource $DefenderGuardedFoldersAllowedAppPaths, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','blockDiskModification','auditDiskModification')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'blockDiskModification', 'auditDiskModification')] [System.String] $DefenderGuardMyFoldersType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderNetworkProtectionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunch, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunchType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsLaunchChildProcessType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsOtherProcessInjection, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsOtherProcessInjectionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeCommunicationAppsLaunchChildProcess, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeMacroCodeAllowWin32Imports, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeMacroCodeAllowWin32ImportsType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPreventCredentialStealingType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderProcessCreation, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderProcessCreationType, @@ -4140,7 +4142,7 @@ function Test-TargetResource $DefenderProcessesToExclude, [Parameter()] - [ValidateSet('monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [ValidateSet('monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderScanDirection, @@ -4149,7 +4151,7 @@ function Test-TargetResource $DefenderScanMaxCpuPercentage, [Parameter()] - [ValidateSet('userDefined','disabled','quick','full')] + [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, @@ -4158,7 +4160,7 @@ function Test-TargetResource $DefenderScheduledQuickScanTime, [Parameter()] - [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderScheduledScanDay, @@ -4167,22 +4169,22 @@ function Test-TargetResource $DefenderScheduledScanTime, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptDownloadedPayloadExecution, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptDownloadedPayloadExecutionType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptObfuscatedMacroCode, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptObfuscatedMacroCodeType, @@ -4255,12 +4257,12 @@ function Test-TargetResource $DefenderSecurityCenterHelpURL, [Parameter()] - [ValidateSet('notConfigured','displayInAppAndInNotifications','displayOnlyInApp','displayOnlyInNotifications')] + [ValidateSet('notConfigured', 'displayInAppAndInNotifications', 'displayOnlyInApp', 'displayOnlyInNotifications')] [System.String] $DefenderSecurityCenterITContactDisplay, [Parameter()] - [ValidateSet('notConfigured','blockNoncriticalNotifications','blockAllNotifications')] + [ValidateSet('notConfigured', 'blockNoncriticalNotifications', 'blockAllNotifications')] [System.String] $DefenderSecurityCenterNotificationsFromApp, @@ -4273,27 +4275,27 @@ function Test-TargetResource $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedExecutable, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedExecutableType, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedUSBProcess, [Parameter()] - [ValidateSet('userDefined','block','auditMode','warn','disable')] + [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedUSBProcessType, @@ -4306,22 +4308,22 @@ function Test-TargetResource $DeviceGuardEnableVirtualizationBasedSecurity, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $DeviceGuardLaunchSystemGuard, [Parameter()] - [ValidateSet('notConfigured','enableWithUEFILock','enableWithoutUEFILock','disable')] + [ValidateSet('notConfigured', 'enableWithUEFILock', 'enableWithoutUEFILock', 'disable')] [System.String] $DeviceGuardLocalSystemAuthorityCredentialGuardSettings, [Parameter()] - [ValidateSet('notConfigured','withoutDMA','withDMA')] + [ValidateSet('notConfigured', 'withoutDMA', 'withDMA')] [System.String] $DeviceGuardSecureBootWithDMA, [Parameter()] - [ValidateSet('deviceDefault','blockAll','allowAll')] + [ValidateSet('deviceDefault', 'blockAll', 'allowAll')] [System.String] $DmaGuardDeviceEnumerationPolicy, @@ -4330,7 +4332,7 @@ function Test-TargetResource $FirewallBlockStatefulFTP, [Parameter()] - [ValidateSet('deviceDefault','none','attempt','require')] + [ValidateSet('deviceDefault', 'none', 'attempt', 'require')] [System.String] $FirewallCertificateRevocationListCheckMethod, @@ -4363,12 +4365,12 @@ function Test-TargetResource $FirewallMergeKeyingModuleSettings, [Parameter()] - [ValidateSet('deviceDefault','disabled','queueInbound','queueOutbound','queueBoth')] + [ValidateSet('deviceDefault', 'disabled', 'queueInbound', 'queueOutbound', 'queueBoth')] [System.String] $FirewallPacketQueueingMethod, [Parameter()] - [ValidateSet('deviceDefault','none','utF8')] + [ValidateSet('deviceDefault', 'none', 'utF8')] [System.String] $FirewallPreSharedKeyEncodingMethod, @@ -4389,7 +4391,7 @@ function Test-TargetResource $FirewallRules, [Parameter()] - [ValidateSet('lmAndNltm','lmNtlmAndNtlmV2','lmAndNtlmOnly','lmAndNtlmV2','lmNtlmV2AndNotLm','lmNtlmV2AndNotLmOrNtm')] + [ValidateSet('lmAndNltm', 'lmNtlmAndNtlmV2', 'lmAndNtlmOnly', 'lmAndNtlmV2', 'lmNtlmV2AndNotLm', 'lmNtlmV2AndNotLmOrNtm')] [System.String] $LanManagerAuthenticationLevel, @@ -4402,7 +4404,7 @@ function Test-TargetResource $LocalSecurityOptionsAdministratorAccountName, [Parameter()] - [ValidateSet('notConfigured','elevateWithoutPrompting','promptForCredentialsOnTheSecureDesktop','promptForConsentOnTheSecureDesktop','promptForCredentials','promptForConsent','promptForConsentForNonWindowsBinaries')] + [ValidateSet('notConfigured', 'elevateWithoutPrompting', 'promptForCredentialsOnTheSecureDesktop', 'promptForConsentOnTheSecureDesktop', 'promptForCredentials', 'promptForConsent', 'promptForConsentForNonWindowsBinaries')] [System.String] $LocalSecurityOptionsAdministratorElevationPromptBehavior, @@ -4503,7 +4505,7 @@ function Test-TargetResource $LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange, [Parameter()] - [ValidateSet('notConfigured','administrators','administratorsAndPowerUsers','administratorsAndInteractiveUsers')] + [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser, @@ -4520,12 +4522,12 @@ function Test-TargetResource $LocalSecurityOptionsHideUsernameAtSignIn, [Parameter()] - [ValidateSet('notConfigured','administrators','administratorsAndPowerUsers','administratorsAndInteractiveUsers')] + [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsInformationDisplayedOnLockScreen, [Parameter()] - [ValidateSet('notConfigured','userDisplayNameDomainUser','userDisplayNameOnly','doNotDisplayUser')] + [ValidateSet('notConfigured', 'userDisplayNameDomainUser', 'userDisplayNameOnly', 'doNotDisplayUser')] [System.String] $LocalSecurityOptionsInformationShownOnLockScreen, @@ -4546,12 +4548,12 @@ function Test-TargetResource $LocalSecurityOptionsMachineInactivityLimitInMinutes, [Parameter()] - [ValidateSet('none','requireNtmlV2SessionSecurity','require128BitEncryption','ntlmV2And128BitEncryption')] + [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients, [Parameter()] - [ValidateSet('none','requireNtmlV2SessionSecurity','require128BitEncryption','ntlmV2And128BitEncryption')] + [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers, @@ -4564,12 +4566,12 @@ function Test-TargetResource $LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares, [Parameter()] - [ValidateSet('noAction','lockWorkstation','forceLogoff','disconnectRemoteDesktopSession')] + [ValidateSet('noAction', 'lockWorkstation', 'forceLogoff', 'disconnectRemoteDesktopSession')] [System.String] $LocalSecurityOptionsSmartCardRemovalBehavior, [Parameter()] - [ValidateSet('notConfigured','automaticallyDenyElevationRequests','promptForCredentialsOnTheSecureDesktop','promptForCredentials')] + [ValidateSet('notConfigured', 'automaticallyDenyElevationRequests', 'promptForCredentialsOnTheSecureDesktop', 'promptForCredentials')] [System.String] $LocalSecurityOptionsStandardUserElevationPromptBehavior, @@ -4714,12 +4716,12 @@ function Test-TargetResource $UserRightsTakeOwnership, [Parameter()] - [ValidateSet('notConfigured','enable','disable')] + [ValidateSet('notConfigured', 'enable', 'disable')] [System.String] $WindowsDefenderTamperProtection, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesAccessoryManagementServiceStartupMode, @@ -4728,17 +4730,17 @@ function Test-TargetResource $XboxServicesEnableXboxGameSaveTask, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveAuthManagerServiceStartupMode, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveGameSaveServiceStartupMode, [Parameter()] - [ValidateSet('manual','automatic','disabled')] + [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveNetworkingServiceStartupMode, @@ -4833,7 +4835,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -4917,7 +4919,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10EndpointProtectionConfiguration' ` - } + } #endregion $i = 1 @@ -4957,14 +4959,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'BitLockerFixedDrivePolicy' + Name = 'BitLockerFixedDrivePolicy' CimInstanceName = 'MicrosoftGraphBitLockerFixedDrivePolicy' - IsRequired = $False + IsRequired = $False } @{ - Name = 'RecoveryOptions' + Name = 'RecoveryOptions' CimInstanceName = 'MicrosoftGraphBitLockerRecoveryOptions' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -4972,7 +4974,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphbitLockerFixedDrivePolicy' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.BitLockerFixedDrivePolicy = $complexTypeStringResult } @@ -4986,7 +4988,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.BitLockerRemovableDrivePolicy ` -CIMInstanceName 'MicrosoftGraphbitLockerRemovableDrivePolicy' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.BitLockerRemovableDrivePolicy = $complexTypeStringResult } @@ -4999,14 +5001,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'BitLockerSystemDrivePolicy' + Name = 'BitLockerSystemDrivePolicy' CimInstanceName = 'MicrosoftGraphBitLockerSystemDrivePolicy' - IsRequired = $False + IsRequired = $False } @{ - Name = 'RecoveryOptions' + Name = 'RecoveryOptions' CimInstanceName = 'MicrosoftGraphBitLockerRecoveryOptions' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5014,7 +5016,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphbitLockerSystemDrivePolicy' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.BitLockerSystemDrivePolicy = $complexTypeStringResult } @@ -5028,7 +5030,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.DefenderDetectedMalwareActions ` -CIMInstanceName 'MicrosoftGraphdefenderDetectedMalwareActions' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.DefenderDetectedMalwareActions = $complexTypeStringResult } @@ -5042,7 +5044,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.FirewallProfileDomain ` -CIMInstanceName 'MicrosoftGraphwindowsFirewallNetworkProfile' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.FirewallProfileDomain = $complexTypeStringResult } @@ -5056,7 +5058,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.FirewallProfilePrivate ` -CIMInstanceName 'MicrosoftGraphwindowsFirewallNetworkProfile' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.FirewallProfilePrivate = $complexTypeStringResult } @@ -5070,7 +5072,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.FirewallProfilePublic ` -CIMInstanceName 'MicrosoftGraphwindowsFirewallNetworkProfile' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.FirewallProfilePublic = $complexTypeStringResult } @@ -5084,7 +5086,7 @@ function Export-TargetResource $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.FirewallRules ` -CIMInstanceName 'MicrosoftGraphwindowsFirewallRule' - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.FirewallRules = $complexTypeStringResult } @@ -5097,14 +5099,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsAccessCredentialManagerAsTrustedCaller' + Name = 'UserRightsAccessCredentialManagerAsTrustedCaller' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5112,7 +5114,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsAccessCredentialManagerAsTrustedCaller = $complexTypeStringResult } @@ -5125,14 +5127,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsActAsPartOfTheOperatingSystem' + Name = 'UserRightsActAsPartOfTheOperatingSystem' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5140,7 +5142,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsActAsPartOfTheOperatingSystem = $complexTypeStringResult } @@ -5153,14 +5155,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsAllowAccessFromNetwork' + Name = 'UserRightsAllowAccessFromNetwork' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5168,7 +5170,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsAllowAccessFromNetwork = $complexTypeStringResult } @@ -5181,14 +5183,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsBackupData' + Name = 'UserRightsBackupData' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5196,7 +5198,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsBackupData = $complexTypeStringResult } @@ -5209,14 +5211,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsBlockAccessFromNetwork' + Name = 'UserRightsBlockAccessFromNetwork' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5224,7 +5226,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsBlockAccessFromNetwork = $complexTypeStringResult } @@ -5237,14 +5239,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsChangeSystemTime' + Name = 'UserRightsChangeSystemTime' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5252,7 +5254,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsChangeSystemTime = $complexTypeStringResult } @@ -5265,14 +5267,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsCreateGlobalObjects' + Name = 'UserRightsCreateGlobalObjects' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5280,7 +5282,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreateGlobalObjects = $complexTypeStringResult } @@ -5293,14 +5295,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsCreatePageFile' + Name = 'UserRightsCreatePageFile' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5308,7 +5310,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreatePageFile = $complexTypeStringResult } @@ -5321,14 +5323,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsCreatePermanentSharedObjects' + Name = 'UserRightsCreatePermanentSharedObjects' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5336,7 +5338,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreatePermanentSharedObjects = $complexTypeStringResult } @@ -5349,14 +5351,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsCreateSymbolicLinks' + Name = 'UserRightsCreateSymbolicLinks' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5364,7 +5366,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreateSymbolicLinks = $complexTypeStringResult } @@ -5377,14 +5379,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsCreateToken' + Name = 'UserRightsCreateToken' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5392,7 +5394,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreateToken = $complexTypeStringResult } @@ -5405,14 +5407,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsDebugPrograms' + Name = 'UserRightsDebugPrograms' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5420,7 +5422,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsDebugPrograms = $complexTypeStringResult } @@ -5433,14 +5435,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsDelegation' + Name = 'UserRightsDelegation' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5448,7 +5450,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsDelegation = $complexTypeStringResult } @@ -5461,14 +5463,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsDenyLocalLogOn' + Name = 'UserRightsDenyLocalLogOn' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5476,7 +5478,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsDenyLocalLogOn = $complexTypeStringResult } @@ -5489,14 +5491,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsGenerateSecurityAudits' + Name = 'UserRightsGenerateSecurityAudits' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5504,7 +5506,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsGenerateSecurityAudits = $complexTypeStringResult } @@ -5517,14 +5519,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsImpersonateClient' + Name = 'UserRightsImpersonateClient' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5532,7 +5534,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsImpersonateClient = $complexTypeStringResult } @@ -5545,14 +5547,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsIncreaseSchedulingPriority' + Name = 'UserRightsIncreaseSchedulingPriority' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5560,7 +5562,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsIncreaseSchedulingPriority = $complexTypeStringResult } @@ -5573,14 +5575,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsLoadUnloadDrivers' + Name = 'UserRightsLoadUnloadDrivers' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5588,7 +5590,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsLoadUnloadDrivers = $complexTypeStringResult } @@ -5601,14 +5603,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsLocalLogOn' + Name = 'UserRightsLocalLogOn' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5616,7 +5618,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsLocalLogOn = $complexTypeStringResult } @@ -5629,14 +5631,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsLockMemory' + Name = 'UserRightsLockMemory' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5644,7 +5646,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsLockMemory = $complexTypeStringResult } @@ -5657,14 +5659,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsManageAuditingAndSecurityLogs' + Name = 'UserRightsManageAuditingAndSecurityLogs' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5672,7 +5674,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsManageAuditingAndSecurityLogs = $complexTypeStringResult } @@ -5685,14 +5687,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsManageVolumes' + Name = 'UserRightsManageVolumes' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5700,7 +5702,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsManageVolumes = $complexTypeStringResult } @@ -5713,14 +5715,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsModifyFirmwareEnvironment' + Name = 'UserRightsModifyFirmwareEnvironment' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5728,7 +5730,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsModifyFirmwareEnvironment = $complexTypeStringResult } @@ -5741,14 +5743,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsModifyObjectLabels' + Name = 'UserRightsModifyObjectLabels' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5756,7 +5758,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsModifyObjectLabels = $complexTypeStringResult } @@ -5769,14 +5771,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsProfileSingleProcess' + Name = 'UserRightsProfileSingleProcess' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5784,7 +5786,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsProfileSingleProcess = $complexTypeStringResult } @@ -5797,14 +5799,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsRemoteDesktopServicesLogOn' + Name = 'UserRightsRemoteDesktopServicesLogOn' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5812,7 +5814,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsRemoteDesktopServicesLogOn = $complexTypeStringResult } @@ -5825,14 +5827,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsRemoteShutdown' + Name = 'UserRightsRemoteShutdown' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5840,7 +5842,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsRemoteShutdown = $complexTypeStringResult } @@ -5853,14 +5855,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsRestoreData' + Name = 'UserRightsRestoreData' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5868,7 +5870,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsRestoreData = $complexTypeStringResult } @@ -5881,14 +5883,14 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'UserRightsTakeOwnership' + Name = 'UserRightsTakeOwnership' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' - IsRequired = $False + IsRequired = $False } @{ - Name = 'LocalUsersOrGroups' + Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -5896,7 +5898,7 @@ function Export-TargetResource -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping - if(-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsTakeOwnership = $complexTypeStringResult } @@ -5905,7 +5907,7 @@ function Export-TargetResource $Results.Remove('UserRightsTakeOwnership') | Out-Null } } - if($Results.Assignments) + if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) @@ -5924,159 +5926,159 @@ function Export-TargetResource -Credential $Credential if ($Results.BitLockerFixedDrivePolicy) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "BitLockerFixedDrivePolicy" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'BitLockerFixedDrivePolicy' -IsCIMArray:$False } if ($Results.BitLockerRemovableDrivePolicy) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "BitLockerRemovableDrivePolicy" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'BitLockerRemovableDrivePolicy' -IsCIMArray:$False } if ($Results.BitLockerSystemDrivePolicy) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "BitLockerSystemDrivePolicy" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'BitLockerSystemDrivePolicy' -IsCIMArray:$False } if ($Results.DefenderDetectedMalwareActions) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DefenderDetectedMalwareActions" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DefenderDetectedMalwareActions' -IsCIMArray:$False } if ($Results.FirewallProfileDomain) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "FirewallProfileDomain" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallProfileDomain' -IsCIMArray:$False } if ($Results.FirewallProfilePrivate) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "FirewallProfilePrivate" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallProfilePrivate' -IsCIMArray:$False } if ($Results.FirewallProfilePublic) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "FirewallProfilePublic" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallProfilePublic' -IsCIMArray:$False } if ($Results.FirewallRules) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "FirewallRules" -isCIMArray:$True + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallRules' -IsCIMArray:$True } if ($Results.UserRightsAccessCredentialManagerAsTrustedCaller) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsAccessCredentialManagerAsTrustedCaller" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsAccessCredentialManagerAsTrustedCaller' -IsCIMArray:$False } if ($Results.UserRightsActAsPartOfTheOperatingSystem) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsActAsPartOfTheOperatingSystem" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsActAsPartOfTheOperatingSystem' -IsCIMArray:$False } if ($Results.UserRightsAllowAccessFromNetwork) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsAllowAccessFromNetwork" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsAllowAccessFromNetwork' -IsCIMArray:$False } if ($Results.UserRightsBackupData) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsBackupData" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsBackupData' -IsCIMArray:$False } if ($Results.UserRightsBlockAccessFromNetwork) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsBlockAccessFromNetwork" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsBlockAccessFromNetwork' -IsCIMArray:$False } if ($Results.UserRightsChangeSystemTime) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsChangeSystemTime" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsChangeSystemTime' -IsCIMArray:$False } if ($Results.UserRightsCreateGlobalObjects) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsCreateGlobalObjects" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreateGlobalObjects' -IsCIMArray:$False } if ($Results.UserRightsCreatePageFile) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsCreatePageFile" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreatePageFile' -IsCIMArray:$False } if ($Results.UserRightsCreatePermanentSharedObjects) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsCreatePermanentSharedObjects" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreatePermanentSharedObjects' -IsCIMArray:$False } if ($Results.UserRightsCreateSymbolicLinks) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsCreateSymbolicLinks" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreateSymbolicLinks' -IsCIMArray:$False } if ($Results.UserRightsCreateToken) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsCreateToken" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreateToken' -IsCIMArray:$False } if ($Results.UserRightsDebugPrograms) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsDebugPrograms" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsDebugPrograms' -IsCIMArray:$False } if ($Results.UserRightsDelegation) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsDelegation" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsDelegation' -IsCIMArray:$False } if ($Results.UserRightsDenyLocalLogOn) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsDenyLocalLogOn" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsDenyLocalLogOn' -IsCIMArray:$False } if ($Results.UserRightsGenerateSecurityAudits) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsGenerateSecurityAudits" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsGenerateSecurityAudits' -IsCIMArray:$False } if ($Results.UserRightsImpersonateClient) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsImpersonateClient" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsImpersonateClient' -IsCIMArray:$False } if ($Results.UserRightsIncreaseSchedulingPriority) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsIncreaseSchedulingPriority" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsIncreaseSchedulingPriority' -IsCIMArray:$False } if ($Results.UserRightsLoadUnloadDrivers) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsLoadUnloadDrivers" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsLoadUnloadDrivers' -IsCIMArray:$False } if ($Results.UserRightsLocalLogOn) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsLocalLogOn" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsLocalLogOn' -IsCIMArray:$False } if ($Results.UserRightsLockMemory) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsLockMemory" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsLockMemory' -IsCIMArray:$False } if ($Results.UserRightsManageAuditingAndSecurityLogs) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsManageAuditingAndSecurityLogs" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsManageAuditingAndSecurityLogs' -IsCIMArray:$False } if ($Results.UserRightsManageVolumes) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsManageVolumes" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsManageVolumes' -IsCIMArray:$False } if ($Results.UserRightsModifyFirmwareEnvironment) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsModifyFirmwareEnvironment" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsModifyFirmwareEnvironment' -IsCIMArray:$False } if ($Results.UserRightsModifyObjectLabels) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsModifyObjectLabels" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsModifyObjectLabels' -IsCIMArray:$False } if ($Results.UserRightsProfileSingleProcess) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsProfileSingleProcess" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsProfileSingleProcess' -IsCIMArray:$False } if ($Results.UserRightsRemoteDesktopServicesLogOn) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsRemoteDesktopServicesLogOn" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsRemoteDesktopServicesLogOn' -IsCIMArray:$False } if ($Results.UserRightsRemoteShutdown) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsRemoteShutdown" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsRemoteShutdown' -IsCIMArray:$False } if ($Results.UserRightsRestoreData) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsRestoreData" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsRestoreData' -IsCIMArray:$False } if ($Results.UserRightsTakeOwnership) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserRightsTakeOwnership" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsTakeOwnership' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable - $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) - $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( " ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -6098,88 +6100,88 @@ function Export-TargetResource return '' } } - function Update-DeviceConfigurationPolicyAssignment - { - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param ( - [Parameter(Mandatory = 'true')] - [System.String] - $DeviceConfigurationPolicyId, +function Update-DeviceConfigurationPolicyAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, - [Parameter()] - [Array] - $Targets, + [Parameter()] + [Array] + $Targets, - [Parameter()] - [System.String] - $Repository='deviceManagement/configurationPolicies', + [Parameter()] + [System.String] + $Repository = 'deviceManagement/configurationPolicies', - [Parameter()] - [ValidateSet('v1.0','beta')] - [System.String] - $APIVersion='beta' - ) - try - { - $deviceManagementPolicyAssignments=@() + [Parameter()] + [ValidateSet('v1.0', 'beta')] + [System.String] + $APIVersion = 'beta' + ) + try + { + $deviceManagementPolicyAssignments = @() - $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach ($target in $targets) + { + $formattedTarget = @{'@odata.type' = $target.dataType } + if ($target.groupId) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) - { - $formattedTarget.Add('groupId',$target.groupId) - } - if($target.collectionId) - { - $formattedTarget.Add('collectionId',$target.collectionId) - } - if($target.deviceAndAppManagementAssignmentFilterType) - { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) - } - if($target.deviceAndAppManagementAssignmentFilterId) - { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) - } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $formattedTarget.Add('groupId', $target.groupId) } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 - #write-verbose -Message $body - Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - + if ($target.collectionId) + { + $formattedTarget.Add('collectionId', $target.collectionId) + } + if ($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) + } + if ($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - catch - { - New-M365DSCLogEntry -Message 'Error updating data:' - -Exception $_ - -Source $($MyInvocation.MyCommand.Source) - -TenantId $TenantId - -Credential $Credential + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - return $null - } + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' + -Exception $_ + -Source $($MyInvocation.MyCommand.Source) + -TenantId $TenantId + -Credential $Credential + return $null + } - }function Rename-M365DSCCimInstanceParameter + +}function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" + $keyToRename = @{ + 'odataType' = '@odata.type' } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -6189,34 +6191,34 @@ function Export-TargetResource { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values - return ,$result + return , $result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like '*Hashtable') { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -6228,51 +6230,51 @@ function Export-TargetResource function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -6289,27 +6291,27 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' ) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -6367,15 +6369,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -6383,26 +6385,26 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -6411,23 +6413,23 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -6441,37 +6443,37 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -6480,17 +6482,17 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -6501,26 +6503,26 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -6529,11 +6531,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -6544,32 +6546,32 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } return $currentProperty @@ -6589,49 +6591,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -6641,7 +6643,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -6653,7 +6655,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -6671,47 +6673,47 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -6721,36 +6723,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -6758,16 +6760,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -6777,18 +6779,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -6812,47 +6814,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/settings.json index 2b6b168c2f..31fc646302 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneDeviceConfigurationEndpointProtectionPolicyWindows10", "description": "This resource configures an Intune Device Configuration Endpoint Protection Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 index 9f2cda895d..73c7aeee56 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 @@ -6,7 +6,7 @@ function Get-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $AllowDeviceHealthMonitoring, @@ -15,7 +15,7 @@ function Get-TargetResource $ConfigDeviceHealthMonitoringCustomScope, [Parameter()] - [ValidateSet('undefined','healthMonitoring','bootPerformance','windowsUpdates','privilegeManagement')] + [ValidateSet('undefined', 'healthMonitoring', 'bootPerformance', 'windowsUpdates', 'privilegeManagement')] [System.String[]] $ConfigDeviceHealthMonitoringScope, @@ -93,7 +93,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -153,11 +153,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -184,7 +186,7 @@ function Set-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $AllowDeviceHealthMonitoring, @@ -193,7 +195,7 @@ function Set-TargetResource $ConfigDeviceHealthMonitoringCustomScope, [Parameter()] - [ValidateSet('undefined','healthMonitoring','bootPerformance','windowsUpdates','privilegeManagement')] + [ValidateSet('undefined', 'healthMonitoring', 'bootPerformance', 'windowsUpdates', 'privilegeManagement')] [System.String[]] $ConfigDeviceHealthMonitoringScope, @@ -274,7 +276,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -283,14 +285,14 @@ function Set-TargetResource $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } $CreateParameters.ConfigDeviceHealthMonitoringScope = [String[]]$CreateParameters.ConfigDeviceHealthMonitoringScope -join ',' #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsHealthMonitoringConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windowsHealthMonitoringConfiguration') $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = @() foreach ($assignment in $Assignments) @@ -300,7 +302,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -309,7 +311,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -319,14 +321,14 @@ function Set-TargetResource $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } $UpdateParameters.ConfigDeviceHealthMonitoringScope = [String[]]$UpdateParameters.ConfigDeviceHealthMonitoringScope -join ',' #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsHealthMonitoringConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windowsHealthMonitoringConfiguration') Update-MgDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -358,7 +360,7 @@ function Test-TargetResource ( #region resource generator code [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $AllowDeviceHealthMonitoring, @@ -367,7 +369,7 @@ function Test-TargetResource $ConfigDeviceHealthMonitoringCustomScope, [Parameter()] - [ValidateSet('undefined','healthMonitoring','bootPerformance','windowsUpdates','privilegeManagement')] + [ValidateSet('undefined', 'healthMonitoring', 'bootPerformance', 'windowsUpdates', 'privilegeManagement')] [System.String[]] $ConfigDeviceHealthMonitoringScope, @@ -545,7 +547,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsHealthMonitoringConfiguration' ` - } + } #endregion $i = 1 @@ -568,7 +570,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -600,7 +602,7 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -643,7 +645,7 @@ function Update-DeviceConfigurationPolicyAssignment $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] $APIVersion = 'beta' ) @@ -654,26 +656,26 @@ function Update-DeviceConfigurationPolicyAssignment foreach ($target in $targets) { - $formattedTarget = @{"@odata.type" = $target.dataType} + $formattedTarget = @{'@odata.type' = $target.dataType } if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -692,14 +694,14 @@ function Update-DeviceConfigurationPolicyAssignment function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) $keyToRename = @{ - "odataType" = "@odata.type" + 'odataType' = '@odata.type' } $result = $Properties @@ -716,22 +718,22 @@ function Rename-M365DSCCimInstanceParameter } $result = $values - return ,$result + return , $result } #endregion #region Single - if ($type -like "*Hashtable") + if ($type -like '*Hashtable') { $result = ([Hashtable]$Properties).clone() } - if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result $keys = ($hashProperties.clone()).keys foreach ($key in $keys) { - $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { $keyName = $keyToRename.$key @@ -741,7 +743,7 @@ function Rename-M365DSCCimInstanceParameter if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -753,7 +755,7 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject @@ -764,7 +766,7 @@ function Get-M365DSCDRGComplexTypeToHashtable return $null } - if ($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { $results = @() @@ -780,7 +782,7 @@ function Get-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } if ($ComplexObject.getType().fullname -like '*Dictionary*') @@ -797,7 +799,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $keyType = $ComplexObject.$key.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -814,19 +816,19 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if ($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { $keyName = $key - if ($ComplexObject.getType().Fullname -notlike "*hashtable") + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { $keyName = $key.Name } @@ -834,7 +836,7 @@ function Get-M365DSCDRGComplexTypeToHashtable if ($null -ne $ComplexObject.$keyName) { $keyType = $ComplexObject.$keyName.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -913,7 +915,7 @@ function Get-M365DSCDRGComplexTypeToString $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { $currentProperty = @() $IndentLevel++ @@ -926,7 +928,7 @@ function Get-M365DSCDRGComplexTypeToString } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -935,7 +937,7 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } $currentProperty = '' @@ -945,7 +947,7 @@ function Get-M365DSCDRGComplexTypeToString $currentProperty += $indent } - $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ $indent = '' @@ -965,19 +967,19 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() $isArray = $false - if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { $isArray = $true } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] } else @@ -995,7 +997,7 @@ function Get-M365DSCDRGComplexTypeToString if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1004,16 +1006,16 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" @@ -1025,10 +1027,10 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" @@ -1053,7 +1055,7 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } if ($mappedKey -and $mappedKey.isRequired) { @@ -1069,12 +1071,12 @@ function Get-M365DSCDRGComplexTypeToString } } $indent = '' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { $indent += ' ' } $currentProperty += "$indent}" - if ($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } @@ -1083,14 +1085,14 @@ function Get-M365DSCDRGComplexTypeToString if ($IndentLevel -eq 5) { $indent = '' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { $indent += ' ' } $currentProperty += $indent } - $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { $currentProperty = $null @@ -1114,30 +1116,30 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [System.String] $Space = ' ' - ) + ) $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { if ($key -eq '@odata.type') { - $key ='odataType' + $key = 'odataType' } $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue = $Space + $key + " = @(" + $returnValue = $Space + $key + ' = @(' $whitespace = '' $newline = '' if ($Value.count -gt 1) @@ -1146,15 +1148,15 @@ Function Get-M365DSCDRGSimpleObjectTypeToString $whitespace = $Space + ' ' $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1176,7 +1178,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue = $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1194,7 +1196,7 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if ($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } @@ -1216,7 +1218,7 @@ function Compare-M365DSCComplexObject return $false } - if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { if ($source.count -ne $target.count) { @@ -1252,7 +1254,7 @@ function Compare-M365DSCComplexObject return $true } - $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target @@ -1282,7 +1284,7 @@ function Compare-M365DSCComplexObject #Both keys aren't null or empty if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*') { #Recursive call for complex object $compareResult = Compare-M365DSCComplexObject ` @@ -1303,7 +1305,7 @@ function Compare-M365DSCComplexObject #Identifying date from the current values $targetType = ($Target.$tkey.getType()).Name - if ($targetType -like "*Date*") + if ($targetType -like '*Date*') { $compareResult = $true $sourceDate = [DateTime]$Source.$key @@ -1333,13 +1335,13 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if ($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { $results = @() foreach ($item in $ComplexObject) @@ -1352,17 +1354,17 @@ function Convert-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject if ($null -ne $hashComplexObject) { $results = $hashComplexObject.clone() - $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } @@ -1371,7 +1373,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) $propertyValue = $results[$key] $results.remove($key) | Out-Null - $results.add($propertyName,$propertyValue) + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/settings.json index a3c25ab232..876ce379ca 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10", "description": "This resource configures an Intune Device Configuration Health Monitoring Configuration Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 index 63b2cfb5fd..02cb3881ef 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 @@ -14,7 +14,7 @@ function Get-TargetResource $PinExpirationInDays, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinLowercaseCharactersUsage, @@ -35,12 +35,12 @@ function Get-TargetResource $PinRecoveryEnabled, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinSpecialCharactersUsage, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinUppercaseCharactersUsage, @@ -138,13 +138,13 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Device Configuration Identity Protection Policy for Windows10 with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDeviceManagementDeviceConfiguration ` -Filter "DisplayName eq '$DisplayName'" ` @@ -215,11 +215,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' - deviceAndAppManagementAssignmentFilterType = $(if($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -254,7 +256,7 @@ function Set-TargetResource $PinExpirationInDays, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinLowercaseCharactersUsage, @@ -275,12 +277,12 @@ function Set-TargetResource $PinRecoveryEnabled, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinSpecialCharactersUsage, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinUppercaseCharactersUsage, @@ -381,32 +383,32 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Identity Protection Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsIdentityProtectionConfiguration") - $policy=New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $CreateParameters.Add('@odata.type', '#microsoft.graph.windowsIdentityProtectionConfiguration') + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - if($policy.id) + if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -415,30 +417,30 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Identity Protection Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters $UpdateParameters.Remove('Id') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsIdentityProtectionConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windowsIdentityProtectionConfiguration') Update-MgDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` @@ -470,7 +472,7 @@ function Test-TargetResource $PinExpirationInDays, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinLowercaseCharactersUsage, @@ -491,12 +493,12 @@ function Test-TargetResource $PinRecoveryEnabled, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinSpecialCharactersUsage, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $PinUppercaseCharactersUsage, @@ -611,7 +613,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -695,7 +697,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsIdentityProtectionConfiguration' ` - } + } #endregion $i = 1 @@ -731,7 +733,7 @@ function Export-TargetResource $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if($Results.Assignments) + if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) @@ -750,7 +752,7 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } $dscContent += $currentDSCBlock @@ -789,50 +791,50 @@ function Update-DeviceConfigurationPolicyAssignment [Parameter()] [System.String] - $Repository='deviceManagement/configurationPolicies', + $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] - $APIVersion='beta' + $APIVersion = 'beta' ) try { - $deviceManagementPolicyAssignments=@() - $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach ($target in $targets) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) + $formattedTarget = @{'@odata.type' = $target.dataType } + if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } - if($target.collectionId) + if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } - if($target.deviceAndAppManagementAssignmentFilterType) + if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } - if($target.deviceAndAppManagementAssignmentFilterId) + if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } catch { New-M365DSCLogEntry -Message 'Error updating data:' - -Exception $_ - -Source $($MyInvocation.MyCommand.Source) - -TenantId $TenantId - -Credential $Credential + -Exception $_ + -Source $($MyInvocation.MyCommand.Source) + -TenantId $TenantId + -Credential $Credential return $null } @@ -841,19 +843,19 @@ function Update-DeviceConfigurationPolicyAssignment function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" + $keyToRename = @{ + 'odataType' = '@odata.type' } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -863,34 +865,34 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values - return ,$result + return , $result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like '*Hashtable') { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -903,51 +905,51 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -964,27 +966,27 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' ) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -1042,15 +1044,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -1058,26 +1060,26 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -1086,23 +1088,23 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -1116,37 +1118,37 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1155,17 +1157,17 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -1176,26 +1178,26 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1204,11 +1206,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1219,32 +1221,32 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } return $currentProperty @@ -1264,49 +1266,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1316,7 +1318,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1328,7 +1330,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1346,47 +1348,47 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -1396,36 +1398,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1433,16 +1435,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -1452,18 +1454,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1487,47 +1489,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/settings.json index ffc2c606d7..d5d83f0b7f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneDeviceConfigurationIdentityProtectionPolicyWindows10", "description": "This resource configures an Intune Device Configuration Identity Protection Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 index ccd62709c5..211e2bbe11 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 @@ -83,7 +83,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -95,7 +95,7 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object -FilterScript { ` $_.AdditionalProperties -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' ` - } + } } } #endregion @@ -115,12 +115,12 @@ function Get-TargetResource $myEnterpriseCloudResources = @{} $myEnterpriseCloudResources.Add('IpAddressOrFQDN', $currentEnterpriseCloudResources.ipAddressOrFQDN) $myEnterpriseCloudResources.Add('Proxy', $currentEnterpriseCloudResources.proxy) - if ($myEnterpriseCloudResources.values.Where({$null -ne $_}).count -gt 0) + if ($myEnterpriseCloudResources.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseCloudResources += $myEnterpriseCloudResources } } - $complexWindowsNetworkIsolationPolicy.Add('EnterpriseCloudResources',$complexEnterpriseCloudResources) + $complexWindowsNetworkIsolationPolicy.Add('EnterpriseCloudResources', $complexEnterpriseCloudResources) $complexWindowsNetworkIsolationPolicy.Add('EnterpriseInternalProxyServers', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseInternalProxyServers) $complexEnterpriseIPRanges = @() foreach ($currentEnterpriseIPRanges in $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseIPRanges) @@ -133,18 +133,18 @@ function Get-TargetResource { $myEnterpriseIPRanges.Add('odataType', $currentEnterpriseIPRanges.'@odata.type'.toString()) } - if ($myEnterpriseIPRanges.values.Where({$null -ne $_}).count -gt 0) + if ($myEnterpriseIPRanges.values.Where({ $null -ne $_ }).count -gt 0) { $complexEnterpriseIPRanges += $myEnterpriseIPRanges } } - $complexWindowsNetworkIsolationPolicy.Add('EnterpriseIPRanges',$complexEnterpriseIPRanges) + $complexWindowsNetworkIsolationPolicy.Add('EnterpriseIPRanges', $complexEnterpriseIPRanges) $complexWindowsNetworkIsolationPolicy.Add('EnterpriseIPRangesAreAuthoritative', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseIPRangesAreAuthoritative) $complexWindowsNetworkIsolationPolicy.Add('EnterpriseNetworkDomainNames', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseNetworkDomainNames) $complexWindowsNetworkIsolationPolicy.Add('EnterpriseProxyServers', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseProxyServers) $complexWindowsNetworkIsolationPolicy.Add('EnterpriseProxyServersAreAuthoritative', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.enterpriseProxyServersAreAuthoritative) $complexWindowsNetworkIsolationPolicy.Add('NeutralDomainResources', $getValue.AdditionalProperties.windowsNetworkIsolationPolicy.neutralDomainResources) - if ($complexWindowsNetworkIsolationPolicy.values.Where({$null -ne $_}).count -eq 0) + if ($complexWindowsNetworkIsolationPolicy.values.Where({ $null -ne $_ }).count -eq 0) { $complexWindowsNetworkIsolationPolicy = $null } @@ -171,11 +171,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -281,7 +283,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Network Boundary Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -290,13 +292,13 @@ function Set-TargetResource $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10NetworkBoundaryConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10NetworkBoundaryConfiguration') $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = @() foreach ($assignment in $Assignments) @@ -306,7 +308,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -315,7 +317,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Network Boundary Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -325,13 +327,13 @@ function Set-TargetResource $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10NetworkBoundaryConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10NetworkBoundaryConfiguration') Update-MgDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -540,7 +542,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' ` - } + } #endregion $i = 1 @@ -563,7 +565,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -580,19 +582,19 @@ function Export-TargetResource { $complexMapping = @( @{ - Name = 'WindowsNetworkIsolationPolicy' + Name = 'WindowsNetworkIsolationPolicy' CimInstanceName = 'MicrosoftGraphWindowsNetworkIsolationPolicy' - IsRequired = $False + IsRequired = $False } @{ - Name = 'EnterpriseCloudResources' + Name = 'EnterpriseCloudResources' CimInstanceName = 'MicrosoftGraphProxiedDomain1' - IsRequired = $False + IsRequired = $False } @{ - Name = 'EnterpriseIPRanges' + Name = 'EnterpriseIPRanges' CimInstanceName = 'MicrosoftGraphIpRange1' - IsRequired = $False + IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -628,11 +630,11 @@ function Export-TargetResource -Credential $Credential if ($Results.WindowsNetworkIsolationPolicy) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "WindowsNetworkIsolationPolicy" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'WindowsNetworkIsolationPolicy' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) @@ -677,7 +679,7 @@ function Update-DeviceConfigurationPolicyAssignment $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] $APIVersion = 'beta' ) @@ -688,26 +690,26 @@ function Update-DeviceConfigurationPolicyAssignment foreach ($target in $targets) { - $formattedTarget = @{"@odata.type" = $target.dataType} + $formattedTarget = @{'@odata.type' = $target.dataType } if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -726,14 +728,14 @@ function Update-DeviceConfigurationPolicyAssignment function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) $keyToRename = @{ - "odataType" = "@odata.type" + 'odataType' = '@odata.type' } $result = $Properties @@ -750,22 +752,22 @@ function Rename-M365DSCCimInstanceParameter } $result = $values - return ,$result + return , $result } #endregion #region Single - if ($type -like "*Hashtable") + if ($type -like '*Hashtable') { $result = ([Hashtable]$Properties).clone() } - if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result $keys = ($hashProperties.clone()).keys foreach ($key in $keys) { - $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { $keyName = $keyToRename.$key @@ -775,7 +777,7 @@ function Rename-M365DSCCimInstanceParameter if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -787,7 +789,7 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject @@ -798,7 +800,7 @@ function Get-M365DSCDRGComplexTypeToHashtable return $null } - if ($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { $results = @() @@ -814,7 +816,7 @@ function Get-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } if ($ComplexObject.getType().fullname -like '*Dictionary*') @@ -831,7 +833,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $keyType = $ComplexObject.$key.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -848,19 +850,19 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if ($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { $keyName = $key - if ($ComplexObject.getType().Fullname -notlike "*hashtable") + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { $keyName = $key.Name } @@ -868,7 +870,7 @@ function Get-M365DSCDRGComplexTypeToHashtable if ($null -ne $ComplexObject.$keyName) { $keyType = $ComplexObject.$keyName.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -947,7 +949,7 @@ function Get-M365DSCDRGComplexTypeToString $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { $currentProperty = @() $IndentLevel++ @@ -960,7 +962,7 @@ function Get-M365DSCDRGComplexTypeToString } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -969,7 +971,7 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } $currentProperty = '' @@ -979,7 +981,7 @@ function Get-M365DSCDRGComplexTypeToString $currentProperty += $indent } - $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ $indent = '' @@ -999,19 +1001,19 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() $isArray = $false - if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { $isArray = $true } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] } else @@ -1029,7 +1031,7 @@ function Get-M365DSCDRGComplexTypeToString if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1038,16 +1040,16 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" @@ -1059,10 +1061,10 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" @@ -1087,7 +1089,7 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } if ($mappedKey -and $mappedKey.isRequired) { @@ -1103,12 +1105,12 @@ function Get-M365DSCDRGComplexTypeToString } } $indent = '' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { $indent += ' ' } $currentProperty += "$indent}" - if ($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } @@ -1117,14 +1119,14 @@ function Get-M365DSCDRGComplexTypeToString if ($IndentLevel -eq 5) { $indent = '' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { $indent += ' ' } $currentProperty += $indent } - $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { $currentProperty = $null @@ -1148,30 +1150,30 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [System.String] $Space = ' ' - ) + ) $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { if ($key -eq '@odata.type') { - $key ='odataType' + $key = 'odataType' } $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue = $Space + $key + " = @(" + $returnValue = $Space + $key + ' = @(' $whitespace = '' $newline = '' if ($Value.count -gt 1) @@ -1180,15 +1182,15 @@ Function Get-M365DSCDRGSimpleObjectTypeToString $whitespace = $Space + ' ' $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1210,7 +1212,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue = $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1228,7 +1230,7 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if ($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } @@ -1250,7 +1252,7 @@ function Compare-M365DSCComplexObject return $false } - if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { if ($source.count -ne $target.count) { @@ -1286,7 +1288,7 @@ function Compare-M365DSCComplexObject return $true } - $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target @@ -1316,7 +1318,7 @@ function Compare-M365DSCComplexObject #Both keys aren't null or empty if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*') { #Recursive call for complex object $compareResult = Compare-M365DSCComplexObject ` @@ -1337,7 +1339,7 @@ function Compare-M365DSCComplexObject #Identifying date from the current values $targetType = ($Target.$tkey.getType()).Name - if ($targetType -like "*Date*") + if ($targetType -like '*Date*') { $compareResult = $true $sourceDate = [DateTime]$Source.$key @@ -1367,13 +1369,13 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if ($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { $results = @() foreach ($item in $ComplexObject) @@ -1386,17 +1388,17 @@ function Convert-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject if ($null -ne $hashComplexObject) { $results = $hashComplexObject.clone() - $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } @@ -1405,7 +1407,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) $propertyValue = $results[$key] $results.remove($key) | Out-Null - $results.add($propertyName,$propertyValue) + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/settings.json index f0cea3ba58..f08c5923b0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10", "description": "This resource configures an Intune Device Configuration Network Boundary Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/settings.json index 98cebce461..d3a3c44787 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/settings.json @@ -29,4 +29,4 @@ } } } -} \ No newline at end of file +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 index 9ed168a880..04e9da2e0b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 @@ -328,7 +328,7 @@ function Get-TargetResource } $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $policy.Id + $returnAssignments += Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $policy.Id $assignmentResult = @() foreach ($assignmentEntry in $returnAssignments) { @@ -969,7 +969,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -982,7 +982,7 @@ function Test-TargetResource { Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" $testResult = $false - break; + break } $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment @@ -991,7 +991,7 @@ function Test-TargetResource if (-not $testResult) { $testResult = $false - break; + break } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 index 3176adfabd..d6ba141358 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 @@ -10,7 +10,7 @@ function Get-TargetResource $AccountsBlockAddingNonMicrosoftAccountEmail, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $ActivateAppsWithVoice, @@ -31,7 +31,7 @@ function Get-TargetResource $AppManagementPackageFamilyNamesToLaunchAfterLogOn, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $AppsAllowTrustedAppsSideloading, @@ -48,7 +48,7 @@ function Get-TargetResource $AuthenticationPreferredAzureADTenantDomainName, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $AuthenticationWebSignIn, @@ -93,7 +93,7 @@ function Get-TargetResource $CellularBlockVpnWhenRoaming, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $CellularData, @@ -134,7 +134,7 @@ function Get-TargetResource $DefenderBlockOnAccessProtection, [Parameter()] - [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, @@ -171,17 +171,17 @@ function Get-TargetResource $DefenderFilesAndFoldersToExclude, [Parameter()] - [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderMonitorFileActivity, [Parameter()] - [ValidateSet('deviceDefault','block','audit')] + [ValidateSet('deviceDefault', 'block', 'audit')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppActionSetting, @@ -190,7 +190,7 @@ function Get-TargetResource $DefenderProcessesToExclude, [Parameter()] - [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] [System.String] $DefenderPromptForSampleSubmission, @@ -243,7 +243,7 @@ function Get-TargetResource $DefenderScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined','disabled','quick','full')] + [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, @@ -264,17 +264,17 @@ function Get-TargetResource $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] - [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderSystemScanSchedule, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $DeveloperUnlockSetting, @@ -287,7 +287,7 @@ function Get-TargetResource $DeviceManagementBlockManualUnenroll, [Parameter()] - [ValidateSet('userDefined','none','basic','enhanced','full')] + [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] [System.String] $DiagnosticsDataSubmissionMode, @@ -404,7 +404,7 @@ function Get-TargetResource $EdgeClearBrowsingDataOnExit, [Parameter()] - [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [ValidateSet('userDefined', 'allow', 'blockThirdParty', 'blockAll')] [System.String] $EdgeCookiePolicy, @@ -417,7 +417,7 @@ function Get-TargetResource $EdgeEnterpriseModeSiteListLocation, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $EdgeFavoritesBarVisibility, @@ -442,7 +442,7 @@ function Get-TargetResource $EdgeHomepageUrls, [Parameter()] - [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] + [ValidateSet('notConfigured', 'digitalSignage', 'normalMode', 'publicBrowsingSingleApp', 'publicBrowsingMultiApp')] [System.String] $EdgeKioskModeRestriction, @@ -455,7 +455,7 @@ function Get-TargetResource $EdgeNewTabPageURL, [Parameter()] - [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] + [ValidateSet('notConfigured', 'startPage', 'newTabPage', 'previousPages', 'specificPages')] [System.String] $EdgeOpensWith, @@ -480,7 +480,7 @@ function Get-TargetResource $EdgeSendIntranetTrafficToInternetExplorer, [Parameter()] - [ValidateSet('notConfigured','disabled','enabled','keepGoing')] + [ValidateSet('notConfigured', 'disabled', 'enabled', 'keepGoing')] [System.String] $EdgeShowMessageWhenOpeningInternetExplorerSites, @@ -489,7 +489,7 @@ function Get-TargetResource $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] - [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] + [ValidateSet('notConfigured', 'intranet', 'internet', 'intranetAndInternet')] [System.String] $EdgeTelemetryForMicrosoft365Analytics, @@ -542,12 +542,12 @@ function Get-TargetResource $ExperienceBlockTaskSwitcher, [Parameter()] - [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [ValidateSet('notConfigured', 'blockedWithUserOverride', 'blocked')] [System.String] $ExperienceDoNotSyncBrowserSettings, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $FindMyFiles, @@ -556,12 +556,12 @@ function Get-TargetResource $GameDvrBlocked, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $InkWorkspaceAccess, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $InkWorkspaceAccessState, @@ -578,7 +578,7 @@ function Get-TargetResource $LocationServicesBlocked, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $LockScreenActivateAppsWithVoice, @@ -627,7 +627,7 @@ function Get-TargetResource $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('notConfigured','disabled')] + [ValidateSet('notConfigured', 'disabled')] [System.String] $MicrosoftAccountSignInAssistantSettings, @@ -688,7 +688,7 @@ function Get-TargetResource $PasswordRequired, [Parameter()] - [ValidateSet('deviceDefault','alphanumeric','numeric')] + [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] [System.String] $PasswordRequiredType, @@ -709,42 +709,42 @@ function Get-TargetResource $PersonalizationLockScreenImageUrl, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerButtonActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerButtonActionPluggedIn, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $PowerHybridSleepOnBattery, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $PowerHybridSleepPluggedIn, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerLidCloseActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerLidCloseActionPluggedIn, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerSleepButtonActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerSleepButtonActionPluggedIn, @@ -761,7 +761,7 @@ function Get-TargetResource $PrinterNames, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $PrivacyAdvertisingId, @@ -790,7 +790,7 @@ function Get-TargetResource $ResetProtectionModeBlocked, [Parameter()] - [ValidateSet('userDefined','strict','moderate')] + [ValidateSet('userDefined', 'strict', 'moderate')] [System.String] $SafeSearchFilter, @@ -923,7 +923,7 @@ function Get-TargetResource $SharedUserAppDataAllowed, [Parameter()] - [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] + [ValidateSet('notConfigured', 'anywhere', 'storeOnly', 'recommendations', 'preferStore')] [System.String] $SmartScreenAppInstallControl, @@ -944,7 +944,7 @@ function Get-TargetResource $StartBlockUnpinningAppsFromTaskbar, [Parameter()] - [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] + [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] [System.String] $StartMenuAppListVisibility, @@ -1009,57 +1009,57 @@ function Get-TargetResource $StartMenuLayoutXml, [Parameter()] - [ValidateSet('userDefined','fullScreen','nonFullScreen')] + [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] [System.String] $StartMenuMode, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderDocuments, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderDownloads, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderFileExplorer, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderHomeGroup, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderMusic, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderNetwork, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderPersonalFolder, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderPictures, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderSettings, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderVideos, @@ -1156,7 +1156,7 @@ function Get-TargetResource $WindowsSpotlightBlockWindowsTips, [Parameter()] - [ValidateSet('notConfigured','disabled','enabled')] + [ValidateSet('notConfigured', 'disabled', 'enabled')] [System.String] $WindowsSpotlightConfigureOnLockScreen, @@ -1258,7 +1258,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -1270,8 +1270,8 @@ function Get-TargetResource -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10GeneralConfiguration" ` - } + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' ` + } } } #endregion @@ -1301,7 +1301,7 @@ function Get-TargetResource { $complexDefenderDetectedMalwareActions.Add('SevereSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity.toString()) } - if ($complexDefenderDetectedMalwareActions.values.Where({$null -ne $_}).count -eq 0) + if ($complexDefenderDetectedMalwareActions.values.Where({ $null -ne $_ }).count -eq 0) { $complexDefenderDetectedMalwareActions = $null } @@ -1312,7 +1312,7 @@ function Get-TargetResource { $complexEdgeHomeButtonConfiguration.Add('odataType', $getValue.AdditionalProperties.edgeHomeButtonConfiguration.'@odata.type'.toString()) } - if ($complexEdgeHomeButtonConfiguration.values.Where({$null -ne $_}).count -eq 0) + if ($complexEdgeHomeButtonConfiguration.values.Where({ $null -ne $_ }).count -eq 0) { $complexEdgeHomeButtonConfiguration = $null } @@ -1327,7 +1327,7 @@ function Get-TargetResource { $complexEdgeSearchEngine.Add('odataType', $getValue.AdditionalProperties.edgeSearchEngine.'@odata.type'.toString()) } - if ($complexEdgeSearchEngine.values.Where({$null -ne $_}).count -eq 0) + if ($complexEdgeSearchEngine.values.Where({ $null -ne $_ }).count -eq 0) { $complexEdgeSearchEngine = $null } @@ -1336,7 +1336,7 @@ function Get-TargetResource $complexNetworkProxyServer.Add('Address', $getValue.AdditionalProperties.networkProxyServer.address) $complexNetworkProxyServer.Add('Exceptions', $getValue.AdditionalProperties.networkProxyServer.exceptions) $complexNetworkProxyServer.Add('UseForLocalAddresses', $getValue.AdditionalProperties.networkProxyServer.useForLocalAddresses) - if ($complexNetworkProxyServer.values.Where({$null -ne $_}).count -eq 0) + if ($complexNetworkProxyServer.values.Where({ $null -ne $_ }).count -eq 0) { $complexNetworkProxyServer = $null } @@ -1351,7 +1351,7 @@ function Get-TargetResource { $complexWindows10AppsForceUpdateSchedule.Add('StartDateTime', ([DateTimeOffset]$getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.startDateTime).ToString('o')) } - if ($complexWindows10AppsForceUpdateSchedule.values.Where({$null -ne $_}).count -eq 0) + if ($complexWindows10AppsForceUpdateSchedule.values.Where({ $null -ne $_ }).count -eq 0) { $complexWindows10AppsForceUpdateSchedule = $null } @@ -1981,11 +1981,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -2016,7 +2018,7 @@ function Set-TargetResource $AccountsBlockAddingNonMicrosoftAccountEmail, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $ActivateAppsWithVoice, @@ -2037,7 +2039,7 @@ function Set-TargetResource $AppManagementPackageFamilyNamesToLaunchAfterLogOn, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $AppsAllowTrustedAppsSideloading, @@ -2054,7 +2056,7 @@ function Set-TargetResource $AuthenticationPreferredAzureADTenantDomainName, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $AuthenticationWebSignIn, @@ -2099,7 +2101,7 @@ function Set-TargetResource $CellularBlockVpnWhenRoaming, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $CellularData, @@ -2140,7 +2142,7 @@ function Set-TargetResource $DefenderBlockOnAccessProtection, [Parameter()] - [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, @@ -2177,17 +2179,17 @@ function Set-TargetResource $DefenderFilesAndFoldersToExclude, [Parameter()] - [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderMonitorFileActivity, [Parameter()] - [ValidateSet('deviceDefault','block','audit')] + [ValidateSet('deviceDefault', 'block', 'audit')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppActionSetting, @@ -2196,7 +2198,7 @@ function Set-TargetResource $DefenderProcessesToExclude, [Parameter()] - [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] [System.String] $DefenderPromptForSampleSubmission, @@ -2249,7 +2251,7 @@ function Set-TargetResource $DefenderScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined','disabled','quick','full')] + [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, @@ -2270,17 +2272,17 @@ function Set-TargetResource $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] - [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderSystemScanSchedule, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $DeveloperUnlockSetting, @@ -2293,7 +2295,7 @@ function Set-TargetResource $DeviceManagementBlockManualUnenroll, [Parameter()] - [ValidateSet('userDefined','none','basic','enhanced','full')] + [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] [System.String] $DiagnosticsDataSubmissionMode, @@ -2410,7 +2412,7 @@ function Set-TargetResource $EdgeClearBrowsingDataOnExit, [Parameter()] - [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [ValidateSet('userDefined', 'allow', 'blockThirdParty', 'blockAll')] [System.String] $EdgeCookiePolicy, @@ -2423,7 +2425,7 @@ function Set-TargetResource $EdgeEnterpriseModeSiteListLocation, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $EdgeFavoritesBarVisibility, @@ -2448,7 +2450,7 @@ function Set-TargetResource $EdgeHomepageUrls, [Parameter()] - [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] + [ValidateSet('notConfigured', 'digitalSignage', 'normalMode', 'publicBrowsingSingleApp', 'publicBrowsingMultiApp')] [System.String] $EdgeKioskModeRestriction, @@ -2461,7 +2463,7 @@ function Set-TargetResource $EdgeNewTabPageURL, [Parameter()] - [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] + [ValidateSet('notConfigured', 'startPage', 'newTabPage', 'previousPages', 'specificPages')] [System.String] $EdgeOpensWith, @@ -2486,7 +2488,7 @@ function Set-TargetResource $EdgeSendIntranetTrafficToInternetExplorer, [Parameter()] - [ValidateSet('notConfigured','disabled','enabled','keepGoing')] + [ValidateSet('notConfigured', 'disabled', 'enabled', 'keepGoing')] [System.String] $EdgeShowMessageWhenOpeningInternetExplorerSites, @@ -2495,7 +2497,7 @@ function Set-TargetResource $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] - [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] + [ValidateSet('notConfigured', 'intranet', 'internet', 'intranetAndInternet')] [System.String] $EdgeTelemetryForMicrosoft365Analytics, @@ -2548,12 +2550,12 @@ function Set-TargetResource $ExperienceBlockTaskSwitcher, [Parameter()] - [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [ValidateSet('notConfigured', 'blockedWithUserOverride', 'blocked')] [System.String] $ExperienceDoNotSyncBrowserSettings, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $FindMyFiles, @@ -2562,12 +2564,12 @@ function Set-TargetResource $GameDvrBlocked, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $InkWorkspaceAccess, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $InkWorkspaceAccessState, @@ -2584,7 +2586,7 @@ function Set-TargetResource $LocationServicesBlocked, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $LockScreenActivateAppsWithVoice, @@ -2633,7 +2635,7 @@ function Set-TargetResource $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('notConfigured','disabled')] + [ValidateSet('notConfigured', 'disabled')] [System.String] $MicrosoftAccountSignInAssistantSettings, @@ -2694,7 +2696,7 @@ function Set-TargetResource $PasswordRequired, [Parameter()] - [ValidateSet('deviceDefault','alphanumeric','numeric')] + [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] [System.String] $PasswordRequiredType, @@ -2715,42 +2717,42 @@ function Set-TargetResource $PersonalizationLockScreenImageUrl, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerButtonActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerButtonActionPluggedIn, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $PowerHybridSleepOnBattery, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $PowerHybridSleepPluggedIn, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerLidCloseActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerLidCloseActionPluggedIn, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerSleepButtonActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerSleepButtonActionPluggedIn, @@ -2767,7 +2769,7 @@ function Set-TargetResource $PrinterNames, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $PrivacyAdvertisingId, @@ -2796,7 +2798,7 @@ function Set-TargetResource $ResetProtectionModeBlocked, [Parameter()] - [ValidateSet('userDefined','strict','moderate')] + [ValidateSet('userDefined', 'strict', 'moderate')] [System.String] $SafeSearchFilter, @@ -2929,7 +2931,7 @@ function Set-TargetResource $SharedUserAppDataAllowed, [Parameter()] - [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] + [ValidateSet('notConfigured', 'anywhere', 'storeOnly', 'recommendations', 'preferStore')] [System.String] $SmartScreenAppInstallControl, @@ -2950,7 +2952,7 @@ function Set-TargetResource $StartBlockUnpinningAppsFromTaskbar, [Parameter()] - [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] + [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] [System.String] $StartMenuAppListVisibility, @@ -3015,57 +3017,57 @@ function Set-TargetResource $StartMenuLayoutXml, [Parameter()] - [ValidateSet('userDefined','fullScreen','nonFullScreen')] + [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] [System.String] $StartMenuMode, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderDocuments, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderDownloads, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderFileExplorer, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderHomeGroup, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderMusic, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderNetwork, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderPersonalFolder, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderPictures, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderSettings, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderVideos, @@ -3162,7 +3164,7 @@ function Set-TargetResource $WindowsSpotlightBlockWindowsTips, [Parameter()] - [ValidateSet('notConfigured','disabled','enabled')] + [ValidateSet('notConfigured', 'disabled', 'enabled')] [System.String] $WindowsSpotlightConfigureOnLockScreen, @@ -3266,7 +3268,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -3275,13 +3277,13 @@ function Set-TargetResource $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10GeneralConfiguration") + $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10GeneralConfiguration') $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = @() foreach ($assignment in $Assignments) @@ -3291,7 +3293,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } @@ -3300,7 +3302,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -3310,13 +3312,13 @@ function Set-TargetResource $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10GeneralConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10GeneralConfiguration') Update-MgDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -3333,7 +3335,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Intune Device Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Removing the Intune Device Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" #region resource generator code Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion @@ -3352,7 +3354,7 @@ function Test-TargetResource $AccountsBlockAddingNonMicrosoftAccountEmail, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $ActivateAppsWithVoice, @@ -3373,7 +3375,7 @@ function Test-TargetResource $AppManagementPackageFamilyNamesToLaunchAfterLogOn, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $AppsAllowTrustedAppsSideloading, @@ -3390,7 +3392,7 @@ function Test-TargetResource $AuthenticationPreferredAzureADTenantDomainName, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $AuthenticationWebSignIn, @@ -3435,7 +3437,7 @@ function Test-TargetResource $CellularBlockVpnWhenRoaming, [Parameter()] - [ValidateSet('blocked','required','allowed','notConfigured')] + [ValidateSet('blocked', 'required', 'allowed', 'notConfigured')] [System.String] $CellularData, @@ -3476,7 +3478,7 @@ function Test-TargetResource $DefenderBlockOnAccessProtection, [Parameter()] - [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, @@ -3513,17 +3515,17 @@ function Test-TargetResource $DefenderFilesAndFoldersToExclude, [Parameter()] - [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderMonitorFileActivity, [Parameter()] - [ValidateSet('deviceDefault','block','audit')] + [ValidateSet('deviceDefault', 'block', 'audit')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppActionSetting, @@ -3532,7 +3534,7 @@ function Test-TargetResource $DefenderProcessesToExclude, [Parameter()] - [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] [System.String] $DefenderPromptForSampleSubmission, @@ -3585,7 +3587,7 @@ function Test-TargetResource $DefenderScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined','disabled','quick','full')] + [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, @@ -3606,17 +3608,17 @@ function Test-TargetResource $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] - [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderSystemScanSchedule, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $DeveloperUnlockSetting, @@ -3629,7 +3631,7 @@ function Test-TargetResource $DeviceManagementBlockManualUnenroll, [Parameter()] - [ValidateSet('userDefined','none','basic','enhanced','full')] + [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] [System.String] $DiagnosticsDataSubmissionMode, @@ -3746,7 +3748,7 @@ function Test-TargetResource $EdgeClearBrowsingDataOnExit, [Parameter()] - [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [ValidateSet('userDefined', 'allow', 'blockThirdParty', 'blockAll')] [System.String] $EdgeCookiePolicy, @@ -3759,7 +3761,7 @@ function Test-TargetResource $EdgeEnterpriseModeSiteListLocation, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $EdgeFavoritesBarVisibility, @@ -3784,7 +3786,7 @@ function Test-TargetResource $EdgeHomepageUrls, [Parameter()] - [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] + [ValidateSet('notConfigured', 'digitalSignage', 'normalMode', 'publicBrowsingSingleApp', 'publicBrowsingMultiApp')] [System.String] $EdgeKioskModeRestriction, @@ -3797,7 +3799,7 @@ function Test-TargetResource $EdgeNewTabPageURL, [Parameter()] - [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] + [ValidateSet('notConfigured', 'startPage', 'newTabPage', 'previousPages', 'specificPages')] [System.String] $EdgeOpensWith, @@ -3822,7 +3824,7 @@ function Test-TargetResource $EdgeSendIntranetTrafficToInternetExplorer, [Parameter()] - [ValidateSet('notConfigured','disabled','enabled','keepGoing')] + [ValidateSet('notConfigured', 'disabled', 'enabled', 'keepGoing')] [System.String] $EdgeShowMessageWhenOpeningInternetExplorerSites, @@ -3831,7 +3833,7 @@ function Test-TargetResource $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] - [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] + [ValidateSet('notConfigured', 'intranet', 'internet', 'intranetAndInternet')] [System.String] $EdgeTelemetryForMicrosoft365Analytics, @@ -3884,12 +3886,12 @@ function Test-TargetResource $ExperienceBlockTaskSwitcher, [Parameter()] - [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [ValidateSet('notConfigured', 'blockedWithUserOverride', 'blocked')] [System.String] $ExperienceDoNotSyncBrowserSettings, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $FindMyFiles, @@ -3898,12 +3900,12 @@ function Test-TargetResource $GameDvrBlocked, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $InkWorkspaceAccess, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $InkWorkspaceAccessState, @@ -3920,7 +3922,7 @@ function Test-TargetResource $LocationServicesBlocked, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $LockScreenActivateAppsWithVoice, @@ -3969,7 +3971,7 @@ function Test-TargetResource $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('notConfigured','disabled')] + [ValidateSet('notConfigured', 'disabled')] [System.String] $MicrosoftAccountSignInAssistantSettings, @@ -4030,7 +4032,7 @@ function Test-TargetResource $PasswordRequired, [Parameter()] - [ValidateSet('deviceDefault','alphanumeric','numeric')] + [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] [System.String] $PasswordRequiredType, @@ -4051,42 +4053,42 @@ function Test-TargetResource $PersonalizationLockScreenImageUrl, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerButtonActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerButtonActionPluggedIn, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $PowerHybridSleepOnBattery, [Parameter()] - [ValidateSet('notConfigured','enabled','disabled')] + [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $PowerHybridSleepPluggedIn, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerLidCloseActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerLidCloseActionPluggedIn, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerSleepButtonActionOnBattery, [Parameter()] - [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [ValidateSet('notConfigured', 'noAction', 'sleep', 'hibernate', 'shutdown')] [System.String] $PowerSleepButtonActionPluggedIn, @@ -4103,7 +4105,7 @@ function Test-TargetResource $PrinterNames, [Parameter()] - [ValidateSet('notConfigured','blocked','allowed')] + [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] $PrivacyAdvertisingId, @@ -4132,7 +4134,7 @@ function Test-TargetResource $ResetProtectionModeBlocked, [Parameter()] - [ValidateSet('userDefined','strict','moderate')] + [ValidateSet('userDefined', 'strict', 'moderate')] [System.String] $SafeSearchFilter, @@ -4265,7 +4267,7 @@ function Test-TargetResource $SharedUserAppDataAllowed, [Parameter()] - [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] + [ValidateSet('notConfigured', 'anywhere', 'storeOnly', 'recommendations', 'preferStore')] [System.String] $SmartScreenAppInstallControl, @@ -4286,7 +4288,7 @@ function Test-TargetResource $StartBlockUnpinningAppsFromTaskbar, [Parameter()] - [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] + [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] [System.String] $StartMenuAppListVisibility, @@ -4351,57 +4353,57 @@ function Test-TargetResource $StartMenuLayoutXml, [Parameter()] - [ValidateSet('userDefined','fullScreen','nonFullScreen')] + [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] [System.String] $StartMenuMode, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderDocuments, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderDownloads, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderFileExplorer, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderHomeGroup, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderMusic, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderNetwork, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderPersonalFolder, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderPictures, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderSettings, [Parameter()] - [ValidateSet('notConfigured','hide','show')] + [ValidateSet('notConfigured', 'hide', 'show')] [System.String] $StartMenuPinnedFolderVideos, @@ -4498,7 +4500,7 @@ function Test-TargetResource $WindowsSpotlightBlockWindowsTips, [Parameter()] - [ValidateSet('notConfigured','disabled','enabled')] + [ValidateSet('notConfigured', 'disabled', 'enabled')] [System.String] $WindowsSpotlightConfigureOnLockScreen, @@ -4624,7 +4626,7 @@ function Test-TargetResource } } - $ValuesToCheck.remove("Id") | Out-Null + $ValuesToCheck.remove('Id') | Out-Null $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null @@ -4701,7 +4703,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' ` - } + } #endregion $i = 1 @@ -4724,7 +4726,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -4826,27 +4828,27 @@ function Export-TargetResource -Credential $Credential if ($Results.DefenderDetectedMalwareActions) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DefenderDetectedMalwareActions" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DefenderDetectedMalwareActions' -IsCIMArray:$False } if ($Results.EdgeHomeButtonConfiguration) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EdgeHomeButtonConfiguration" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EdgeHomeButtonConfiguration' -IsCIMArray:$False } if ($Results.EdgeSearchEngine) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EdgeSearchEngine" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EdgeSearchEngine' -IsCIMArray:$False } if ($Results.NetworkProxyServer) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "NetworkProxyServer" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'NetworkProxyServer' -IsCIMArray:$False } if ($Results.Windows10AppsForceUpdateSchedule) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Windows10AppsForceUpdateSchedule" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Windows10AppsForceUpdateSchedule' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) @@ -4891,7 +4893,7 @@ function Update-DeviceConfigurationPolicyAssignment $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] $APIVersion = 'beta' ) @@ -4902,26 +4904,26 @@ function Update-DeviceConfigurationPolicyAssignment foreach ($target in $targets) { - $formattedTarget = @{"@odata.type" = $target.dataType} + $formattedTarget = @{'@odata.type' = $target.dataType } if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -4940,14 +4942,14 @@ function Update-DeviceConfigurationPolicyAssignment function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) $keyToRename = @{ - "odataType" = "@odata.type" + 'odataType' = '@odata.type' } $result = $Properties @@ -4964,22 +4966,22 @@ function Rename-M365DSCCimInstanceParameter } $result = $values - return ,$result + return , $result } #endregion #region Single - if ($type -like "*Hashtable") + if ($type -like '*Hashtable') { $result = ([Hashtable]$Properties).clone() } - if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result $keys = ($hashProperties.clone()).keys foreach ($key in $keys) { - $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { $keyName = $keyToRename.$key @@ -4989,7 +4991,7 @@ function Rename-M365DSCCimInstanceParameter if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -5001,7 +5003,7 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject @@ -5012,7 +5014,7 @@ function Get-M365DSCDRGComplexTypeToHashtable return $null } - if ($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { $results = @() @@ -5028,7 +5030,7 @@ function Get-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } if ($ComplexObject.getType().fullname -like '*Dictionary*') @@ -5045,7 +5047,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $keyType = $ComplexObject.$key.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -5062,19 +5064,19 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if ($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { $keyName = $key - if ($ComplexObject.getType().Fullname -notlike "*hashtable") + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { $keyName = $key.Name } @@ -5082,7 +5084,7 @@ function Get-M365DSCDRGComplexTypeToHashtable if ($null -ne $ComplexObject.$keyName) { $keyType = $ComplexObject.$keyName.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -5161,7 +5163,7 @@ function Get-M365DSCDRGComplexTypeToString $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { $currentProperty = @() $IndentLevel++ @@ -5174,7 +5176,7 @@ function Get-M365DSCDRGComplexTypeToString } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -5183,7 +5185,7 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } $currentProperty = '' @@ -5193,7 +5195,7 @@ function Get-M365DSCDRGComplexTypeToString $currentProperty += $indent } - $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ $indent = '' @@ -5213,19 +5215,19 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() $isArray = $false - if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { $isArray = $true } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] } else @@ -5243,7 +5245,7 @@ function Get-M365DSCDRGComplexTypeToString if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -5252,16 +5254,16 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" @@ -5273,10 +5275,10 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" @@ -5301,7 +5303,7 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } if ($mappedKey -and $mappedKey.isRequired) { @@ -5317,12 +5319,12 @@ function Get-M365DSCDRGComplexTypeToString } } $indent = '' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { $indent += ' ' } $currentProperty += "$indent}" - if ($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } @@ -5331,14 +5333,14 @@ function Get-M365DSCDRGComplexTypeToString if ($IndentLevel -eq 5) { $indent = '' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { $indent += ' ' } $currentProperty += $indent } - $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { $currentProperty = $null @@ -5362,30 +5364,30 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [System.String] $Space = ' ' - ) + ) $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { if ($key -eq '@odata.type') { - $key ='odataType' + $key = 'odataType' } $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue = $Space + $key + " = @(" + $returnValue = $Space + $key + ' = @(' $whitespace = '' $newline = '' if ($Value.count -gt 1) @@ -5394,15 +5396,15 @@ Function Get-M365DSCDRGSimpleObjectTypeToString $whitespace = $Space + ' ' $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -5424,7 +5426,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue = $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -5442,7 +5444,7 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if ($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } @@ -5464,7 +5466,7 @@ function Compare-M365DSCComplexObject return $false } - if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { if ($source.count -ne $target.count) { @@ -5500,7 +5502,7 @@ function Compare-M365DSCComplexObject return $true } - $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target @@ -5530,7 +5532,7 @@ function Compare-M365DSCComplexObject #Both keys aren't null or empty if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*') { #Recursive call for complex object $compareResult = Compare-M365DSCComplexObject ` @@ -5551,7 +5553,7 @@ function Compare-M365DSCComplexObject #Identifying date from the current values $targetType = ($Target.$tkey.getType()).Name - if ($targetType -like "*Date*") + if ($targetType -like '*Date*') { $compareResult = $true $sourceDate = [DateTime]$Source.$key @@ -5581,13 +5583,13 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if ($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { $results = @() foreach ($item in $ComplexObject) @@ -5600,17 +5602,17 @@ function Convert-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject if ($null -ne $hashComplexObject) { $results = $hashComplexObject.clone() - $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } @@ -5619,7 +5621,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) $propertyValue = $results[$key] $results.remove($key) | Out-Null - $results.add($propertyName,$propertyValue) + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json index fd1ad15727..13e3014ede 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneDeviceConfigurationPolicyWindows10", "description": "This resource configures an Intune Device Configuration Policy for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/settings.json index 0867e824da..4fba42c687 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneRoleAssignment", "description": "This resource configures an Intune Role Assignment.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementRBAC.Read.All" - }, - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementRBAC.Read.All" - }, - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementRBAC.Read.All" + }, + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementRBAC.Read.All" + }, + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/settings.json index eb7a1c61f1..748eeb9a1d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneRoleDefinition", "description": "This resource configures an Intune Role Definition.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementRBAC.Read.All" - }, - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementRBAC.Read.All" - }, - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementRBAC.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementRBAC.Read.All" + }, + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementRBAC.Read.All" + }, + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementRBAC.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/settings.json index 36492c38ac..d0f82b76aa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneWifiConfigurationPolicyAndroidDeviceAdministrator", "description": "This resource configures an Intune Wifi Configuration Policy Android Device Administrator Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/settings.json index 7dde6aee27..8f9b54ea8d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneWifiConfigurationPolicyAndroidForWork", "description": "This resource configures an Intune Wifi Configuration Policy Android For Work Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/settings.json index 25c66a4cd9..25b1573d36 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneWifiConfigurationPolicyAndroidOpenSourceProject", "description": "This resource configures an Intune Wifi Configuration Policy Android Open Source Project Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/settings.json index 4fbe5af6f8..0a7b7b136f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneWifiConfigurationPolicyIOS", "description": "This resource configures an Intune Wifi Configuration Policy for iOS Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/settings.json index 33a39b47ca..1a17e3f848 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneWifiConfigurationPolicyMacOS", "description": "This resource configures an Intune Wifi Configuration Policy for MacOS Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/settings.json index 7548ec4dbc..d05ffbbd82 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/settings.json @@ -1,39 +1,38 @@ { "resourceName": "IntuneWifiConfigurationPolicyWindows10", "description": "This resource configures an Intune Wifi Configuration Policy for Windows10 Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - }, - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 index a4cd3d415d..72997e3eec 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 @@ -18,7 +18,7 @@ function Get-TargetResource $DeviceNameTemplate, [Parameter()] - [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [ValidateSet('windowsPc', 'surfaceHub2', 'holoLens', 'surfaceHub2S', 'virtualMachine', 'unknownFutureValue')] [System.String] $DeviceType, @@ -112,7 +112,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -143,7 +143,7 @@ function Get-TargetResource $complexEnrollmentStatusScreenSettings.Add('CustomErrorMessage', $getValue.EnrollmentStatusScreenSettings.customErrorMessage) $complexEnrollmentStatusScreenSettings.Add('HideInstallationProgress', $getValue.EnrollmentStatusScreenSettings.hideInstallationProgress) $complexEnrollmentStatusScreenSettings.Add('InstallProgressTimeoutInMinutes', $getValue.EnrollmentStatusScreenSettings.installProgressTimeoutInMinutes) - if ($complexEnrollmentStatusScreenSettings.values.Where({$null -ne $_}).count -eq 0) + if ($complexEnrollmentStatusScreenSettings.values.Where({ $null -ne $_ }).count -eq 0) { $complexEnrollmentStatusScreenSettings = $null } @@ -161,7 +161,7 @@ function Get-TargetResource { $complexOutOfBoxExperienceSettings.Add('UserType', $getValue.OutOfBoxExperienceSettings.userType.toString()) } - if ($complexOutOfBoxExperienceSettings.values.Where({$null -ne $_}).count -eq 0) + if ($complexOutOfBoxExperienceSettings.values.Where({ $null -ne $_ }).count -eq 0) { $complexOutOfBoxExperienceSettings = $null } @@ -203,11 +203,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -246,7 +248,7 @@ function Set-TargetResource $DeviceNameTemplate, [Parameter()] - [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [ValidateSet('windowsPc', 'surfaceHub2', 'holoLens', 'surfaceHub2S', 'virtualMachine', 'unknownFutureValue')] [System.String] $DeviceType, @@ -342,7 +344,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -351,13 +353,13 @@ function Set-TargetResource $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile") + $CreateParameters.Add('@odata.type', '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile') $policy = New-MgDeviceManagementWindowAutopilotDeploymentProfile -BodyParameter $CreateParameters $assignmentsHash = @() foreach ($assignment in $Assignments) @@ -367,7 +369,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/windowsAutopilotDeploymentProfiles' } @@ -376,7 +378,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -386,13 +388,13 @@ function Set-TargetResource $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile') Update-MgDeviceManagementWindowAutopilotDeploymentProfile ` -WindowsAutopilotDeploymentProfileId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -409,7 +411,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Removing the Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$($currentInstance.Id)}" #region resource generator code Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $currentInstance.Id #endregion @@ -436,7 +438,7 @@ function Test-TargetResource $DeviceNameTemplate, [Parameter()] - [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [ValidateSet('windowsPc', 'surfaceHub2', 'holoLens', 'surfaceHub2S', 'virtualMachine', 'unknownFutureValue')] [System.String] $DeviceType, @@ -630,7 +632,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile' ` - } + } #endregion $i = 1 @@ -653,7 +655,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -713,15 +715,15 @@ function Export-TargetResource -Credential $Credential if ($Results.EnrollmentStatusScreenSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnrollmentStatusScreenSettings" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnrollmentStatusScreenSettings' -IsCIMArray:$False } if ($Results.OutOfBoxExperienceSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "OutOfBoxExperienceSettings" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'OutOfBoxExperienceSettings' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) @@ -766,7 +768,7 @@ function Update-DeviceConfigurationPolicyAssignment $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] $APIVersion = 'beta' ) @@ -777,26 +779,26 @@ function Update-DeviceConfigurationPolicyAssignment foreach ($target in $targets) { - $formattedTarget = @{"@odata.type" = $target.dataType} + $formattedTarget = @{'@odata.type' = $target.dataType } if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -815,14 +817,14 @@ function Update-DeviceConfigurationPolicyAssignment function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) $keyToRename = @{ - "odataType" = "@odata.type" + 'odataType' = '@odata.type' } $result = $Properties @@ -839,22 +841,22 @@ function Rename-M365DSCCimInstanceParameter } $result = $values - return ,$result + return , $result } #endregion #region Single - if ($type -like "*Hashtable") + if ($type -like '*Hashtable') { $result = ([Hashtable]$Properties).clone() } - if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result $keys = ($hashProperties.clone()).keys foreach ($key in $keys) { - $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { $keyName = $keyToRename.$key @@ -864,7 +866,7 @@ function Rename-M365DSCCimInstanceParameter if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -876,7 +878,7 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject @@ -887,7 +889,7 @@ function Get-M365DSCDRGComplexTypeToHashtable return $null } - if ($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { $results = @() @@ -903,7 +905,7 @@ function Get-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } if ($ComplexObject.getType().fullname -like '*Dictionary*') @@ -920,7 +922,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $keyType = $ComplexObject.$key.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -937,19 +939,19 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if ($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { $keyName = $key - if ($ComplexObject.getType().Fullname -notlike "*hashtable") + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { $keyName = $key.Name } @@ -957,7 +959,7 @@ function Get-M365DSCDRGComplexTypeToHashtable if ($null -ne $ComplexObject.$keyName) { $keyType = $ComplexObject.$keyName.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -1036,7 +1038,7 @@ function Get-M365DSCDRGComplexTypeToString $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { $currentProperty = @() $IndentLevel++ @@ -1049,7 +1051,7 @@ function Get-M365DSCDRGComplexTypeToString } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -1058,7 +1060,7 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } $currentProperty = '' @@ -1068,7 +1070,7 @@ function Get-M365DSCDRGComplexTypeToString $currentProperty += $indent } - $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ $indent = '' @@ -1088,19 +1090,19 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() $isArray = $false - if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { $isArray = $true } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] } else @@ -1118,7 +1120,7 @@ function Get-M365DSCDRGComplexTypeToString if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1127,16 +1129,16 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" @@ -1148,10 +1150,10 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" @@ -1176,7 +1178,7 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } if ($mappedKey -and $mappedKey.isRequired) { @@ -1192,12 +1194,12 @@ function Get-M365DSCDRGComplexTypeToString } } $indent = '' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { $indent += ' ' } $currentProperty += "$indent}" - if ($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } @@ -1206,14 +1208,14 @@ function Get-M365DSCDRGComplexTypeToString if ($IndentLevel -eq 5) { $indent = '' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { $indent += ' ' } $currentProperty += $indent } - $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { $currentProperty = $null @@ -1237,30 +1239,30 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [System.String] $Space = ' ' - ) + ) $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { if ($key -eq '@odata.type') { - $key ='odataType' + $key = 'odataType' } $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue = $Space + $key + " = @(" + $returnValue = $Space + $key + ' = @(' $whitespace = '' $newline = '' if ($Value.count -gt 1) @@ -1269,15 +1271,15 @@ Function Get-M365DSCDRGSimpleObjectTypeToString $whitespace = $Space + ' ' $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1299,7 +1301,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue = $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1317,7 +1319,7 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if ($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } @@ -1339,7 +1341,7 @@ function Compare-M365DSCComplexObject return $false } - if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { if ($source.count -ne $target.count) { @@ -1375,7 +1377,7 @@ function Compare-M365DSCComplexObject return $true } - $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target @@ -1405,7 +1407,7 @@ function Compare-M365DSCComplexObject #Both keys aren't null or empty if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*') { #Recursive call for complex object $compareResult = Compare-M365DSCComplexObject ` @@ -1426,7 +1428,7 @@ function Compare-M365DSCComplexObject #Identifying date from the current values $targetType = ($Target.$tkey.getType()).Name - if ($targetType -like "*Date*") + if ($targetType -like '*Date*') { $compareResult = $true $sourceDate = [DateTime]$Source.$key @@ -1456,13 +1458,13 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if ($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { $results = @() foreach ($item in $ComplexObject) @@ -1475,17 +1477,17 @@ function Convert-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject if ($null -ne $hashComplexObject) { $results = $hashComplexObject.clone() - $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } @@ -1494,7 +1496,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) $propertyValue = $results[$key] $results.remove($key) | Out-Null - $results.add($propertyName,$propertyValue) + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json index 58318b4636..47581b03eb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined", "description": "This resource configures an Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementServiceConfig.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementServiceConfig.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementServiceConfig.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementServiceConfig.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementServiceConfig.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementServiceConfig.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementServiceConfig.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementServiceConfig.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 index b45d4c08d5..570a64836e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 @@ -14,7 +14,7 @@ function Get-TargetResource $DeviceNameTemplate, [Parameter()] - [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [ValidateSet('windowsPc', 'surfaceHub2', 'holoLens', 'surfaceHub2S', 'virtualMachine', 'unknownFutureValue')] [System.String] $DeviceType, @@ -108,7 +108,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { @@ -139,7 +139,7 @@ function Get-TargetResource $complexEnrollmentStatusScreenSettings.Add('CustomErrorMessage', $getValue.EnrollmentStatusScreenSettings.customErrorMessage) $complexEnrollmentStatusScreenSettings.Add('HideInstallationProgress', $getValue.EnrollmentStatusScreenSettings.hideInstallationProgress) $complexEnrollmentStatusScreenSettings.Add('InstallProgressTimeoutInMinutes', $getValue.EnrollmentStatusScreenSettings.installProgressTimeoutInMinutes) - if ($complexEnrollmentStatusScreenSettings.values.Where({$null -ne $_}).count -eq 0) + if ($complexEnrollmentStatusScreenSettings.values.Where({ $null -ne $_ }).count -eq 0) { $complexEnrollmentStatusScreenSettings = $null } @@ -157,7 +157,7 @@ function Get-TargetResource { $complexOutOfBoxExperienceSettings.Add('UserType', $getValue.OutOfBoxExperienceSettings.userType.toString()) } - if ($complexOutOfBoxExperienceSettings.values.Where({$null -ne $_}).count -eq 0) + if ($complexOutOfBoxExperienceSettings.values.Where({ $null -ne $_ }).count -eq 0) { $complexOutOfBoxExperienceSettings = $null } @@ -198,11 +198,13 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) - {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + { + $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + }) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -237,7 +239,7 @@ function Set-TargetResource $DeviceNameTemplate, [Parameter()] - [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [ValidateSet('windowsPc', 'surfaceHub2', 'holoLens', 'surfaceHub2S', 'virtualMachine', 'unknownFutureValue')] [System.String] $DeviceType, @@ -333,7 +335,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Windows Autopilot Deployment Profile Azure AD Joined with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -342,13 +344,13 @@ function Set-TargetResource $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $CreateParameters.Add("@odata.type", "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile") + $CreateParameters.Add('@odata.type', '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile') $policy = New-MgDeviceManagementWindowAutopilotDeploymentProfile -BodyParameter $CreateParameters $assignmentsHash = @() foreach ($assignment in $Assignments) @@ -358,7 +360,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/windowsAutopilotDeploymentProfiles' } @@ -367,7 +369,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Windows Autopilot Deployment Profile Azure AD Joined with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -377,13 +379,13 @@ function Set-TargetResource $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile') Update-MgDeviceManagementWindowAutopilotDeploymentProfile ` -WindowsAutopilotDeploymentProfileId $currentInstance.Id ` -BodyParameter $UpdateParameters @@ -400,7 +402,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Intune Windows Autopilot Deployment Profile Azure AD Joined with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Removing the Intune Windows Autopilot Deployment Profile Azure AD Joined with Id {$($currentInstance.Id)}" #region resource generator code Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $currentInstance.Id #endregion @@ -423,7 +425,7 @@ function Test-TargetResource $DeviceNameTemplate, [Parameter()] - [ValidateSet('windowsPc','surfaceHub2','holoLens','surfaceHub2S','virtualMachine','unknownFutureValue')] + [ValidateSet('windowsPc', 'surfaceHub2', 'holoLens', 'surfaceHub2S', 'virtualMachine', 'unknownFutureValue')] [System.String] $DeviceType, @@ -617,7 +619,7 @@ function Export-TargetResource -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile' ` - } + } #endregion $i = 1 @@ -640,7 +642,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id - DisplayName = $config.DisplayName + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -700,15 +702,15 @@ function Export-TargetResource -Credential $Credential if ($Results.EnrollmentStatusScreenSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EnrollmentStatusScreenSettings" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EnrollmentStatusScreenSettings' -IsCIMArray:$False } if ($Results.OutOfBoxExperienceSettings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "OutOfBoxExperienceSettings" -isCIMArray:$False + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'OutOfBoxExperienceSettings' -IsCIMArray:$False } if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) @@ -753,7 +755,7 @@ function Update-DeviceConfigurationPolicyAssignment $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] $APIVersion = 'beta' ) @@ -764,26 +766,26 @@ function Update-DeviceConfigurationPolicyAssignment foreach ($target in $targets) { - $formattedTarget = @{"@odata.type" = $target.dataType} + $formattedTarget = @{'@odata.type' = $target.dataType } if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop } @@ -802,14 +804,14 @@ function Update-DeviceConfigurationPolicyAssignment function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) $keyToRename = @{ - "odataType" = "@odata.type" + 'odataType' = '@odata.type' } $result = $Properties @@ -826,22 +828,22 @@ function Rename-M365DSCCimInstanceParameter } $result = $values - return ,$result + return , $result } #endregion #region Single - if ($type -like "*Hashtable") + if ($type -like '*Hashtable') { $result = ([Hashtable]$Properties).clone() } - if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result $keys = ($hashProperties.clone()).keys foreach ($key in $keys) { - $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { $keyName = $keyToRename.$key @@ -851,7 +853,7 @@ function Rename-M365DSCCimInstanceParameter if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -863,7 +865,7 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject @@ -874,7 +876,7 @@ function Get-M365DSCDRGComplexTypeToHashtable return $null } - if ($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { $results = @() @@ -890,7 +892,7 @@ function Get-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } if ($ComplexObject.getType().fullname -like '*Dictionary*') @@ -907,7 +909,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $keyType = $ComplexObject.$key.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -924,19 +926,19 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if ($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { $keyName = $key - if ($ComplexObject.getType().Fullname -notlike "*hashtable") + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { $keyName = $key.Name } @@ -944,7 +946,7 @@ function Get-M365DSCDRGComplexTypeToHashtable if ($null -ne $ComplexObject.$keyName) { $keyType = $ComplexObject.$keyName.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -1023,7 +1025,7 @@ function Get-M365DSCDRGComplexTypeToString $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { $currentProperty = @() $IndentLevel++ @@ -1036,7 +1038,7 @@ function Get-M365DSCDRGComplexTypeToString } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -1045,7 +1047,7 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } $currentProperty = '' @@ -1055,7 +1057,7 @@ function Get-M365DSCDRGComplexTypeToString $currentProperty += $indent } - $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ $indent = '' @@ -1075,19 +1077,19 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() $isArray = $false - if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { $isArray = $true } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] } else @@ -1105,7 +1107,7 @@ function Get-M365DSCDRGComplexTypeToString if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1114,16 +1116,16 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" @@ -1135,10 +1137,10 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" @@ -1163,7 +1165,7 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } if ($mappedKey -and $mappedKey.isRequired) { @@ -1179,12 +1181,12 @@ function Get-M365DSCDRGComplexTypeToString } } $indent = '' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { $indent += ' ' } $currentProperty += "$indent}" - if ($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } @@ -1193,14 +1195,14 @@ function Get-M365DSCDRGComplexTypeToString if ($IndentLevel -eq 5) { $indent = '' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { $indent += ' ' } $currentProperty += $indent } - $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { $currentProperty = $null @@ -1224,30 +1226,30 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [System.String] $Space = ' ' - ) + ) $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { if ($key -eq '@odata.type') { - $key ='odataType' + $key = 'odataType' } $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue = $Space + $key + " = @(" + $returnValue = $Space + $key + ' = @(' $whitespace = '' $newline = '' if ($Value.count -gt 1) @@ -1256,15 +1258,15 @@ Function Get-M365DSCDRGSimpleObjectTypeToString $whitespace = $Space + ' ' $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1286,7 +1288,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue = $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1304,7 +1306,7 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if ($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } @@ -1326,7 +1328,7 @@ function Compare-M365DSCComplexObject return $false } - if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { if ($source.count -ne $target.count) { @@ -1362,7 +1364,7 @@ function Compare-M365DSCComplexObject return $true } - $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target @@ -1392,7 +1394,7 @@ function Compare-M365DSCComplexObject #Both keys aren't null or empty if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*') { #Recursive call for complex object $compareResult = Compare-M365DSCComplexObject ` @@ -1413,7 +1415,7 @@ function Compare-M365DSCComplexObject #Identifying date from the current values $targetType = ($Target.$tkey.getType()).Name - if ($targetType -like "*Date*") + if ($targetType -like '*Date*') { $compareResult = $true $sourceDate = [DateTime]$Source.$key @@ -1443,13 +1445,13 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if ($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { $results = @() foreach ($item in $ComplexObject) @@ -1462,17 +1464,17 @@ function Convert-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject if ($null -ne $hashComplexObject) { $results = $hashComplexObject.clone() - $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } @@ -1481,7 +1483,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) $propertyValue = $results[$key] $results.remove($key) | Out-Null - $results.add($propertyName,$propertyValue) + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json index 1ec0ef7339..4139c67ca6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneWindowsAutopilotDeploymentProfileAzureADJoined", "description": "This resource configures an Intune Windows Autopilot Deployment Profile Azure AD Joined.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementServiceConfig.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementServiceConfig.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementServiceConfig.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementServiceConfig.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementServiceConfig.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementServiceConfig.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementServiceConfig.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementServiceConfig.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/settings.json index b2acb30387..b927219fea 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/settings.json @@ -1,35 +1,30 @@ { "resourceName": "IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled", "description": "This resource configures an Intune Windows Information Protection Policy for Windows10 Mdm Enrolled.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementApps.Read.All" - }, - { - "name": "DeviceManagementApps.ReadWrite.All" - } - ], - "update": [ - - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementApps.Read.All" - }, - { - "name": "DeviceManagementApps.ReadWrite.All" - } - ], - "update": [ - - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementApps.Read.All" + }, + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ], + "update": [] + }, + "application": { + "read": [ + { + "name": "DeviceManagementApps.Read.All" + }, + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ], + "update": [] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/settings.json index 10e2b5f306..ba73714015 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/settings.json @@ -1,33 +1,32 @@ { "resourceName": "IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10", "description": "This resource configures an Intune Windows Update For Business Feature Update Profile for Windows10.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } -} - + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index e41de4fc71..c0ca56f0e8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -171,7 +171,7 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Setting configuration of Office 365 Settings" + Write-Verbose -Message 'Setting configuration of Office 365 Settings' $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` -ProfileName 'v1.0' @@ -181,7 +181,7 @@ function Set-TargetResource if ($M365WebEnableUsersToOpenFilesFrom3PStorage -ne $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled) { Write-Verbose -Message "Setting the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}" - Update-MgservicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) ` + Update-MgServicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) ` -AccountEnabled:$M365WebEnableUsersToOpenFilesFrom3PStorage } @@ -190,7 +190,7 @@ function Set-TargetResource if ($CortanaEnabled -ne $CortanaEnabledValue.AccountEnabled) { Write-Verbose -Message "Setting the Cortana setting to {$CortanaEnabled}" - Update-MgservicePrincipal -ServicePrincipalId $($CortanaEnabledValue.Id) ` + Update-MgServicePrincipal -ServicePrincipalId $($CortanaEnabledValue.Id) ` -AccountEnabled:$CortanaEnabled } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 index 3cfca0af8b..ee92ba7ea0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 @@ -9,7 +9,7 @@ function Get-TargetResource [Parameter(Mandatory = $true)] [System.String] - [ValidateSet('canada', 'unitedstates', 'europe', 'asia', 'australia', 'india', 'japan', 'unitedkingdom', 'unitedstatesfirstrelease', 'southamerica', 'france', 'usgov','unitedarabemirates','germany','switzerland','norway','korea','southafrica')] + [ValidateSet('canada', 'unitedstates', 'europe', 'asia', 'australia', 'india', 'japan', 'unitedkingdom', 'unitedstatesfirstrelease', 'southamerica', 'france', 'usgov', 'unitedarabemirates', 'germany', 'switzerland', 'norway', 'korea', 'southafrica')] $Location, [Parameter(Mandatory = $true)] @@ -112,7 +112,7 @@ function Set-TargetResource [Parameter(Mandatory = $true)] [System.String] - [ValidateSet('canada', 'unitedstates', 'europe', 'asia', 'australia', 'india', 'japan', 'unitedkingdom', 'unitedstatesfirstrelease', 'southamerica', 'france', 'usgov','unitedarabemirates','germany','switzerland','norway','korea','southafrica')] + [ValidateSet('canada', 'unitedstates', 'europe', 'asia', 'australia', 'india', 'japan', 'unitedkingdom', 'unitedstatesfirstrelease', 'southamerica', 'france', 'usgov', 'unitedarabemirates', 'germany', 'switzerland', 'norway', 'korea', 'southafrica')] $Location, [Parameter(Mandatory = $true)] @@ -207,7 +207,7 @@ function Test-TargetResource [Parameter(Mandatory = $true)] [System.String] - [ValidateSet('canada', 'unitedstates', 'europe', 'asia', 'australia', 'india', 'japan', 'unitedkingdom', 'unitedstatesfirstrelease', 'southamerica', 'france', 'usgov','unitedarabemirates','germany','switzerland','norway','korea','southafrica')] + [ValidateSet('canada', 'unitedstates', 'europe', 'asia', 'australia', 'india', 'japan', 'unitedkingdom', 'unitedstatesfirstrelease', 'southamerica', 'france', 'usgov', 'unitedarabemirates', 'germany', 'switzerland', 'norway', 'korea', 'southafrica')] $Location, [Parameter(Mandatory = $true)] @@ -372,7 +372,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 index 73e510dd41..a5f5ddd16e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPTenantIsolationSettings/MSFT_PPTenantIsolationSettings.psm1 @@ -718,7 +718,7 @@ function Get-M365TenantId $TenantName ) - if ($TenantName -notmatch ".onmicrosoft.com$") + if ($TenantName -notmatch '.onmicrosoft.com$') { $TenantName += '.onmicrosoft.com' } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerPlan/MSFT_PlannerPlan.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerPlan/MSFT_PlannerPlan.psm1 index d035d2358d..1e92902137 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerPlan/MSFT_PlannerPlan.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerPlan/MSFT_PlannerPlan.psm1 @@ -103,7 +103,7 @@ function Get-TargetResource { $OwnerGroupValue = $group.DisplayName } - break; + break } } catch diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 index 71ef82c817..907ba0a07f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 @@ -184,7 +184,7 @@ function Get-TargetResource } else { - $NotesValue = "" + $NotesValue = '' if (-not [System.String]::IsNullOrEmpty($taskResponse)) { $NotesValue = $taskDetailsResponse.Description @@ -352,15 +352,15 @@ function Set-TargetResource $currentValues = Get-TargetResource @PSBoundParameters $setParams = ([HashTable]$PSBoundParameters).Clone() - $setParams.Remove("Ensure") | Out-Null - $setParams.Remove("Credential") | Out-Null - $setParams.Remove("ApplicationId") | Out-Null - $setParams.Remove("TenantId") | Out-Null - $setParams.Remove("CertificateThumbprint") | Out-Null - $setParams.Remove("ApplicationSecret") | Out-Null + $setParams.Remove('Ensure') | Out-Null + $setParams.Remove('Credential') | Out-Null + $setParams.Remove('ApplicationId') | Out-Null + $setParams.Remove('TenantId') | Out-Null + $setParams.Remove('CertificateThumbprint') | Out-Null + $setParams.Remove('ApplicationSecret') | Out-Null #region Assignments - Write-Verbose -Message "Converting Assignments into the proper format" + Write-Verbose -Message 'Converting Assignments into the proper format' $assignmentsValue = @{} foreach ($assignment in $setParams.AssignedUsers) { @@ -369,8 +369,8 @@ function Set-TargetResource if ($null -ne $user) { $currentValue += @{ - "@odata.type" = "#microsoft.graph.plannerAssignment" - orderHint = " !" + '@odata.type' = '#microsoft.graph.plannerAssignment' + orderHint = ' !' } $assignmentsValue.Add($user.Id, $currentValue) } @@ -391,14 +391,14 @@ function Set-TargetResource foreach ($checkListItem in $setParams.Checklist) { $currentValue = @{ - "@odata.type" = "#microsoft.graph.plannerChecklistItem" + '@odata.type' = '#microsoft.graph.plannerChecklistItem' isChecked = $checkListItem.Completed title = $checkListItem.Title } - $checkListValues.Add((New-GUID).ToString(), $currentValue) + $checkListValues.Add((New-Guid).ToString(), $currentValue) } $DetailsValue.checklist = $checkListValues - $setParams.Remove("Checklist") | Out-Null + $setParams.Remove('Checklist') | Out-Null #endregion #region Attachments @@ -406,7 +406,7 @@ function Set-TargetResource foreach ($attachment in $setParams.Attachments) { $currentValue = @{ - "@odata.type" = "#microsoft.graph.plannerExternalReference" + '@odata.type' = '#microsoft.graph.plannerExternalReference' alias = $attachment.Alias type = $attachment.Type } @@ -416,8 +416,8 @@ function Set-TargetResource $setParams.Remove('Attachments') | Out-Null #endregion - $setParams.Remove("Description") | Out-Null - $setParams.Add("Details", $DetailsValue) + $setParams.Remove('Description') | Out-Null + $setParams.Add('Details', $DetailsValue) $setParams.Remove('Notes') | Out-Null #region Categories @@ -433,53 +433,53 @@ function Set-TargetResource { $categoriesValue.(GetTaskCategoryNameByColor($category)) = $true } - $setParams.Add("AppliedCategories", $categoriesValue) - $setParams.Remove("Categories") | Out-Null + $setParams.Add('AppliedCategories', $categoriesValue) + $setParams.Remove('Categories') | Out-Null #endregion - $setParams.Add("BucketId", $setParams.Bucket) - $setParams.Remove("Bucket") | Out-Null + $setParams.Add('BucketId', $setParams.Bucket) + $setParams.Remove('Bucket') | Out-Null if ($Ensure -eq 'Present' -and $currentValues.Ensure -eq 'Absent') { - $setParams.Remove("TaskId") | Out-Null + $setParams.Remove('TaskId') | Out-Null Write-Verbose -Message "Planner Task {$Title} doesn't already exist. Creating it with`r`n:$(Convert-M365DscHashtableToString -Hashtable $setParams)" $newTask = New-MgPlannerTask @setParams } elseif ($Ensure -eq 'Present' -and $currentValues.Ensure -eq 'Present') { $taskId = $setParams.TaskId - $setParams.Remove("TaskId") | Out-Null + $setParams.Remove('TaskId') | Out-Null $details = $setParams.Details $setParams.Remove('Details') | Out-Null $setParams.Remove('Verbose') | Out-Null # Fix Casing - $setParams.Add("assignments", $setParams.Assignments) - $setParams.Remove("Assignments") | Out-Null + $setParams.Add('assignments', $setParams.Assignments) + $setParams.Remove('Assignments') | Out-Null - $setParams.Add("appliedCategories", $setParams.AppliedCategories) - $setParams.Remove("AppliedCategories") | Out-Null + $setParams.Add('appliedCategories', $setParams.AppliedCategories) + $setParams.Remove('AppliedCategories') | Out-Null - $setParams.Add("title", $setParams.Title) - $setParams.Remove("Title") | Out-Null + $setParams.Add('title', $setParams.Title) + $setParams.Remove('Title') | Out-Null - $setParams.Add("bucketId", $setParams.BucketId) - $setParams.Remove("BucketId") | Out-Null + $setParams.Add('bucketId', $setParams.BucketId) + $setParams.Remove('BucketId') | Out-Null - $setParams.Add("dueDateTime", [DateTime]::Parse($setParams.DueDateTime).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffK")) - $setParams.Remove("DueDateTime") | Out-Null + $setParams.Add('dueDateTime', [DateTime]::Parse($setParams.DueDateTime).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffK')) + $setParams.Remove('DueDateTime') | Out-Null - $setParams.Add("percentComplete", $setParams.PercentComplete) - $setParams.Remove("PercentComplete") | Out-Null + $setParams.Add('percentComplete', $setParams.PercentComplete) + $setParams.Remove('PercentComplete') | Out-Null - $setParams.Remove("PlanId") | Out-Null + $setParams.Remove('PlanId') | Out-Null - $setParams.Add("priority", $setParams.Priority) - $setParams.Remove("Priority") | Out-Null + $setParams.Add('priority', $setParams.Priority) + $setParams.Remove('Priority') | Out-Null - $setParams.Add("startDateTime", [DateTime]::Parse($setParams.StartDateTime).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffK")) - $setParams.Remove("StartDateTime") | Out-Null + $setParams.Add('startDateTime', [DateTime]::Parse($setParams.StartDateTime).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffK')) + $setParams.Remove('StartDateTime') | Out-Null Write-Verbose -Message "Planner Task {$Title} already exists, but is not in the ` Desired State. Updating it." @@ -500,7 +500,7 @@ function Set-TargetResource $Headers = @{} $currentTaskDetails = Get-MgPlannerTaskDetail -PlannerTaskId $taskId $Headers.Add('If-Match', $currentTaskDetails.AdditionalProperties.'@odata.etag') - $details.Remove("id") | Out-Null + $details.Remove('id') | Out-Null $JSONDetails = (ConvertTo-Json $details) Write-Verbose -Message "Updating Task's details with:`r`n$JSONDetails" Invoke-MgGraphRequest -Method PATCH ` @@ -976,70 +976,82 @@ function Get-M365DSCPlannerTasksFromPlan return $results } - function GetTaskCategoryNameByColor +function GetTaskCategoryNameByColor +{ + [CmdletBinding()] + [OutputType([System.string])] + param( + [Parameter(Mandatory = $true)] + [System.String] + $ColorName + ) + switch ($ColorName) { - [CmdletBinding()] - [OutputType([System.string])] - param( - [Parameter(Mandatory = $true)] - [System.String] - $ColorName - ) - switch ($ColorName) + 'Pink' { - 'Pink' - { return 'category1' - } - 'Red' - { return 'category2' - } - 'Yellow' - { return 'category3' - } - 'Green' - { return 'category4' - } - 'Blue' - { return 'category5' - } - 'Purple' - { return 'category6' - } + return 'category1' + } + 'Red' + { + return 'category2' + } + 'Yellow' + { + return 'category3' + } + 'Green' + { + return 'category4' + } + 'Blue' + { + return 'category5' + } + 'Purple' + { + return 'category6' } - return $null } + return $null +} - function GetTaskColorNameByCategory +function GetTaskColorNameByCategory +{ + [CmdletBinding()] + [OutputType([System.string])] + param( + [Parameter(Mandatory = $true)] + [System.String] + $CategoryName + ) + switch ($CategoryName) { - [CmdletBinding()] - [OutputType([System.string])] - param( - [Parameter(Mandatory = $true)] - [System.String] - $CategoryName - ) - switch ($CategoryName) + 'category1' { - 'category1' - { return 'Pink' - } - 'category2' - { return 'Red' - } - 'category3' - { return 'Yellow' - } - 'category4' - { return 'Green' - } - 'category5' - { return 'Blue' - } - 'category6' - { return 'Purple' - } + return 'Pink' + } + 'category2' + { + return 'Red' + } + 'category3' + { + return 'Yellow' + } + 'category4' + { + return 'Green' + } + 'category5' + { + return 'Blue' + } + 'category6' + { + return 'Purple' } - return $null } + return $null +} Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 index 0813cea153..bf578df467 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 @@ -164,7 +164,7 @@ function Get-TargetResource { foreach ($member in $PolicyObject.ExchangeSenderMemberOf) { - $ExchangeSenderMemberOfValue += (ConvertFrom-JSON $member).PrimarySmtpAddress + $ExchangeSenderMemberOfValue += (ConvertFrom-Json $member).PrimarySmtpAddress } } @@ -173,7 +173,7 @@ function Get-TargetResource { foreach ($member in $PolicyObject.ExchangeSenderMemberOfException) { - $ExchangeSenderMemberOfExceptionValue += (ConvertFrom-JSON $member).PrimarySmtpAddress + $ExchangeSenderMemberOfExceptionValue += (ConvertFrom-Json $member).PrimarySmtpAddress } } @@ -394,14 +394,14 @@ function Set-TargetResource $null -ne $SharePointLocation) { $ToBeRemoved = $CurrentPolicy.SharePointLocation | ` - Where-Object { $SharePointLocation -NotContains $_ } + Where-Object { $SharePointLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveSharePointLocation', $ToBeRemoved) } $ToBeAdded = $SharePointLocation | ` - Where-Object { $CurrentPolicy.SharePointLocation -NotContains $_ } + Where-Object { $CurrentPolicy.SharePointLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddSharePointLocation', $ToBeAdded) @@ -416,14 +416,14 @@ function Set-TargetResource $null -ne $ExchangeLocation) { $ToBeRemoved = $CurrentPolicy.ExchangeLocation | ` - Where-Object { $ExchangeLocation -NotContains $_ } + Where-Object { $ExchangeLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveExchangeLocation', $ToBeRemoved) } $ToBeAdded = $ExchangeLocation | ` - Where-Object { $CurrentPolicy.ExchangeLocation -NotContains $_ } + Where-Object { $CurrentPolicy.ExchangeLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddExchangeLocation', $ToBeAdded) @@ -438,14 +438,14 @@ function Set-TargetResource $null -ne $OneDriveLocation) { $ToBeRemoved = $CurrentPolicy.OneDriveLocation | ` - Where-Object { $OneDriveLocation -NotContains $_ } + Where-Object { $OneDriveLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveOneDriveLocation', $ToBeRemoved) } $ToBeAdded = $OneDriveLocation | ` - Where-Object { $CurrentPolicy.OneDriveLocation -NotContains $_ } + Where-Object { $CurrentPolicy.OneDriveLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddOneDriveLocation', $ToBeAdded) @@ -459,14 +459,14 @@ function Set-TargetResource $null -ne $EndpointDlpLocation) { $ToBeRemoved = $CurrentPolicy.EndpointDlpLocation | ` - Where-Object { $EndpointDlpLocation -NotContains $_ } + Where-Object { $EndpointDlpLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveEndpointDlpLocation', $ToBeRemoved) } $ToBeAdded = $EndpointDlpLocation | ` - Where-Object { $CurrentPolicy.EndpointDlpLocation -NotContains $_ } + Where-Object { $CurrentPolicy.EndpointDlpLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddEndpointDlpLocation', $ToBeAdded) @@ -481,14 +481,14 @@ function Set-TargetResource $null -ne $OnPremisesScannerDlpLocation) { $ToBeRemoved = $CurrentPolicy.OnPremisesScannerDlpLocation | ` - Where-Object { $OnPremisesScannerDlpLocation -NotContains $_ } + Where-Object { $OnPremisesScannerDlpLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveOnPremisesScannerDlpLocation', $ToBeRemoved) } $ToBeAdded = $OnPremisesScannerDlpLocation | ` - Where-Object { $CurrentPolicy.OnPremisesScannerDlpLocation -NotContains $_ } + Where-Object { $CurrentPolicy.OnPremisesScannerDlpLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddOnPremisesScannerDlpLocation', $ToBeAdded) @@ -503,14 +503,14 @@ function Set-TargetResource $null -ne $PowerBIDlpLocation) { $ToBeRemoved = $CurrentPolicy.PowerBIDlpLocation | ` - Where-Object { $PowerBIDlpLocation -NotContains $_ } + Where-Object { $PowerBIDlpLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemovePowerBIDlpLocation', $ToBeRemoved) } $ToBeAdded = $PowerBIDlpLocation | ` - Where-Object { $CurrentPolicy.PowerBIDlpLocation -NotContains $_ } + Where-Object { $CurrentPolicy.PowerBIDlpLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddPowerBIDlpLocation', $ToBeAdded) @@ -525,14 +525,14 @@ function Set-TargetResource $null -ne $TeamsLocation) { $ToBeRemoved = $CurrentPolicy.TeamsLocation | ` - Where-Object { $TeamsLocation -NotContains $_ } + Where-Object { $TeamsLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveTeamsLocation', $ToBeRemoved) } $ToBeAdded = $TeamsLocation | ` - Where-Object { $CurrentPolicy.TeamsLocation -NotContains $_ } + Where-Object { $CurrentPolicy.TeamsLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddTeamsLocation', $ToBeAdded) @@ -546,14 +546,14 @@ function Set-TargetResource $null -ne $ThirdPartyAppDlpLocation) { $ToBeRemoved = $CurrentPolicy.ThirdPartyAppDlpLocation | ` - Where-Object { $ThirdPartyAppDlpLocation -NotContains $_ } + Where-Object { $ThirdPartyAppDlpLocation -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveThirdPartyAppDlpLocation', $ToBeRemoved) } $ToBeAdded = $ThirdPartyAppDlpLocation | ` - Where-Object { $CurrentPolicy.ThirdPartyAppDlpLocation -NotContains $_ } + Where-Object { $CurrentPolicy.ThirdPartyAppDlpLocation -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddThirdPartyAppDlpLocation', $ToBeAdded) @@ -568,14 +568,14 @@ function Set-TargetResource $null -ne $OneDriveLocationException) { $ToBeRemoved = $CurrentPolicy.OneDriveLocationException | ` - Where-Object { $OneDriveLocationException -NotContains $_ } + Where-Object { $OneDriveLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveOneDriveLocationException', $ToBeRemoved) } $ToBeAdded = $OneDriveLocationException | ` - Where-Object { $CurrentPolicy.OneDriveLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.OneDriveLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddOneDriveLocationException', $ToBeAdded) @@ -589,14 +589,14 @@ function Set-TargetResource $null -ne $SharePointLocationException) { $ToBeRemoved = $CurrentPolicy.SharePointLocationException | ` - Where-Object { $SharePointLocationException -NotContains $_ } + Where-Object { $SharePointLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveSharePointLocationException', $ToBeRemoved) } $ToBeAdded = $SharePointLocationException | ` - Where-Object { $CurrentPolicy.SharePointLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.SharePointLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddSharePointLocationException', $ToBeAdded) @@ -610,14 +610,14 @@ function Set-TargetResource $null -ne $TeamsLocationException) { $ToBeRemoved = $CurrentPolicy.TeamsLocationException | ` - Where-Object { $TeamsLocationException -NotContains $_ } + Where-Object { $TeamsLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveTeamsLocationException', $ToBeRemoved) } $ToBeAdded = $TeamsLocationException | ` - Where-Object { $CurrentPolicy.TeamsLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.TeamsLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddTeamsLocationException', $ToBeAdded) @@ -631,14 +631,14 @@ function Set-TargetResource $null -ne $EndpointDlpLocationException) { $ToBeRemoved = $CurrentPolicy.EndpointDlpLocationException | ` - Where-Object { $EndpointDlpLocationException -NotContains $_ } + Where-Object { $EndpointDlpLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveEndpointDlpLocationException', $ToBeRemoved) } $ToBeAdded = $EndpointDlpLocationException | ` - Where-Object { $CurrentPolicy.EndpointDlpLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.EndpointDlpLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddEndpointDlpLocationException', $ToBeAdded) @@ -652,14 +652,14 @@ function Set-TargetResource $null -ne $OnPremisesScannerDlpLocationException) { $ToBeRemoved = $CurrentPolicy.OnPremisesScannerDlpLocationException | ` - Where-Object { $OnPremisesScannerDlpLocationException -NotContains $_ } + Where-Object { $OnPremisesScannerDlpLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveOnPremisesScannerDlpLocationException', $ToBeRemoved) } $ToBeAdded = $OnPremisesScannerDlpLocationException | ` - Where-Object { $CurrentPolicy.OnPremisesScannerDlpLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.OnPremisesScannerDlpLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddOnPremisesScannerDlpLocationException', $ToBeAdded) @@ -673,14 +673,14 @@ function Set-TargetResource $null -ne $PowerBIDlpLocationException) { $ToBeRemoved = $CurrentPolicy.PowerBIDlpLocationException | ` - Where-Object { $PowerBIDlpLocationException -NotContains $_ } + Where-Object { $PowerBIDlpLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemovePowerBIDlpLocationException', $ToBeRemoved) } $ToBeAdded = $PowerBIDlpLocationException | ` - Where-Object { $CurrentPolicy.PowerBIDlpLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.PowerBIDlpLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddPowerBIDlpLocationException', $ToBeAdded) @@ -694,14 +694,14 @@ function Set-TargetResource $null -ne $ThirdPartyAppDlpLocationException) { $ToBeRemoved = $CurrentPolicy.ThirdPartyAppDlpLocationException | ` - Where-Object { $ThirdPartyAppDlpLocationException -NotContains $_ } + Where-Object { $ThirdPartyAppDlpLocationException -NotContains $_ } if ($null -ne $ToBeRemoved) { $CreationParams.Add('RemoveThirdPartyAppDlpLocationException', $ToBeRemoved) } $ToBeAdded = $ThirdPartyAppDlpLocationException | ` - Where-Object { $CurrentPolicy.ThirdPartyAppDlpLocationException -NotContains $_ } + Where-Object { $CurrentPolicy.ThirdPartyAppDlpLocationException -NotContains $_ } if ($null -ne $ToBeAdded) { $CreationParams.Add('AddThirdPartyAppDlpLocationException', $ToBeAdded) @@ -729,7 +729,7 @@ function Set-TargetResource } catch { - New-M365DSCLogEntry -Message $_ ` + New-M365DSCLogEntry -Message $_ ` -Exception $_ ` -Source $MyInvocation.MyCommand.ModuleName } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 index f2eaae8ddc..8a6deac065 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 @@ -507,7 +507,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 index 8b24cf28d7..fc0191e75b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOApp/MSFT_SPOApp.psm1 @@ -453,7 +453,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.psm1 index b05fb2ebbc..e5ca05b501 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchManagedProperty/MSFT_SPOSearchManagedProperty.psm1 @@ -653,7 +653,7 @@ function Set-TargetResource $node.InnerText = $currentPID # The order in which we list the properties matters. Pid is to appear right after MappingDisallowed. - $namespaceMgr = New-Object System.Xml.XmlNamespaceManager($SearchConfigXML.NameTable); + $namespaceMgr = New-Object System.Xml.XmlNamespaceManager($SearchConfigXML.NameTable) $namespaceMgr.AddNamespace('d3p1', 'http://schemas.datacontract.org/2004/07/Microsoft.Office.Server.Search.Administration') $previousNode = $SearchConfigXML.SelectSingleNode('//d3p1:MappingDisallowed', $namespaceMgr) $previousNode.ParentNode.InsertAfter($node, $previousNode) | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.psm1 index 71c4553827..e41404458a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSearchResultSource/MSFT_SPOSearchResultSource.psm1 @@ -128,7 +128,7 @@ function Get-TargetResource $nullReturn = @{ Name = $Name Protocol = $Protocol - Ensure = "Absent" + Ensure = 'Absent' } try @@ -174,7 +174,7 @@ function Get-TargetResource CertificatePath = $CertificatePath CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent - Ensure = "Present" + Ensure = 'Present' } if ($null -ne $allowPartial) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 index 8d72c85c00..3cda915f96 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 @@ -772,7 +772,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.psm1 index 282f578fb6..82c64b5ca1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesign/MSFT_SPOSiteDesign.psm1 @@ -523,7 +523,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.psm1 index 7b4e994b3b..1827611002 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteDesignRights/MSFT_SPOSiteDesignRights.psm1 @@ -87,7 +87,7 @@ function Get-TargetResource Write-Verbose -Message "Site Design ID is $($siteDesign.Id)" $siteDesignRights = Get-PnPSiteDesignRights -Identity $siteDesign.Id -ErrorAction SilentlyContinue | ` - Where-Object -FilterScript { $_.Rights -eq $Rights } + Where-Object -FilterScript { $_.Rights -eq $Rights } if ($null -eq $siteDesignRights) { @@ -480,7 +480,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOStorageEntity/MSFT_SPOStorageEntity.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOStorageEntity/MSFT_SPOStorageEntity.psm1 index 4608328bd7..9b96047666 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOStorageEntity/MSFT_SPOStorageEntity.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOStorageEntity/MSFT_SPOStorageEntity.psm1 @@ -498,7 +498,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOUserProfileProperty/MSFT_SPOUserProfileProperty.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOUserProfileProperty/MSFT_SPOUserProfileProperty.psm1 index ba6486c330..05951e4304 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOUserProfileProperty/MSFT_SPOUserProfileProperty.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOUserProfileProperty/MSFT_SPOUserProfileProperty.psm1 @@ -59,7 +59,7 @@ function Get-TargetResource $nullReturn = @{ UserName = $UserName - Ensure = "Absent" + Ensure = 'Absent' } try @@ -88,7 +88,7 @@ function Get-TargetResource ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent - Ensure = "Present" + Ensure = 'Present' } Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAudioConferencingPolicy/MSFT_TeamsAudioConferencingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAudioConferencingPolicy/MSFT_TeamsAudioConferencingPolicy.psm1 index b9db4d2d34..733363ea31 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAudioConferencingPolicy/MSFT_TeamsAudioConferencingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAudioConferencingPolicy/MSFT_TeamsAudioConferencingPolicy.psm1 @@ -316,7 +316,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -354,11 +354,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallHoldPolicy/MSFT_TeamsCallHoldPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallHoldPolicy/MSFT_TeamsCallHoldPolicy.psm1 index d73176b0eb..35a9a80062 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallHoldPolicy/MSFT_TeamsCallHoldPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallHoldPolicy/MSFT_TeamsCallHoldPolicy.psm1 @@ -316,7 +316,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -354,11 +354,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallParkPolicy/MSFT_TeamsCallParkPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallParkPolicy/MSFT_TeamsCallParkPolicy.psm1 index d3582a1425..cb03861727 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallParkPolicy/MSFT_TeamsCallParkPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallParkPolicy/MSFT_TeamsCallParkPolicy.psm1 @@ -355,7 +355,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -393,11 +393,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 index 0adcd32384..990cec49d6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannel/MSFT_TeamsChannel.psm1 @@ -225,7 +225,7 @@ function Set-TargetResource } else { - $CurrentParameters.Add("GroupId", $team.GroupId) + $CurrentParameters.Add('GroupId', $team.GroupId) } if ($Ensure -eq 'Present') @@ -422,7 +422,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 index baf558d03b..f945693025 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 @@ -337,7 +337,7 @@ function Set-TargetResource $CurrentParameters.Remove('ChannelName') | Out-Null $CurrentParameters.Add('TeamsTabId', $tabInstance.Id) Write-Verbose -Message "Params: $($CurrentParameters | Out-String)" - Update-MgTeamChannelTab @CurrentParameters | Out-Null + Update-MgTeamChannelTab @CurrentParameters | Out-Null } elseif ($Ensure -eq 'Present' -and ($tab.Ensure -eq 'Absent')) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.psm1 index 07d71341d9..707422b878 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsComplianceRecordingPolicy/MSFT_TeamsComplianceRecordingPolicy.psm1 @@ -355,7 +355,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -393,11 +393,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCortanaPolicy/MSFT_TeamsCortanaPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCortanaPolicy/MSFT_TeamsCortanaPolicy.psm1 index 163cba4c7f..25f2da7bb7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCortanaPolicy/MSFT_TeamsCortanaPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCortanaPolicy/MSFT_TeamsCortanaPolicy.psm1 @@ -10,7 +10,7 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet("Disabled","PushToTalkUserOverride","WakeWordPushToTalkUserOverride")] + [ValidateSet('Disabled', 'PushToTalkUserOverride', 'WakeWordPushToTalkUserOverride')] $CortanaVoiceInvocationMode, [Parameter()] @@ -66,14 +66,14 @@ function Get-TargetResource Write-Verbose -Message "Found an instance with Identity {$Identity}" $results = @{ - Identity = $instance.Identity - CortanaVoiceInvocationMode = $instance.CortanaVoiceInvocationMode - Description = $instance.Description - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint + Identity = $instance.Identity + CortanaVoiceInvocationMode = $instance.CortanaVoiceInvocationMode + Description = $instance.Description + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint } return [System.Collections.Hashtable] $results } @@ -100,7 +100,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet("Disabled","PushToTalkUserOverride","WakeWordPushToTalkUserOverride")] + [ValidateSet('Disabled', 'PushToTalkUserOverride', 'WakeWordPushToTalkUserOverride')] $CortanaVoiceInvocationMode, [Parameter()] @@ -212,7 +212,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet("Disabled","PushToTalkUserOverride","WakeWordPushToTalkUserOverride")] + [ValidateSet('Disabled', 'PushToTalkUserOverride', 'WakeWordPushToTalkUserOverride')] $CortanaVoiceInvocationMode, [Parameter()] @@ -319,7 +319,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -357,11 +357,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsEnhancedEncryptionPolicy/MSFT_TeamsEnhancedEncryptionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsEnhancedEncryptionPolicy/MSFT_TeamsEnhancedEncryptionPolicy.psm1 index 0c594d9b04..09e82d9114 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsEnhancedEncryptionPolicy/MSFT_TeamsEnhancedEncryptionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsEnhancedEncryptionPolicy/MSFT_TeamsEnhancedEncryptionPolicy.psm1 @@ -329,7 +329,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -367,11 +367,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFederationConfiguration/MSFT_TeamsFederationConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFederationConfiguration/MSFT_TeamsFederationConfiguration.psm1 index 06b8e7fd2c..6fe1ae47e6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFederationConfiguration/MSFT_TeamsFederationConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFederationConfiguration/MSFT_TeamsFederationConfiguration.psm1 @@ -224,11 +224,12 @@ function Set-TargetResource $SetParams.Remove('TenantId') | Out-Null $SetParams.Remove('CertificateThumbprint') | Out-Null $SetParams.Remove('AllowedDomains') | Out-Null - if($allowedDomains.Length -gt 0) + if ($allowedDomains.Length -gt 0) { $SetParams.Add('AllowedDomainsAsAList', $AllowedDomains) } - else{ + else + { $AllowAllKnownDomains = New-CsEdgeAllowAllKnownDomains $SetParams.Add('AllowedDomains', $AllowAllKnownDomains) } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 index 6662365b47..20662f46da 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFeedbackPolicy/MSFT_TeamsFeedbackPolicy.psm1 @@ -368,7 +368,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -406,11 +406,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 index 7b737d91ff..035d143e51 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 @@ -68,12 +68,13 @@ function Get-TargetResource { Write-Verbose -Message "Getting GroupPOlicyAssignment for {$GroupId}" $group = Find-CsGroup -SearchQuery $GroupId - if($group.Length -gt 1) + if ($group.Length -gt 1) { Write-Verbose -Message "Found $($group.Length) groups with the id {$GroupId}" $Group = $Group | Where-Object { $_.DisplayName -eq $GroupDisplayName } } - else{ + else + { Write-Verbose -Message "Getting GroupPolicyAssignment for {$GroupDisplayName}" $Group = Find-CsGroup -SearchQuery $GroupDisplayName if ($group.Length -gt 1) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.psm1 index 3f1676bf10..343e946dda 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMobilityPolicy/MSFT_TeamsMobilityPolicy.psm1 @@ -14,12 +14,12 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet("WifiOnly","AllNetworks")] + [ValidateSet('WifiOnly', 'AllNetworks')] $IPAudioMobileMode, [Parameter()] [System.String] - [ValidateSet("WifiOnly","AllNetworks")] + [ValidateSet('WifiOnly', 'AllNetworks')] $IPVideoMobileMode, [Parameter()] @@ -115,12 +115,12 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet("WifiOnly","AllNetworks")] + [ValidateSet('WifiOnly', 'AllNetworks')] $IPAudioMobileMode, [Parameter()] [System.String] - [ValidateSet("WifiOnly","AllNetworks")] + [ValidateSet('WifiOnly', 'AllNetworks')] $IPVideoMobileMode, [Parameter()] @@ -236,12 +236,12 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet("WifiOnly","AllNetworks")] + [ValidateSet('WifiOnly', 'AllNetworks')] $IPAudioMobileMode, [Parameter()] [System.String] - [ValidateSet("WifiOnly","AllNetworks")] + [ValidateSet('WifiOnly', 'AllNetworks')] $IPVideoMobileMode, [Parameter()] @@ -348,7 +348,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -386,11 +386,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.psm1 index 0e2d1f4cf4..429d385483 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsNetworkRoamingPolicy/MSFT_TeamsNetworkRoamingPolicy.psm1 @@ -329,7 +329,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -367,11 +367,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOnlineVoiceUser/MSFT_TeamsOnlineVoiceUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOnlineVoiceUser/MSFT_TeamsOnlineVoiceUser.psm1 index a84ac3b2e5..73d5f8a1a2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOnlineVoiceUser/MSFT_TeamsOnlineVoiceUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsOnlineVoiceUser/MSFT_TeamsOnlineVoiceUser.psm1 @@ -72,7 +72,7 @@ function Get-TargetResource if (-not [System.String]::IsNullOrEmpty($telephoneNumberValue)) { - $telephoneNumberValue = $telephoneNumberValue.Replace('tel:+','') + $telephoneNumberValue = $telephoneNumberValue.Replace('tel:+', '') } $numberAssignment = Get-CsPhoneNumberAssignment -AssignedPstnTargetId $Identity @@ -287,7 +287,7 @@ function Export-TargetResource try { $i = 1 - [array]$users = Get-CsOnlineUser -Filter {(FeatureTypes -contains 'PhoneSystem') -and (AccountEnabled -eq $True)} ` + [array]$users = Get-CsOnlineUser -Filter { (FeatureTypes -contains 'PhoneSystem') -and (AccountEnabled -eq $True) } ` -AccountType User ` -ErrorAction Stop $dscContent = '' @@ -322,7 +322,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkRegion/MSFT_TeamsTenantNetworkRegion.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkRegion/MSFT_TeamsTenantNetworkRegion.psm1 index 1b706d82e4..bf582ea221 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkRegion/MSFT_TeamsTenantNetworkRegion.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkRegion/MSFT_TeamsTenantNetworkRegion.psm1 @@ -316,7 +316,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -354,11 +354,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSite/MSFT_TeamsTenantNetworkSite.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSite/MSFT_TeamsTenantNetworkSite.psm1 index a9b020b8a5..9452d501e5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSite/MSFT_TeamsTenantNetworkSite.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSite/MSFT_TeamsTenantNetworkSite.psm1 @@ -394,7 +394,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -432,11 +432,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSubnet/MSFT_TeamsTenantNetworkSubnet.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSubnet/MSFT_TeamsTenantNetworkSubnet.psm1 index 674b1786bb..15b7746e24 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSubnet/MSFT_TeamsTenantNetworkSubnet.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantNetworkSubnet/MSFT_TeamsTenantNetworkSubnet.psm1 @@ -329,7 +329,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -367,12 +367,12 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - MaskBits = $config.MaskBits - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + MaskBits = $config.MaskBits + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/MSFT_TeamsTenantTrustedIPAddress.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/MSFT_TeamsTenantTrustedIPAddress.psm1 index 3eeee77a2b..047bfbad73 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/MSFT_TeamsTenantTrustedIPAddress.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/MSFT_TeamsTenantTrustedIPAddress.psm1 @@ -37,24 +37,20 @@ function Get-TargetResource [System.String] $CertificateThumbprint ) -Write-Verbose -Message "Entering Get" + Write-Verbose -Message 'Get Teams Tenant Trusted IP Address settings' New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters | Out-Null - Write-Verbose -Message "Flag2" #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies - Write-Verbose -Message "Flag3" #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` -Parameters $PSBoundParameters - Write-Verbose -Message "Flag4" Add-M365DSCTelemetryEvent -Data $data - Write-Verbose -Message "Flag5" #endregion $nullResult = $PSBoundParameters @@ -65,7 +61,7 @@ Write-Verbose -Message "Entering Get" $instance = Get-CsTenantTrustedIPAddress -Identity $Identity -ErrorAction SilentlyContinue if ($null -eq $instance) { - Write-Verbose -Message "No instances found" + Write-Verbose -Message 'No instances found' return $nullResult } @@ -322,7 +318,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -360,11 +356,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/settings.json index 7975b3a1ee..0ae57a3dc3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTenantTrustedIPAddress/settings.json @@ -1,6 +1,5 @@ { "resourceName": "TeamsTenantTrustedIPAddress", "description": "As an Admin, you can use the Windows PowerShell command, New-CsTenantTrustedIPAddress to define external subnets and assign them to the tenant. You can define an unlimited number of external subnets for a tenant..", - "permissions":[] - + "permissions": [] } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTranslationRule/MSFT_TeamsTranslationRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTranslationRule/MSFT_TeamsTranslationRule.psm1 index 45acea956b..f6757f346a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTranslationRule/MSFT_TeamsTranslationRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTranslationRule/MSFT_TeamsTranslationRule.psm1 @@ -329,7 +329,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -367,11 +367,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUnassignedNumberTreatment/MSFT_TeamsUnassignedNumberTreatment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUnassignedNumberTreatment/MSFT_TeamsUnassignedNumberTreatment.psm1 index 9ee00bf512..2fe128ea70 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUnassignedNumberTreatment/MSFT_TeamsUnassignedNumberTreatment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUnassignedNumberTreatment/MSFT_TeamsUnassignedNumberTreatment.psm1 @@ -22,7 +22,7 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet("User", "ResourceAccount", "Announcement")] + [ValidateSet('User', 'ResourceAccount', 'Announcement')] $TargetType, [Parameter()] @@ -127,7 +127,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet("User", "ResourceAccount", "Announcement")] + [ValidateSet('User', 'ResourceAccount', 'Announcement')] $TargetType, [Parameter()] @@ -251,7 +251,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet("User", "ResourceAccount", "Announcement")] + [ValidateSet('User', 'ResourceAccount', 'Announcement')] $TargetType, [Parameter()] @@ -358,7 +358,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -396,11 +396,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 index 8aa7f855cc..82457932d9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 @@ -94,7 +94,7 @@ function Get-TargetResource } Write-Verbose -Message "Found Teams Update Management Policy with Identity {$Identity}" - $results = @{ + $results = @{ Identity = $policy.Identity Description = $policy.Description AllowManagedUpdates = $policy.AllowManagedUpdates diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUser/MSFT_TeamsUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUser/MSFT_TeamsUser.psm1 index 2babd4eb3c..1e2ca71be7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUser/MSFT_TeamsUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUser/MSFT_TeamsUser.psm1 @@ -379,7 +379,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.psm1 index 8b7d5e641d..d0c2c1cf56 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.psm1 @@ -399,7 +399,7 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message "Error during Export:" ` + New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsVdiPolicy/MSFT_TeamsVdiPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsVdiPolicy/MSFT_TeamsVdiPolicy.psm1 index 920304aa93..79535d140b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsVdiPolicy/MSFT_TeamsVdiPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsVdiPolicy/MSFT_TeamsVdiPolicy.psm1 @@ -316,7 +316,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -354,11 +354,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsWorkloadPolicy/MSFT_TeamsWorkloadPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsWorkloadPolicy/MSFT_TeamsWorkloadPolicy.psm1 index 96b554e74b..f43356e5b7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsWorkloadPolicy/MSFT_TeamsWorkloadPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsWorkloadPolicy/MSFT_TeamsWorkloadPolicy.psm1 @@ -77,7 +77,7 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' try { - $instance = Get-CsTeamsWorkloadPolicy -Identity $Identity -ErrorAction SilentlyContinue + $instance = Get-CsTeamsWorkLoadPolicy -Identity $Identity -ErrorAction SilentlyContinue if ($null -eq $instance) { return $nullResult @@ -214,7 +214,7 @@ function Set-TargetResource } } Write-Verbose -Message "Creating {$Identity} with Parameters:`r`n$(Convert-M365DscHashtableToString -Hashtable $CreateParameters)" - New-CsTeamsWorkloadPolicy @CreateParameters | Out-Null + New-CsTeamsWorkLoadPolicy @CreateParameters | Out-Null } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -234,12 +234,12 @@ function Set-TargetResource } } - Set-CsTeamsWorkloadPolicy @UpdateParameters | Out-Null + Set-CsTeamsWorkLoadPolicy @UpdateParameters | Out-Null } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing {$Identity}" - Remove-CsTeamsWorkloadPolicy -Identity $currentInstance.Identity + Remove-CsTeamsWorkLoadPolicy -Identity $currentInstance.Identity } } @@ -381,7 +381,7 @@ function Export-TargetResource $ManagedIdentity ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -398,7 +398,7 @@ function Export-TargetResource try { - [array]$getValue = Get-CsTeamsWorkloadPolicy -ErrorAction Stop + [array]$getValue = Get-CsTeamsWorkLoadPolicy -ErrorAction Stop $i = 1 $dscContent = '' @@ -419,11 +419,11 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - Identity = $config.Identity - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId + Identity = $config.Identity + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } From 83ae2b1dc4495a5ec517c967cac29b64d4d47fa9 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 3 Apr 2023 16:31:30 +0200 Subject: [PATCH 159/187] Added missing Write-Host mocks --- ResourceGenerator/UnitTest.Template.ps1 | 32 +- ...tManagementConnectedOrganization.Tests.ps1 | 4 + ...iveryOptimizationPolicyWindows10.Tests.ps1 | 620 +-- ...ndpointProtectionPolicyWindows10.Tests.ps1 | 4 + ...ringConfigurationPolicyWindows10.Tests.ps1 | 4 + ...dentityProtectionPolicyWindows10.Tests.ps1 | 328 +- ...onNetworkBoundaryPolicyWindows10.Tests.ps1 | 386 +- ...viceConfigurationPolicyWindows10.Tests.ps1 | 4548 +++++++++-------- ...iceEnrollmentStatusPageWindows10.Tests.ps1 | 7 +- ...oymentProfileAzureADHybridJoined.Tests.ps1 | 430 +- ...otDeploymentProfileAzureADJoined.Tests.ps1 | 422 +- 11 files changed, 3415 insertions(+), 3370 deletions(-) diff --git a/ResourceGenerator/UnitTest.Template.ps1 b/ResourceGenerator/UnitTest.Template.ps1 index cbf96dc247..b0a2947103 100644 --- a/ResourceGenerator/UnitTest.Template.ps1 +++ b/ResourceGenerator/UnitTest.Template.ps1 @@ -2,16 +2,16 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` + -ChildPath '..\..\Unit' ` -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` + -ChildPath '\Stubs\Microsoft365.psm1' ` -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` + -ChildPath '\Stubs\Generic.psm1' ` -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` @@ -22,7 +22,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -44,6 +44,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { } } # Test contexts @@ -58,7 +62,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -73,7 +77,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name "The exists but it SHOULD NOT" -Fixture { BeforeAll { $testParams = @{ - Ensure = "Absent" + Ensure = 'Absent' Credential = $Credential; } @@ -84,7 +88,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -100,7 +104,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name "The Exists and Values are already in the desired state" -Fixture { BeforeAll { $testParams = @{ - Ensure = "Present" + Ensure = 'Present' Credential = $Credential; } @@ -120,7 +124,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name "The exists and values are NOT in the desired state" -Fixture { BeforeAll { $testParams = @{ - Ensure = "Present" + Ensure = 'Present' Credential = $Credential; } @@ -130,7 +134,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -138,13 +142,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -158,7 +162,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 index a926b208eb..586fc6ae8c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 @@ -57,6 +57,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } # Test contexts Context -Name "The AADEntitlementManagementConnectedOrganization should exist but it DOES NOT" -Fixture { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.Tests.ps1 index 0b637a7706..17f46406e1 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10" -GenericStubModule $GenericStubPath + -DscResource 'IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -43,68 +43,72 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts - Context -Name "The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ - maximumBackgroundBandwidthPercentage = 25 - bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 - } -ClientOnly) - bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ + maximumBackgroundBandwidthPercentage = 25 + bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + maximumForegroundBandwidthPercentage = 25 + odataType = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } -ClientOnly) - maximumForegroundBandwidthPercentage = 25 - odataType = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" - } -ClientOnly) cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 25 cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 25 - cacheServerHostNames = @("FakeStringValue") - deliveryOptimizationMode = "userDefined" - description = "FakeStringValue" - displayName = "FakeStringValue" - groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - odataType = "#microsoft.graph.deliveryOptimizationGroupIdCustom" - } -ClientOnly) - id = "FakeStringValue" - maximumCacheAgeInDays = 25 - maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ - odataType = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" - maximumCacheSizePercentage = 25 - } -ClientOnly) - minimumBatteryPercentageAllowedToUpload = 25 - minimumDiskSizeAllowedToPeerInGigabytes = 25 - minimumFileSizeToCacheInMegabytes = 25 - minimumRamAllowedToPeerInGigabytes = 25 - modifyCacheLocation = "FakeStringValue" - restrictPeerSelectionBy = "notConfigured" - supportsScopeTags = $True - vpnPeerCaching = "notConfigured" - Ensure = "Present" - Credential = $Credential; + cacheServerHostNames = @('FakeStringValue') + deliveryOptimizationMode = 'userDefined' + description = 'FakeStringValue' + displayName = 'FakeStringValue' + groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + odataType = '#microsoft.graph.deliveryOptimizationGroupIdCustom' + } -ClientOnly) + id = 'FakeStringValue' + maximumCacheAgeInDays = 25 + maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ + odataType = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' + maximumCacheSizePercentage = 25 + } -ClientOnly) + minimumBatteryPercentageAllowedToUpload = 25 + minimumDiskSizeAllowedToPeerInGigabytes = 25 + minimumFileSizeToCacheInMegabytes = 25 + minimumRamAllowedToPeerInGigabytes = 25 + modifyCacheLocation = 'FakeStringValue' + restrictPeerSelectionBy = 'notConfigured' + supportsScopeTags = $True + vpnPeerCaching = 'notConfigured' + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -116,108 +120,108 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ - maximumBackgroundBandwidthPercentage = 25 - bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 - } -ClientOnly) - bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ + maximumBackgroundBandwidthPercentage = 25 + bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + maximumForegroundBandwidthPercentage = 25 + odataType = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } -ClientOnly) - maximumForegroundBandwidthPercentage = 25 - odataType = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" - } -ClientOnly) cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 25 cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 25 - cacheServerHostNames = @("FakeStringValue") - deliveryOptimizationMode = "userDefined" - description = "FakeStringValue" - displayName = "FakeStringValue" - groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - odataType = "#microsoft.graph.deliveryOptimizationGroupIdCustom" - } -ClientOnly) - id = "FakeStringValue" - maximumCacheAgeInDays = 25 - maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ - odataType = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" - maximumCacheSizePercentage = 25 - } -ClientOnly) - minimumBatteryPercentageAllowedToUpload = 25 - minimumDiskSizeAllowedToPeerInGigabytes = 25 - minimumFileSizeToCacheInMegabytes = 25 - minimumRamAllowedToPeerInGigabytes = 25 - modifyCacheLocation = "FakeStringValue" - restrictPeerSelectionBy = "notConfigured" - supportsScopeTags = $True - vpnPeerCaching = "notConfigured" - Ensure = "Absent" - Credential = $Credential; + cacheServerHostNames = @('FakeStringValue') + deliveryOptimizationMode = 'userDefined' + description = 'FakeStringValue' + displayName = 'FakeStringValue' + groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + odataType = '#microsoft.graph.deliveryOptimizationGroupIdCustom' + } -ClientOnly) + id = 'FakeStringValue' + maximumCacheAgeInDays = 25 + maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ + odataType = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' + maximumCacheSizePercentage = 25 + } -ClientOnly) + minimumBatteryPercentageAllowedToUpload = 25 + minimumDiskSizeAllowedToPeerInGigabytes = 25 + minimumFileSizeToCacheInMegabytes = 25 + minimumRamAllowedToPeerInGigabytes = 25 + modifyCacheLocation = 'FakeStringValue' + restrictPeerSelectionBy = 'notConfigured' + supportsScopeTags = $True + vpnPeerCaching = 'notConfigured' + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 25 - maximumCacheAgeInDays = 25 - cacheServerHostNames = @("FakeStringValue") - groupIdSource = @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - '@odata.type' = "#microsoft.graph.deliveryOptimizationGroupIdCustom" + maximumCacheAgeInDays = 25 + cacheServerHostNames = @('FakeStringValue') + groupIdSource = @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + '@odata.type' = '#microsoft.graph.deliveryOptimizationGroupIdCustom' } - vpnPeerCaching = "notConfigured" - minimumFileSizeToCacheInMegabytes = 25 - maximumCacheSize = @{ - '@odata.type' = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" + vpnPeerCaching = 'notConfigured' + minimumFileSizeToCacheInMegabytes = 25 + maximumCacheSize = @{ + '@odata.type' = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' maximumCacheSizePercentage = 25 } - '@odata.type' = "#microsoft.graph.windowsDeliveryOptimizationConfiguration" - minimumBatteryPercentageAllowedToUpload = 25 - minimumRamAllowedToPeerInGigabytes = 25 + '@odata.type' = '#microsoft.graph.windowsDeliveryOptimizationConfiguration' + minimumBatteryPercentageAllowedToUpload = 25 + minimumRamAllowedToPeerInGigabytes = 25 cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 25 - deliveryOptimizationMode = "userDefined" - modifyCacheLocation = "FakeStringValue" - bandwidthMode = @{ + deliveryOptimizationMode = 'userDefined' + modifyCacheLocation = 'FakeStringValue' + bandwidthMode = @{ maximumBackgroundBandwidthPercentage = 25 - bandwidthForegroundPercentageHours = @{ - bandwidthBeginBusinessHours = 25 + bandwidthForegroundPercentageHours = @{ + bandwidthBeginBusinessHours = 25 bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 } - bandwidthBackgroundPercentageHours = @{ - bandwidthBeginBusinessHours = 25 + bandwidthBackgroundPercentageHours = @{ + bandwidthBeginBusinessHours = 25 bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 } maximumForegroundBandwidthPercentage = 25 - '@odata.type' = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" + '@odata.type' = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } - minimumDiskSizeAllowedToPeerInGigabytes = 25 - restrictPeerSelectionBy = "notConfigured" + minimumDiskSizeAllowedToPeerInGigabytes = 25 + restrictPeerSelectionBy = 'notConfigured' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -230,102 +234,102 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ - maximumBackgroundBandwidthPercentage = 25 - bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 - } -ClientOnly) - bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ + maximumBackgroundBandwidthPercentage = 25 + bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + maximumForegroundBandwidthPercentage = 25 + odataType = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } -ClientOnly) - maximumForegroundBandwidthPercentage = 25 - odataType = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" - } -ClientOnly) cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 25 cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 25 - cacheServerHostNames = @("FakeStringValue") - deliveryOptimizationMode = "userDefined" - description = "FakeStringValue" - displayName = "FakeStringValue" - groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - odataType = "#microsoft.graph.deliveryOptimizationGroupIdCustom" - } -ClientOnly) - id = "FakeStringValue" - maximumCacheAgeInDays = 25 - maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ - odataType = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" - maximumCacheSizePercentage = 25 - } -ClientOnly) - minimumBatteryPercentageAllowedToUpload = 25 - minimumDiskSizeAllowedToPeerInGigabytes = 25 - minimumFileSizeToCacheInMegabytes = 25 - minimumRamAllowedToPeerInGigabytes = 25 - modifyCacheLocation = "FakeStringValue" - restrictPeerSelectionBy = "notConfigured" - supportsScopeTags = $True - vpnPeerCaching = "notConfigured" - Ensure = "Present" - Credential = $Credential; + cacheServerHostNames = @('FakeStringValue') + deliveryOptimizationMode = 'userDefined' + description = 'FakeStringValue' + displayName = 'FakeStringValue' + groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + odataType = '#microsoft.graph.deliveryOptimizationGroupIdCustom' + } -ClientOnly) + id = 'FakeStringValue' + maximumCacheAgeInDays = 25 + maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ + odataType = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' + maximumCacheSizePercentage = 25 + } -ClientOnly) + minimumBatteryPercentageAllowedToUpload = 25 + minimumDiskSizeAllowedToPeerInGigabytes = 25 + minimumFileSizeToCacheInMegabytes = 25 + minimumRamAllowedToPeerInGigabytes = 25 + modifyCacheLocation = 'FakeStringValue' + restrictPeerSelectionBy = 'notConfigured' + supportsScopeTags = $True + vpnPeerCaching = 'notConfigured' + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 25 - maximumCacheAgeInDays = 25 - cacheServerHostNames = @("FakeStringValue") - groupIdSource = @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - '@odata.type' = "#microsoft.graph.deliveryOptimizationGroupIdCustom" + maximumCacheAgeInDays = 25 + cacheServerHostNames = @('FakeStringValue') + groupIdSource = @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + '@odata.type' = '#microsoft.graph.deliveryOptimizationGroupIdCustom' } - vpnPeerCaching = "notConfigured" - minimumFileSizeToCacheInMegabytes = 25 - maximumCacheSize = @{ - '@odata.type' = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" + vpnPeerCaching = 'notConfigured' + minimumFileSizeToCacheInMegabytes = 25 + maximumCacheSize = @{ + '@odata.type' = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' maximumCacheSizePercentage = 25 } - '@odata.type' = "#microsoft.graph.windowsDeliveryOptimizationConfiguration" - minimumBatteryPercentageAllowedToUpload = 25 - minimumRamAllowedToPeerInGigabytes = 25 + '@odata.type' = '#microsoft.graph.windowsDeliveryOptimizationConfiguration' + minimumBatteryPercentageAllowedToUpload = 25 + minimumRamAllowedToPeerInGigabytes = 25 cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 25 - deliveryOptimizationMode = "userDefined" - modifyCacheLocation = "FakeStringValue" - bandwidthMode = @{ + deliveryOptimizationMode = 'userDefined' + modifyCacheLocation = 'FakeStringValue' + bandwidthMode = @{ maximumBackgroundBandwidthPercentage = 25 - bandwidthForegroundPercentageHours = @{ - bandwidthBeginBusinessHours = 25 + bandwidthForegroundPercentageHours = @{ + bandwidthBeginBusinessHours = 25 bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 } - bandwidthBackgroundPercentageHours = @{ - bandwidthBeginBusinessHours = 25 + bandwidthBackgroundPercentageHours = @{ + bandwidthBeginBusinessHours = 25 bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 } maximumForegroundBandwidthPercentage = 25 - '@odata.type' = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" + '@odata.type' = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } - minimumDiskSizeAllowedToPeerInGigabytes = 25 - restrictPeerSelectionBy = "notConfigured" + minimumDiskSizeAllowedToPeerInGigabytes = 25 + restrictPeerSelectionBy = 'notConfigured' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } @@ -337,106 +341,106 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ - maximumBackgroundBandwidthPercentage = 25 - bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 - } -ClientOnly) - bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ - bandwidthBeginBusinessHours = 25 - bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthMode = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidth -Property @{ + maximumBackgroundBandwidthPercentage = 25 + bandwidthForegroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + bandwidthBackgroundPercentageHours = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationBandwidthBusinessHoursLimit -Property @{ + bandwidthBeginBusinessHours = 25 + bandwidthPercentageOutsideBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 + } -ClientOnly) + maximumForegroundBandwidthPercentage = 25 + odataType = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } -ClientOnly) - maximumForegroundBandwidthPercentage = 25 - odataType = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" - } -ClientOnly) cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 25 cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 25 - cacheServerHostNames = @("FakeStringValue") - deliveryOptimizationMode = "userDefined" - description = "FakeStringValue" - displayName = "FakeStringValue" - groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - odataType = "#microsoft.graph.deliveryOptimizationGroupIdCustom" - } -ClientOnly) - id = "FakeStringValue" - maximumCacheAgeInDays = 25 - maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ - odataType = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" - maximumCacheSizePercentage = 25 - } -ClientOnly) - minimumBatteryPercentageAllowedToUpload = 25 - minimumDiskSizeAllowedToPeerInGigabytes = 25 - minimumFileSizeToCacheInMegabytes = 25 - minimumRamAllowedToPeerInGigabytes = 25 - modifyCacheLocation = "FakeStringValue" - restrictPeerSelectionBy = "notConfigured" - supportsScopeTags = $True - vpnPeerCaching = "notConfigured" - Ensure = "Present" - Credential = $Credential; + cacheServerHostNames = @('FakeStringValue') + deliveryOptimizationMode = 'userDefined' + description = 'FakeStringValue' + displayName = 'FakeStringValue' + groupIdSource = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource -Property @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + odataType = '#microsoft.graph.deliveryOptimizationGroupIdCustom' + } -ClientOnly) + id = 'FakeStringValue' + maximumCacheAgeInDays = 25 + maximumCacheSize = (New-CimInstance -ClassName MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize -Property @{ + odataType = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' + maximumCacheSizePercentage = 25 + } -ClientOnly) + minimumBatteryPercentageAllowedToUpload = 25 + minimumDiskSizeAllowedToPeerInGigabytes = 25 + minimumFileSizeToCacheInMegabytes = 25 + minimumRamAllowedToPeerInGigabytes = 25 + modifyCacheLocation = 'FakeStringValue' + restrictPeerSelectionBy = 'notConfigured' + supportsScopeTags = $True + vpnPeerCaching = 'notConfigured' + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 7 - maximumCacheAgeInDays = 7 - cacheServerHostNames = @("FakeStringValue") - groupIdSource = @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - '@odata.type' = "#microsoft.graph.deliveryOptimizationGroupIdCustom" + maximumCacheAgeInDays = 7 + cacheServerHostNames = @('FakeStringValue') + groupIdSource = @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + '@odata.type' = '#microsoft.graph.deliveryOptimizationGroupIdCustom' } - vpnPeerCaching = "notConfigured" - minimumFileSizeToCacheInMegabytes = 7 - maximumCacheSize = @{ - '@odata.type' = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" + vpnPeerCaching = 'notConfigured' + minimumFileSizeToCacheInMegabytes = 7 + maximumCacheSize = @{ + '@odata.type' = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' maximumCacheSizePercentage = 7 } - '@odata.type' = "#microsoft.graph.windowsDeliveryOptimizationConfiguration" - minimumBatteryPercentageAllowedToUpload = 7 - minimumRamAllowedToPeerInGigabytes = 7 + '@odata.type' = '#microsoft.graph.windowsDeliveryOptimizationConfiguration' + minimumBatteryPercentageAllowedToUpload = 7 + minimumRamAllowedToPeerInGigabytes = 7 cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 7 - deliveryOptimizationMode = "userDefined" - modifyCacheLocation = "FakeStringValue" - bandwidthMode = @{ + deliveryOptimizationMode = 'userDefined' + modifyCacheLocation = 'FakeStringValue' + bandwidthMode = @{ maximumBackgroundBandwidthPercentage = 7 - bandwidthForegroundPercentageHours = @{ - bandwidthBeginBusinessHours = 7 + bandwidthForegroundPercentageHours = @{ + bandwidthBeginBusinessHours = 7 bandwidthPercentageOutsideBusinessHours = 7 - bandwidthPercentageDuringBusinessHours = 7 - bandwidthEndBusinessHours = 7 + bandwidthPercentageDuringBusinessHours = 7 + bandwidthEndBusinessHours = 7 } - bandwidthBackgroundPercentageHours = @{ - bandwidthBeginBusinessHours = 7 + bandwidthBackgroundPercentageHours = @{ + bandwidthBeginBusinessHours = 7 bandwidthPercentageOutsideBusinessHours = 7 - bandwidthPercentageDuringBusinessHours = 7 - bandwidthEndBusinessHours = 7 + bandwidthPercentageDuringBusinessHours = 7 + bandwidthEndBusinessHours = 7 } maximumForegroundBandwidthPercentage = 7 - '@odata.type' = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" + '@odata.type' = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } - minimumDiskSizeAllowedToPeerInGigabytes = 7 - restrictPeerSelectionBy = "notConfigured" + minimumDiskSizeAllowedToPeerInGigabytes = 7 + restrictPeerSelectionBy = 'notConfigured' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -444,13 +448,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -462,54 +466,54 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return @{ AdditionalProperties = @{ cacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 25 - maximumCacheAgeInDays = 25 - cacheServerHostNames = @("FakeStringValue") - groupIdSource = @{ - groupIdCustom = "FakeStringValue" - groupIdSourceOption = "notConfigured" - '@odata.type' = "#microsoft.graph.deliveryOptimizationGroupIdCustom" + maximumCacheAgeInDays = 25 + cacheServerHostNames = @('FakeStringValue') + groupIdSource = @{ + groupIdCustom = 'FakeStringValue' + groupIdSourceOption = 'notConfigured' + '@odata.type' = '#microsoft.graph.deliveryOptimizationGroupIdCustom' } - vpnPeerCaching = "notConfigured" - minimumFileSizeToCacheInMegabytes = 25 - maximumCacheSize = @{ - '@odata.type' = "#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute" + vpnPeerCaching = 'notConfigured' + minimumFileSizeToCacheInMegabytes = 25 + maximumCacheSize = @{ + '@odata.type' = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' maximumCacheSizePercentage = 25 } - '@odata.type' = "#microsoft.graph.windowsDeliveryOptimizationConfiguration" - minimumBatteryPercentageAllowedToUpload = 25 - minimumRamAllowedToPeerInGigabytes = 25 + '@odata.type' = '#microsoft.graph.windowsDeliveryOptimizationConfiguration' + minimumBatteryPercentageAllowedToUpload = 25 + minimumRamAllowedToPeerInGigabytes = 25 cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 25 - deliveryOptimizationMode = "userDefined" - modifyCacheLocation = "FakeStringValue" - bandwidthMode = @{ + deliveryOptimizationMode = 'userDefined' + modifyCacheLocation = 'FakeStringValue' + bandwidthMode = @{ maximumBackgroundBandwidthPercentage = 25 - bandwidthForegroundPercentageHours = @{ - bandwidthBeginBusinessHours = 25 + bandwidthForegroundPercentageHours = @{ + bandwidthBeginBusinessHours = 25 bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 } - bandwidthBackgroundPercentageHours = @{ - bandwidthBeginBusinessHours = 25 + bandwidthBackgroundPercentageHours = @{ + bandwidthBeginBusinessHours = 25 bandwidthPercentageOutsideBusinessHours = 25 - bandwidthPercentageDuringBusinessHours = 25 - bandwidthEndBusinessHours = 25 + bandwidthPercentageDuringBusinessHours = 25 + bandwidthEndBusinessHours = 25 } maximumForegroundBandwidthPercentage = 25 - '@odata.type' = "#microsoft.graph.deliveryOptimizationBandwidthAbsolute" + '@odata.type' = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' } - minimumDiskSizeAllowedToPeerInGigabytes = 25 - restrictPeerSelectionBy = "notConfigured" + minimumDiskSizeAllowedToPeerInGigabytes = 25 + restrictPeerSelectionBy = 'notConfigured' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.Tests.ps1 index 534e72e587..2ec5c7a8ab 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.Tests.ps1 @@ -49,7 +49,11 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts Context -Name "The IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 should exist but it DOES NOT" -Fixture { BeforeAll { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 index f08ec76c05..df80038317 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.Tests.ps1 @@ -49,7 +49,11 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts Context -Name 'The IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 index be960b0c79..4e1a04345f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneDeviceConfigurationIdentityProtectionPolicyWindows10" -GenericStubModule $GenericStubPath + -DscResource 'IntuneDeviceConfigurationIdentityProtectionPolicyWindows10' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -43,44 +43,48 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts - Context -Name "The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' EnhancedAntiSpoofingForFacialFeaturesEnabled = $True - Id = "FakeStringValue" - PinExpirationInDays = 25 - PinLowercaseCharactersUsage = "blocked" - PinMaximumLength = 25 - PinMinimumLength = 25 - PinPreviousBlockCount = 25 - PinRecoveryEnabled = $True - PinSpecialCharactersUsage = "blocked" - PinUppercaseCharactersUsage = "blocked" - SecurityDeviceRequired = $True - SupportsScopeTags = $True - UnlockWithBiometricsEnabled = $True - UseCertificatesForOnPremisesAuthEnabled = $True - UseSecurityKeyForSignin = $True - WindowsHelloForBusinessBlocked = $True - Ensure = "Present" - Credential = $Credential; + Id = 'FakeStringValue' + PinExpirationInDays = 25 + PinLowercaseCharactersUsage = 'blocked' + PinMaximumLength = 25 + PinMinimumLength = 25 + PinPreviousBlockCount = 25 + PinRecoveryEnabled = $True + PinSpecialCharactersUsage = 'blocked' + PinUppercaseCharactersUsage = 'blocked' + SecurityDeviceRequired = $True + SupportsScopeTags = $True + UnlockWithBiometricsEnabled = $True + UseCertificatesForOnPremisesAuthEnabled = $True + UseSecurityKeyForSignin = $True + WindowsHelloForBusinessBlocked = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -92,60 +96,60 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' EnhancedAntiSpoofingForFacialFeaturesEnabled = $True - Id = "FakeStringValue" - PinExpirationInDays = 25 - PinLowercaseCharactersUsage = "blocked" - PinMaximumLength = 25 - PinMinimumLength = 25 - PinPreviousBlockCount = 25 - PinRecoveryEnabled = $True - PinSpecialCharactersUsage = "blocked" - PinUppercaseCharactersUsage = "blocked" - SecurityDeviceRequired = $True - SupportsScopeTags = $True - UnlockWithBiometricsEnabled = $True - UseCertificatesForOnPremisesAuthEnabled = $True - UseSecurityKeyForSignin = $True - WindowsHelloForBusinessBlocked = $True - Ensure = "Absent" - Credential = $Credential; + Id = 'FakeStringValue' + PinExpirationInDays = 25 + PinLowercaseCharactersUsage = 'blocked' + PinMaximumLength = 25 + PinMinimumLength = 25 + PinPreviousBlockCount = 25 + PinRecoveryEnabled = $True + PinSpecialCharactersUsage = 'blocked' + PinUppercaseCharactersUsage = 'blocked' + SecurityDeviceRequired = $True + SupportsScopeTags = $True + UnlockWithBiometricsEnabled = $True + UseCertificatesForOnPremisesAuthEnabled = $True + UseSecurityKeyForSignin = $True + WindowsHelloForBusinessBlocked = $True + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - pinRecoveryEnabled = $True - pinExpirationInDays = 25 - pinMinimumLength = 25 - securityDeviceRequired = $True - useCertificatesForOnPremisesAuthEnabled = $True - unlockWithBiometricsEnabled = $True - '@odata.type' = "#microsoft.graph.windowsIdentityProtectionConfiguration" - pinLowercaseCharactersUsage = "blocked" - pinPreviousBlockCount = 25 - windowsHelloForBusinessBlocked = $True - useSecurityKeyForSignin = $True - pinSpecialCharactersUsage = "blocked" - pinMaximumLength = 25 + pinRecoveryEnabled = $True + pinExpirationInDays = 25 + pinMinimumLength = 25 + securityDeviceRequired = $True + useCertificatesForOnPremisesAuthEnabled = $True + unlockWithBiometricsEnabled = $True + '@odata.type' = '#microsoft.graph.windowsIdentityProtectionConfiguration' + pinLowercaseCharactersUsage = 'blocked' + pinPreviousBlockCount = 25 + windowsHelloForBusinessBlocked = $True + useSecurityKeyForSignin = $True + pinSpecialCharactersUsage = 'blocked' + pinMaximumLength = 25 enhancedAntiSpoofingForFacialFeaturesEnabled = $True - pinUppercaseCharactersUsage = "blocked" + pinUppercaseCharactersUsage = 'blocked' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - SupportsScopeTags = $True + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + SupportsScopeTags = $True } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -158,54 +162,54 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' EnhancedAntiSpoofingForFacialFeaturesEnabled = $True - Id = "FakeStringValue" - PinExpirationInDays = 25 - PinLowercaseCharactersUsage = "blocked" - PinMaximumLength = 25 - PinMinimumLength = 25 - PinPreviousBlockCount = 25 - PinRecoveryEnabled = $True - PinSpecialCharactersUsage = "blocked" - PinUppercaseCharactersUsage = "blocked" - SecurityDeviceRequired = $True - SupportsScopeTags = $True - UnlockWithBiometricsEnabled = $True - UseCertificatesForOnPremisesAuthEnabled = $True - UseSecurityKeyForSignin = $True - WindowsHelloForBusinessBlocked = $True - Ensure = "Present" - Credential = $Credential; + Id = 'FakeStringValue' + PinExpirationInDays = 25 + PinLowercaseCharactersUsage = 'blocked' + PinMaximumLength = 25 + PinMinimumLength = 25 + PinPreviousBlockCount = 25 + PinRecoveryEnabled = $True + PinSpecialCharactersUsage = 'blocked' + PinUppercaseCharactersUsage = 'blocked' + SecurityDeviceRequired = $True + SupportsScopeTags = $True + UnlockWithBiometricsEnabled = $True + UseCertificatesForOnPremisesAuthEnabled = $True + UseSecurityKeyForSignin = $True + WindowsHelloForBusinessBlocked = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - pinRecoveryEnabled = $True - pinExpirationInDays = 25 - pinMinimumLength = 25 - securityDeviceRequired = $True - useCertificatesForOnPremisesAuthEnabled = $True - unlockWithBiometricsEnabled = $True - '@odata.type' = "#microsoft.graph.windowsIdentityProtectionConfiguration" - pinLowercaseCharactersUsage = "blocked" - pinPreviousBlockCount = 25 - windowsHelloForBusinessBlocked = $True - useSecurityKeyForSignin = $True - pinSpecialCharactersUsage = "blocked" - pinMaximumLength = 25 + pinRecoveryEnabled = $True + pinExpirationInDays = 25 + pinMinimumLength = 25 + securityDeviceRequired = $True + useCertificatesForOnPremisesAuthEnabled = $True + unlockWithBiometricsEnabled = $True + '@odata.type' = '#microsoft.graph.windowsIdentityProtectionConfiguration' + pinLowercaseCharactersUsage = 'blocked' + pinPreviousBlockCount = 25 + windowsHelloForBusinessBlocked = $True + useSecurityKeyForSignin = $True + pinSpecialCharactersUsage = 'blocked' + pinMaximumLength = 25 enhancedAntiSpoofingForFacialFeaturesEnabled = $True - pinUppercaseCharactersUsage = "blocked" + pinUppercaseCharactersUsage = 'blocked' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - SupportsScopeTags = $True + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + SupportsScopeTags = $True } } @@ -217,51 +221,51 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' EnhancedAntiSpoofingForFacialFeaturesEnabled = $True - Id = "FakeStringValue" - PinExpirationInDays = 25 - PinLowercaseCharactersUsage = "blocked" - PinMaximumLength = 25 - PinMinimumLength = 25 - PinPreviousBlockCount = 25 - PinRecoveryEnabled = $True - PinSpecialCharactersUsage = "blocked" - PinUppercaseCharactersUsage = "blocked" - SecurityDeviceRequired = $True - SupportsScopeTags = $True - UnlockWithBiometricsEnabled = $True - UseCertificatesForOnPremisesAuthEnabled = $True - UseSecurityKeyForSignin = $True - WindowsHelloForBusinessBlocked = $True - Ensure = "Present" - Credential = $Credential; + Id = 'FakeStringValue' + PinExpirationInDays = 25 + PinLowercaseCharactersUsage = 'blocked' + PinMaximumLength = 25 + PinMinimumLength = 25 + PinPreviousBlockCount = 25 + PinRecoveryEnabled = $True + PinSpecialCharactersUsage = 'blocked' + PinUppercaseCharactersUsage = 'blocked' + SecurityDeviceRequired = $True + SupportsScopeTags = $True + UnlockWithBiometricsEnabled = $True + UseCertificatesForOnPremisesAuthEnabled = $True + UseSecurityKeyForSignin = $True + WindowsHelloForBusinessBlocked = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.windowsIdentityProtectionConfiguration" - pinUppercaseCharactersUsage = "blocked" - pinPreviousBlockCount = 7 - pinMinimumLength = 7 - pinSpecialCharactersUsage = "blocked" - pinExpirationInDays = 7 - pinLowercaseCharactersUsage = "blocked" - pinMaximumLength = 7 + '@odata.type' = '#microsoft.graph.windowsIdentityProtectionConfiguration' + pinUppercaseCharactersUsage = 'blocked' + pinPreviousBlockCount = 7 + pinMinimumLength = 7 + pinSpecialCharactersUsage = 'blocked' + pinExpirationInDays = 7 + pinLowercaseCharactersUsage = 'blocked' + pinMaximumLength = 7 } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -269,13 +273,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -286,31 +290,31 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - pinRecoveryEnabled = $True - pinExpirationInDays = 25 - pinMinimumLength = 25 - securityDeviceRequired = $True - useCertificatesForOnPremisesAuthEnabled = $True - unlockWithBiometricsEnabled = $True - '@odata.type' = "#microsoft.graph.windowsIdentityProtectionConfiguration" - pinLowercaseCharactersUsage = "blocked" - pinPreviousBlockCount = 25 - windowsHelloForBusinessBlocked = $True - useSecurityKeyForSignin = $True - pinSpecialCharactersUsage = "blocked" - pinMaximumLength = 25 + pinRecoveryEnabled = $True + pinExpirationInDays = 25 + pinMinimumLength = 25 + securityDeviceRequired = $True + useCertificatesForOnPremisesAuthEnabled = $True + unlockWithBiometricsEnabled = $True + '@odata.type' = '#microsoft.graph.windowsIdentityProtectionConfiguration' + pinLowercaseCharactersUsage = 'blocked' + pinPreviousBlockCount = 25 + windowsHelloForBusinessBlocked = $True + useSecurityKeyForSignin = $True + pinSpecialCharactersUsage = 'blocked' + pinMaximumLength = 25 enhancedAntiSpoofingForFacialFeaturesEnabled = $True - pinUppercaseCharactersUsage = "blocked" + pinUppercaseCharactersUsage = 'blocked' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - SupportsScopeTags = $True + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + SupportsScopeTags = $True } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 index 94c988e736..64392e4dc6 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10" -GenericStubModule $GenericStubPath + -DscResource 'IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -43,52 +43,56 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts - Context -Name "The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True windowsNetworkIsolationPolicy = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy -Property @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseCloudResources = [CimInstance[]]@( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphproxiedDomain1 -Property @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" - } -ClientOnly) - ) - EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = [CimInstance[]]@( + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' + } -ClientOnly) + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphipRange1 -Property @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - odataType = "#microsoft.graph.iPv4CidrRange" - } -ClientOnly) - ) - NeutralDomainResources = @("FakeStringValue") - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + odataType = '#microsoft.graph.iPv4CidrRange' + } -ClientOnly) + ) + NeutralDomainResources = @('FakeStringValue') + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -100,76 +104,76 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True windowsNetworkIsolationPolicy = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy -Property @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseCloudResources = [CimInstance[]]@( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphproxiedDomain1 -Property @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" - } -ClientOnly) - ) - EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = [CimInstance[]]@( + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' + } -ClientOnly) + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphipRange1 -Property @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - odataType = "#microsoft.graph.iPv4CidrRange" - } -ClientOnly) - ) - NeutralDomainResources = @("FakeStringValue") - } -ClientOnly) - Ensure = "Absent" - Credential = $Credential; + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + odataType = '#microsoft.graph.iPv4CidrRange' + } -ClientOnly) + ) + NeutralDomainResources = @('FakeStringValue') + } -ClientOnly) + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ windowsNetworkIsolationPolicy = @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseCloudResources = @( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = @( @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' } ) EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = @( + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = @( @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - '@odata.type' = "#microsoft.graph.iPv4CidrRange" + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.iPv4CidrRange' } ) - NeutralDomainResources = @("FakeStringValue") + NeutralDomainResources = @('FakeStringValue') } - '@odata.type' = "#microsoft.graph.windows10NetworkBoundaryConfiguration" + '@odata.type' = '#microsoft.graph.windows10NetworkBoundaryConfiguration' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -182,70 +186,70 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True windowsNetworkIsolationPolicy = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy -Property @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseCloudResources = [CimInstance[]]@( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphproxiedDomain1 -Property @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" - } -ClientOnly) - ) - EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = [CimInstance[]]@( + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' + } -ClientOnly) + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphipRange1 -Property @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - odataType = "#microsoft.graph.iPv4CidrRange" - } -ClientOnly) - ) - NeutralDomainResources = @("FakeStringValue") - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + odataType = '#microsoft.graph.iPv4CidrRange' + } -ClientOnly) + ) + NeutralDomainResources = @('FakeStringValue') + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ windowsNetworkIsolationPolicy = @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseCloudResources = @( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = @( @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' } ) EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = @( + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = @( @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - '@odata.type' = "#microsoft.graph.iPv4CidrRange" + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.iPv4CidrRange' } ) - NeutralDomainResources = @("FakeStringValue") + NeutralDomainResources = @('FakeStringValue') } - '@odata.type' = "#microsoft.graph.windows10NetworkBoundaryConfiguration" + '@odata.type' = '#microsoft.graph.windows10NetworkBoundaryConfiguration' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } @@ -257,72 +261,72 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True windowsNetworkIsolationPolicy = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy -Property @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseCloudResources = [CimInstance[]]@( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphproxiedDomain1 -Property @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" - } -ClientOnly) - ) - EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = [CimInstance[]]@( + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' + } -ClientOnly) + ) + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_MicrosoftGraphipRange1 -Property @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - odataType = "#microsoft.graph.iPv4CidrRange" - } -ClientOnly) - ) - NeutralDomainResources = @("FakeStringValue") - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + odataType = '#microsoft.graph.iPv4CidrRange' + } -ClientOnly) + ) + NeutralDomainResources = @('FakeStringValue') + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ windowsNetworkIsolationPolicy = @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseCloudResources = @( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseCloudResources = @( @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' } ) - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = @( + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = @( @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - '@odata.type' = "#microsoft.graph.iPv4CidrRange" + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.iPv4CidrRange' } ) - NeutralDomainResources = @("FakeStringValue") + NeutralDomainResources = @('FakeStringValue') } - '@odata.type' = "#microsoft.graph.windows10NetworkBoundaryConfiguration" + '@odata.type' = '#microsoft.graph.windows10NetworkBoundaryConfiguration' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -330,13 +334,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -348,38 +352,38 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return @{ AdditionalProperties = @{ windowsNetworkIsolationPolicy = @{ - EnterpriseProxyServers = @("FakeStringValue") - EnterpriseInternalProxyServers = @("FakeStringValue") - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseCloudResources = @( + EnterpriseProxyServers = @('FakeStringValue') + EnterpriseInternalProxyServers = @('FakeStringValue') + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseCloudResources = @( @{ - Proxy = "FakeStringValue" - IpAddressOrFQDN = "FakeStringValue" + Proxy = 'FakeStringValue' + IpAddressOrFQDN = 'FakeStringValue' } ) EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @("FakeStringValue") - EnterpriseIPRanges = @( + EnterpriseNetworkDomainNames = @('FakeStringValue') + EnterpriseIPRanges = @( @{ - CidrAddress = "FakeStringValue" - UpperAddress = "FakeStringValue" - LowerAddress = "FakeStringValue" - '@odata.type' = "#microsoft.graph.iPv4CidrRange" + CidrAddress = 'FakeStringValue' + UpperAddress = 'FakeStringValue' + LowerAddress = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.iPv4CidrRange' } ) - NeutralDomainResources = @("FakeStringValue") + NeutralDomainResources = @('FakeStringValue') } - '@odata.type' = "#microsoft.graph.windows10NetworkBoundaryConfiguration" + '@odata.type' = '#microsoft.graph.windows10NetworkBoundaryConfiguration' } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 index 09048ca2b6..28141f1a4c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneDeviceConfigurationPolicyWindows10" -GenericStubModule $GenericStubPath + -DscResource 'IntuneDeviceConfigurationPolicyWindows10' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -43,332 +43,336 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts - Context -Name "The IntuneDeviceConfigurationPolicyWindows10 should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationPolicyWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - AccountsBlockAddingNonMicrosoftAccountEmail = $True - ActivateAppsWithVoice = "notConfigured" - AntiTheftModeBlocked = $True - AppManagementMSIAllowUserControlOverInstall = $True - AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True - AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - AppsAllowTrustedAppsSideloading = "notConfigured" - AppsBlockWindowsStoreOriginatedApps = $True - AuthenticationAllowSecondaryDevice = $True - AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" - AuthenticationWebSignIn = "notConfigured" - BluetoothAllowedServices = @("FakeStringValue") - BluetoothBlockAdvertising = $True - BluetoothBlockDiscoverableMode = $True - BluetoothBlocked = $True - BluetoothBlockPrePairing = $True - BluetoothBlockPromptedProximalConnections = $True - CameraBlocked = $True - CellularBlockDataWhenRoaming = $True - CellularBlockVpn = $True - CellularBlockVpnWhenRoaming = $True - CellularData = "blocked" - CertificatesBlockManualRootCertificateInstallation = $True - ConfigureTimeZone = "FakeStringValue" - ConnectedDevicesServiceBlocked = $True - CopyPasteBlocked = $True - CortanaBlocked = $True - CryptographyAllowFipsAlgorithmPolicy = $True - DataProtectionBlockDirectMemoryAccess = $True - DefenderBlockEndUserAccess = $True - DefenderBlockOnAccessProtection = $True - DefenderCloudBlockLevel = "notConfigured" - DefenderCloudExtendedTimeout = 25 - DefenderCloudExtendedTimeoutInSeconds = 25 - DefenderDaysBeforeDeletingQuarantinedMalware = 25 - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" - } -ClientOnly) - defenderDisableCatchupFullScan = $True - defenderDisableCatchupQuickScan = $True - defenderFileExtensionsToExclude = @("FakeStringValue") - defenderFilesAndFoldersToExclude = @("FakeStringValue") - defenderMonitorFileActivity = "userDefined" - defenderPotentiallyUnwantedAppAction = "deviceDefault" - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderProcessesToExclude = @("FakeStringValue") - defenderPromptForSampleSubmission = "userDefined" - defenderRequireBehaviorMonitoring = $True - defenderRequireCloudProtection = $True - defenderRequireNetworkInspectionSystem = $True - defenderRequireRealTimeMonitoring = $True - defenderScanArchiveFiles = $True - defenderScanDownloads = $True - defenderScanIncomingMail = $True - defenderScanMappedNetworkDrivesDuringFullScan = $True - defenderScanMaxCpu = 25 - defenderScanNetworkFiles = $True - defenderScanRemovableDrivesDuringFullScan = $True - defenderScanScriptsLoadedInInternetExplorer = $True - defenderScanType = "userDefined" - defenderScheduledQuickScanTime = "00:00:00" - defenderScheduledScanTime = "00:00:00" - defenderScheduleScanEnableLowCpuPriority = $True - defenderSignatureUpdateIntervalInHours = 25 - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - defenderSystemScanSchedule = "userDefined" - description = "FakeStringValue" - developerUnlockSetting = "notConfigured" - deviceManagementBlockFactoryResetOnMobile = $True - deviceManagementBlockManualUnenroll = $True - diagnosticsDataSubmissionMode = "userDefined" - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - displayName = "FakeStringValue" - edgeAllowStartPagesModification = $True - edgeBlockAccessToAboutFlags = $True - edgeBlockAddressBarDropdown = $True - edgeBlockAutofill = $True - edgeBlockCompatibilityList = $True - edgeBlockDeveloperTools = $True - edgeBlocked = $True - edgeBlockEditFavorites = $True - edgeBlockExtensions = $True - edgeBlockFullScreenMode = $True - edgeBlockInPrivateBrowsing = $True - edgeBlockJavaScript = $True - edgeBlockLiveTileDataCollection = $True - edgeBlockPasswordManager = $True - edgeBlockPopups = $True - edgeBlockPrelaunch = $True - edgeBlockPrinting = $True - edgeBlockSavingHistory = $True - edgeBlockSearchEngineCustomization = $True - edgeBlockSearchSuggestions = $True - edgeBlockSendingDoNotTrackHeader = $True - edgeBlockSendingIntranetTrafficToInternetExplorer = $True - edgeBlockSideloadingExtensions = $True - edgeBlockTabPreloading = $True - edgeBlockWebContentOnNewTabPage = $True - edgeClearBrowsingDataOnExit = $True - edgeCookiePolicy = "userDefined" - edgeDisableFirstRunPage = $True - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - edgeFavoritesBarVisibility = "notConfigured" - edgeFavoritesListLocation = "FakeStringValue" - edgeFirstRunUrl = "FakeStringValue" - edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ - odataType = "#microsoft.graph.edgeHomeButtonHidden" - homeButtonCustomURL = "FakeStringValue" - } -ClientOnly) - edgeHomeButtonConfigurationEnabled = $True - edgeHomepageUrls = @("FakeStringValue") - edgeKioskModeRestriction = "notConfigured" - edgeKioskResetAfterIdleTimeInMinutes = 25 - edgeNewTabPageURL = "FakeStringValue" - edgeOpensWith = "notConfigured" - edgePreventCertificateErrorOverride = $True - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - edgeRequireSmartScreen = $True - edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - odataType = "#microsoft.graph.edgeSearchEngine" - } -ClientOnly) - edgeSendIntranetTrafficToInternetExplorer = $True - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - edgeSyncFavoritesWithInternetExplorer = $True - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - enableAutomaticRedeployment = $True - energySaverOnBatteryThresholdPercentage = 25 - energySaverPluggedInThresholdPercentage = 25 - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - enterpriseCloudPrintDiscoveryMaxLimit = 25 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - experienceBlockDeviceDiscovery = $True - experienceBlockErrorDialogWhenNoSIM = $True - experienceBlockTaskSwitcher = $True - experienceDoNotSyncBrowserSettings = "notConfigured" - findMyFiles = "notConfigured" - gameDvrBlocked = $True - id = "FakeStringValue" - inkWorkspaceAccess = "notConfigured" - inkWorkspaceAccessState = "notConfigured" - inkWorkspaceBlockSuggestedApps = $True - internetSharingBlocked = $True - locationServicesBlocked = $True - lockScreenActivateAppsWithVoice = "notConfigured" - lockScreenAllowTimeoutConfiguration = $True - lockScreenBlockActionCenterNotifications = $True - lockScreenBlockCortana = $True - lockScreenBlockToastNotifications = $True - lockScreenTimeoutInSeconds = 25 - logonBlockFastUserSwitching = $True - messagingBlockMMS = $True - messagingBlockRichCommunicationServices = $True - messagingBlockSync = $True - microsoftAccountBlocked = $True - microsoftAccountBlockSettingsSync = $True - microsoftAccountSignInAssistantSettings = "notConfigured" - networkProxyApplySettingsDeviceWide = $True - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - networkProxyDisableAutoDetect = $True - networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ - useForLocalAddresses = $True - exceptions = @("FakeStringValue") - address = "FakeStringValue" - } -ClientOnly) - nfcBlocked = $True - oneDriveDisableFileSync = $True - passwordBlockSimple = $True - passwordExpirationDays = 25 - passwordMinimumAgeInDays = 25 - passwordMinimumCharacterSetCount = 25 - passwordMinimumLength = 25 - passwordMinutesOfInactivityBeforeScreenTimeout = 25 - passwordPreviousPasswordBlockCount = 25 - passwordRequired = $True - passwordRequiredType = "deviceDefault" - passwordRequireWhenResumeFromIdleState = $True - passwordSignInFailureCountBeforeFactoryReset = 25 - personalizationDesktopImageUrl = "FakeStringValue" - personalizationLockScreenImageUrl = "FakeStringValue" - powerButtonActionOnBattery = "notConfigured" - powerButtonActionPluggedIn = "notConfigured" - powerHybridSleepOnBattery = "notConfigured" - powerHybridSleepPluggedIn = "notConfigured" - powerLidCloseActionOnBattery = "notConfigured" - powerLidCloseActionPluggedIn = "notConfigured" - powerSleepButtonActionOnBattery = "notConfigured" - powerSleepButtonActionPluggedIn = "notConfigured" - printerBlockAddition = $True - printerDefaultName = "FakeStringValue" - printerNames = @("FakeStringValue") - privacyAdvertisingId = "notConfigured" - privacyAutoAcceptPairingAndConsentPrompts = $True - privacyBlockActivityFeed = $True - privacyBlockInputPersonalization = $True - privacyBlockPublishUserActivities = $True - privacyDisableLaunchExperience = $True - resetProtectionModeBlocked = $True - safeSearchFilter = "userDefined" - screenCaptureBlocked = $True - searchBlockDiacritics = $True - searchBlockWebResults = $True - searchDisableAutoLanguageDetection = $True - searchDisableIndexerBackoff = $True - searchDisableIndexingEncryptedItems = $True - searchDisableIndexingRemovableDrive = $True - searchDisableLocation = $True - searchDisableUseLocation = $True - searchEnableAutomaticIndexSizeManangement = $True - searchEnableRemoteQueries = $True - securityBlockAzureADJoinedDevicesAutoEncryption = $True - settingsBlockAccountsPage = $True - settingsBlockAddProvisioningPackage = $True - settingsBlockAppsPage = $True - settingsBlockChangeLanguage = $True - settingsBlockChangePowerSleep = $True - settingsBlockChangeRegion = $True - settingsBlockChangeSystemTime = $True - settingsBlockDevicesPage = $True - settingsBlockEaseOfAccessPage = $True - settingsBlockEditDeviceName = $True - settingsBlockGamingPage = $True - settingsBlockNetworkInternetPage = $True - settingsBlockPersonalizationPage = $True - settingsBlockPrivacyPage = $True - settingsBlockRemoveProvisioningPackage = $True - settingsBlockSettingsApp = $True - settingsBlockSystemPage = $True - settingsBlockTimeLanguagePage = $True - settingsBlockUpdateSecurityPage = $True - sharedUserAppDataAllowed = $True - smartScreenAppInstallControl = "notConfigured" - smartScreenBlockPromptOverride = $True - smartScreenBlockPromptOverrideForFiles = $True - smartScreenEnableAppInstallControl = $True - startBlockUnpinningAppsFromTaskbar = $True - startMenuAppListVisibility = "userDefined" - startMenuHideChangeAccountSettings = $True - startMenuHideFrequentlyUsedApps = $True - startMenuHideHibernate = $True - startMenuHideLock = $True - startMenuHidePowerButton = $True - startMenuHideRecentJumpLists = $True - startMenuHideRecentlyAddedApps = $True - startMenuHideRestartOptions = $True - startMenuHideShutDown = $True - startMenuHideSignOut = $True - startMenuHideSleep = $True - startMenuHideSwitchAccount = $True - startMenuHideUserTile = $True - startMenuLayoutEdgeAssetsXml = $True - startMenuLayoutXml = $True - startMenuMode = "userDefined" - startMenuPinnedFolderDocuments = "notConfigured" - startMenuPinnedFolderDownloads = "notConfigured" - startMenuPinnedFolderFileExplorer = "notConfigured" - startMenuPinnedFolderHomeGroup = "notConfigured" - startMenuPinnedFolderMusic = "notConfigured" - startMenuPinnedFolderNetwork = "notConfigured" - startMenuPinnedFolderPersonalFolder = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - startMenuPinnedFolderSettings = "notConfigured" - startMenuPinnedFolderVideos = "notConfigured" - storageBlockRemovableStorage = $True - storageRequireMobileDeviceEncryption = $True - storageRestrictAppDataToSystemVolume = $True - storageRestrictAppInstallToSystemVolume = $True - supportsScopeTags = $True - systemTelemetryProxyServer = "FakeStringValue" - taskManagerBlockEndTask = $True - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True - uninstallBuiltInApps = $True - usbBlocked = $True - voiceRecordingBlocked = $True - webRtcBlockLocalhostIpAddress = $True - wiFiBlockAutomaticConnectHotspots = $True - wiFiBlocked = $True - wiFiBlockManualConfiguration = $True - wiFiScanInterval = 25 - windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ - runImmediatelyIfAfterStartDateTime = $True - recurrence = "none" - startDateTime = "2023-01-01T00:00:00.0000000+00:00" - } -ClientOnly) - windowsSpotlightBlockConsumerSpecificFeatures = $True - windowsSpotlightBlocked = $True - windowsSpotlightBlockOnActionCenter = $True - windowsSpotlightBlockTailoredExperiences = $True - windowsSpotlightBlockThirdPartyNotifications = $True - windowsSpotlightBlockWelcomeExperience = $True - windowsSpotlightBlockWindowsTips = $True - windowsSpotlightConfigureOnLockScreen = "notConfigured" - windowsStoreBlockAutoUpdate = $True - windowsStoreBlocked = $True - windowsStoreEnablePrivateStoreOnly = $True - wirelessDisplayBlockProjectionToThisDevice = $True - wirelessDisplayBlockUserInputFromReceiver = $True - wirelessDisplayRequirePinForPairing = $True - Ensure = "Present" - Credential = $Credential; + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = 'notConfigured' + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + AppsAllowTrustedAppsSideloading = 'notConfigured' + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + AuthenticationWebSignIn = 'notConfigured' + BluetoothAllowedServices = @('FakeStringValue') + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = 'blocked' + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = 'FakeStringValue' + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = 'notConfigured' + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @('FakeStringValue') + defenderFilesAndFoldersToExclude = @('FakeStringValue') + defenderMonitorFileActivity = 'userDefined' + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderProcessesToExclude = @('FakeStringValue') + defenderPromptForSampleSubmission = 'userDefined' + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = 'userDefined' + defenderScheduledQuickScanTime = '00:00:00' + defenderScheduledScanTime = '00:00:00' + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + defenderSystemScanSchedule = 'userDefined' + description = 'FakeStringValue' + developerUnlockSetting = 'notConfigured' + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = 'userDefined' + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + displayName = 'FakeStringValue' + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = 'userDefined' + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + edgeFavoritesBarVisibility = 'notConfigured' + edgeFavoritesListLocation = 'FakeStringValue' + edgeFirstRunUrl = 'FakeStringValue' + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = '#microsoft.graph.edgeHomeButtonHidden' + homeButtonCustomURL = 'FakeStringValue' + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @('FakeStringValue') + edgeKioskModeRestriction = 'notConfigured' + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = 'FakeStringValue' + edgeOpensWith = 'notConfigured' + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + odataType = '#microsoft.graph.edgeSearchEngine' + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = 'notConfigured' + findMyFiles = 'notConfigured' + gameDvrBlocked = $True + id = 'FakeStringValue' + inkWorkspaceAccess = 'notConfigured' + inkWorkspaceAccessState = 'notConfigured' + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = 'notConfigured' + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = 'notConfigured' + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @('FakeStringValue') + address = 'FakeStringValue' + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = 'deviceDefault' + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = 'FakeStringValue' + personalizationLockScreenImageUrl = 'FakeStringValue' + powerButtonActionOnBattery = 'notConfigured' + powerButtonActionPluggedIn = 'notConfigured' + powerHybridSleepOnBattery = 'notConfigured' + powerHybridSleepPluggedIn = 'notConfigured' + powerLidCloseActionOnBattery = 'notConfigured' + powerLidCloseActionPluggedIn = 'notConfigured' + powerSleepButtonActionOnBattery = 'notConfigured' + powerSleepButtonActionPluggedIn = 'notConfigured' + printerBlockAddition = $True + printerDefaultName = 'FakeStringValue' + printerNames = @('FakeStringValue') + privacyAdvertisingId = 'notConfigured' + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = 'userDefined' + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = 'notConfigured' + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = 'userDefined' + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = 'userDefined' + startMenuPinnedFolderDocuments = 'notConfigured' + startMenuPinnedFolderDownloads = 'notConfigured' + startMenuPinnedFolderFileExplorer = 'notConfigured' + startMenuPinnedFolderHomeGroup = 'notConfigured' + startMenuPinnedFolderMusic = 'notConfigured' + startMenuPinnedFolderNetwork = 'notConfigured' + startMenuPinnedFolderPersonalFolder = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + startMenuPinnedFolderSettings = 'notConfigured' + startMenuPinnedFolderVideos = 'notConfigured' + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = 'FakeStringValue' + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = 'none' + startDateTime = '2023-01-01T00:00:00.0000000+00:00' + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -380,636 +384,636 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationPolicyWindows10 exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationPolicyWindows10 exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - AccountsBlockAddingNonMicrosoftAccountEmail = $True - ActivateAppsWithVoice = "notConfigured" - AntiTheftModeBlocked = $True - AppManagementMSIAllowUserControlOverInstall = $True - AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True - AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - AppsAllowTrustedAppsSideloading = "notConfigured" - AppsBlockWindowsStoreOriginatedApps = $True - AuthenticationAllowSecondaryDevice = $True - AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" - AuthenticationWebSignIn = "notConfigured" - BluetoothAllowedServices = @("FakeStringValue") - BluetoothBlockAdvertising = $True - BluetoothBlockDiscoverableMode = $True - BluetoothBlocked = $True - BluetoothBlockPrePairing = $True - BluetoothBlockPromptedProximalConnections = $True - CameraBlocked = $True - CellularBlockDataWhenRoaming = $True - CellularBlockVpn = $True - CellularBlockVpnWhenRoaming = $True - CellularData = "blocked" - CertificatesBlockManualRootCertificateInstallation = $True - ConfigureTimeZone = "FakeStringValue" - ConnectedDevicesServiceBlocked = $True - CopyPasteBlocked = $True - CortanaBlocked = $True - CryptographyAllowFipsAlgorithmPolicy = $True - DataProtectionBlockDirectMemoryAccess = $True - DefenderBlockEndUserAccess = $True - DefenderBlockOnAccessProtection = $True - DefenderCloudBlockLevel = "notConfigured" - DefenderCloudExtendedTimeout = 25 - DefenderCloudExtendedTimeoutInSeconds = 25 - DefenderDaysBeforeDeletingQuarantinedMalware = 25 - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" - } -ClientOnly) - defenderDisableCatchupFullScan = $True - defenderDisableCatchupQuickScan = $True - defenderFileExtensionsToExclude = @("FakeStringValue") - defenderFilesAndFoldersToExclude = @("FakeStringValue") - defenderMonitorFileActivity = "userDefined" - defenderPotentiallyUnwantedAppAction = "deviceDefault" - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderProcessesToExclude = @("FakeStringValue") - defenderPromptForSampleSubmission = "userDefined" - defenderRequireBehaviorMonitoring = $True - defenderRequireCloudProtection = $True - defenderRequireNetworkInspectionSystem = $True - defenderRequireRealTimeMonitoring = $True - defenderScanArchiveFiles = $True - defenderScanDownloads = $True - defenderScanIncomingMail = $True - defenderScanMappedNetworkDrivesDuringFullScan = $True - defenderScanMaxCpu = 25 - defenderScanNetworkFiles = $True - defenderScanRemovableDrivesDuringFullScan = $True - defenderScanScriptsLoadedInInternetExplorer = $True - defenderScanType = "userDefined" - defenderScheduledQuickScanTime = "00:00:00" - defenderScheduledScanTime = "00:00:00" - defenderScheduleScanEnableLowCpuPriority = $True - defenderSignatureUpdateIntervalInHours = 25 - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - defenderSystemScanSchedule = "userDefined" - description = "FakeStringValue" - developerUnlockSetting = "notConfigured" - deviceManagementBlockFactoryResetOnMobile = $True - deviceManagementBlockManualUnenroll = $True - diagnosticsDataSubmissionMode = "userDefined" - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - displayName = "FakeStringValue" - edgeAllowStartPagesModification = $True - edgeBlockAccessToAboutFlags = $True - edgeBlockAddressBarDropdown = $True - edgeBlockAutofill = $True - edgeBlockCompatibilityList = $True - edgeBlockDeveloperTools = $True - edgeBlocked = $True - edgeBlockEditFavorites = $True - edgeBlockExtensions = $True - edgeBlockFullScreenMode = $True - edgeBlockInPrivateBrowsing = $True - edgeBlockJavaScript = $True - edgeBlockLiveTileDataCollection = $True - edgeBlockPasswordManager = $True - edgeBlockPopups = $True - edgeBlockPrelaunch = $True - edgeBlockPrinting = $True - edgeBlockSavingHistory = $True - edgeBlockSearchEngineCustomization = $True - edgeBlockSearchSuggestions = $True - edgeBlockSendingDoNotTrackHeader = $True - edgeBlockSendingIntranetTrafficToInternetExplorer = $True - edgeBlockSideloadingExtensions = $True - edgeBlockTabPreloading = $True - edgeBlockWebContentOnNewTabPage = $True - edgeClearBrowsingDataOnExit = $True - edgeCookiePolicy = "userDefined" - edgeDisableFirstRunPage = $True - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - edgeFavoritesBarVisibility = "notConfigured" - edgeFavoritesListLocation = "FakeStringValue" - edgeFirstRunUrl = "FakeStringValue" - edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ - odataType = "#microsoft.graph.edgeHomeButtonHidden" - homeButtonCustomURL = "FakeStringValue" - } -ClientOnly) - edgeHomeButtonConfigurationEnabled = $True - edgeHomepageUrls = @("FakeStringValue") - edgeKioskModeRestriction = "notConfigured" - edgeKioskResetAfterIdleTimeInMinutes = 25 - edgeNewTabPageURL = "FakeStringValue" - edgeOpensWith = "notConfigured" - edgePreventCertificateErrorOverride = $True - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - edgeRequireSmartScreen = $True - edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - odataType = "#microsoft.graph.edgeSearchEngine" - } -ClientOnly) - edgeSendIntranetTrafficToInternetExplorer = $True - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - edgeSyncFavoritesWithInternetExplorer = $True - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - enableAutomaticRedeployment = $True - energySaverOnBatteryThresholdPercentage = 25 - energySaverPluggedInThresholdPercentage = 25 - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - enterpriseCloudPrintDiscoveryMaxLimit = 25 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - experienceBlockDeviceDiscovery = $True - experienceBlockErrorDialogWhenNoSIM = $True - experienceBlockTaskSwitcher = $True - experienceDoNotSyncBrowserSettings = "notConfigured" - findMyFiles = "notConfigured" - gameDvrBlocked = $True - id = "FakeStringValue" - inkWorkspaceAccess = "notConfigured" - inkWorkspaceAccessState = "notConfigured" - inkWorkspaceBlockSuggestedApps = $True - internetSharingBlocked = $True - locationServicesBlocked = $True - lockScreenActivateAppsWithVoice = "notConfigured" - lockScreenAllowTimeoutConfiguration = $True - lockScreenBlockActionCenterNotifications = $True - lockScreenBlockCortana = $True - lockScreenBlockToastNotifications = $True - lockScreenTimeoutInSeconds = 25 - logonBlockFastUserSwitching = $True - messagingBlockMMS = $True - messagingBlockRichCommunicationServices = $True - messagingBlockSync = $True - microsoftAccountBlocked = $True - microsoftAccountBlockSettingsSync = $True - microsoftAccountSignInAssistantSettings = "notConfigured" - networkProxyApplySettingsDeviceWide = $True - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - networkProxyDisableAutoDetect = $True - networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ - useForLocalAddresses = $True - exceptions = @("FakeStringValue") - address = "FakeStringValue" - } -ClientOnly) - nfcBlocked = $True - oneDriveDisableFileSync = $True - passwordBlockSimple = $True - passwordExpirationDays = 25 - passwordMinimumAgeInDays = 25 - passwordMinimumCharacterSetCount = 25 - passwordMinimumLength = 25 - passwordMinutesOfInactivityBeforeScreenTimeout = 25 - passwordPreviousPasswordBlockCount = 25 - passwordRequired = $True - passwordRequiredType = "deviceDefault" - passwordRequireWhenResumeFromIdleState = $True - passwordSignInFailureCountBeforeFactoryReset = 25 - personalizationDesktopImageUrl = "FakeStringValue" - personalizationLockScreenImageUrl = "FakeStringValue" - powerButtonActionOnBattery = "notConfigured" - powerButtonActionPluggedIn = "notConfigured" - powerHybridSleepOnBattery = "notConfigured" - powerHybridSleepPluggedIn = "notConfigured" - powerLidCloseActionOnBattery = "notConfigured" - powerLidCloseActionPluggedIn = "notConfigured" - powerSleepButtonActionOnBattery = "notConfigured" - powerSleepButtonActionPluggedIn = "notConfigured" - printerBlockAddition = $True - printerDefaultName = "FakeStringValue" - printerNames = @("FakeStringValue") - privacyAdvertisingId = "notConfigured" - privacyAutoAcceptPairingAndConsentPrompts = $True - privacyBlockActivityFeed = $True - privacyBlockInputPersonalization = $True - privacyBlockPublishUserActivities = $True - privacyDisableLaunchExperience = $True - resetProtectionModeBlocked = $True - safeSearchFilter = "userDefined" - screenCaptureBlocked = $True - searchBlockDiacritics = $True - searchBlockWebResults = $True - searchDisableAutoLanguageDetection = $True - searchDisableIndexerBackoff = $True - searchDisableIndexingEncryptedItems = $True - searchDisableIndexingRemovableDrive = $True - searchDisableLocation = $True - searchDisableUseLocation = $True - searchEnableAutomaticIndexSizeManangement = $True - searchEnableRemoteQueries = $True - securityBlockAzureADJoinedDevicesAutoEncryption = $True - settingsBlockAccountsPage = $True - settingsBlockAddProvisioningPackage = $True - settingsBlockAppsPage = $True - settingsBlockChangeLanguage = $True - settingsBlockChangePowerSleep = $True - settingsBlockChangeRegion = $True - settingsBlockChangeSystemTime = $True - settingsBlockDevicesPage = $True - settingsBlockEaseOfAccessPage = $True - settingsBlockEditDeviceName = $True - settingsBlockGamingPage = $True - settingsBlockNetworkInternetPage = $True - settingsBlockPersonalizationPage = $True - settingsBlockPrivacyPage = $True - settingsBlockRemoveProvisioningPackage = $True - settingsBlockSettingsApp = $True - settingsBlockSystemPage = $True - settingsBlockTimeLanguagePage = $True - settingsBlockUpdateSecurityPage = $True - sharedUserAppDataAllowed = $True - smartScreenAppInstallControl = "notConfigured" - smartScreenBlockPromptOverride = $True - smartScreenBlockPromptOverrideForFiles = $True - smartScreenEnableAppInstallControl = $True - startBlockUnpinningAppsFromTaskbar = $True - startMenuAppListVisibility = "userDefined" - startMenuHideChangeAccountSettings = $True - startMenuHideFrequentlyUsedApps = $True - startMenuHideHibernate = $True - startMenuHideLock = $True - startMenuHidePowerButton = $True - startMenuHideRecentJumpLists = $True - startMenuHideRecentlyAddedApps = $True - startMenuHideRestartOptions = $True - startMenuHideShutDown = $True - startMenuHideSignOut = $True - startMenuHideSleep = $True - startMenuHideSwitchAccount = $True - startMenuHideUserTile = $True - startMenuLayoutEdgeAssetsXml = $True - startMenuLayoutXml = $True - startMenuMode = "userDefined" - startMenuPinnedFolderDocuments = "notConfigured" - startMenuPinnedFolderDownloads = "notConfigured" - startMenuPinnedFolderFileExplorer = "notConfigured" - startMenuPinnedFolderHomeGroup = "notConfigured" - startMenuPinnedFolderMusic = "notConfigured" - startMenuPinnedFolderNetwork = "notConfigured" - startMenuPinnedFolderPersonalFolder = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - startMenuPinnedFolderSettings = "notConfigured" - startMenuPinnedFolderVideos = "notConfigured" - storageBlockRemovableStorage = $True - storageRequireMobileDeviceEncryption = $True - storageRestrictAppDataToSystemVolume = $True - storageRestrictAppInstallToSystemVolume = $True - supportsScopeTags = $True - systemTelemetryProxyServer = "FakeStringValue" - taskManagerBlockEndTask = $True - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True - uninstallBuiltInApps = $True - usbBlocked = $True - voiceRecordingBlocked = $True - webRtcBlockLocalhostIpAddress = $True - wiFiBlockAutomaticConnectHotspots = $True - wiFiBlocked = $True - wiFiBlockManualConfiguration = $True - wiFiScanInterval = 25 - windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ - runImmediatelyIfAfterStartDateTime = $True - recurrence = "none" - startDateTime = "2023-01-01T00:00:00.0000000+00:00" - } -ClientOnly) - windowsSpotlightBlockConsumerSpecificFeatures = $True - windowsSpotlightBlocked = $True - windowsSpotlightBlockOnActionCenter = $True - windowsSpotlightBlockTailoredExperiences = $True - windowsSpotlightBlockThirdPartyNotifications = $True - windowsSpotlightBlockWelcomeExperience = $True - windowsSpotlightBlockWindowsTips = $True - windowsSpotlightConfigureOnLockScreen = "notConfigured" - windowsStoreBlockAutoUpdate = $True - windowsStoreBlocked = $True - windowsStoreEnablePrivateStoreOnly = $True - wirelessDisplayBlockProjectionToThisDevice = $True - wirelessDisplayBlockUserInputFromReceiver = $True - wirelessDisplayRequirePinForPairing = $True - Ensure = "Absent" - Credential = $Credential; + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = 'notConfigured' + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + AppsAllowTrustedAppsSideloading = 'notConfigured' + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + AuthenticationWebSignIn = 'notConfigured' + BluetoothAllowedServices = @('FakeStringValue') + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = 'blocked' + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = 'FakeStringValue' + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = 'notConfigured' + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @('FakeStringValue') + defenderFilesAndFoldersToExclude = @('FakeStringValue') + defenderMonitorFileActivity = 'userDefined' + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderProcessesToExclude = @('FakeStringValue') + defenderPromptForSampleSubmission = 'userDefined' + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = 'userDefined' + defenderScheduledQuickScanTime = '00:00:00' + defenderScheduledScanTime = '00:00:00' + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + defenderSystemScanSchedule = 'userDefined' + description = 'FakeStringValue' + developerUnlockSetting = 'notConfigured' + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = 'userDefined' + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + displayName = 'FakeStringValue' + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = 'userDefined' + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + edgeFavoritesBarVisibility = 'notConfigured' + edgeFavoritesListLocation = 'FakeStringValue' + edgeFirstRunUrl = 'FakeStringValue' + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = '#microsoft.graph.edgeHomeButtonHidden' + homeButtonCustomURL = 'FakeStringValue' + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @('FakeStringValue') + edgeKioskModeRestriction = 'notConfigured' + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = 'FakeStringValue' + edgeOpensWith = 'notConfigured' + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + odataType = '#microsoft.graph.edgeSearchEngine' + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = 'notConfigured' + findMyFiles = 'notConfigured' + gameDvrBlocked = $True + id = 'FakeStringValue' + inkWorkspaceAccess = 'notConfigured' + inkWorkspaceAccessState = 'notConfigured' + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = 'notConfigured' + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = 'notConfigured' + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @('FakeStringValue') + address = 'FakeStringValue' + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = 'deviceDefault' + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = 'FakeStringValue' + personalizationLockScreenImageUrl = 'FakeStringValue' + powerButtonActionOnBattery = 'notConfigured' + powerButtonActionPluggedIn = 'notConfigured' + powerHybridSleepOnBattery = 'notConfigured' + powerHybridSleepPluggedIn = 'notConfigured' + powerLidCloseActionOnBattery = 'notConfigured' + powerLidCloseActionPluggedIn = 'notConfigured' + powerSleepButtonActionOnBattery = 'notConfigured' + powerSleepButtonActionPluggedIn = 'notConfigured' + printerBlockAddition = $True + printerDefaultName = 'FakeStringValue' + printerNames = @('FakeStringValue') + privacyAdvertisingId = 'notConfigured' + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = 'userDefined' + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = 'notConfigured' + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = 'userDefined' + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = 'userDefined' + startMenuPinnedFolderDocuments = 'notConfigured' + startMenuPinnedFolderDownloads = 'notConfigured' + startMenuPinnedFolderFileExplorer = 'notConfigured' + startMenuPinnedFolderHomeGroup = 'notConfigured' + startMenuPinnedFolderMusic = 'notConfigured' + startMenuPinnedFolderNetwork = 'notConfigured' + startMenuPinnedFolderPersonalFolder = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + startMenuPinnedFolderSettings = 'notConfigured' + startMenuPinnedFolderVideos = 'notConfigured' + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = 'FakeStringValue' + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = 'none' + startDateTime = '2023-01-01T00:00:00.0000000+00:00' + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - startMenuHideSwitchAccount = $True - defenderBlockEndUserAccess = $True - searchEnableAutomaticIndexSizeManangement = $True - defenderRequireNetworkInspectionSystem = $True - settingsBlockGamingPage = $True - smartScreenBlockPromptOverrideForFiles = $True - passwordBlockSimple = $True - powerLidCloseActionPluggedIn = "notConfigured" - defenderRequireCloudProtection = $True - defenderFilesAndFoldersToExclude = @("FakeStringValue") - resetProtectionModeBlocked = $True - startBlockUnpinningAppsFromTaskbar = $True - networkProxyApplySettingsDeviceWide = $True - bluetoothAllowedServices = @("FakeStringValue") - defenderScanArchiveFiles = $True - lockScreenActivateAppsWithVoice = "notConfigured" - defenderScanIncomingMail = $True - edgeBlockAutofill = $True - authenticationAllowSecondaryDevice = $True - edgeRequireSmartScreen = $True - windowsSpotlightBlockOnActionCenter = $True - usbBlocked = $True - enableAutomaticRedeployment = $True - microsoftAccountSignInAssistantSettings = "notConfigured" - deviceManagementBlockFactoryResetOnMobile = $True - defenderPotentiallyUnwantedAppAction = "deviceDefault" - powerButtonActionOnBattery = "notConfigured" - startMenuAppListVisibility = "userDefined" - lockScreenBlockCortana = $True - windowsSpotlightConfigureOnLockScreen = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - screenCaptureBlocked = $True - webRtcBlockLocalhostIpAddress = $True - safeSearchFilter = "userDefined" - searchDisableLocation = $True - edgeBlockInPrivateBrowsing = $True - appManagementMSIAllowUserControlOverInstall = $True - defenderSignatureUpdateIntervalInHours = 25 - startMenuHideSleep = $True - voiceRecordingBlocked = $True - edgeFavoritesListLocation = "FakeStringValue" - startMenuHideLock = $True - wiFiBlockManualConfiguration = $True - edgeBlockTabPreloading = $True - configureTimeZone = "FakeStringValue" - edgeBlocked = $True - taskManagerBlockEndTask = $True - settingsBlockAppsPage = $True - settingsBlockChangePowerSleep = $True - copyPasteBlocked = $True - settingsBlockNetworkInternetPage = $True - privacyBlockInputPersonalization = $True - appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - powerLidCloseActionOnBattery = "notConfigured" - searchDisableIndexerBackoff = $True - edgeBlockFullScreenMode = $True - lockScreenTimeoutInSeconds = 25 - developerUnlockSetting = "notConfigured" - storageRestrictAppDataToSystemVolume = $True - cellularBlockVpn = $True - powerHybridSleepPluggedIn = "notConfigured" - settingsBlockChangeLanguage = $True - powerSleepButtonActionOnBattery = "notConfigured" - antiTheftModeBlocked = $True - defenderMonitorFileActivity = "userDefined" - defenderFileExtensionsToExclude = @("FakeStringValue") - bluetoothBlockDiscoverableMode = $True - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - diagnosticsDataSubmissionMode = "userDefined" - uninstallBuiltInApps = $True - oneDriveDisableFileSync = $True - startMenuHideUserTile = $True - startMenuHideSignOut = $True - defenderDaysBeforeDeletingQuarantinedMalware = 25 - privacyAutoAcceptPairingAndConsentPrompts = $True - settingsBlockChangeRegion = $True - passwordMinimumAgeInDays = 25 - powerHybridSleepOnBattery = "notConfigured" - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - edgeBlockSearchSuggestions = $True - settingsBlockSystemPage = $True - defenderRequireBehaviorMonitoring = $True - microsoftAccountBlockSettingsSync = $True - windowsSpotlightBlockWindowsTips = $True - startMenuHideRecentlyAddedApps = $True - inkWorkspaceBlockSuggestedApps = $True - personalizationDesktopImageUrl = "FakeStringValue" - edgeHomeButtonConfigurationEnabled = $True - passwordRequiredType = "deviceDefault" - startMenuPinnedFolderSettings = "notConfigured" - connectedDevicesServiceBlocked = $True - edgeBlockExtensions = $True - edgeBlockAddressBarDropdown = $True - findMyFiles = "notConfigured" - privacyBlockPublishUserActivities = $True - startMenuHideFrequentlyUsedApps = $True - '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" - powerSleepButtonActionPluggedIn = "notConfigured" - internetSharingBlocked = $True - startMenuHidePowerButton = $True - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - personalizationLockScreenImageUrl = "FakeStringValue" - bluetoothBlockPrePairing = $True - windowsSpotlightBlockWelcomeExperience = $True - startMenuHideShutDown = $True - storageRestrictAppInstallToSystemVolume = $True - windowsSpotlightBlockThirdPartyNotifications = $True - searchDisableAutoLanguageDetection = $True - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - appsAllowTrustedAppsSideloading = "notConfigured" - edgeBlockLiveTileDataCollection = $True - wirelessDisplayBlockProjectionToThisDevice = $True - startMenuHideRestartOptions = $True - edgeSendIntranetTrafficToInternetExplorer = $True - startMenuPinnedFolderHomeGroup = "notConfigured" - edgeBlockWebContentOnNewTabPage = $True - startMenuLayoutXml = $True - searchBlockDiacritics = $True - storageBlockRemovableStorage = $True - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - wirelessDisplayRequirePinForPairing = $True - defenderScheduledQuickScanTime = "00:00:00" - edgeAllowStartPagesModification = $True - defenderRequireRealTimeMonitoring = $True - authenticationWebSignIn = "notConfigured" - lockScreenBlockToastNotifications = $True - energySaverPluggedInThresholdPercentage = 25 - defenderScanMappedNetworkDrivesDuringFullScan = $True - smartScreenBlockPromptOverride = $True - edgeBlockSendingIntranetTrafficToInternetExplorer = $True - authenticationPreferredAzureADTenantDomainName = "FakeStringValue" - defenderScanType = "userDefined" - bluetoothBlockAdvertising = $True - enterpriseCloudPrintDiscoveryMaxLimit = 25 - logonBlockFastUserSwitching = $True - networkProxyDisableAutoDetect = $True - cameraBlocked = $True - wiFiScanInterval = 25 - edgeBlockSideloadingExtensions = $True - settingsBlockEaseOfAccessPage = $True - microsoftAccountBlocked = $True - defenderScanRemovableDrivesDuringFullScan = $True - energySaverOnBatteryThresholdPercentage = 25 - startMenuHideHibernate = $True - defenderScanDownloads = $True - defenderBlockOnAccessProtection = $True - defenderCloudBlockLevel = "notConfigured" - storageRequireMobileDeviceEncryption = $True - windowsStoreEnablePrivateStoreOnly = $True - edgeBlockCompatibilityList = $True - wiFiBlockAutomaticConnectHotspots = $True - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderCloudExtendedTimeout = 25 - edgeHomepageUrls = @("FakeStringValue") - cellularBlockDataWhenRoaming = $True - securityBlockAzureADJoinedDevicesAutoEncryption = $True - smartScreenAppInstallControl = "notConfigured" - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - bluetoothBlockPromptedProximalConnections = $True - settingsBlockPrivacyPage = $True - windowsSpotlightBlocked = $True - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True - startMenuPinnedFolderDocuments = "notConfigured" - systemTelemetryProxyServer = "FakeStringValue" - lockScreenAllowTimeoutConfiguration = $True - defenderSystemScanSchedule = "userDefined" - windowsSpotlightBlockConsumerSpecificFeatures = $True - searchDisableUseLocation = $True - appsBlockWindowsStoreOriginatedApps = $True - startMenuPinnedFolderNetwork = "notConfigured" - edgeBlockPrinting = $True - settingsBlockEditDeviceName = $True - printerNames = @("FakeStringValue") - settingsBlockUpdateSecurityPage = $True - startMenuMode = "userDefined" - searchBlockWebResults = $True - edgePreventCertificateErrorOverride = $True - passwordRequired = $True - defenderScanNetworkFiles = $True - startMenuPinnedFolderMusic = "notConfigured" - cortanaBlocked = $True - searchEnableRemoteQueries = $True - messagingBlockSync = $True - startMenuPinnedFolderVideos = "notConfigured" - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - experienceDoNotSyncBrowserSettings = "notConfigured" - edgeDisableFirstRunPage = $True - edgeCookiePolicy = "userDefined" - inkWorkspaceAccessState = "notConfigured" - windows10AppsForceUpdateSchedule = @{ + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = 'notConfigured' + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @('FakeStringValue') + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @('FakeStringValue') + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = 'notConfigured' + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = 'notConfigured' + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + powerButtonActionOnBattery = 'notConfigured' + startMenuAppListVisibility = 'userDefined' + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = 'userDefined' + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = 'FakeStringValue' + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = 'FakeStringValue' + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + powerLidCloseActionOnBattery = 'notConfigured' + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = 'notConfigured' + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = 'notConfigured' + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = 'notConfigured' + antiTheftModeBlocked = $True + defenderMonitorFileActivity = 'userDefined' + defenderFileExtensionsToExclude = @('FakeStringValue') + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + diagnosticsDataSubmissionMode = 'userDefined' + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = 'notConfigured' + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = 'FakeStringValue' + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = 'deviceDefault' + startMenuPinnedFolderSettings = 'notConfigured' + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = 'notConfigured' + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' + powerSleepButtonActionPluggedIn = 'notConfigured' + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + personalizationLockScreenImageUrl = 'FakeStringValue' + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + appsAllowTrustedAppsSideloading = 'notConfigured' + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = 'notConfigured' + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = '00:00:00' + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = 'notConfigured' + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + defenderScanType = 'userDefined' + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = 'notConfigured' + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @('FakeStringValue') + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = 'notConfigured' + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = 'notConfigured' + systemTelemetryProxyServer = 'FakeStringValue' + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = 'userDefined' + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = 'notConfigured' + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @('FakeStringValue') + settingsBlockUpdateSecurityPage = $True + startMenuMode = 'userDefined' + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = 'notConfigured' + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = 'notConfigured' + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + experienceDoNotSyncBrowserSettings = 'notConfigured' + edgeDisableFirstRunPage = $True + edgeCookiePolicy = 'userDefined' + inkWorkspaceAccessState = 'notConfigured' + windows10AppsForceUpdateSchedule = @{ runImmediatelyIfAfterStartDateTime = $True - recurrence = "none" - startDateTime = "2023-01-01T00:00:00.0000000+00:00" + recurrence = 'none' + startDateTime = '2023-01-01T00:00:00.0000000+00:00' } - dataProtectionBlockDirectMemoryAccess = $True - experienceBlockErrorDialogWhenNoSIM = $True - settingsBlockPersonalizationPage = $True - wirelessDisplayBlockUserInputFromReceiver = $True - startMenuPinnedFolderPersonalFolder = "notConfigured" - activateAppsWithVoice = "notConfigured" - edgeClearBrowsingDataOnExit = $True - passwordPreviousPasswordBlockCount = 25 - edgeBlockSearchEngineCustomization = $True - deviceManagementBlockManualUnenroll = $True - edgeBlockSavingHistory = $True - inkWorkspaceAccess = "notConfigured" - startMenuHideRecentJumpLists = $True - privacyBlockActivityFeed = $True - settingsBlockChangeSystemTime = $True - defenderDisableCatchupQuickScan = $True - smartScreenEnableAppInstallControl = $True - edgeBlockDeveloperTools = $True - edgeKioskModeRestriction = "notConfigured" - lockScreenBlockActionCenterNotifications = $True - privacyAdvertisingId = "notConfigured" - settingsBlockSettingsApp = $True - settingsBlockAccountsPage = $True - certificatesBlockManualRootCertificateInstallation = $True - edgeBlockJavaScript = $True - edgeSyncFavoritesWithInternetExplorer = $True - startMenuLayoutEdgeAssetsXml = $True - windowsSpotlightBlockTailoredExperiences = $True - defenderPromptForSampleSubmission = "userDefined" - edgeBlockAccessToAboutFlags = $True - messagingBlockMMS = $True - edgeBlockEditFavorites = $True - printerDefaultName = "FakeStringValue" - experienceBlockDeviceDiscovery = $True - privacyDisableLaunchExperience = $True - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - nfcBlocked = $True - searchDisableIndexingRemovableDrive = $True - powerButtonActionPluggedIn = "notConfigured" - settingsBlockRemoveProvisioningPackage = $True - edgeKioskResetAfterIdleTimeInMinutes = 25 - passwordMinutesOfInactivityBeforeScreenTimeout = 25 - printerBlockAddition = $True - defenderScanScriptsLoadedInInternetExplorer = $True - defenderDisableCatchupFullScan = $True - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - bluetoothBlocked = $True - settingsBlockAddProvisioningPackage = $True - passwordMinimumLength = 25 - startMenuHideChangeAccountSettings = $True - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - edgeBlockPopups = $True - networkProxyServer = @{ + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = 'notConfigured' + activateAppsWithVoice = 'notConfigured' + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = 'notConfigured' + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = 'notConfigured' + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = 'notConfigured' + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = 'userDefined' + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = 'FakeStringValue' + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = 'notConfigured' + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + edgeBlockPopups = $True + networkProxyServer = @{ useForLocalAddresses = $True - exceptions = @("FakeStringValue") - address = "FakeStringValue" + exceptions = @('FakeStringValue') + address = 'FakeStringValue' } - startMenuPinnedFolderDownloads = "notConfigured" - settingsBlockDevicesPage = $True - wiFiBlocked = $True - windowsStoreBlocked = $True - edgeBlockPrelaunch = $True - gameDvrBlocked = $True - experienceBlockTaskSwitcher = $True - edgeBlockPasswordManager = $True - passwordSignInFailureCountBeforeFactoryReset = 25 - passwordMinimumCharacterSetCount = 25 - searchDisableIndexingEncryptedItems = $True - appManagementMSIAlwaysInstallWithElevatedPrivileges = $True - cellularData = "blocked" - defenderScheduledScanTime = "00:00:00" - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - defenderProcessesToExclude = @("FakeStringValue") - defenderDetectedMalwareActions = @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" + startMenuPinnedFolderDownloads = 'notConfigured' + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = 'blocked' + defenderScheduledScanTime = '00:00:00' + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + defenderProcessesToExclude = @('FakeStringValue') + defenderDetectedMalwareActions = @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' } - edgeHomeButtonConfiguration = @{ - homeButtonCustomURL = "FakeStringValue" - '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.edgeHomeButtonHidden' } - cryptographyAllowFipsAlgorithmPolicy = $True - sharedUserAppDataAllowed = $True - edgeFirstRunUrl = "FakeStringValue" - edgeBlockSendingDoNotTrackHeader = $True - edgeOpensWith = "notConfigured" - defenderScheduleScanEnableLowCpuPriority = $True - windowsStoreBlockAutoUpdate = $True - messagingBlockRichCommunicationServices = $True - edgeNewTabPageURL = "FakeStringValue" - passwordRequireWhenResumeFromIdleState = $True - passwordExpirationDays = 25 - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - settingsBlockTimeLanguagePage = $True - locationServicesBlocked = $True - defenderScanMaxCpu = 25 - edgeFavoritesBarVisibility = "notConfigured" - accountsBlockAddingNonMicrosoftAccountEmail = $True - defenderCloudExtendedTimeoutInSeconds = 25 - cellularBlockVpnWhenRoaming = $True - startMenuPinnedFolderFileExplorer = "notConfigured" - edgeSearchEngine = @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - '@odata.type' = "#microsoft.graph.edgeSearchEngine" + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = 'FakeStringValue' + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = 'notConfigured' + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = 'FakeStringValue' + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = 'notConfigured' + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = 'notConfigured' + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + '@odata.type' = '#microsoft.graph.edgeSearchEngine' } } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -1022,630 +1026,630 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "The IntuneDeviceConfigurationPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationPolicyWindows10 Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - AccountsBlockAddingNonMicrosoftAccountEmail = $True - ActivateAppsWithVoice = "notConfigured" - AntiTheftModeBlocked = $True - AppManagementMSIAllowUserControlOverInstall = $True - AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True - AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - AppsAllowTrustedAppsSideloading = "notConfigured" - AppsBlockWindowsStoreOriginatedApps = $True - AuthenticationAllowSecondaryDevice = $True - AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" - AuthenticationWebSignIn = "notConfigured" - BluetoothAllowedServices = @("FakeStringValue") - BluetoothBlockAdvertising = $True - BluetoothBlockDiscoverableMode = $True - BluetoothBlocked = $True - BluetoothBlockPrePairing = $True - BluetoothBlockPromptedProximalConnections = $True - CameraBlocked = $True - CellularBlockDataWhenRoaming = $True - CellularBlockVpn = $True - CellularBlockVpnWhenRoaming = $True - CellularData = "blocked" - CertificatesBlockManualRootCertificateInstallation = $True - ConfigureTimeZone = "FakeStringValue" - ConnectedDevicesServiceBlocked = $True - CopyPasteBlocked = $True - CortanaBlocked = $True - CryptographyAllowFipsAlgorithmPolicy = $True - DataProtectionBlockDirectMemoryAccess = $True - DefenderBlockEndUserAccess = $True - DefenderBlockOnAccessProtection = $True - DefenderCloudBlockLevel = "notConfigured" - DefenderCloudExtendedTimeout = 25 - DefenderCloudExtendedTimeoutInSeconds = 25 - DefenderDaysBeforeDeletingQuarantinedMalware = 25 - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" - } -ClientOnly) - defenderDisableCatchupFullScan = $True - defenderDisableCatchupQuickScan = $True - defenderFileExtensionsToExclude = @("FakeStringValue") - defenderFilesAndFoldersToExclude = @("FakeStringValue") - defenderMonitorFileActivity = "userDefined" - defenderPotentiallyUnwantedAppAction = "deviceDefault" - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderProcessesToExclude = @("FakeStringValue") - defenderPromptForSampleSubmission = "userDefined" - defenderRequireBehaviorMonitoring = $True - defenderRequireCloudProtection = $True - defenderRequireNetworkInspectionSystem = $True - defenderRequireRealTimeMonitoring = $True - defenderScanArchiveFiles = $True - defenderScanDownloads = $True - defenderScanIncomingMail = $True - defenderScanMappedNetworkDrivesDuringFullScan = $True - defenderScanMaxCpu = 25 - defenderScanNetworkFiles = $True - defenderScanRemovableDrivesDuringFullScan = $True - defenderScanScriptsLoadedInInternetExplorer = $True - defenderScanType = "userDefined" - defenderScheduledQuickScanTime = "00:00:00" - defenderScheduledScanTime = "00:00:00" - defenderScheduleScanEnableLowCpuPriority = $True - defenderSignatureUpdateIntervalInHours = 25 - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - defenderSystemScanSchedule = "userDefined" - description = "FakeStringValue" - developerUnlockSetting = "notConfigured" - deviceManagementBlockFactoryResetOnMobile = $True - deviceManagementBlockManualUnenroll = $True - diagnosticsDataSubmissionMode = "userDefined" - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - displayName = "FakeStringValue" - edgeAllowStartPagesModification = $True - edgeBlockAccessToAboutFlags = $True - edgeBlockAddressBarDropdown = $True - edgeBlockAutofill = $True - edgeBlockCompatibilityList = $True - edgeBlockDeveloperTools = $True - edgeBlocked = $True - edgeBlockEditFavorites = $True - edgeBlockExtensions = $True - edgeBlockFullScreenMode = $True - edgeBlockInPrivateBrowsing = $True - edgeBlockJavaScript = $True - edgeBlockLiveTileDataCollection = $True - edgeBlockPasswordManager = $True - edgeBlockPopups = $True - edgeBlockPrelaunch = $True - edgeBlockPrinting = $True - edgeBlockSavingHistory = $True - edgeBlockSearchEngineCustomization = $True - edgeBlockSearchSuggestions = $True - edgeBlockSendingDoNotTrackHeader = $True - edgeBlockSendingIntranetTrafficToInternetExplorer = $True - edgeBlockSideloadingExtensions = $True - edgeBlockTabPreloading = $True - edgeBlockWebContentOnNewTabPage = $True - edgeClearBrowsingDataOnExit = $True - edgeCookiePolicy = "userDefined" - edgeDisableFirstRunPage = $True - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - edgeFavoritesBarVisibility = "notConfigured" - edgeFavoritesListLocation = "FakeStringValue" - edgeFirstRunUrl = "FakeStringValue" - edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ - odataType = "#microsoft.graph.edgeHomeButtonHidden" - homeButtonCustomURL = "FakeStringValue" - } -ClientOnly) - edgeHomeButtonConfigurationEnabled = $True - edgeHomepageUrls = @("FakeStringValue") - edgeKioskModeRestriction = "notConfigured" - edgeKioskResetAfterIdleTimeInMinutes = 25 - edgeNewTabPageURL = "FakeStringValue" - edgeOpensWith = "notConfigured" - edgePreventCertificateErrorOverride = $True - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - edgeRequireSmartScreen = $True - edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - odataType = "#microsoft.graph.edgeSearchEngine" - } -ClientOnly) - edgeSendIntranetTrafficToInternetExplorer = $True - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - edgeSyncFavoritesWithInternetExplorer = $True - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - enableAutomaticRedeployment = $True - energySaverOnBatteryThresholdPercentage = 25 - energySaverPluggedInThresholdPercentage = 25 - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - enterpriseCloudPrintDiscoveryMaxLimit = 25 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - experienceBlockDeviceDiscovery = $True - experienceBlockErrorDialogWhenNoSIM = $True - experienceBlockTaskSwitcher = $True - experienceDoNotSyncBrowserSettings = "notConfigured" - findMyFiles = "notConfigured" - gameDvrBlocked = $True - id = "FakeStringValue" - inkWorkspaceAccess = "notConfigured" - inkWorkspaceAccessState = "notConfigured" - inkWorkspaceBlockSuggestedApps = $True - internetSharingBlocked = $True - locationServicesBlocked = $True - lockScreenActivateAppsWithVoice = "notConfigured" - lockScreenAllowTimeoutConfiguration = $True - lockScreenBlockActionCenterNotifications = $True - lockScreenBlockCortana = $True - lockScreenBlockToastNotifications = $True - lockScreenTimeoutInSeconds = 25 - logonBlockFastUserSwitching = $True - messagingBlockMMS = $True - messagingBlockRichCommunicationServices = $True - messagingBlockSync = $True - microsoftAccountBlocked = $True - microsoftAccountBlockSettingsSync = $True - microsoftAccountSignInAssistantSettings = "notConfigured" - networkProxyApplySettingsDeviceWide = $True - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - networkProxyDisableAutoDetect = $True - networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ - useForLocalAddresses = $True - exceptions = @("FakeStringValue") - address = "FakeStringValue" - } -ClientOnly) - nfcBlocked = $True - oneDriveDisableFileSync = $True - passwordBlockSimple = $True - passwordExpirationDays = 25 - passwordMinimumAgeInDays = 25 - passwordMinimumCharacterSetCount = 25 - passwordMinimumLength = 25 - passwordMinutesOfInactivityBeforeScreenTimeout = 25 - passwordPreviousPasswordBlockCount = 25 - passwordRequired = $True - passwordRequiredType = "deviceDefault" - passwordRequireWhenResumeFromIdleState = $True - passwordSignInFailureCountBeforeFactoryReset = 25 - personalizationDesktopImageUrl = "FakeStringValue" - personalizationLockScreenImageUrl = "FakeStringValue" - powerButtonActionOnBattery = "notConfigured" - powerButtonActionPluggedIn = "notConfigured" - powerHybridSleepOnBattery = "notConfigured" - powerHybridSleepPluggedIn = "notConfigured" - powerLidCloseActionOnBattery = "notConfigured" - powerLidCloseActionPluggedIn = "notConfigured" - powerSleepButtonActionOnBattery = "notConfigured" - powerSleepButtonActionPluggedIn = "notConfigured" - printerBlockAddition = $True - printerDefaultName = "FakeStringValue" - printerNames = @("FakeStringValue") - privacyAdvertisingId = "notConfigured" - privacyAutoAcceptPairingAndConsentPrompts = $True - privacyBlockActivityFeed = $True - privacyBlockInputPersonalization = $True - privacyBlockPublishUserActivities = $True - privacyDisableLaunchExperience = $True - resetProtectionModeBlocked = $True - safeSearchFilter = "userDefined" - screenCaptureBlocked = $True - searchBlockDiacritics = $True - searchBlockWebResults = $True - searchDisableAutoLanguageDetection = $True - searchDisableIndexerBackoff = $True - searchDisableIndexingEncryptedItems = $True - searchDisableIndexingRemovableDrive = $True - searchDisableLocation = $True - searchDisableUseLocation = $True - searchEnableAutomaticIndexSizeManangement = $True - searchEnableRemoteQueries = $True - securityBlockAzureADJoinedDevicesAutoEncryption = $True - settingsBlockAccountsPage = $True - settingsBlockAddProvisioningPackage = $True - settingsBlockAppsPage = $True - settingsBlockChangeLanguage = $True - settingsBlockChangePowerSleep = $True - settingsBlockChangeRegion = $True - settingsBlockChangeSystemTime = $True - settingsBlockDevicesPage = $True - settingsBlockEaseOfAccessPage = $True - settingsBlockEditDeviceName = $True - settingsBlockGamingPage = $True - settingsBlockNetworkInternetPage = $True - settingsBlockPersonalizationPage = $True - settingsBlockPrivacyPage = $True - settingsBlockRemoveProvisioningPackage = $True - settingsBlockSettingsApp = $True - settingsBlockSystemPage = $True - settingsBlockTimeLanguagePage = $True - settingsBlockUpdateSecurityPage = $True - sharedUserAppDataAllowed = $True - smartScreenAppInstallControl = "notConfigured" - smartScreenBlockPromptOverride = $True - smartScreenBlockPromptOverrideForFiles = $True - smartScreenEnableAppInstallControl = $True - startBlockUnpinningAppsFromTaskbar = $True - startMenuAppListVisibility = "userDefined" - startMenuHideChangeAccountSettings = $True - startMenuHideFrequentlyUsedApps = $True - startMenuHideHibernate = $True - startMenuHideLock = $True - startMenuHidePowerButton = $True - startMenuHideRecentJumpLists = $True - startMenuHideRecentlyAddedApps = $True - startMenuHideRestartOptions = $True - startMenuHideShutDown = $True - startMenuHideSignOut = $True - startMenuHideSleep = $True - startMenuHideSwitchAccount = $True - startMenuHideUserTile = $True - startMenuLayoutEdgeAssetsXml = $True - startMenuLayoutXml = $True - startMenuMode = "userDefined" - startMenuPinnedFolderDocuments = "notConfigured" - startMenuPinnedFolderDownloads = "notConfigured" - startMenuPinnedFolderFileExplorer = "notConfigured" - startMenuPinnedFolderHomeGroup = "notConfigured" - startMenuPinnedFolderMusic = "notConfigured" - startMenuPinnedFolderNetwork = "notConfigured" - startMenuPinnedFolderPersonalFolder = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - startMenuPinnedFolderSettings = "notConfigured" - startMenuPinnedFolderVideos = "notConfigured" - storageBlockRemovableStorage = $True - storageRequireMobileDeviceEncryption = $True - storageRestrictAppDataToSystemVolume = $True - storageRestrictAppInstallToSystemVolume = $True - supportsScopeTags = $True - systemTelemetryProxyServer = "FakeStringValue" - taskManagerBlockEndTask = $True - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True - uninstallBuiltInApps = $True - usbBlocked = $True - voiceRecordingBlocked = $True - webRtcBlockLocalhostIpAddress = $True - wiFiBlockAutomaticConnectHotspots = $True - wiFiBlocked = $True - wiFiBlockManualConfiguration = $True - wiFiScanInterval = 25 - windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ - runImmediatelyIfAfterStartDateTime = $True - recurrence = "none" - startDateTime = "2023-01-01T00:00:00.0000000+00:00" - } -ClientOnly) - windowsSpotlightBlockConsumerSpecificFeatures = $True - windowsSpotlightBlocked = $True - windowsSpotlightBlockOnActionCenter = $True - windowsSpotlightBlockTailoredExperiences = $True - windowsSpotlightBlockThirdPartyNotifications = $True - windowsSpotlightBlockWelcomeExperience = $True - windowsSpotlightBlockWindowsTips = $True - windowsSpotlightConfigureOnLockScreen = "notConfigured" - windowsStoreBlockAutoUpdate = $True - windowsStoreBlocked = $True - windowsStoreEnablePrivateStoreOnly = $True - wirelessDisplayBlockProjectionToThisDevice = $True - wirelessDisplayBlockUserInputFromReceiver = $True - wirelessDisplayRequirePinForPairing = $True - Ensure = "Present" - Credential = $Credential; + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = 'notConfigured' + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + AppsAllowTrustedAppsSideloading = 'notConfigured' + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + AuthenticationWebSignIn = 'notConfigured' + BluetoothAllowedServices = @('FakeStringValue') + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = 'blocked' + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = 'FakeStringValue' + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = 'notConfigured' + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @('FakeStringValue') + defenderFilesAndFoldersToExclude = @('FakeStringValue') + defenderMonitorFileActivity = 'userDefined' + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderProcessesToExclude = @('FakeStringValue') + defenderPromptForSampleSubmission = 'userDefined' + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = 'userDefined' + defenderScheduledQuickScanTime = '00:00:00' + defenderScheduledScanTime = '00:00:00' + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + defenderSystemScanSchedule = 'userDefined' + description = 'FakeStringValue' + developerUnlockSetting = 'notConfigured' + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = 'userDefined' + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + displayName = 'FakeStringValue' + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = 'userDefined' + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + edgeFavoritesBarVisibility = 'notConfigured' + edgeFavoritesListLocation = 'FakeStringValue' + edgeFirstRunUrl = 'FakeStringValue' + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = '#microsoft.graph.edgeHomeButtonHidden' + homeButtonCustomURL = 'FakeStringValue' + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @('FakeStringValue') + edgeKioskModeRestriction = 'notConfigured' + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = 'FakeStringValue' + edgeOpensWith = 'notConfigured' + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + odataType = '#microsoft.graph.edgeSearchEngine' + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = 'notConfigured' + findMyFiles = 'notConfigured' + gameDvrBlocked = $True + id = 'FakeStringValue' + inkWorkspaceAccess = 'notConfigured' + inkWorkspaceAccessState = 'notConfigured' + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = 'notConfigured' + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = 'notConfigured' + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @('FakeStringValue') + address = 'FakeStringValue' + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = 'deviceDefault' + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = 'FakeStringValue' + personalizationLockScreenImageUrl = 'FakeStringValue' + powerButtonActionOnBattery = 'notConfigured' + powerButtonActionPluggedIn = 'notConfigured' + powerHybridSleepOnBattery = 'notConfigured' + powerHybridSleepPluggedIn = 'notConfigured' + powerLidCloseActionOnBattery = 'notConfigured' + powerLidCloseActionPluggedIn = 'notConfigured' + powerSleepButtonActionOnBattery = 'notConfigured' + powerSleepButtonActionPluggedIn = 'notConfigured' + printerBlockAddition = $True + printerDefaultName = 'FakeStringValue' + printerNames = @('FakeStringValue') + privacyAdvertisingId = 'notConfigured' + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = 'userDefined' + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = 'notConfigured' + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = 'userDefined' + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = 'userDefined' + startMenuPinnedFolderDocuments = 'notConfigured' + startMenuPinnedFolderDownloads = 'notConfigured' + startMenuPinnedFolderFileExplorer = 'notConfigured' + startMenuPinnedFolderHomeGroup = 'notConfigured' + startMenuPinnedFolderMusic = 'notConfigured' + startMenuPinnedFolderNetwork = 'notConfigured' + startMenuPinnedFolderPersonalFolder = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + startMenuPinnedFolderSettings = 'notConfigured' + startMenuPinnedFolderVideos = 'notConfigured' + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = 'FakeStringValue' + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = 'none' + startDateTime = '2023-01-01T00:00:00.0000000+00:00' + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - startMenuHideSwitchAccount = $True - defenderBlockEndUserAccess = $True - searchEnableAutomaticIndexSizeManangement = $True - defenderRequireNetworkInspectionSystem = $True - settingsBlockGamingPage = $True - smartScreenBlockPromptOverrideForFiles = $True - passwordBlockSimple = $True - powerLidCloseActionPluggedIn = "notConfigured" - defenderRequireCloudProtection = $True - defenderFilesAndFoldersToExclude = @("FakeStringValue") - resetProtectionModeBlocked = $True - startBlockUnpinningAppsFromTaskbar = $True - networkProxyApplySettingsDeviceWide = $True - bluetoothAllowedServices = @("FakeStringValue") - defenderScanArchiveFiles = $True - lockScreenActivateAppsWithVoice = "notConfigured" - defenderScanIncomingMail = $True - edgeBlockAutofill = $True - authenticationAllowSecondaryDevice = $True - edgeRequireSmartScreen = $True - windowsSpotlightBlockOnActionCenter = $True - usbBlocked = $True - enableAutomaticRedeployment = $True - microsoftAccountSignInAssistantSettings = "notConfigured" - deviceManagementBlockFactoryResetOnMobile = $True - defenderPotentiallyUnwantedAppAction = "deviceDefault" - powerButtonActionOnBattery = "notConfigured" - startMenuAppListVisibility = "userDefined" - lockScreenBlockCortana = $True - windowsSpotlightConfigureOnLockScreen = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - screenCaptureBlocked = $True - webRtcBlockLocalhostIpAddress = $True - safeSearchFilter = "userDefined" - searchDisableLocation = $True - edgeBlockInPrivateBrowsing = $True - appManagementMSIAllowUserControlOverInstall = $True - defenderSignatureUpdateIntervalInHours = 25 - startMenuHideSleep = $True - voiceRecordingBlocked = $True - edgeFavoritesListLocation = "FakeStringValue" - startMenuHideLock = $True - wiFiBlockManualConfiguration = $True - edgeBlockTabPreloading = $True - configureTimeZone = "FakeStringValue" - edgeBlocked = $True - taskManagerBlockEndTask = $True - settingsBlockAppsPage = $True - settingsBlockChangePowerSleep = $True - copyPasteBlocked = $True - settingsBlockNetworkInternetPage = $True - privacyBlockInputPersonalization = $True - appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - powerLidCloseActionOnBattery = "notConfigured" - searchDisableIndexerBackoff = $True - edgeBlockFullScreenMode = $True - lockScreenTimeoutInSeconds = 25 - developerUnlockSetting = "notConfigured" - storageRestrictAppDataToSystemVolume = $True - cellularBlockVpn = $True - powerHybridSleepPluggedIn = "notConfigured" - settingsBlockChangeLanguage = $True - powerSleepButtonActionOnBattery = "notConfigured" - antiTheftModeBlocked = $True - defenderMonitorFileActivity = "userDefined" - defenderFileExtensionsToExclude = @("FakeStringValue") - bluetoothBlockDiscoverableMode = $True - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - diagnosticsDataSubmissionMode = "userDefined" - uninstallBuiltInApps = $True - oneDriveDisableFileSync = $True - startMenuHideUserTile = $True - startMenuHideSignOut = $True - defenderDaysBeforeDeletingQuarantinedMalware = 25 - privacyAutoAcceptPairingAndConsentPrompts = $True - settingsBlockChangeRegion = $True - passwordMinimumAgeInDays = 25 - powerHybridSleepOnBattery = "notConfigured" - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - edgeBlockSearchSuggestions = $True - settingsBlockSystemPage = $True - defenderRequireBehaviorMonitoring = $True - microsoftAccountBlockSettingsSync = $True - windowsSpotlightBlockWindowsTips = $True - startMenuHideRecentlyAddedApps = $True - inkWorkspaceBlockSuggestedApps = $True - personalizationDesktopImageUrl = "FakeStringValue" - edgeHomeButtonConfigurationEnabled = $True - passwordRequiredType = "deviceDefault" - startMenuPinnedFolderSettings = "notConfigured" - connectedDevicesServiceBlocked = $True - edgeBlockExtensions = $True - edgeBlockAddressBarDropdown = $True - findMyFiles = "notConfigured" - privacyBlockPublishUserActivities = $True - startMenuHideFrequentlyUsedApps = $True - '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" - powerSleepButtonActionPluggedIn = "notConfigured" - internetSharingBlocked = $True - startMenuHidePowerButton = $True - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - personalizationLockScreenImageUrl = "FakeStringValue" - bluetoothBlockPrePairing = $True - windowsSpotlightBlockWelcomeExperience = $True - startMenuHideShutDown = $True - storageRestrictAppInstallToSystemVolume = $True - windowsSpotlightBlockThirdPartyNotifications = $True - searchDisableAutoLanguageDetection = $True - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - appsAllowTrustedAppsSideloading = "notConfigured" - edgeBlockLiveTileDataCollection = $True - wirelessDisplayBlockProjectionToThisDevice = $True - startMenuHideRestartOptions = $True - edgeSendIntranetTrafficToInternetExplorer = $True - startMenuPinnedFolderHomeGroup = "notConfigured" - edgeBlockWebContentOnNewTabPage = $True - startMenuLayoutXml = $True - searchBlockDiacritics = $True - storageBlockRemovableStorage = $True - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - wirelessDisplayRequirePinForPairing = $True - defenderScheduledQuickScanTime = "00:00:00" - edgeAllowStartPagesModification = $True - defenderRequireRealTimeMonitoring = $True - authenticationWebSignIn = "notConfigured" - lockScreenBlockToastNotifications = $True - energySaverPluggedInThresholdPercentage = 25 - defenderScanMappedNetworkDrivesDuringFullScan = $True - smartScreenBlockPromptOverride = $True - edgeBlockSendingIntranetTrafficToInternetExplorer = $True - authenticationPreferredAzureADTenantDomainName = "FakeStringValue" - defenderScanType = "userDefined" - bluetoothBlockAdvertising = $True - enterpriseCloudPrintDiscoveryMaxLimit = 25 - logonBlockFastUserSwitching = $True - networkProxyDisableAutoDetect = $True - cameraBlocked = $True - wiFiScanInterval = 25 - edgeBlockSideloadingExtensions = $True - settingsBlockEaseOfAccessPage = $True - microsoftAccountBlocked = $True - defenderScanRemovableDrivesDuringFullScan = $True - energySaverOnBatteryThresholdPercentage = 25 - startMenuHideHibernate = $True - defenderScanDownloads = $True - defenderBlockOnAccessProtection = $True - defenderCloudBlockLevel = "notConfigured" - storageRequireMobileDeviceEncryption = $True - windowsStoreEnablePrivateStoreOnly = $True - edgeBlockCompatibilityList = $True - wiFiBlockAutomaticConnectHotspots = $True - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderCloudExtendedTimeout = 25 - edgeHomepageUrls = @("FakeStringValue") - cellularBlockDataWhenRoaming = $True - securityBlockAzureADJoinedDevicesAutoEncryption = $True - smartScreenAppInstallControl = "notConfigured" - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - bluetoothBlockPromptedProximalConnections = $True - settingsBlockPrivacyPage = $True - windowsSpotlightBlocked = $True - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True - startMenuPinnedFolderDocuments = "notConfigured" - systemTelemetryProxyServer = "FakeStringValue" - lockScreenAllowTimeoutConfiguration = $True - defenderSystemScanSchedule = "userDefined" - windowsSpotlightBlockConsumerSpecificFeatures = $True - searchDisableUseLocation = $True - appsBlockWindowsStoreOriginatedApps = $True - startMenuPinnedFolderNetwork = "notConfigured" - edgeBlockPrinting = $True - settingsBlockEditDeviceName = $True - printerNames = @("FakeStringValue") - settingsBlockUpdateSecurityPage = $True - startMenuMode = "userDefined" - searchBlockWebResults = $True - edgePreventCertificateErrorOverride = $True - passwordRequired = $True - defenderScanNetworkFiles = $True - startMenuPinnedFolderMusic = "notConfigured" - cortanaBlocked = $True - searchEnableRemoteQueries = $True - messagingBlockSync = $True - startMenuPinnedFolderVideos = "notConfigured" - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - experienceDoNotSyncBrowserSettings = "notConfigured" - edgeDisableFirstRunPage = $True - edgeCookiePolicy = "userDefined" - inkWorkspaceAccessState = "notConfigured" - windows10AppsForceUpdateSchedule = @{ + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = 'notConfigured' + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @('FakeStringValue') + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @('FakeStringValue') + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = 'notConfigured' + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = 'notConfigured' + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + powerButtonActionOnBattery = 'notConfigured' + startMenuAppListVisibility = 'userDefined' + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = 'userDefined' + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = 'FakeStringValue' + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = 'FakeStringValue' + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + powerLidCloseActionOnBattery = 'notConfigured' + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = 'notConfigured' + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = 'notConfigured' + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = 'notConfigured' + antiTheftModeBlocked = $True + defenderMonitorFileActivity = 'userDefined' + defenderFileExtensionsToExclude = @('FakeStringValue') + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + diagnosticsDataSubmissionMode = 'userDefined' + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = 'notConfigured' + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = 'FakeStringValue' + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = 'deviceDefault' + startMenuPinnedFolderSettings = 'notConfigured' + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = 'notConfigured' + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' + powerSleepButtonActionPluggedIn = 'notConfigured' + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + personalizationLockScreenImageUrl = 'FakeStringValue' + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + appsAllowTrustedAppsSideloading = 'notConfigured' + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = 'notConfigured' + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = '00:00:00' + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = 'notConfigured' + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + defenderScanType = 'userDefined' + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = 'notConfigured' + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @('FakeStringValue') + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = 'notConfigured' + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = 'notConfigured' + systemTelemetryProxyServer = 'FakeStringValue' + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = 'userDefined' + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = 'notConfigured' + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @('FakeStringValue') + settingsBlockUpdateSecurityPage = $True + startMenuMode = 'userDefined' + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = 'notConfigured' + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = 'notConfigured' + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + experienceDoNotSyncBrowserSettings = 'notConfigured' + edgeDisableFirstRunPage = $True + edgeCookiePolicy = 'userDefined' + inkWorkspaceAccessState = 'notConfigured' + windows10AppsForceUpdateSchedule = @{ runImmediatelyIfAfterStartDateTime = $True - recurrence = "none" - startDateTime = "2023-01-01T00:00:00.0000000+00:00" + recurrence = 'none' + startDateTime = '2023-01-01T00:00:00.0000000+00:00' } - dataProtectionBlockDirectMemoryAccess = $True - experienceBlockErrorDialogWhenNoSIM = $True - settingsBlockPersonalizationPage = $True - wirelessDisplayBlockUserInputFromReceiver = $True - startMenuPinnedFolderPersonalFolder = "notConfigured" - activateAppsWithVoice = "notConfigured" - edgeClearBrowsingDataOnExit = $True - passwordPreviousPasswordBlockCount = 25 - edgeBlockSearchEngineCustomization = $True - deviceManagementBlockManualUnenroll = $True - edgeBlockSavingHistory = $True - inkWorkspaceAccess = "notConfigured" - startMenuHideRecentJumpLists = $True - privacyBlockActivityFeed = $True - settingsBlockChangeSystemTime = $True - defenderDisableCatchupQuickScan = $True - smartScreenEnableAppInstallControl = $True - edgeBlockDeveloperTools = $True - edgeKioskModeRestriction = "notConfigured" - lockScreenBlockActionCenterNotifications = $True - privacyAdvertisingId = "notConfigured" - settingsBlockSettingsApp = $True - settingsBlockAccountsPage = $True - certificatesBlockManualRootCertificateInstallation = $True - edgeBlockJavaScript = $True - edgeSyncFavoritesWithInternetExplorer = $True - startMenuLayoutEdgeAssetsXml = $True - windowsSpotlightBlockTailoredExperiences = $True - defenderPromptForSampleSubmission = "userDefined" - edgeBlockAccessToAboutFlags = $True - messagingBlockMMS = $True - edgeBlockEditFavorites = $True - printerDefaultName = "FakeStringValue" - experienceBlockDeviceDiscovery = $True - privacyDisableLaunchExperience = $True - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - nfcBlocked = $True - searchDisableIndexingRemovableDrive = $True - powerButtonActionPluggedIn = "notConfigured" - settingsBlockRemoveProvisioningPackage = $True - edgeKioskResetAfterIdleTimeInMinutes = 25 - passwordMinutesOfInactivityBeforeScreenTimeout = 25 - printerBlockAddition = $True - defenderScanScriptsLoadedInInternetExplorer = $True - defenderDisableCatchupFullScan = $True - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - bluetoothBlocked = $True - settingsBlockAddProvisioningPackage = $True - passwordMinimumLength = 25 - startMenuHideChangeAccountSettings = $True - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - edgeBlockPopups = $True - networkProxyServer = @{ + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = 'notConfigured' + activateAppsWithVoice = 'notConfigured' + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = 'notConfigured' + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = 'notConfigured' + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = 'notConfigured' + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = 'userDefined' + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = 'FakeStringValue' + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = 'notConfigured' + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + edgeBlockPopups = $True + networkProxyServer = @{ useForLocalAddresses = $True - exceptions = @("FakeStringValue") - address = "FakeStringValue" + exceptions = @('FakeStringValue') + address = 'FakeStringValue' } - startMenuPinnedFolderDownloads = "notConfigured" - settingsBlockDevicesPage = $True - wiFiBlocked = $True - windowsStoreBlocked = $True - edgeBlockPrelaunch = $True - gameDvrBlocked = $True - experienceBlockTaskSwitcher = $True - edgeBlockPasswordManager = $True - passwordSignInFailureCountBeforeFactoryReset = 25 - passwordMinimumCharacterSetCount = 25 - searchDisableIndexingEncryptedItems = $True - appManagementMSIAlwaysInstallWithElevatedPrivileges = $True - cellularData = "blocked" - defenderScheduledScanTime = "00:00:00" - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - defenderProcessesToExclude = @("FakeStringValue") - defenderDetectedMalwareActions = @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" + startMenuPinnedFolderDownloads = 'notConfigured' + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = 'blocked' + defenderScheduledScanTime = '00:00:00' + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + defenderProcessesToExclude = @('FakeStringValue') + defenderDetectedMalwareActions = @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' } - edgeHomeButtonConfiguration = @{ - homeButtonCustomURL = "FakeStringValue" - '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.edgeHomeButtonHidden' } - cryptographyAllowFipsAlgorithmPolicy = $True - sharedUserAppDataAllowed = $True - edgeFirstRunUrl = "FakeStringValue" - edgeBlockSendingDoNotTrackHeader = $True - edgeOpensWith = "notConfigured" - defenderScheduleScanEnableLowCpuPriority = $True - windowsStoreBlockAutoUpdate = $True - messagingBlockRichCommunicationServices = $True - edgeNewTabPageURL = "FakeStringValue" - passwordRequireWhenResumeFromIdleState = $True - passwordExpirationDays = 25 - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - settingsBlockTimeLanguagePage = $True - locationServicesBlocked = $True - defenderScanMaxCpu = 25 - edgeFavoritesBarVisibility = "notConfigured" - accountsBlockAddingNonMicrosoftAccountEmail = $True - defenderCloudExtendedTimeoutInSeconds = 25 - cellularBlockVpnWhenRoaming = $True - startMenuPinnedFolderFileExplorer = "notConfigured" - edgeSearchEngine = @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - '@odata.type' = "#microsoft.graph.edgeSearchEngine" + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = 'FakeStringValue' + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = 'notConfigured' + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = 'FakeStringValue' + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = 'notConfigured' + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = 'notConfigured' + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + '@odata.type' = '#microsoft.graph.edgeSearchEngine' } } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } @@ -1657,452 +1661,452 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneDeviceConfigurationPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationPolicyWindows10 exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - AccountsBlockAddingNonMicrosoftAccountEmail = $True - ActivateAppsWithVoice = "notConfigured" - AntiTheftModeBlocked = $True - AppManagementMSIAllowUserControlOverInstall = $True - AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True - AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - AppsAllowTrustedAppsSideloading = "notConfigured" - AppsBlockWindowsStoreOriginatedApps = $True - AuthenticationAllowSecondaryDevice = $True - AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" - AuthenticationWebSignIn = "notConfigured" - BluetoothAllowedServices = @("FakeStringValue") - BluetoothBlockAdvertising = $True - BluetoothBlockDiscoverableMode = $True - BluetoothBlocked = $True - BluetoothBlockPrePairing = $True - BluetoothBlockPromptedProximalConnections = $True - CameraBlocked = $True - CellularBlockDataWhenRoaming = $True - CellularBlockVpn = $True - CellularBlockVpnWhenRoaming = $True - CellularData = "blocked" - CertificatesBlockManualRootCertificateInstallation = $True - ConfigureTimeZone = "FakeStringValue" - ConnectedDevicesServiceBlocked = $True - CopyPasteBlocked = $True - CortanaBlocked = $True - CryptographyAllowFipsAlgorithmPolicy = $True - DataProtectionBlockDirectMemoryAccess = $True - DefenderBlockEndUserAccess = $True - DefenderBlockOnAccessProtection = $True - DefenderCloudBlockLevel = "notConfigured" - DefenderCloudExtendedTimeout = 25 - DefenderCloudExtendedTimeoutInSeconds = 25 - DefenderDaysBeforeDeletingQuarantinedMalware = 25 - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" - } -ClientOnly) - defenderDisableCatchupFullScan = $True - defenderDisableCatchupQuickScan = $True - defenderFileExtensionsToExclude = @("FakeStringValue") - defenderFilesAndFoldersToExclude = @("FakeStringValue") - defenderMonitorFileActivity = "userDefined" - defenderPotentiallyUnwantedAppAction = "deviceDefault" - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderProcessesToExclude = @("FakeStringValue") - defenderPromptForSampleSubmission = "userDefined" - defenderRequireBehaviorMonitoring = $True - defenderRequireCloudProtection = $True - defenderRequireNetworkInspectionSystem = $True - defenderRequireRealTimeMonitoring = $True - defenderScanArchiveFiles = $True - defenderScanDownloads = $True - defenderScanIncomingMail = $True - defenderScanMappedNetworkDrivesDuringFullScan = $True - defenderScanMaxCpu = 25 - defenderScanNetworkFiles = $True - defenderScanRemovableDrivesDuringFullScan = $True - defenderScanScriptsLoadedInInternetExplorer = $True - defenderScanType = "userDefined" - defenderScheduledQuickScanTime = "00:00:00" - defenderScheduledScanTime = "00:00:00" - defenderScheduleScanEnableLowCpuPriority = $True - defenderSignatureUpdateIntervalInHours = 25 - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - defenderSystemScanSchedule = "userDefined" - description = "FakeStringValue" - developerUnlockSetting = "notConfigured" - deviceManagementBlockFactoryResetOnMobile = $True - deviceManagementBlockManualUnenroll = $True - diagnosticsDataSubmissionMode = "userDefined" - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - displayName = "FakeStringValue" - edgeAllowStartPagesModification = $True - edgeBlockAccessToAboutFlags = $True - edgeBlockAddressBarDropdown = $True - edgeBlockAutofill = $True - edgeBlockCompatibilityList = $True - edgeBlockDeveloperTools = $True - edgeBlocked = $True - edgeBlockEditFavorites = $True - edgeBlockExtensions = $True - edgeBlockFullScreenMode = $True - edgeBlockInPrivateBrowsing = $True - edgeBlockJavaScript = $True - edgeBlockLiveTileDataCollection = $True - edgeBlockPasswordManager = $True - edgeBlockPopups = $True - edgeBlockPrelaunch = $True - edgeBlockPrinting = $True - edgeBlockSavingHistory = $True - edgeBlockSearchEngineCustomization = $True - edgeBlockSearchSuggestions = $True - edgeBlockSendingDoNotTrackHeader = $True - edgeBlockSendingIntranetTrafficToInternetExplorer = $True - edgeBlockSideloadingExtensions = $True - edgeBlockTabPreloading = $True - edgeBlockWebContentOnNewTabPage = $True - edgeClearBrowsingDataOnExit = $True - edgeCookiePolicy = "userDefined" - edgeDisableFirstRunPage = $True - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - edgeFavoritesBarVisibility = "notConfigured" - edgeFavoritesListLocation = "FakeStringValue" - edgeFirstRunUrl = "FakeStringValue" - edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ - odataType = "#microsoft.graph.edgeHomeButtonHidden" - homeButtonCustomURL = "FakeStringValue" - } -ClientOnly) - edgeHomeButtonConfigurationEnabled = $True - edgeHomepageUrls = @("FakeStringValue") - edgeKioskModeRestriction = "notConfigured" - edgeKioskResetAfterIdleTimeInMinutes = 25 - edgeNewTabPageURL = "FakeStringValue" - edgeOpensWith = "notConfigured" - edgePreventCertificateErrorOverride = $True - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - edgeRequireSmartScreen = $True - edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - odataType = "#microsoft.graph.edgeSearchEngine" - } -ClientOnly) - edgeSendIntranetTrafficToInternetExplorer = $True - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - edgeSyncFavoritesWithInternetExplorer = $True - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - enableAutomaticRedeployment = $True - energySaverOnBatteryThresholdPercentage = 25 - energySaverPluggedInThresholdPercentage = 25 - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - enterpriseCloudPrintDiscoveryMaxLimit = 25 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - experienceBlockDeviceDiscovery = $True - experienceBlockErrorDialogWhenNoSIM = $True - experienceBlockTaskSwitcher = $True - experienceDoNotSyncBrowserSettings = "notConfigured" - findMyFiles = "notConfigured" - gameDvrBlocked = $True - id = "FakeStringValue" - inkWorkspaceAccess = "notConfigured" - inkWorkspaceAccessState = "notConfigured" - inkWorkspaceBlockSuggestedApps = $True - internetSharingBlocked = $True - locationServicesBlocked = $True - lockScreenActivateAppsWithVoice = "notConfigured" - lockScreenAllowTimeoutConfiguration = $True - lockScreenBlockActionCenterNotifications = $True - lockScreenBlockCortana = $True - lockScreenBlockToastNotifications = $True - lockScreenTimeoutInSeconds = 25 - logonBlockFastUserSwitching = $True - messagingBlockMMS = $True - messagingBlockRichCommunicationServices = $True - messagingBlockSync = $True - microsoftAccountBlocked = $True - microsoftAccountBlockSettingsSync = $True - microsoftAccountSignInAssistantSettings = "notConfigured" - networkProxyApplySettingsDeviceWide = $True - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - networkProxyDisableAutoDetect = $True - networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ - useForLocalAddresses = $True - exceptions = @("FakeStringValue") - address = "FakeStringValue" - } -ClientOnly) - nfcBlocked = $True - oneDriveDisableFileSync = $True - passwordBlockSimple = $True - passwordExpirationDays = 25 - passwordMinimumAgeInDays = 25 - passwordMinimumCharacterSetCount = 25 - passwordMinimumLength = 25 - passwordMinutesOfInactivityBeforeScreenTimeout = 25 - passwordPreviousPasswordBlockCount = 25 - passwordRequired = $True - passwordRequiredType = "deviceDefault" - passwordRequireWhenResumeFromIdleState = $True - passwordSignInFailureCountBeforeFactoryReset = 25 - personalizationDesktopImageUrl = "FakeStringValue" - personalizationLockScreenImageUrl = "FakeStringValue" - powerButtonActionOnBattery = "notConfigured" - powerButtonActionPluggedIn = "notConfigured" - powerHybridSleepOnBattery = "notConfigured" - powerHybridSleepPluggedIn = "notConfigured" - powerLidCloseActionOnBattery = "notConfigured" - powerLidCloseActionPluggedIn = "notConfigured" - powerSleepButtonActionOnBattery = "notConfigured" - powerSleepButtonActionPluggedIn = "notConfigured" - printerBlockAddition = $True - printerDefaultName = "FakeStringValue" - printerNames = @("FakeStringValue") - privacyAdvertisingId = "notConfigured" - privacyAutoAcceptPairingAndConsentPrompts = $True - privacyBlockActivityFeed = $True - privacyBlockInputPersonalization = $True - privacyBlockPublishUserActivities = $True - privacyDisableLaunchExperience = $True - resetProtectionModeBlocked = $True - safeSearchFilter = "userDefined" - screenCaptureBlocked = $True - searchBlockDiacritics = $True - searchBlockWebResults = $True - searchDisableAutoLanguageDetection = $True - searchDisableIndexerBackoff = $True - searchDisableIndexingEncryptedItems = $True - searchDisableIndexingRemovableDrive = $True - searchDisableLocation = $True - searchDisableUseLocation = $True - searchEnableAutomaticIndexSizeManangement = $True - searchEnableRemoteQueries = $True - securityBlockAzureADJoinedDevicesAutoEncryption = $True - settingsBlockAccountsPage = $True - settingsBlockAddProvisioningPackage = $True - settingsBlockAppsPage = $True - settingsBlockChangeLanguage = $True - settingsBlockChangePowerSleep = $True - settingsBlockChangeRegion = $True - settingsBlockChangeSystemTime = $True - settingsBlockDevicesPage = $True - settingsBlockEaseOfAccessPage = $True - settingsBlockEditDeviceName = $True - settingsBlockGamingPage = $True - settingsBlockNetworkInternetPage = $True - settingsBlockPersonalizationPage = $True - settingsBlockPrivacyPage = $True - settingsBlockRemoveProvisioningPackage = $True - settingsBlockSettingsApp = $True - settingsBlockSystemPage = $True - settingsBlockTimeLanguagePage = $True - settingsBlockUpdateSecurityPage = $True - sharedUserAppDataAllowed = $True - smartScreenAppInstallControl = "notConfigured" - smartScreenBlockPromptOverride = $True - smartScreenBlockPromptOverrideForFiles = $True - smartScreenEnableAppInstallControl = $True - startBlockUnpinningAppsFromTaskbar = $True - startMenuAppListVisibility = "userDefined" - startMenuHideChangeAccountSettings = $True - startMenuHideFrequentlyUsedApps = $True - startMenuHideHibernate = $True - startMenuHideLock = $True - startMenuHidePowerButton = $True - startMenuHideRecentJumpLists = $True - startMenuHideRecentlyAddedApps = $True - startMenuHideRestartOptions = $True - startMenuHideShutDown = $True - startMenuHideSignOut = $True - startMenuHideSleep = $True - startMenuHideSwitchAccount = $True - startMenuHideUserTile = $True - startMenuLayoutEdgeAssetsXml = $True - startMenuLayoutXml = $True - startMenuMode = "userDefined" - startMenuPinnedFolderDocuments = "notConfigured" - startMenuPinnedFolderDownloads = "notConfigured" - startMenuPinnedFolderFileExplorer = "notConfigured" - startMenuPinnedFolderHomeGroup = "notConfigured" - startMenuPinnedFolderMusic = "notConfigured" - startMenuPinnedFolderNetwork = "notConfigured" - startMenuPinnedFolderPersonalFolder = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - startMenuPinnedFolderSettings = "notConfigured" - startMenuPinnedFolderVideos = "notConfigured" - storageBlockRemovableStorage = $True - storageRequireMobileDeviceEncryption = $True - storageRestrictAppDataToSystemVolume = $True - storageRestrictAppInstallToSystemVolume = $True - supportsScopeTags = $True - systemTelemetryProxyServer = "FakeStringValue" - taskManagerBlockEndTask = $True - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True - uninstallBuiltInApps = $True - usbBlocked = $True - voiceRecordingBlocked = $True - webRtcBlockLocalhostIpAddress = $True - wiFiBlockAutomaticConnectHotspots = $True - wiFiBlocked = $True - wiFiBlockManualConfiguration = $True - wiFiScanInterval = 25 - windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ - runImmediatelyIfAfterStartDateTime = $True - recurrence = "none" - startDateTime = "2023-01-01T00:00:00.0000000+00:00" - } -ClientOnly) - windowsSpotlightBlockConsumerSpecificFeatures = $True - windowsSpotlightBlocked = $True - windowsSpotlightBlockOnActionCenter = $True - windowsSpotlightBlockTailoredExperiences = $True - windowsSpotlightBlockThirdPartyNotifications = $True - windowsSpotlightBlockWelcomeExperience = $True - windowsSpotlightBlockWindowsTips = $True - windowsSpotlightConfigureOnLockScreen = "notConfigured" - windowsStoreBlockAutoUpdate = $True - windowsStoreBlocked = $True - windowsStoreEnablePrivateStoreOnly = $True - wirelessDisplayBlockProjectionToThisDevice = $True - wirelessDisplayBlockUserInputFromReceiver = $True - wirelessDisplayRequirePinForPairing = $True - Ensure = "Present" - Credential = $Credential; + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = 'notConfigured' + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + AppsAllowTrustedAppsSideloading = 'notConfigured' + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + AuthenticationWebSignIn = 'notConfigured' + BluetoothAllowedServices = @('FakeStringValue') + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = 'blocked' + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = 'FakeStringValue' + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = 'notConfigured' + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @('FakeStringValue') + defenderFilesAndFoldersToExclude = @('FakeStringValue') + defenderMonitorFileActivity = 'userDefined' + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderProcessesToExclude = @('FakeStringValue') + defenderPromptForSampleSubmission = 'userDefined' + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = 'userDefined' + defenderScheduledQuickScanTime = '00:00:00' + defenderScheduledScanTime = '00:00:00' + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + defenderSystemScanSchedule = 'userDefined' + description = 'FakeStringValue' + developerUnlockSetting = 'notConfigured' + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = 'userDefined' + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + displayName = 'FakeStringValue' + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = 'userDefined' + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + edgeFavoritesBarVisibility = 'notConfigured' + edgeFavoritesListLocation = 'FakeStringValue' + edgeFirstRunUrl = 'FakeStringValue' + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = '#microsoft.graph.edgeHomeButtonHidden' + homeButtonCustomURL = 'FakeStringValue' + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @('FakeStringValue') + edgeKioskModeRestriction = 'notConfigured' + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = 'FakeStringValue' + edgeOpensWith = 'notConfigured' + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + odataType = '#microsoft.graph.edgeSearchEngine' + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = 'notConfigured' + findMyFiles = 'notConfigured' + gameDvrBlocked = $True + id = 'FakeStringValue' + inkWorkspaceAccess = 'notConfigured' + inkWorkspaceAccessState = 'notConfigured' + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = 'notConfigured' + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = 'notConfigured' + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @('FakeStringValue') + address = 'FakeStringValue' + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = 'deviceDefault' + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = 'FakeStringValue' + personalizationLockScreenImageUrl = 'FakeStringValue' + powerButtonActionOnBattery = 'notConfigured' + powerButtonActionPluggedIn = 'notConfigured' + powerHybridSleepOnBattery = 'notConfigured' + powerHybridSleepPluggedIn = 'notConfigured' + powerLidCloseActionOnBattery = 'notConfigured' + powerLidCloseActionPluggedIn = 'notConfigured' + powerSleepButtonActionOnBattery = 'notConfigured' + powerSleepButtonActionPluggedIn = 'notConfigured' + printerBlockAddition = $True + printerDefaultName = 'FakeStringValue' + printerNames = @('FakeStringValue') + privacyAdvertisingId = 'notConfigured' + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = 'userDefined' + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = 'notConfigured' + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = 'userDefined' + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = 'userDefined' + startMenuPinnedFolderDocuments = 'notConfigured' + startMenuPinnedFolderDownloads = 'notConfigured' + startMenuPinnedFolderFileExplorer = 'notConfigured' + startMenuPinnedFolderHomeGroup = 'notConfigured' + startMenuPinnedFolderMusic = 'notConfigured' + startMenuPinnedFolderNetwork = 'notConfigured' + startMenuPinnedFolderPersonalFolder = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + startMenuPinnedFolderSettings = 'notConfigured' + startMenuPinnedFolderVideos = 'notConfigured' + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = 'FakeStringValue' + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = 'none' + startDateTime = '2023-01-01T00:00:00.0000000+00:00' + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - energySaverOnBatteryThresholdPercentage = 7 - edgeHomepageUrls = @("FakeStringValue") - startMenuPinnedFolderSettings = "notConfigured" - powerLidCloseActionPluggedIn = "notConfigured" - passwordMinimumLength = 7 - configureTimeZone = "FakeStringValue" - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - safeSearchFilter = "userDefined" - edgeKioskModeRestriction = "notConfigured" - defenderDetectedMalwareActions = @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" + energySaverOnBatteryThresholdPercentage = 7 + edgeHomepageUrls = @('FakeStringValue') + startMenuPinnedFolderSettings = 'notConfigured' + powerLidCloseActionPluggedIn = 'notConfigured' + passwordMinimumLength = 7 + configureTimeZone = 'FakeStringValue' + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + safeSearchFilter = 'userDefined' + edgeKioskModeRestriction = 'notConfigured' + defenderDetectedMalwareActions = @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' } - personalizationLockScreenImageUrl = "FakeStringValue" - startMenuPinnedFolderDocuments = "notConfigured" - startMenuPinnedFolderDownloads = "notConfigured" - diagnosticsDataSubmissionMode = "userDefined" - '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" - cellularData = "blocked" - defenderScanMaxCpu = 7 - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - passwordMinimumCharacterSetCount = 7 - edgeOpensWith = "notConfigured" - defenderScanType = "userDefined" - printerNames = @("FakeStringValue") - authenticationWebSignIn = "notConfigured" - defenderPromptForSampleSubmission = "userDefined" - powerHybridSleepOnBattery = "notConfigured" - powerButtonActionPluggedIn = "notConfigured" - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - lockScreenTimeoutInSeconds = 7 - defenderSystemScanSchedule = "userDefined" - powerHybridSleepPluggedIn = "notConfigured" - passwordMinimumAgeInDays = 7 - startMenuPinnedFolderVideos = "notConfigured" - privacyAdvertisingId = "notConfigured" - edgeCookiePolicy = "userDefined" - wiFiScanInterval = 7 - findMyFiles = "notConfigured" - powerLidCloseActionOnBattery = "notConfigured" - inkWorkspaceAccessState = "notConfigured" - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - appsAllowTrustedAppsSideloading = "notConfigured" - defenderFilesAndFoldersToExclude = @("FakeStringValue") - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - developerUnlockSetting = "notConfigured" - defenderFileExtensionsToExclude = @("FakeStringValue") - systemTelemetryProxyServer = "FakeStringValue" - startMenuMode = "userDefined" - edgeHomeButtonConfiguration = @{ - homeButtonCustomURL = "FakeStringValue" - '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + personalizationLockScreenImageUrl = 'FakeStringValue' + startMenuPinnedFolderDocuments = 'notConfigured' + startMenuPinnedFolderDownloads = 'notConfigured' + diagnosticsDataSubmissionMode = 'userDefined' + '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' + cellularData = 'blocked' + defenderScanMaxCpu = 7 + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + passwordMinimumCharacterSetCount = 7 + edgeOpensWith = 'notConfigured' + defenderScanType = 'userDefined' + printerNames = @('FakeStringValue') + authenticationWebSignIn = 'notConfigured' + defenderPromptForSampleSubmission = 'userDefined' + powerHybridSleepOnBattery = 'notConfigured' + powerButtonActionPluggedIn = 'notConfigured' + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + lockScreenTimeoutInSeconds = 7 + defenderSystemScanSchedule = 'userDefined' + powerHybridSleepPluggedIn = 'notConfigured' + passwordMinimumAgeInDays = 7 + startMenuPinnedFolderVideos = 'notConfigured' + privacyAdvertisingId = 'notConfigured' + edgeCookiePolicy = 'userDefined' + wiFiScanInterval = 7 + findMyFiles = 'notConfigured' + powerLidCloseActionOnBattery = 'notConfigured' + inkWorkspaceAccessState = 'notConfigured' + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + appsAllowTrustedAppsSideloading = 'notConfigured' + defenderFilesAndFoldersToExclude = @('FakeStringValue') + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + developerUnlockSetting = 'notConfigured' + defenderFileExtensionsToExclude = @('FakeStringValue') + systemTelemetryProxyServer = 'FakeStringValue' + startMenuMode = 'userDefined' + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.edgeHomeButtonHidden' } - windowsSpotlightConfigureOnLockScreen = "notConfigured" - experienceDoNotSyncBrowserSettings = "notConfigured" - powerSleepButtonActionOnBattery = "notConfigured" - defenderSignatureUpdateIntervalInHours = 7 - enterpriseCloudPrintDiscoveryMaxLimit = 7 - startMenuPinnedFolderPersonalFolder = "notConfigured" - edgeNewTabPageURL = "FakeStringValue" - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - defenderCloudBlockLevel = "notConfigured" - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - defenderCloudExtendedTimeoutInSeconds = 7 - edgeFavoritesListLocation = "FakeStringValue" - startMenuPinnedFolderNetwork = "notConfigured" - powerButtonActionOnBattery = "notConfigured" - passwordRequiredType = "deviceDefault" - powerSleepButtonActionPluggedIn = "notConfigured" - appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - lockScreenActivateAppsWithVoice = "notConfigured" - edgeFavoritesBarVisibility = "notConfigured" - edgeSearchEngine = @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - '@odata.type' = "#microsoft.graph.edgeSearchEngine" + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + experienceDoNotSyncBrowserSettings = 'notConfigured' + powerSleepButtonActionOnBattery = 'notConfigured' + defenderSignatureUpdateIntervalInHours = 7 + enterpriseCloudPrintDiscoveryMaxLimit = 7 + startMenuPinnedFolderPersonalFolder = 'notConfigured' + edgeNewTabPageURL = 'FakeStringValue' + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + defenderCloudBlockLevel = 'notConfigured' + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + defenderCloudExtendedTimeoutInSeconds = 7 + edgeFavoritesListLocation = 'FakeStringValue' + startMenuPinnedFolderNetwork = 'notConfigured' + powerButtonActionOnBattery = 'notConfigured' + passwordRequiredType = 'deviceDefault' + powerSleepButtonActionPluggedIn = 'notConfigured' + appManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + lockScreenActivateAppsWithVoice = 'notConfigured' + edgeFavoritesBarVisibility = 'notConfigured' + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + '@odata.type' = '#microsoft.graph.edgeSearchEngine' } - energySaverPluggedInThresholdPercentage = 7 - inkWorkspaceAccess = "notConfigured" - activateAppsWithVoice = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - authenticationPreferredAzureADTenantDomainName = "FakeStringValue" - defenderScheduledQuickScanTime = "00:00:00" - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - startMenuAppListVisibility = "userDefined" - windows10AppsForceUpdateSchedule = @{ - startDateTime = "2023-01-01T00:00:00.0000000+00:00" - recurrence = "none" + energySaverPluggedInThresholdPercentage = 7 + inkWorkspaceAccess = 'notConfigured' + activateAppsWithVoice = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + authenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + defenderScheduledQuickScanTime = '00:00:00' + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + startMenuAppListVisibility = 'userDefined' + windows10AppsForceUpdateSchedule = @{ + startDateTime = '2023-01-01T00:00:00.0000000+00:00' + recurrence = 'none' } - networkProxyServer = @{ - exceptions = @("FakeStringValue") - address = "FakeStringValue" + networkProxyServer = @{ + exceptions = @('FakeStringValue') + address = 'FakeStringValue' } - startMenuPinnedFolderMusic = "notConfigured" - passwordExpirationDays = 7 - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - printerDefaultName = "FakeStringValue" - personalizationDesktopImageUrl = "FakeStringValue" - microsoftAccountSignInAssistantSettings = "notConfigured" - edgeFirstRunUrl = "FakeStringValue" - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - defenderPotentiallyUnwantedAppAction = "deviceDefault" - bluetoothAllowedServices = @("FakeStringValue") - defenderCloudExtendedTimeout = 7 - startMenuPinnedFolderFileExplorer = "notConfigured" - passwordMinutesOfInactivityBeforeScreenTimeout = 7 - smartScreenAppInstallControl = "notConfigured" - startMenuPinnedFolderHomeGroup = "notConfigured" - passwordSignInFailureCountBeforeFactoryReset = 7 - defenderMonitorFileActivity = "userDefined" - edgeKioskResetAfterIdleTimeInMinutes = 7 - defenderProcessesToExclude = @("FakeStringValue") - defenderDaysBeforeDeletingQuarantinedMalware = 7 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderScheduledScanTime = "00:00:00" - passwordPreviousPasswordBlockCount = 7 + startMenuPinnedFolderMusic = 'notConfigured' + passwordExpirationDays = 7 + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + printerDefaultName = 'FakeStringValue' + personalizationDesktopImageUrl = 'FakeStringValue' + microsoftAccountSignInAssistantSettings = 'notConfigured' + edgeFirstRunUrl = 'FakeStringValue' + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + bluetoothAllowedServices = @('FakeStringValue') + defenderCloudExtendedTimeout = 7 + startMenuPinnedFolderFileExplorer = 'notConfigured' + passwordMinutesOfInactivityBeforeScreenTimeout = 7 + smartScreenAppInstallControl = 'notConfigured' + startMenuPinnedFolderHomeGroup = 'notConfigured' + passwordSignInFailureCountBeforeFactoryReset = 7 + defenderMonitorFileActivity = 'userDefined' + edgeKioskResetAfterIdleTimeInMinutes = 7 + defenderProcessesToExclude = @('FakeStringValue') + defenderDaysBeforeDeletingQuarantinedMalware = 7 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderScheduledScanTime = '00:00:00' + passwordPreviousPasswordBlockCount = 7 } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -2110,13 +2114,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -2127,319 +2131,319 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ AdditionalProperties = @{ - enterpriseCloudPrintResourceIdentifier = "FakeStringValue" - startMenuHideSwitchAccount = $True - defenderBlockEndUserAccess = $True - searchEnableAutomaticIndexSizeManangement = $True - defenderRequireNetworkInspectionSystem = $True - settingsBlockGamingPage = $True - smartScreenBlockPromptOverrideForFiles = $True - passwordBlockSimple = $True - powerLidCloseActionPluggedIn = "notConfigured" - defenderRequireCloudProtection = $True - defenderFilesAndFoldersToExclude = @("FakeStringValue") - resetProtectionModeBlocked = $True - startBlockUnpinningAppsFromTaskbar = $True - networkProxyApplySettingsDeviceWide = $True - bluetoothAllowedServices = @("FakeStringValue") - defenderScanArchiveFiles = $True - lockScreenActivateAppsWithVoice = "notConfigured" - defenderScanIncomingMail = $True - edgeBlockAutofill = $True - authenticationAllowSecondaryDevice = $True - edgeRequireSmartScreen = $True - windowsSpotlightBlockOnActionCenter = $True - usbBlocked = $True - enableAutomaticRedeployment = $True - microsoftAccountSignInAssistantSettings = "notConfigured" - deviceManagementBlockFactoryResetOnMobile = $True - defenderPotentiallyUnwantedAppAction = "deviceDefault" - powerButtonActionOnBattery = "notConfigured" - startMenuAppListVisibility = "userDefined" - lockScreenBlockCortana = $True - windowsSpotlightConfigureOnLockScreen = "notConfigured" - startMenuPinnedFolderPictures = "notConfigured" - screenCaptureBlocked = $True - webRtcBlockLocalhostIpAddress = $True - safeSearchFilter = "userDefined" - searchDisableLocation = $True - edgeBlockInPrivateBrowsing = $True - appManagementMSIAllowUserControlOverInstall = $True - defenderSignatureUpdateIntervalInHours = 25 - startMenuHideSleep = $True - voiceRecordingBlocked = $True - edgeFavoritesListLocation = "FakeStringValue" - startMenuHideLock = $True - wiFiBlockManualConfiguration = $True - edgeBlockTabPreloading = $True - configureTimeZone = "FakeStringValue" - edgeBlocked = $True - taskManagerBlockEndTask = $True - settingsBlockAppsPage = $True - settingsBlockChangePowerSleep = $True - copyPasteBlocked = $True - settingsBlockNetworkInternetPage = $True - privacyBlockInputPersonalization = $True - appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") - powerLidCloseActionOnBattery = "notConfigured" - searchDisableIndexerBackoff = $True - edgeBlockFullScreenMode = $True - lockScreenTimeoutInSeconds = 25 - developerUnlockSetting = "notConfigured" - storageRestrictAppDataToSystemVolume = $True - cellularBlockVpn = $True - powerHybridSleepPluggedIn = "notConfigured" - settingsBlockChangeLanguage = $True - powerSleepButtonActionOnBattery = "notConfigured" - antiTheftModeBlocked = $True - defenderMonitorFileActivity = "userDefined" - defenderFileExtensionsToExclude = @("FakeStringValue") - bluetoothBlockDiscoverableMode = $True - enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" - diagnosticsDataSubmissionMode = "userDefined" - uninstallBuiltInApps = $True - oneDriveDisableFileSync = $True - startMenuHideUserTile = $True - startMenuHideSignOut = $True - defenderDaysBeforeDeletingQuarantinedMalware = 25 - privacyAutoAcceptPairingAndConsentPrompts = $True - settingsBlockChangeRegion = $True - passwordMinimumAgeInDays = 25 - powerHybridSleepOnBattery = "notConfigured" - displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") - edgeBlockSearchSuggestions = $True - settingsBlockSystemPage = $True - defenderRequireBehaviorMonitoring = $True - microsoftAccountBlockSettingsSync = $True - windowsSpotlightBlockWindowsTips = $True - startMenuHideRecentlyAddedApps = $True - inkWorkspaceBlockSuggestedApps = $True - personalizationDesktopImageUrl = "FakeStringValue" - edgeHomeButtonConfigurationEnabled = $True - passwordRequiredType = "deviceDefault" - startMenuPinnedFolderSettings = "notConfigured" - connectedDevicesServiceBlocked = $True - edgeBlockExtensions = $True - edgeBlockAddressBarDropdown = $True - findMyFiles = "notConfigured" - privacyBlockPublishUserActivities = $True - startMenuHideFrequentlyUsedApps = $True - '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" - powerSleepButtonActionPluggedIn = "notConfigured" - internetSharingBlocked = $True - startMenuHidePowerButton = $True - networkProxyAutomaticConfigurationUrl = "FakeStringValue" - personalizationLockScreenImageUrl = "FakeStringValue" - bluetoothBlockPrePairing = $True - windowsSpotlightBlockWelcomeExperience = $True - startMenuHideShutDown = $True - storageRestrictAppInstallToSystemVolume = $True - windowsSpotlightBlockThirdPartyNotifications = $True - searchDisableAutoLanguageDetection = $True - edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" - appsAllowTrustedAppsSideloading = "notConfigured" - edgeBlockLiveTileDataCollection = $True - wirelessDisplayBlockProjectionToThisDevice = $True - startMenuHideRestartOptions = $True - edgeSendIntranetTrafficToInternetExplorer = $True - startMenuPinnedFolderHomeGroup = "notConfigured" - edgeBlockWebContentOnNewTabPage = $True - startMenuLayoutXml = $True - searchBlockDiacritics = $True - storageBlockRemovableStorage = $True - enterpriseCloudPrintOAuthAuthority = "FakeStringValue" - wirelessDisplayRequirePinForPairing = $True - defenderScheduledQuickScanTime = "00:00:00" - edgeAllowStartPagesModification = $True - defenderRequireRealTimeMonitoring = $True - authenticationWebSignIn = "notConfigured" - lockScreenBlockToastNotifications = $True - energySaverPluggedInThresholdPercentage = 25 - defenderScanMappedNetworkDrivesDuringFullScan = $True - smartScreenBlockPromptOverride = $True - edgeBlockSendingIntranetTrafficToInternetExplorer = $True - authenticationPreferredAzureADTenantDomainName = "FakeStringValue" - defenderScanType = "userDefined" - bluetoothBlockAdvertising = $True - enterpriseCloudPrintDiscoveryMaxLimit = 25 - logonBlockFastUserSwitching = $True - networkProxyDisableAutoDetect = $True - cameraBlocked = $True - wiFiScanInterval = 25 - edgeBlockSideloadingExtensions = $True - settingsBlockEaseOfAccessPage = $True - microsoftAccountBlocked = $True - defenderScanRemovableDrivesDuringFullScan = $True - energySaverOnBatteryThresholdPercentage = 25 - startMenuHideHibernate = $True - defenderScanDownloads = $True - defenderBlockOnAccessProtection = $True - defenderCloudBlockLevel = "notConfigured" - storageRequireMobileDeviceEncryption = $True - windowsStoreEnablePrivateStoreOnly = $True - edgeBlockCompatibilityList = $True - wiFiBlockAutomaticConnectHotspots = $True - defenderPotentiallyUnwantedAppActionSetting = "userDefined" - defenderCloudExtendedTimeout = 25 - edgeHomepageUrls = @("FakeStringValue") - cellularBlockDataWhenRoaming = $True - securityBlockAzureADJoinedDevicesAutoEncryption = $True - smartScreenAppInstallControl = "notConfigured" - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" - bluetoothBlockPromptedProximalConnections = $True - settingsBlockPrivacyPage = $True - windowsSpotlightBlocked = $True - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True - startMenuPinnedFolderDocuments = "notConfigured" - systemTelemetryProxyServer = "FakeStringValue" - lockScreenAllowTimeoutConfiguration = $True - defenderSystemScanSchedule = "userDefined" - windowsSpotlightBlockConsumerSpecificFeatures = $True - searchDisableUseLocation = $True - appsBlockWindowsStoreOriginatedApps = $True - startMenuPinnedFolderNetwork = "notConfigured" - edgeBlockPrinting = $True - settingsBlockEditDeviceName = $True - printerNames = @("FakeStringValue") - settingsBlockUpdateSecurityPage = $True - startMenuMode = "userDefined" - searchBlockWebResults = $True - edgePreventCertificateErrorOverride = $True - passwordRequired = $True - defenderScanNetworkFiles = $True - startMenuPinnedFolderMusic = "notConfigured" - cortanaBlocked = $True - searchEnableRemoteQueries = $True - messagingBlockSync = $True - startMenuPinnedFolderVideos = "notConfigured" - enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" - experienceDoNotSyncBrowserSettings = "notConfigured" - edgeDisableFirstRunPage = $True - edgeCookiePolicy = "userDefined" - inkWorkspaceAccessState = "notConfigured" - windows10AppsForceUpdateSchedule = @{ + enterpriseCloudPrintResourceIdentifier = 'FakeStringValue' + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = 'notConfigured' + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @('FakeStringValue') + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @('FakeStringValue') + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = 'notConfigured' + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = 'notConfigured' + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = 'deviceDefault' + powerButtonActionOnBattery = 'notConfigured' + startMenuAppListVisibility = 'userDefined' + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = 'notConfigured' + startMenuPinnedFolderPictures = 'notConfigured' + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = 'userDefined' + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = 'FakeStringValue' + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = 'FakeStringValue' + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @('FakeStringValue') + powerLidCloseActionOnBattery = 'notConfigured' + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = 'notConfigured' + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = 'notConfigured' + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = 'notConfigured' + antiTheftModeBlocked = $True + defenderMonitorFileActivity = 'userDefined' + defenderFileExtensionsToExclude = @('FakeStringValue') + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = 'FakeStringValue' + diagnosticsDataSubmissionMode = 'userDefined' + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = 'notConfigured' + displayAppListWithGdiDPIScalingTurnedOn = @('FakeStringValue') + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = 'FakeStringValue' + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = 'deviceDefault' + startMenuPinnedFolderSettings = 'notConfigured' + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = 'notConfigured' + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' + powerSleepButtonActionPluggedIn = 'notConfigured' + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = 'FakeStringValue' + personalizationLockScreenImageUrl = 'FakeStringValue' + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = 'notConfigured' + appsAllowTrustedAppsSideloading = 'notConfigured' + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = 'notConfigured' + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = 'FakeStringValue' + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = '00:00:00' + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = 'notConfigured' + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = 'FakeStringValue' + defenderScanType = 'userDefined' + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = 'notConfigured' + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = 'userDefined' + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @('FakeStringValue') + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = 'notConfigured' + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'FakeStringValue' + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = 'notConfigured' + systemTelemetryProxyServer = 'FakeStringValue' + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = 'userDefined' + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = 'notConfigured' + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @('FakeStringValue') + settingsBlockUpdateSecurityPage = $True + startMenuMode = 'userDefined' + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = 'notConfigured' + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = 'notConfigured' + enterpriseCloudPrintDiscoveryEndPoint = 'FakeStringValue' + experienceDoNotSyncBrowserSettings = 'notConfigured' + edgeDisableFirstRunPage = $True + edgeCookiePolicy = 'userDefined' + inkWorkspaceAccessState = 'notConfigured' + windows10AppsForceUpdateSchedule = @{ runImmediatelyIfAfterStartDateTime = $True - recurrence = "none" - startDateTime = "2023-01-01T00:00:00.0000000+00:00" + recurrence = 'none' + startDateTime = '2023-01-01T00:00:00.0000000+00:00' } - dataProtectionBlockDirectMemoryAccess = $True - experienceBlockErrorDialogWhenNoSIM = $True - settingsBlockPersonalizationPage = $True - wirelessDisplayBlockUserInputFromReceiver = $True - startMenuPinnedFolderPersonalFolder = "notConfigured" - activateAppsWithVoice = "notConfigured" - edgeClearBrowsingDataOnExit = $True - passwordPreviousPasswordBlockCount = 25 - edgeBlockSearchEngineCustomization = $True - deviceManagementBlockManualUnenroll = $True - edgeBlockSavingHistory = $True - inkWorkspaceAccess = "notConfigured" - startMenuHideRecentJumpLists = $True - privacyBlockActivityFeed = $True - settingsBlockChangeSystemTime = $True - defenderDisableCatchupQuickScan = $True - smartScreenEnableAppInstallControl = $True - edgeBlockDeveloperTools = $True - edgeKioskModeRestriction = "notConfigured" - lockScreenBlockActionCenterNotifications = $True - privacyAdvertisingId = "notConfigured" - settingsBlockSettingsApp = $True - settingsBlockAccountsPage = $True - certificatesBlockManualRootCertificateInstallation = $True - edgeBlockJavaScript = $True - edgeSyncFavoritesWithInternetExplorer = $True - startMenuLayoutEdgeAssetsXml = $True - windowsSpotlightBlockTailoredExperiences = $True - defenderPromptForSampleSubmission = "userDefined" - edgeBlockAccessToAboutFlags = $True - messagingBlockMMS = $True - edgeBlockEditFavorites = $True - printerDefaultName = "FakeStringValue" - experienceBlockDeviceDiscovery = $True - privacyDisableLaunchExperience = $True - edgeTelemetryForMicrosoft365Analytics = "notConfigured" - nfcBlocked = $True - searchDisableIndexingRemovableDrive = $True - powerButtonActionPluggedIn = "notConfigured" - settingsBlockRemoveProvisioningPackage = $True - edgeKioskResetAfterIdleTimeInMinutes = 25 - passwordMinutesOfInactivityBeforeScreenTimeout = 25 - printerBlockAddition = $True - defenderScanScriptsLoadedInInternetExplorer = $True - defenderDisableCatchupFullScan = $True - edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") - bluetoothBlocked = $True - settingsBlockAddProvisioningPackage = $True - passwordMinimumLength = 25 - startMenuHideChangeAccountSettings = $True - defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" - edgeBlockPopups = $True - networkProxyServer = @{ + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = 'notConfigured' + activateAppsWithVoice = 'notConfigured' + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = 'notConfigured' + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = 'notConfigured' + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = 'notConfigured' + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = 'userDefined' + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = 'FakeStringValue' + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = 'notConfigured' + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = 'notConfigured' + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @('FakeStringValue') + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = 'sendSafeSamplesAutomatically' + edgeBlockPopups = $True + networkProxyServer = @{ useForLocalAddresses = $True - exceptions = @("FakeStringValue") - address = "FakeStringValue" + exceptions = @('FakeStringValue') + address = 'FakeStringValue' } - startMenuPinnedFolderDownloads = "notConfigured" - settingsBlockDevicesPage = $True - wiFiBlocked = $True - windowsStoreBlocked = $True - edgeBlockPrelaunch = $True - gameDvrBlocked = $True - experienceBlockTaskSwitcher = $True - edgeBlockPasswordManager = $True - passwordSignInFailureCountBeforeFactoryReset = 25 - passwordMinimumCharacterSetCount = 25 - searchDisableIndexingEncryptedItems = $True - appManagementMSIAlwaysInstallWithElevatedPrivileges = $True - cellularData = "blocked" - defenderScheduledScanTime = "00:00:00" - edgeEnterpriseModeSiteListLocation = "FakeStringValue" - defenderProcessesToExclude = @("FakeStringValue") - defenderDetectedMalwareActions = @{ - lowSeverity = "deviceDefault" - severeSeverity = "deviceDefault" - moderateSeverity = "deviceDefault" - highSeverity = "deviceDefault" + startMenuPinnedFolderDownloads = 'notConfigured' + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = 'blocked' + defenderScheduledScanTime = '00:00:00' + edgeEnterpriseModeSiteListLocation = 'FakeStringValue' + defenderProcessesToExclude = @('FakeStringValue') + defenderDetectedMalwareActions = @{ + lowSeverity = 'deviceDefault' + severeSeverity = 'deviceDefault' + moderateSeverity = 'deviceDefault' + highSeverity = 'deviceDefault' } - edgeHomeButtonConfiguration = @{ - homeButtonCustomURL = "FakeStringValue" - '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = 'FakeStringValue' + '@odata.type' = '#microsoft.graph.edgeHomeButtonHidden' } - cryptographyAllowFipsAlgorithmPolicy = $True - sharedUserAppDataAllowed = $True - edgeFirstRunUrl = "FakeStringValue" - edgeBlockSendingDoNotTrackHeader = $True - edgeOpensWith = "notConfigured" - defenderScheduleScanEnableLowCpuPriority = $True - windowsStoreBlockAutoUpdate = $True - messagingBlockRichCommunicationServices = $True - edgeNewTabPageURL = "FakeStringValue" - passwordRequireWhenResumeFromIdleState = $True - passwordExpirationDays = 25 - displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") - settingsBlockTimeLanguagePage = $True - locationServicesBlocked = $True - defenderScanMaxCpu = 25 - edgeFavoritesBarVisibility = "notConfigured" - accountsBlockAddingNonMicrosoftAccountEmail = $True - defenderCloudExtendedTimeoutInSeconds = 25 - cellularBlockVpnWhenRoaming = $True - startMenuPinnedFolderFileExplorer = "notConfigured" - edgeSearchEngine = @{ - edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" - edgeSearchEngineType = "default" - '@odata.type' = "#microsoft.graph.edgeSearchEngine" + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = 'FakeStringValue' + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = 'notConfigured' + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = 'FakeStringValue' + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @('FakeStringValue') + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = 'notConfigured' + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = 'notConfigured' + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = 'FakeStringValue' + edgeSearchEngineType = 'default' + '@odata.type' = '#microsoft.graph.edgeSearchEngine' } } - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - supportsScopeTags = $True + description = 'FakeStringValue' + displayName = 'FakeStringValue' + id = 'FakeStringValue' + supportsScopeTags = $True } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 index d932b50699..0dab9ca01c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 @@ -52,7 +52,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock Update-DeviceEnrollmentConfigurationPriority { } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts Context -Name 'The IntuneDeviceEnrollmentStatusPageWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { @@ -82,7 +87,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName New-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { return @{ - Id = 'FakeStringValue' + Id = 'FakeStringValue' Priority = 1 } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 index 1ea64bc5e4..918d8c93d7 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined" -GenericStubModule $GenericStubPath + -DscResource 'IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -43,53 +43,57 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfileAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True - EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True HybridAzureADJoinSkipConnectivityCheck = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -101,78 +105,78 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True - EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True HybridAzureADJoinSkipConnectivityCheck = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Absent" - Credential = $Credential; + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - AdditionalProperties = @{ + AdditionalProperties = @{ hybridAzureADJoinSkipConnectivityCheck = $True - '@odata.type' = "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile" + '@odata.type' = '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile' } - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True } - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' SkipKeyboardSelectionPage = $True - UserType = "administrator" + UserType = 'administrator' } } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -185,71 +189,71 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -Exactly 1 } } - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True - EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True HybridAzureADJoinSkipConnectivityCheck = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - AdditionalProperties = @{ + AdditionalProperties = @{ hybridAzureADJoinSkipConnectivityCheck = $True - '@odata.type' = "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile" + '@odata.type' = '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile' } - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True } - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' SkipKeyboardSelectionPage = $True - UserType = "administrator" + UserType = 'administrator' } } @@ -262,62 +266,62 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True - EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True + EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings -Property @{ + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True HybridAzureADJoinSkipConnectivityCheck = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' EnrollmentStatusScreenSettings = @{ InstallProgressTimeoutInMinutes = 7 - CustomErrorMessage = "FakeStringValue" + CustomErrorMessage = 'FakeStringValue' } - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - DeviceUsageType = "singleUser" - UserType = "administrator" + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + DeviceUsageType = 'singleUser' + UserType = 'administrator' } } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -325,13 +329,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementWindowAutopilotDeploymentProfile -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -341,41 +345,41 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - AdditionalProperties = @{ + AdditionalProperties = @{ hybridAzureADJoinSkipConnectivityCheck = $True - '@odata.type' = "#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile" + '@odata.type' = '#microsoft.graph.activeDirectoryWindowsAutopilotDeploymentProfile' } - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True } - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' SkipKeyboardSelectionPage = $True - UserType = "administrator" + UserType = 'administrator' } } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 index 20f5fda876..39cf6241d7 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsAutopilotDeploymentProfileAzureADJoined.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneWindowsAutopilotDeploymentProfileAzureADJoined" -GenericStubModule $GenericStubPath + -DscResource 'IntuneWindowsAutopilotDeploymentProfileAzureADJoined' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -43,52 +43,56 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfileAssignment -MockWith { } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } + # Test contexts - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADJoined should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADJoined should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1 -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return $null } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -100,76 +104,76 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADJoined exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADJoined exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1 -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Absent" - Credential = $Credential; + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile' } - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True } - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' SkipKeyboardSelectionPage = $True - UserType = "administrator" + UserType = 'administrator' } } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -182,69 +186,69 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementWindowAutopilotDeploymentProfile -Exactly 1 } } - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADJoined Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADJoined Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1 -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile' } - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True } - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' SkipKeyboardSelectionPage = $True - UserType = "administrator" + UserType = 'administrator' } } @@ -257,61 +261,61 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The IntuneWindowsAutopilotDeploymentProfileAzureADJoined exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneWindowsAutopilotDeploymentProfileAzureADJoined exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1 -Property @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True - AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True - } -ClientOnly) - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" - SkipKeyboardSelectionPage = $True - UserType = "administrator" - } -ClientOnly) - Ensure = "Present" - Credential = $Credential; + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True + AllowDeviceUseBeforeProfileAndAppInstallComplete = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True + } -ClientOnly) + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphoutOfBoxExperienceSettings1 -Property @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + } -ClientOnly) + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' EnrollmentStatusScreenSettings = @{ InstallProgressTimeoutInMinutes = 7 - CustomErrorMessage = "FakeStringValue" + CustomErrorMessage = 'FakeStringValue' } - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - DeviceUsageType = "singleUser" - UserType = "administrator" + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + DeviceUsageType = 'singleUser' + UserType = 'administrator' } } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -319,13 +323,13 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementWindowAutopilotDeploymentProfile -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -335,40 +339,40 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementWindowAutopilotDeploymentProfile -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile' } - Description = "FakeStringValue" - DeviceNameTemplate = "FakeStringValue" - DeviceType = "windowsPc" - DisplayName = "FakeStringValue" - EnableWhiteGlove = $True + Description = 'FakeStringValue' + DeviceNameTemplate = 'FakeStringValue' + DeviceType = 'windowsPc' + DisplayName = 'FakeStringValue' + EnableWhiteGlove = $True EnrollmentStatusScreenSettings = @{ - HideInstallationProgress = $True - BlockDeviceSetupRetryByUser = $True - AllowLogCollectionOnInstallFailure = $True + HideInstallationProgress = $True + BlockDeviceSetupRetryByUser = $True + AllowLogCollectionOnInstallFailure = $True AllowDeviceUseBeforeProfileAndAppInstallComplete = $True - InstallProgressTimeoutInMinutes = 25 - CustomErrorMessage = "FakeStringValue" - AllowDeviceUseOnInstallFailure = $True + InstallProgressTimeoutInMinutes = 25 + CustomErrorMessage = 'FakeStringValue' + AllowDeviceUseOnInstallFailure = $True } - ExtractHardwareHash = $True - Id = "FakeStringValue" - Language = "FakeStringValue" - ManagementServiceAppId = "FakeStringValue" - OutOfBoxExperienceSettings = @{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = "singleUser" + ExtractHardwareHash = $True + Id = 'FakeStringValue' + Language = 'FakeStringValue' + ManagementServiceAppId = 'FakeStringValue' + OutOfBoxExperienceSettings = @{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' SkipKeyboardSelectionPage = $True - UserType = "administrator" + UserType = 'administrator' } } } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } From 1dbf90b4ba872b5aa35f31d0f654bd2cfc9ac79b Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Mon, 3 Apr 2023 17:04:21 +0200 Subject: [PATCH 160/187] Last formatting update --- .../DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 06c9810295..cc1a9937bd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -1017,8 +1017,10 @@ function Export-TargetResource try { [array] $groups = Get-MgGroup -Filter $Filter -All:$true -ErrorAction Stop - $groups = $groups | Where-Object -FilterScript { -not ($_.MailEnabled -and ($null -eq $_.GroupTypes -or $_.GroupTypes.Length -eq 0)) -and - -not ($_.MailEnabled -and $_.SecurityEnabled) } + $groups = $groups | Where-Object -FilterScript { + -not ($_.MailEnabled -and ($null -eq $_.GroupTypes -or $_.GroupTypes.Length -eq 0)) -and ` + -not ($_.MailEnabled -and $_.SecurityEnabled) + } $i = 1 $dscContent = '' From 05c45f0fb8bb49ee0a1356c92dd1f58a4b19106d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Mon, 3 Apr 2023 17:05:53 +0200 Subject: [PATCH 161/187] Added function Remove-M365DSCAuthenticationParameter --- .../Microsoft365DSC/Modules/M365DSCUtil.psm1 | 66 ++++++++++++++++++- 1 file changed, 63 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 6dbb43fba7..1fad8fe44a 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -857,7 +857,7 @@ function Test-M365DSCParameterState try { $includeNonDriftsInformation = [System.Environment]::GetEnvironmentVariable('M365DSCEventLogIncludeNonDrifted', ` - [System.EnvironmentVariableTarget]::Machine) + [System.EnvironmentVariableTarget]::Machine) } catch { @@ -3103,10 +3103,10 @@ function Get-M365DSCExportContentForResource $Results = Format-M365DSCString -Properties $Results ` -ResourceName $ResourceName - $primaryKey = "" + $primaryKey = '' if ($Results.ContainsKey('IsSingleInstance')) { - $primaryKey = "" + $primaryKey = '' } elseif ($Results.ContainsKey('DisplayName')) { @@ -3964,6 +3964,65 @@ function Write-M365DSCLogEvent return $nullReturn } +<# +.Description +This function removes the authentication parameters from the hashtable. + +.Functionality +Internal +#> +function Remove-M365DSCAuthenticationParameter +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param( + [Parameter(Mandatory = $true)] + [System.Collections.Hashtable] + $BoundParameters + ) + + if ($BoundParameters.ContainsKey('Ensure')) + { + $BoundParameters.Remove('Ensure') + } + if ($BoundParameters.ContainsKey('Credential')) + { + $BoundParameters.Remove('Credential') + } + if ($BoundParameters.ContainsKey('ApplicationId')) + { + $BoundParameters.Remove('ApplicationId') + } + if ($BoundParameters.ContainsKey('ApplicationSecret')) + { + $BoundParameters.Remove('ApplicationSecret') + } + if ($BoundParameters.ContainsKey('TenantId')) + { + $BoundParameters.Remove('TenantId') + } + if ($BoundParameters.ContainsKey('CertificatePassword')) + { + $BoundParameters.Remove('CertificatePassword') + } + if ($BoundParameters.ContainsKey('CertificatePath')) + { + $BoundParameters.Remove('CertificatePath') + } + if ($BoundParameters.ContainsKey('CertificateThumbprint')) + { + $BoundParameters.Remove('CertificateThumbprint') + } + if ($BoundParameters.ContainsKey('ManagedIdentity')) + { + $BoundParameters.Remove('ManagedIdentity') + } + if ($BoundParameters.ContainsKey('Verbose')) + { + $BoundParameters.Remove('Verbose') + } + return $BoundParameters +} Export-ModuleMember -Function @( 'Assert-M365DSCBlueprint', @@ -3994,6 +4053,7 @@ Export-ModuleMember -Function @( 'New-M365DSCConnection', 'New-M365DSCMissingResourcesExample', 'Remove-EmptyValue', + 'Remove-M365DSCAuthenticationParameter', 'Remove-NullEntriesFromHashtable', 'Set-EXOSafeAttachmentRule', 'Set-EXOSafeLinksRule', From da9b6f4f5559c8d4465667ac7132770f204d9bee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Mon, 3 Apr 2023 17:06:04 +0200 Subject: [PATCH 162/187] Changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a95ab23110..ac483ac5e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -157,6 +157,7 @@ FIXES [#2981](https://github.com/microsoft/Microsoft365DSC/issues/2981) * Updated the Update-M365DSCModule to unload dependencies before updating them and then to reload the new versions. FIXES [#3097](https://github.com/microsoft/Microsoft365DSC/issues/3097) + * Added a new internal function to remove the authentication parameters from the bound paramters. `Remove-M365DSCAuthenticationParameter` * DEPENDENCIES * Updated MicrosoftTeams dependency to version 5.1.0. From cc3a40a45479b5db3fd0cb0182c72692103c6ff9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Mon, 3 Apr 2023 17:08:20 +0200 Subject: [PATCH 163/187] added out-null --- .../Microsoft365DSC/Modules/M365DSCUtil.psm1 | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 1fad8fe44a..a365576873 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -3983,43 +3983,43 @@ function Remove-M365DSCAuthenticationParameter if ($BoundParameters.ContainsKey('Ensure')) { - $BoundParameters.Remove('Ensure') + $BoundParameters.Remove('Ensure') | Out-Null } if ($BoundParameters.ContainsKey('Credential')) { - $BoundParameters.Remove('Credential') + $BoundParameters.Remove('Credential') | Out-Null } if ($BoundParameters.ContainsKey('ApplicationId')) { - $BoundParameters.Remove('ApplicationId') + $BoundParameters.Remove('ApplicationId') | Out-Null } if ($BoundParameters.ContainsKey('ApplicationSecret')) { - $BoundParameters.Remove('ApplicationSecret') + $BoundParameters.Remove('ApplicationSecret') | Out-Null } if ($BoundParameters.ContainsKey('TenantId')) { - $BoundParameters.Remove('TenantId') + $BoundParameters.Remove('TenantId') | Out-Null } if ($BoundParameters.ContainsKey('CertificatePassword')) { - $BoundParameters.Remove('CertificatePassword') + $BoundParameters.Remove('CertificatePassword') | Out-Null } if ($BoundParameters.ContainsKey('CertificatePath')) { - $BoundParameters.Remove('CertificatePath') + $BoundParameters.Remove('CertificatePath') | Out-Null } if ($BoundParameters.ContainsKey('CertificateThumbprint')) { - $BoundParameters.Remove('CertificateThumbprint') + $BoundParameters.Remove('CertificateThumbprint') | Out-Null } if ($BoundParameters.ContainsKey('ManagedIdentity')) { - $BoundParameters.Remove('ManagedIdentity') + $BoundParameters.Remove('ManagedIdentity') | Out-Null } if ($BoundParameters.ContainsKey('Verbose')) { - $BoundParameters.Remove('Verbose') + $BoundParameters.Remove('Verbose') | Out-Null } return $BoundParameters } From b5d9e3cd8f7430f743fc730c61ed0422982aed32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Mon, 3 Apr 2023 17:11:40 +0200 Subject: [PATCH 164/187] Updated Resource Generator Template --- ResourceGenerator/Module.Template.psm1 | 182 ++++++++++++------------- 1 file changed, 88 insertions(+), 94 deletions(-) diff --git a/ResourceGenerator/Module.Template.psm1 b/ResourceGenerator/Module.Template.psm1 index cbb58f1d27..f4616d5ebf 100644 --- a/ResourceGenerator/Module.Template.psm1 +++ b/ResourceGenerator/Module.Template.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - #endregion + #endregion [Parameter()] [System.String] @@ -75,17 +75,17 @@ function Get-TargetResource #endregionResourceGenerator#> if ($null -eq $getValue) { - Write-Verbose -Message "Could not find an with {$}" + Write-Verbose -Message 'Could not find an with {$}' return $nullResult } $ = $getValue. - Write-Verbose -Message "An with {$} and {$} was found."<#ResourceGenerator + Write-Verbose -Message 'An with {$} and {$} was found.'<#ResourceGenerator ResourceGenerator#> $results = @{<#ResourceGenerator #region resource generator code #endregionResourceGenerator#> } -<#ComplexTypeContent#><#AssignmentsGet#> + <#ComplexTypeContent#><#AssignmentsGet#> return [System.Collections.Hashtable] $results } catch @@ -106,7 +106,7 @@ function Set-TargetResource param ( #region resource generator code - #endregion + #endregion [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] @@ -151,40 +151,33 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters - $PSBoundParameters.Remove('Ensure') | Out-Null - $PSBoundParameters.Remove('Credential') | Out-Null - $PSBoundParameters.Remove('ApplicationId') | Out-Null - $PSBoundParameters.Remove('ApplicationSecret') | Out-Null - $PSBoundParameters.Remove('TenantId') | Out-Null - $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null - $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - $PSBoundParameters.Remove('Verbose') | Out-Null + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an with {$DisplayName}" -<#AssignmentsRemove#> - $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + <#AssignmentsRemove#> + $CreateParameters = ([Hashtable]$BoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } }<#ResourceGenerator #region resource generator code $policy = <#NewKeyIdentifier#> -<#AssignmentsNew#> #endregionResourceGenerator#> + <#AssignmentsNew#> #endregionResourceGenerator#> } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the with {$($currentInstance.)}" -<#AssignmentsRemove#> - $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + <#AssignmentsRemove#> + $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters $UpdateParameters.Remove('Id') | Out-Null @@ -192,14 +185,14 @@ function Set-TargetResource $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } }<#ResourceGenerator #region resource generator code <#UpdateKeyIdentifier#> -<#AssignmentsUpdate#> #endregionResourceGenerator#> + <#AssignmentsUpdate#> #endregionResourceGenerator#> } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -217,7 +210,7 @@ function Test-TargetResource param ( #region resource generator code - #endregion + #endregion [Parameter()] [System.String] @@ -261,7 +254,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of the with {$} and {$}" + Write-Verbose -Message 'Testing configuration of the with {$} and {$}' $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -296,7 +289,7 @@ function Test-TargetResource } } - $ValuesToCheck.remove("Id") | Out-Null + $ValuesToCheck.remove('Id') | Out-Null $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null @@ -366,7 +359,8 @@ function Export-TargetResource #endregion try - {<#ResourceGenerator + { + <#ResourceGenerator #region resource generator code #endregionResourceGenerator#> @@ -389,26 +383,26 @@ function Export-TargetResource } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - = $config. - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret + = $config. + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent + Managedidentity = $ManagedIdentity.IsPresent } $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results -<#ConvertComplexToString#><#AssignmentsConvertComplexToString#> + <#ConvertComplexToString#><#AssignmentsConvertComplexToString#> $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential -<#ConvertComplexToVariable#><#AssignmentsConvertComplexToVariable#><#TrailingCharRemoval#> + <#ConvertComplexToVariable#><#AssignmentsConvertComplexToVariable#><#TrailingCharRemoval#> $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -434,14 +428,14 @@ function Export-TargetResource <#AssignmentsFunctions#>function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) $keyToRename = @{ - "odataType" = "@odata.type" + 'odataType' = '@odata.type' } $result = $Properties @@ -458,22 +452,22 @@ function Export-TargetResource } $result = $values - return ,$result + return , $result } #endregion #region Single - if ($type -like "*Hashtable") + if ($type -like '*Hashtable') { $result = ([Hashtable]$Properties).clone() } - if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result $keys = ($hashProperties.clone()).keys foreach ($key in $keys) { - $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { $keyName = $keyToRename.$key @@ -483,7 +477,7 @@ function Export-TargetResource if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -495,7 +489,7 @@ function Export-TargetResource function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject @@ -506,7 +500,7 @@ function Get-M365DSCDRGComplexTypeToHashtable return $null } - if ($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { $results = @() @@ -522,7 +516,7 @@ function Get-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } if ($ComplexObject.getType().fullname -like '*Dictionary*') @@ -539,7 +533,7 @@ function Get-M365DSCDRGComplexTypeToHashtable $keyType = $ComplexObject.$key.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -556,19 +550,19 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if ($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { $keyName = $key - if ($ComplexObject.getType().Fullname -notlike "*hashtable") + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { $keyName = $key.Name } @@ -576,7 +570,7 @@ function Get-M365DSCDRGComplexTypeToHashtable if ($null -ne $ComplexObject.$keyName) { $keyType = $ComplexObject.$keyName.gettype().fullname - if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -655,7 +649,7 @@ function Get-M365DSCDRGComplexTypeToString $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { $currentProperty = @() $IndentLevel++ @@ -668,7 +662,7 @@ function Get-M365DSCDRGComplexTypeToString } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -677,7 +671,7 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } $currentProperty = '' @@ -687,7 +681,7 @@ function Get-M365DSCDRGComplexTypeToString $currentProperty += $indent } - $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ $indent = '' @@ -707,19 +701,19 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() $isArray = $false - if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { $isArray = $true } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] } else @@ -737,7 +731,7 @@ function Get-M365DSCDRGComplexTypeToString if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -746,16 +740,16 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" @@ -767,10 +761,10 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" @@ -795,7 +789,7 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } if ($mappedKey -and $mappedKey.isRequired) { @@ -811,12 +805,12 @@ function Get-M365DSCDRGComplexTypeToString } } $indent = '' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { $indent += ' ' } $currentProperty += "$indent}" - if ($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } @@ -825,14 +819,14 @@ function Get-M365DSCDRGComplexTypeToString if ($IndentLevel -eq 5) { $indent = '' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { $indent += ' ' } $currentProperty += $indent } - $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { $currentProperty = $null @@ -856,30 +850,30 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [System.String] $Space = ' ' - ) + ) $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { if ($key -eq '@odata.type') { - $key ='odataType' + $key = 'odataType' } $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue = $Space + $key + " = @(" + $returnValue = $Space + $key + ' = @(' $whitespace = '' $newline = '' if ($Value.count -gt 1) @@ -888,15 +882,15 @@ Function Get-M365DSCDRGSimpleObjectTypeToString $whitespace = $Space + ' ' $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -918,7 +912,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue = $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -936,7 +930,7 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if ($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } @@ -958,7 +952,7 @@ function Compare-M365DSCComplexObject return $false } - if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { if ($source.count -ne $target.count) { @@ -994,7 +988,7 @@ function Compare-M365DSCComplexObject return $true } - $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target @@ -1024,7 +1018,7 @@ function Compare-M365DSCComplexObject #Both keys aren't null or empty if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*') { #Recursive call for complex object $compareResult = Compare-M365DSCComplexObject ` @@ -1045,7 +1039,7 @@ function Compare-M365DSCComplexObject #Identifying date from the current values $targetType = ($Target.$tkey.getType()).Name - if ($targetType -like "*Date*") + if ($targetType -like '*Date*') { $compareResult = $true $sourceDate = [DateTime]$Source.$key @@ -1075,13 +1069,13 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if ($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { $results = @() foreach ($item in $ComplexObject) @@ -1094,17 +1088,17 @@ function Convert-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject if ($null -ne $hashComplexObject) { $results = $hashComplexObject.clone() - $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } @@ -1113,7 +1107,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) $propertyValue = $results[$key] $results.remove($key) | Out-Null - $results.add($propertyName,$propertyValue) + $results.add($propertyName, $propertyValue) } } } From 3dee4fb10bde68359b53eb3b8be346fcc09ab98d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Mon, 3 Apr 2023 17:12:55 +0200 Subject: [PATCH 165/187] DRG update --- ResourceGenerator/Module.Workloads.Template.psm1 | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/ResourceGenerator/Module.Workloads.Template.psm1 b/ResourceGenerator/Module.Workloads.Template.psm1 index 17902d42a5..876ff1e882 100644 --- a/ResourceGenerator/Module.Workloads.Template.psm1 +++ b/ResourceGenerator/Module.Workloads.Template.psm1 @@ -74,17 +74,11 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters - $PSBoundParameters.Remove('Ensure') | Out-Null - $PSBoundParameters.Remove('Credential') | Out-Null - $PSBoundParameters.Remove('ApplicationId') | Out-Null - $PSBoundParameters.Remove('ApplicationSecret') | Out-Null - $PSBoundParameters.Remove('TenantId') | Out-Null - $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null - $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - $CreateParameters = ([Hashtable]$PSBoundParameters).Clone() + $CreateParameters = ([Hashtable]$BoundParameters).Clone() $CreateParameters.Remove('Verbose') | Out-Null @@ -105,7 +99,7 @@ function Set-TargetResource { Write-Verbose -Message "Updating {$}" - $UpdateParameters = ([Hashtable]$PSBoundParameters).Clone() + $UpdateParameters = ([Hashtable]$BoundParameters).Clone() $UpdateParameters.Remove('Verbose') | Out-Null $keys = $UpdateParameters.Keys From 9aeaaf6a91ebe13aa859dc88fdfa5c1a8bdd8298 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Mon, 3 Apr 2023 17:26:17 +0200 Subject: [PATCH 166/187] New-M365DSCReportFromConfiguration did use a non existing param --- Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index b5be884742..17c2021866 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -258,8 +258,6 @@ function New-M365DSCConfigurationToExcel $report.Range('A1:C1').Borders.Weight = -4138 $row = 2 - $parsedContent = Initialize-M365DSCReporting -ConfigurationPath $ConfigurationPath - foreach ($resource in $parsedContent) { $beginRow = $row @@ -1140,8 +1138,8 @@ function New-M365DSCDeltaReport $cellStyle = "vertical-align:top;" } - if (-not [System.String]::IsNullOrEmpty($destinationValue) -and - $destinationValue.GetType().Name -eq 'Object[]' -and + if (-not [System.String]::IsNullOrEmpty($destinationValue) -and + $destinationValue.GetType().Name -eq 'Object[]' -and -not [System.String]::IsNullOrEmpty($CIMType)) { $destinationValue = "" From 77913645151348609045e79a9b1832e35d00a4aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Mon, 3 Apr 2023 17:27:22 +0200 Subject: [PATCH 167/187] changelog update. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a95ab23110..06962a56e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -147,6 +147,7 @@ * Fix AdditionalProperties complex constructor * Fix Read privileges in settings file * MISC + * Fixed an issue `New-M365DSCReportFromConfiguration` where a non existing parameter was used to retrieve the configuration. * Added a QA check to test for the presence of a Key parameter and fixes resources where this was not the case. FIXES [#2925](https://github.com/microsoft/Microsoft365DSC/issues/2925) From 597736283d8f116b092408817b7ac9a8fb93438f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Mon, 3 Apr 2023 17:30:03 +0200 Subject: [PATCH 168/187] formatting fix --- .../Modules/M365DSCReport.psm1 | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index 17c2021866..5329f50cdd 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -546,7 +546,7 @@ function Compare-M365DSCConfigurations { if ($propertyName -notin $filteredProperties) { - $destinationPropertyName = $destinationResource.Keys | Where-Object -FilterScript {$_ -eq $propertyName} + $destinationPropertyName = $destinationResource.Keys | Where-Object -FilterScript { $_ -eq $propertyName } if ([System.String]::IsNullOrEmpty($destinationPropertyName)) { $destinationPropertyName = $propertyName @@ -554,8 +554,8 @@ function Compare-M365DSCConfigurations # Needs to be a separate nested if statement otherwise the ReferenceObject an be null and it will error out; if ($destinationResource.ContainsKey($destinationPropertyName) -eq $false -or (-not [System.String]::IsNullOrEmpty($propertyName) -and - $null -ne (Compare-Object -ReferenceObject ($sourceResource.$propertyName)` - -DifferenceObject ($destinationResource.$destinationPropertyName))) -and + $null -ne (Compare-Object -ReferenceObject ($sourceResource.$propertyName)` + -DifferenceObject ($destinationResource.$destinationPropertyName))) -and -not ([System.String]::IsNullOrEmpty($destinationResource.$destinationPropertyName) -and [System.String]::IsNullOrEmpty($sourceResource.$propertyName))) { if ($null -eq $drift) @@ -607,7 +607,7 @@ function Compare-M365DSCConfigurations { if ($propertyName -notin $filteredProperties) { - $sourcePropertyName = $destinationResource.Keys | Where-Object -FilterScript {$_ -eq $propertyName} + $sourcePropertyName = $destinationResource.Keys | Where-Object -FilterScript { $_ -eq $propertyName } if ([System.String]::IsNullOrEmpty($sourcePropertyName)) { $sourcePropertyName = $propertyName @@ -1036,7 +1036,7 @@ function New-M365DSCDeltaReport [void]$reportSB.Append("border-top:1px solid black;border-bottom:1px solid black;'>") $iconPath = Get-IconPath -ResourceName $resource.ResourceName [void]$reportSB.AppendLine("") - [void]$reportSB.AppendLine(''); + [void]$reportSB.AppendLine('') [void]$reportSB.AppendLine("") [void]$reportSB.AppendLine("

$($resource.ResourceName) - $($resource.Key) = $($resource.KeyValue)

") [void]$reportSB.AppendLine('') @@ -1057,7 +1057,7 @@ function New-M365DSCDeltaReport [void]$reportSB.Append("border-top:1px solid black;border-bottom:1px solid black;'>") $iconPath = Get-IconPath -ResourceName $resource.ResourceName [void]$reportSB.AppendLine("") - [void]$reportSB.AppendLine(''); + [void]$reportSB.AppendLine('') [void]$reportSB.AppendLine("") [void]$reportSB.AppendLine("

$($resource.ResourceName) - $($resource.Key) = $($resource.KeyValue)

") [void]$reportSB.AppendLine('') @@ -1078,7 +1078,7 @@ function New-M365DSCDeltaReport [void]$reportSB.Append("rowspan='" + ($resource.Properties.Count + 2) + "'>") $iconPath = Get-IconPath -ResourceName $resource.ResourceName [void]$reportSB.AppendLine("") - [void]$reportSB.AppendLine(''); + [void]$reportSB.AppendLine('') [void]$reportSB.AppendLine("") [void]$reportSB.AppendLine("

$($resource.ResourceName) - $($resource.Key) = $($resource.KeyValue)

") [void]$reportSB.AppendLine('') @@ -1123,39 +1123,39 @@ function New-M365DSCDeltaReport if ($sourceValue.GetType().Name -eq 'Object[]' -and -not [System.String]::IsNullOrEmpty($CIMType)) { - $sourceValue = "" + $sourceValue = '' $orderedKeys = $drift.ValueInSource.Key | Sort-Object foreach ($key in $orderedKeys) { - $currentValue = ($drift.ValueInSource | Where-Object -FilterScript {$_.Key -eq $key}).Value + $currentValue = ($drift.ValueInSource | Where-Object -FilterScript { $_.Key -eq $key }).Value $sourceValue += "" $sourceValue += "" $sourceValue += "" - $sourceValue += "
$CIMType
$key = $currentValue

" + $sourceValue += '
' } - $sourceValue = $sourceValue.Substring(0, $sourceValue.Length -5) - $cellStyle = "vertical-align:top;" + $sourceValue = $sourceValue.Substring(0, $sourceValue.Length - 5) + $cellStyle = 'vertical-align:top;' } - if (-not [System.String]::IsNullOrEmpty($destinationValue) -and - $destinationValue.GetType().Name -eq 'Object[]' -and - -not [System.String]::IsNullOrEmpty($CIMType)) + if (-not [System.String]::IsNullOrEmpty($destinationValue) ` + -and $destinationValue.GetType().Name -eq 'Object[]' ` + -and -not [System.String]::IsNullOrEmpty($CIMType)) { - $destinationValue = "" + $destinationValue = '' $orderedKeys = $drift.ValueInDestination.Key | Sort-Object $CIMType = $drift.ValueInDestination[0].CimInstance foreach ($key in $orderedKeys) { - $currentValue = ($drift.ValueInDestination | Where-Object -FilterScript {$_.Key -eq $key}).Value + $currentValue = ($drift.ValueInDestination | Where-Object -FilterScript { $_.Key -eq $key }).Value $destinationValue += "" $destinationValue += "" $destinationValue += "" - $destinationValue += "
$CIMType
$key = $currentValue

" + $destinationValue += '
' } - $destinationValue = $destinationValue.Substring(0, $destinationValue.Length -5) - $cellDestinationStyle = "vertical-align:top;" + $destinationValue = $destinationValue.Substring(0, $destinationValue.Length - 5) + $cellDestinationStyle = 'vertical-align:top;' } [void]$reportSB.AppendLine('') From 8af97db4b27ac373453297901dd262036da5e57a Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 3 Apr 2023 14:00:14 -0400 Subject: [PATCH 169/187] Fixes #3117 --- CHANGELOG.md | 2 ++ .../MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a7f229d80..683ff19741 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -99,6 +99,8 @@ IntuneWifiConfigurationPolicyMacOS, IntuneWifiConfigurationPolicyWindows10, IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled, IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required + * Properly escapes single quotes from CIMInstances string values. + FIXES [#3117](https://github.com/microsoft/Microsoft365DSC/issues/3117) * IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required * [BREAKING CHANGE] Corrected typo in resource name (Entreprise to Enterprise) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 index 7d61a42be8..460504d629 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 @@ -3621,7 +3621,7 @@ function Get-M365DSCDRGSimpleObjectTypeToString { $key = 'odataType' } - $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value.Replace("'", "''") + "'`r`n" } '*.DateTime' { From c947aff2dc16d23e32a977ff41a5ef1ac84107b0 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 3 Apr 2023 16:12:14 -0400 Subject: [PATCH 170/187] Microsoft.Graph dependencies update --- CHANGELOG.md | 1 + .../Dependencies/Manifest.psd1 | 28 +++++++++---------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 683ff19741..0241fdb7d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -162,6 +162,7 @@ FIXES [#3097](https://github.com/microsoft/Microsoft365DSC/issues/3097) * Added a new internal function to remove the authentication parameters from the bound paramters. `Remove-M365DSCAuthenticationParameter` * DEPENDENCIES + * Updated Microsoft.Graph dependencies to version 1.25.0. * Updated MicrosoftTeams dependency to version 5.1.0. # 1.23.322.1 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 94bfaae274..a4a859e57d 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -10,59 +10,59 @@ }, @{ ModuleName = 'Microsoft.Graph.Applications' - RequiredVersion = '1.23.0' + RequiredVersion = '1.25.0' }, @{ ModuleName = 'Microsoft.Graph.Authentication' - RequiredVersion = '1.23.0' + RequiredVersion = '1.25.0' }, @{ ModuleName = 'Microsoft.Graph.DeviceManagement' - RequiredVersion = '1.23.0' + RequiredVersion = '1.25.0' }, @{ ModuleName = 'Microsoft.Graph.DeviceManagement.Administration' - RequiredVersion = '1.23.0' + RequiredVersion = '1.25.0' }, @{ ModuleName = 'Microsoft.Graph.DeviceManagement.Enrolment' - RequiredVersion = '1.23.0' + RequiredVersion = '1.25.0' }, @{ ModuleName = 'Microsoft.Graph.Devices.CorporateManagement' - RequiredVersion = '1.23.0' + RequiredVersion = '1.25.0' }, @{ ModuleName = 'Microsoft.Graph.Groups' - RequiredVersion = '1.23.0' + RequiredVersion = '1.25.0' }, @{ ModuleName = 'Microsoft.Graph.Identity.DirectoryManagement' - RequiredVersion = '1.23.0' + RequiredVersion = '1.25.0' }, @{ ModuleName = 'Microsoft.Graph.Identity.Governance' - RequiredVersion = '1.23.0' + RequiredVersion = '1.25.0' }, @{ ModuleName = 'Microsoft.Graph.Identity.SignIns' - RequiredVersion = '1.23.0' + RequiredVersion = '1.25.0' }, @{ ModuleName = 'Microsoft.Graph.Planner' - RequiredVersion = '1.23.0' + RequiredVersion = '1.25.0' }, @{ ModuleName = 'Microsoft.Graph.Teams' - RequiredVersion = '1.23.0' + RequiredVersion = '1.25.0' }, @{ ModuleName = 'Microsoft.Graph.Users' - RequiredVersion = '1.23.0' + RequiredVersion = '1.25.0' }, @{ ModuleName = 'Microsoft.Graph.Users.Actions' - RequiredVersion = '1.23.0' + RequiredVersion = '1.25.0' }, @{ ModuleName = 'Microsoft.PowerApps.Administration.PowerShell' From 968f3926236aa15617c36f1c5c74aaceececb749 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Tue, 4 Apr 2023 13:35:45 +0200 Subject: [PATCH 171/187] Update Blog to include TeamsGroupPolicyAssignment change --- docs/docs/blog/april-2023-major-release.md | 28 ++++++++++++++++++---- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index e1789d2517..de47cad020 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -1,12 +1,14 @@ # Microsoft365DSC – April 2023 Major Release (version 1.23.405.1) -As defined by our [Breaking Changes Policy](https://microsoft365dsc.com/concepts/breaking-changes/), twice a year we allow for breaking changes to be deployed as part of a release. Our next major release, scheduled to go out on April 5th 2023, will include several breaking changes and will be labeled version 1.23.405.1. This article provides details on the breaking changes and other important updates that will be included as part of our April 2023 Major release. +As defined by our [Breaking Changes Policy](https://microsoft365dsc.com/concepts/breaking-changes/), twice a year we allow for breaking changes to be deployed as part of a release. Our next major release, scheduled to go out on April 5th 2023, will include several breaking changes and wFill be labeled version 1.23.405.1. This article provides details on the breaking changes and other important updates that will be included as part of our April 2023 Major release. ## IntuneDeviceEnrollmentPlatformRestriction ([#2431](https://github.com/microsoft/Microsoft365DSC/pull/2431)) + As part of the April 2023 major release, this resource is being re-written almost entirely to account for new properties. The recommendation is to stop using old instances of it and start fresh by using this new updated version. One option would be to use the **Export-M365DSCConfiguration** cmdlet and target only this resource. Then, replace the existing instances in your configurations with the newly extracted content. ## Primary Keys of Multiple Resources ([#2968](https://github.com/microsoft/Microsoft365DSC/pull/2968)) -We have modified the logic of all the resources below to ensure we have a primary key defined. In most cases we have marked the Identity or DisplayName properties as now being mandatory. While we don't believe this change will have a major impact on most existing configuration since they probably alreadfy defined these properties, there is a small chance that customers omitted to include them. The recomendation in this case is to ensure you add the new required properties to your resources. Resources impacted are: + +We have modified the logic of all the resources below to ensure we have a primary key defined. In most cases we have marked the Identity or DisplayName properties as now being mandatory. While we don't believe this change will have a major impact on most existing configuration since they probably already defined these properties, there is a small chance that customers omitted to include them. The recomendation in this case is to ensure you add the new required properties to your resources. Resources impacted are: * AADAdministrativeUnit * AADConditionalAccessPolicy @@ -36,19 +38,28 @@ We have modified the logic of all the resources below to ensure we have a primar * IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled * IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 +## TeamsGroupPolicyAssignment: New Key Parameters ([3054](https://github.com/microsoft/Microsoft365DSC/issues/3054)) + +TeamsGroupPolicyAssignment used to have the Priority as key parameter. This could cause issues due to duplicate keys. With this release the previous key is now replaced by the following three parameters: GroupId, GroupDisplayName and PolicyType. This will ensure that the resource is unique and will not cause any issues. If the GroupId is not known or no group with the given id exists, the display name will be used instead. + ## Removed the Identity Parameters from EXOIRMConfiguration, EXOPerimeterConfiguration & EXOResourceConfiguraton + The Identity parameter, which was the primary key for the resources listed, has been replaced by the IsSingleInstance parameter. This is because there could only ever be one instance of these resources on the tenants and in order to align with other tenant-wide resources, the IsSingleInstance parameter needs to be present. This parameter only ever accepts a value of 'Yes' and its sole purpose is to ensure there isn't more than one instance of the given resource per configuration file. ## IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager ([#3003](https://github.com/microsoft/Microsoft365DSC/pull/3003)) + As part of this release, we are changing the DisplayName parameter to be required. Current configurations should make sure to include this parameter to avoid any conflicts when upgrading. ## Corrected typos in resource names ([#3024](https://github.com/microsoft/Microsoft365DSC/pull/3024)) + Three resources had typos in their names. With this release these typos are now corrected: + * IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner: Changed Entreprise into Enterprise * IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile: Changed Entreprise into Enterprise * IntuneWindowUpdateForBusinessRingUpdateProfileWindows10: Changed Window into Windows ## Removal of Deprecated Parameters ([#3040](https://github.com/microsoft/Microsoft365DSC/pull/3040)) + We are removing parameters that have been deprecated from various resources as part of this major update. As a reminder, parameters that become deprecated on Microsoft 365 are being marked as deprecated in Microsoft365DSC until the next major release. In the past, using these parameters would have resulted in a warning letting the users know that they are using a deprecated parameter and that it would simply be ignored. Starting with this release, using these deprecated parameters will generate an error. It is recommended to scan existing configurations and remove deprecated parameters. The following resources have deprecated parameters that have been removed as part of this release, along with the parameters that have been removed:
    @@ -122,27 +133,32 @@ We are removing parameters that have been deprecated from various resources as p
## AADGroup - Added SecurityEnabled and MailEnabled as Mandatory Parameters ([#3077](https://github.com/microsoft/Microsoft365DSC/pull/3077)) + We've updated the AADGroup resource to enforce the MailEnabled and SecurityEnabled parameters as mandatory. Omitting these parameters was throwing an error since they were required by the Microsoft Graph API associated with it. To update existing configurations, simply make sure that every instances of the AADGroup resource includes both the MailEnabled and SecurityEnabled parameters. ## Export - Resource Instance Logical Naming ([#3087](https://github.com/microsoft/Microsoft365DSC/pull/3087)) + In order to make it easier for folks to follow the execution process of the Start-DSCConfiguration cmdlet and to keep the exported configuration files cleaner, we've changed the extraction logic to provide meaningful names to the extracted components. In the past, every instance extracted used to be assigned a GUID as its instance name. Starting with this release, extracted resources will be named based on the following logic: 1. If the resource implements the **IsSingleInstance** property, the resource instance's will simply take the resource's name. E.g., - ``` + + ```powershell SPOTenantSettings 'SPOTenantSettings' { ... } ``` -2.Otherwise, the resource will always be named following the "[ResourceName]-[PrimaryKey]" pattern. E.g., - ``` +2. Otherwise, the resource will always be named following the "[ResourceName]-[PrimaryKey]" pattern. E.g., + + ```powershell TeamsMeetingPolicy 'TeamsMeetingPolicy-MyPolicy' { DisplayName = 'MyPolicy' ... } ``` + The primary key will always give priority to the following properties in order: * DisplayName * Identity @@ -151,10 +167,12 @@ In order to make it easier for folks to follow the execution process of the Star This means that if a resource instance defines both DisplayName and Id, that the DisplayName value will be used to name the instance. ## Logging Improvements for Non-Drifted Resource Instances ([#3090](https://github.com/microsoft/Microsoft365DSC/pull/3099)) + Starting with this version of M365DSC, users can decide to also include informaton about resources that don't have any detected drifts in them by setting the logging settings with the new Set-M365DSCLoggingOption. E.g., ``` Set-M365DSCLoggingOption -IncludeNonDrifted $True ``` + These events will be reported as Information entries having an Event ID of 2. ![image](https://raw.githubusercontent.com/microsoft/Microsoft365DSC/Dev/docs/docs/Images/April2023MR-EventViewer.png) From 93bbaca8f234e5dabf8c00d1804a53b5fe0124c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Tue, 4 Apr 2023 14:18:33 +0200 Subject: [PATCH 172/187] fixed typo --- docs/docs/blog/april-2023-major-release.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index de47cad020..4a28c02329 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -1,6 +1,6 @@ # Microsoft365DSC – April 2023 Major Release (version 1.23.405.1) -As defined by our [Breaking Changes Policy](https://microsoft365dsc.com/concepts/breaking-changes/), twice a year we allow for breaking changes to be deployed as part of a release. Our next major release, scheduled to go out on April 5th 2023, will include several breaking changes and wFill be labeled version 1.23.405.1. This article provides details on the breaking changes and other important updates that will be included as part of our April 2023 Major release. +As defined by our [Breaking Changes Policy](https://microsoft365dsc.com/concepts/breaking-changes/), twice a year we allow for breaking changes to be deployed as part of a release. Our next major release, scheduled to go out on April 5th 2023, will include several breaking changes and will be labeled version 1.23.405.1. This article provides details on the breaking changes and other important updates that will be included as part of our April 2023 Major release. ## IntuneDeviceEnrollmentPlatformRestriction ([#2431](https://github.com/microsoft/Microsoft365DSC/pull/2431)) From 79022e387532740e1b9e3ba5da2175b6e9c46749 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 4 Apr 2023 09:48:12 -0400 Subject: [PATCH 173/187] Multiple Export Fixes --- ...tuneDeviceConfigurationPolicyWindows10.psm1 | 5 +++-- .../MSFT_SCAutoSensitivityLabelRule.psm1 | 1 - .../MSFT_TeamsUpdateManagementPolicy.psm1 | 9 ++++++--- ...MSFT_TeamsUpdateManagementPolicy.schema.mof | 2 +- .../1-CreateNewPolicy.ps1 | 2 +- .../Microsoft365DSC/Modules/M365DSCUtil.psm1 | 18 ++++++++++++++++++ ...65DSC.TeamsUpdateManagementPolicy.Tests.ps1 | 2 +- 7 files changed, 30 insertions(+), 9 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 index d6ba141358..577d84da42 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 @@ -4851,8 +4851,9 @@ function Export-TargetResource $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable - $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) - $currentDSCBlock = $currentDSCBlock.replace("`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.Replace(" ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.Replace("`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.Replace(",`r`n",'') $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 index 9f64ece6aa..4fe6f9e13d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 @@ -1103,7 +1103,6 @@ function Export-TargetResource [Array]$workloads = $rule.Workload.Replace(' ', '').Split(',') foreach ($workload in $workloads) { - $Results = Get-TargetResource @PSBoundParameters ` -Name $rule.name ` -Policy $rule.ParentPolicyName ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 index 82457932d9..92533de6d2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 @@ -39,7 +39,8 @@ function Get-TargetResource $UpdateTimeOfDay, [Parameter()] - [System.Boolean] + [ValidateSet('UserChoice', 'MicrosoftChoice', 'AdminDisabled')] + [System.String] $UseNewTeamsClient, [Parameter()] @@ -168,7 +169,8 @@ function Set-TargetResource $UpdateTimeOfDay, [Parameter()] - [System.Boolean] + [ValidateSet('UserChoice', 'MicrosoftChoice', 'AdminDisabled')] + [System.String] $UseNewTeamsClient, [Parameter()] @@ -284,7 +286,8 @@ function Test-TargetResource $UpdateTimeOfDay, [Parameter()] - [System.Boolean] + [ValidateSet('UserChoice', 'MicrosoftChoice', 'AdminDisabled')] + [System.String] $UseNewTeamsClient, [Parameter()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.schema.mof index 8cfa88cfa7..7151244bb1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.schema.mof @@ -9,7 +9,7 @@ class MSFT_TeamsUpdateManagementPolicy : OMI_BaseResource [Write, Description("Determines the day of week to perform the updates. Value shoud be between 0 and 6.")] UInt32 UpdateDayOfWeek; [Write, Description("Determines the time of day to perform the updates. Must be a valid HH:MM format string with leading 0. For instance 08:30.")] String UpdateTime; [Write, Description("Determines the time of day to perform the updates. Accepts a DateTime as string. Only the time will be considered.")] String UpdateTimeOfDay; - [Write, Description("Determines whether or not users will use the new Teams client.")] Boolean UseNewTeamsClient; + [Write, Description("Determines whether or not users will use the new Teams client."), ValueMap{"UserChoice","MicrosoftChoice","AdminDisabled"}, Values{"UserChoice","MicrosoftChoice","AdminDisabled"}] String UseNewTeamsClient; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials of the Teams Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Modules/Microsoft365DSC/Examples/Resources/TeamsUpdateManagementPolicy/1-CreateNewPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/TeamsUpdateManagementPolicy/1-CreateNewPolicy.ps1 index b436889542..fe50371520 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/TeamsUpdateManagementPolicy/1-CreateNewPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/TeamsUpdateManagementPolicy/1-CreateNewPolicy.ps1 @@ -25,7 +25,7 @@ Configuration Example UpdateDayOfWeek = 1; UpdateTime = "18:00"; UpdateTimeOfDay = "2022-05-06T18:00:00"; - UseNewTeamsClient = $True + UseNewTeamsClient = 'MicrosoftChoice' } } } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index a365576873..63c183378f 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -3124,11 +3124,29 @@ function Get-M365DSCExportContentForResource { $primaryKey = $Results.Name } + elseif ($Results.ContainsKey('Title')) + { + $primaryKey = $Results.Title + } + elseif ($Results.ContainsKey('CdnType')) + { + $primaryKey = $Results.CdnType + } + elseif ($Results.ContainsKey('Usage')) + { + $primaryKey = $Results.Usage + } + $instanceName = $ResourceName if (-not [System.String]::IsNullOrEmpty($primaryKey)) { $instanceName += "-$primaryKey" } + + if ($Results.ContainsKey('Workload')) + { + $instanceName += "-$($Results.Workload)" + } $content = " $ResourceName `"$instanceName`"`r`n" $content += " {`r`n" $partialContent = Get-DSCBlock -Params $Results -ModulePath $ModulePath diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUpdateManagementPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUpdateManagementPolicy.Tests.ps1 index a1fd23aa7c..b5af18c995 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUpdateManagementPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUpdateManagementPolicy.Tests.ps1 @@ -225,7 +225,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UpdateDayOfWeek = 1 UpdateTime = '18:00' UpdateTimeOfDay = $DateTimeValue - UseNewTeamsClient = $True + UseNewTeamsClient = 'MicrosoftChoice' } } } From 42ee28871d394947c4e9691ed2424b6358b67ef7 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 4 Apr 2023 09:58:43 -0400 Subject: [PATCH 174/187] Update MSFT_TeamsEmergencyCallRoutingPolicy.psm1 --- .../MSFT_TeamsEmergencyCallRoutingPolicy.psm1 | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsEmergencyCallRoutingPolicy/MSFT_TeamsEmergencyCallRoutingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsEmergencyCallRoutingPolicy/MSFT_TeamsEmergencyCallRoutingPolicy.psm1 index 1e05b278ee..76e12f46e1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsEmergencyCallRoutingPolicy/MSFT_TeamsEmergencyCallRoutingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsEmergencyCallRoutingPolicy/MSFT_TeamsEmergencyCallRoutingPolicy.psm1 @@ -377,19 +377,17 @@ function Export-TargetResource $result.EmergencyNumbers = ConvertTo-TeamsEmergencyNumbersString -Numbers $result.EmergencyNumbers } - $content = Get-DSCBlock -Params $result -ModulePath $PSScriptRoot - - if ($null -ne $result.EmergencyNumbers) - { - $content = Convert-DSCStringParamToVariable -DSCBlock $content -ParameterName 'EmergencyNumbers' - } - $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` -Results $Result ` -Credential $Credential + if ($null -ne $result.EmergencyNumbers) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'EmergencyNumbers' + } + $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName From 436c92378b395d7b2d355c397baeebdc64757b55 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 4 Apr 2023 11:51:30 -0400 Subject: [PATCH 175/187] Fixes --- ...tuneDeviceEnrollmentPlatformRestriction.Tests.ps1 | 3 +++ ...osoft365DSC.TeamsUpdateManagementPolicy.Tests.ps1 | 12 ++++++------ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 index f4841ca4e4..6966d8add0 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 @@ -52,6 +52,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfigurationAssignment -MockWith { return @() } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } } # Test contexts diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUpdateManagementPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUpdateManagementPolicy.Tests.ps1 index b5af18c995..79bdeae7d0 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUpdateManagementPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsUpdateManagementPolicy.Tests.ps1 @@ -60,7 +60,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UpdateDayOfWeek = 1 UpdateTime = '18:00' UpdateTimeOfDay = '6:00 PM' - UseNewTeamsClient = $True + UseNewTeamsClient = 'MicrosoftChoice' Ensure = 'Present' Credential = $Credential } @@ -95,7 +95,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UpdateDayOfWeek = 1 UpdateTime = '18:00' UpdateTimeOfDay = '6:00 PM' - UseNewTeamsClient = $True + UseNewTeamsClient = 'MicrosoftChoice' Ensure = 'Present' Credential = $Credential } @@ -110,7 +110,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UpdateDayOfWeek = 3; #Drift UpdateTime = '18:00' UpdateTimeOfDay = $DateTimeValue - UseNewTeamsClient = $True + UseNewTeamsClient = 'MicrosoftChoice' } } } @@ -141,7 +141,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UpdateDayOfWeek = 1 UpdateTime = '18:00' UpdateTimeOfDay = '6:00 PM' - UseNewTeamsClient = $True + UseNewTeamsClient = 'MicrosoftChoice' Ensure = 'Present' Credential = $Credential } @@ -156,7 +156,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UpdateDayOfWeek = 1 UpdateTime = '18:00' UpdateTimeOfDay = $DateTimeValue - UseNewTeamsClient = $True + UseNewTeamsClient = 'MicrosoftChoice' } } } @@ -188,7 +188,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { UpdateDayOfWeek = 1 UpdateTime = '18:00' UpdateTimeOfDay = $DateTimeValue - UseNewTeamsClient = $True + UseNewTeamsClient = 'MicrosoftChoice' } } } From a6b840db9738bffeb6aacd1104c9748d4107fb1b Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 4 Apr 2023 16:17:53 +0000 Subject: [PATCH 176/187] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/teams/TeamsUpdateManagementPolicy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/resources/teams/TeamsUpdateManagementPolicy.md b/docs/docs/resources/teams/TeamsUpdateManagementPolicy.md index fe000e0db2..5ee42b00c9 100644 --- a/docs/docs/resources/teams/TeamsUpdateManagementPolicy.md +++ b/docs/docs/resources/teams/TeamsUpdateManagementPolicy.md @@ -12,7 +12,7 @@ | **UpdateDayOfWeek** | Write | UInt32 | Determines the day of week to perform the updates. Value shoud be between 0 and 6. | | | **UpdateTime** | Write | String | Determines the time of day to perform the updates. Must be a valid HH:MM format string with leading 0. For instance 08:30. | | | **UpdateTimeOfDay** | Write | String | Determines the time of day to perform the updates. Accepts a DateTime as string. Only the time will be considered. | | -| **UseNewTeamsClient** | Write | Boolean | Determines whether or not users will use the new Teams client. | | +| **UseNewTeamsClient** | Write | String | Determines whether or not users will use the new Teams client. | `UserChoice`, `MicrosoftChoice`, `AdminDisabled` | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Teams Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | @@ -80,7 +80,7 @@ Configuration Example UpdateDayOfWeek = 1; UpdateTime = "18:00"; UpdateTimeOfDay = "2022-05-06T18:00:00"; - UseNewTeamsClient = $True + UseNewTeamsClient = 'MicrosoftChoice' } } } From 1de391ceb8a94755f0823e702c95e214c38cfbe0 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 4 Apr 2023 12:19:30 -0400 Subject: [PATCH 177/187] Fixes #3056 --- CHANGELOG.md | 12 ++++++------ .../MSFT_AADAuthorizationPolicy.psm1 | 1 + 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0241fdb7d9..23ac5b644a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,5 @@ # Change log for Microsoft365DSC -# Breaking Changes (APRIL 5TH RELEASE) - -* TeamsGroupPolicyAssignment change of key and required parameters - * [BREAKING CHANGE] Setting GroupId and PolicyType as Key parameters - FIXES [#3054](https://github.com/microsoft/Microsoft365DSC/issues/3054) - # UNRELEASED * IntuneDeviceEnrollmentPlatformRestriction @@ -32,6 +26,9 @@ * Fixes extraction of the ScopedRoleMembers property. * AADApplication * [BREAKING CHANGE] Remove deprecated parameter Oauth2RequirePostResponse +* AADAuthorizationPolicy + * Fixes an error where the authentication method wasn't recognized when doing an export using app secret. + FIXES [#3056](https://github.com/microsoft/Microsoft365DSC/issues/3056) * AADConditionalAccessPolicy * Add condition for empty External Guest/User include/exclude FIXES [#3108](https://github.com/microsoft/Microsoft365DSC/issues/3108) @@ -138,6 +135,9 @@ * [BREAKING CHANGE] Remove deprecated parameter RequireAcceptingAccountMatchInvitedAccount * Fixes how we are extracting the DisabledWebPartIds parameter. FIXES [#3066](https://github.com/microsoft/Microsoft365DSC/issues/3066) +* TeamsGroupPolicyAssignment change of key and required parameters + * [BREAKING CHANGE] Setting GroupId and PolicyType as Key parameters + FIXES [#3054](https://github.com/microsoft/Microsoft365DSC/issues/3054) * TeamsMeetingPolicy * [BREAKING CHANGE] Remove deprecated parameter RecordingStorageMode * TeamsUpdateManagementPolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthorizationPolicy/MSFT_AADAuthorizationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthorizationPolicy/MSFT_AADAuthorizationPolicy.psm1 index 32c6791b5c..883508eb9b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthorizationPolicy/MSFT_AADAuthorizationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthorizationPolicy/MSFT_AADAuthorizationPolicy.psm1 @@ -537,6 +537,7 @@ function Export-TargetResource Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId + ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint ManagedIdentity = $ManagedIdentity } From 9dd3063f9b0fd27c0099befda38d5664969fdff5 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 4 Apr 2023 13:01:29 -0400 Subject: [PATCH 178/187] FIXES #3046 --- CHANGELOG.md | 2 ++ .../Microsoft365DSC/Modules/M365DSCUtil.psm1 | 20 +++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0241fdb7d9..1ba16b6cd2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -161,6 +161,8 @@ * Updated the Update-M365DSCModule to unload dependencies before updating them and then to reload the new versions. FIXES [#3097](https://github.com/microsoft/Microsoft365DSC/issues/3097) * Added a new internal function to remove the authentication parameters from the bound paramters. `Remove-M365DSCAuthenticationParameter` + * Enforcing tenant ID to be in the tenant.onmicrosoft.com form. + FIXES [#3046](https://github.com/microsoft/Microsoft365DSC/issues/3046) * DEPENDENCIES * Updated Microsoft.Graph dependencies to version 1.25.0. * Updated MicrosoftTeams dependency to version 5.1.0. diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 63c183378f..fdb2746f1c 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -1071,6 +1071,26 @@ function Export-M365DSCConfiguration $ApplicationId, [Parameter(ParameterSetName = 'Export')] + [ValidateScript({ + $invalid = $false + try + { + [System.Guid]::Parse($_) | Out-Null + $invalid = $true + } + catch + { + $invalid = $false + } + if ($invalid) + { + throw "Please provide the tenant name (e.g., contoso.onmicrosoft.com) for TenantId instead of its GUID." + } + else + { + return $true + } + })] [System.String] $TenantId, From f8725377abc0b565c3acf1617810708b111d1957 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Tue, 4 Apr 2023 21:19:35 +0200 Subject: [PATCH 179/187] Improved unit test performance --- CHANGELOG.md | 1 + ...neDeviceEnrollmentPlatformRestriction.psm1 | 6 +- ...5DSC.EXOManagementRoleAssignment.Tests.ps1 | 3 + ...iceEnrollmentPlatformRestriction.Tests.ps1 | 175 +++++++++--------- ...essFeatureUpdateProfileWindows10.Tests.ps1 | 3 + ...DSC.SCAutoSensitivityLabelPolicy.Tests.ps1 | 3 + .../Microsoft365DSC.SCLabelPolicy.Tests.ps1 | 5 +- .../Microsoft365DSC.SPOSiteScript.Tests.ps1 | 3 + 8 files changed, 109 insertions(+), 90 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 23ac5b644a..f15527ae17 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -150,6 +150,7 @@ * Fix Read privileges in settings file * MISC * Fixed an issue `New-M365DSCReportFromConfiguration` where a non existing parameter was used to retrieve the configuration. + * Improved unit test performance * Added a QA check to test for the presence of a Key parameter and fixes resources where this was not the case. FIXES [#2925](https://github.com/microsoft/Microsoft365DSC/issues/2925) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index 8cea2accf0..a1eed5d1f2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -108,10 +108,8 @@ function Get-TargetResource try { - $config = Get-MgDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $Identity -ErrorAction silentlyContinue - <# Not using the DisplayName as a key due to android profiles Android profile are generated using 2 singlePlatformRestriction policies: 1 for android and 1 for androidForWork @@ -126,7 +124,6 @@ function Get-TargetResource } #> - if ($null -eq $config) { Write-Verbose -Message "No Device Enrollment Platform Restriction {$Identity} was found" @@ -148,7 +145,7 @@ function Get-TargetResource Managedidentity = $ManagedIdentity.IsPresent } - $results += get-DevicePlatformRestrictionSetting -Properties $config.AdditionalProperties + $results += Get-DevicePlatformRestrictionSetting -Properties $config.AdditionalProperties $AssignmentsValues = Get-MgDeviceManagementDeviceEnrollmentConfigurationAssignment -DeviceEnrollmentConfigurationId $config.Id $assignmentResult = @() foreach ($assignmentEntry in $AssignmentsValues) @@ -984,7 +981,6 @@ function Update-DeviceConfigurationPolicyAssignments $body = @{'enrollmentConfigurationAssignments' = $configurationPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - } catch { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 index 4465aeae6b..55adc9ffdc 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 @@ -48,6 +48,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Remove-PSSession -MockWith { } + Mock -CommandName Start-Sleep -MockWith { + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 index 6966d8add0..3c4f9039a7 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 @@ -22,11 +22,11 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "Pass@word1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'Pass@word1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) #Mock -CommandName Update-M365DSCExportAuthenticationResults -MockWith { - # return @{} + # return @{} #} #Mock -CommandName Get-M365DSCExportContentForResource -MockWith { @@ -40,6 +40,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return 'Credentials' } + Mock -CommandName Select-MgProfile -MockWith { + } + + Mock -CommandName Invoke-MgGraphRequest -MockWith { + } + Mock -CommandName Update-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { } @@ -52,6 +58,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfigurationAssignment -MockWith { return @() } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } @@ -61,16 +68,16 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name "When the restriction doesn't already exist" -Fixture { BeforeAll { $testParams = @{ - Identity = "12345-12345-12345-12345-12345_SinglePlatformRestriction"; - Description = ""; - DisplayName = "My DSC Restriction"; - Ensure = "Present" - DeviceEnrollmentConfigurationType = "singlePlatformRestriction"; - Credential = $Credential; - IosRestriction = (New-CimInstance -ClassName MSFT_DeviceEnrollmentPlatformRestriction -Property @{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - } -ClientOnly); + Identity = '12345-12345-12345-12345-12345_SinglePlatformRestriction' + Description = '' + DisplayName = 'My DSC Restriction' + Ensure = 'Present' + DeviceEnrollmentConfigurationType = 'singlePlatformRestriction' + Credential = $Credential + IosRestriction = (New-CimInstance -ClassName MSFT_DeviceEnrollmentPlatformRestriction -Property @{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + } -ClientOnly) } Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { @@ -92,78 +99,78 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "When the restriction already exists and is in the Desired State" -Fixture { + Context -Name 'When the restriction already exists and is in the Desired State' -Fixture { BeforeAll { $testParams = @{ - Identity = "12345-12345-12345-12345-12345_SinglePlatformRestriction" - Description = ""; - DisplayName = "My DSC Restriction"; - Ensure = "Present" - DeviceEnrollmentConfigurationType = "singlePlatformRestriction" - Credential = $Credential; - IosRestriction = (New-CimInstance -ClassName MSFT_DeviceEnrollmentPlatformRestriction -Property @{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - } -ClientOnly) + Identity = '12345-12345-12345-12345-12345_SinglePlatformRestriction' + Description = '' + DisplayName = 'My DSC Restriction' + Ensure = 'Present' + DeviceEnrollmentConfigurationType = 'singlePlatformRestriction' + Credential = $Credential + IosRestriction = (New-CimInstance -ClassName MSFT_DeviceEnrollmentPlatformRestriction -Property @{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + } -ClientOnly) } Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration' - PlatformRestriction = @{ - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $False; + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration' + PlatformRestriction = @{ + PersonalDeviceEnrollmentBlocked = $False + PlatformBlocked = $False } - platformType = 'ios' + platformType = 'ios' } - id = "12345-12345-12345-12345-12345_SinglePlatformRestriction" - DeviceEnrollmentConfigurationType = "singlePlatformRestriction" - Description = ""; - DisplayName = "My DSC Restriction"; + id = '12345-12345-12345-12345-12345_SinglePlatformRestriction' + DeviceEnrollmentConfigurationType = 'singlePlatformRestriction' + Description = '' + DisplayName = 'My DSC Restriction' } } } - It "Should return true from the Test method" { + It 'Should return true from the Test method' { Test-TargetResource @testParams | Should -Be $true } } - Context -Name "When the restriction already exists and is NOT in the Desired State" -Fixture { + Context -Name 'When the restriction already exists and is NOT in the Desired State' -Fixture { BeforeAll { $testParams = @{ - Identity = "12345-12345-12345-12345-12345_SinglePlatformRestriction" - Description = ""; - DisplayName = "My DSC Restriction"; - Ensure = "Present" - DeviceEnrollmentConfigurationType = "singlePlatformRestriction" - Credential = $Credential; - iOSRestriction = (New-CimInstance -ClassName MSFT_DeviceEnrollmentPlatformRestriction -Property @{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - } -ClientOnly) + Identity = '12345-12345-12345-12345-12345_SinglePlatformRestriction' + Description = '' + DisplayName = 'My DSC Restriction' + Ensure = 'Present' + DeviceEnrollmentConfigurationType = 'singlePlatformRestriction' + Credential = $Credential + iOSRestriction = (New-CimInstance -ClassName MSFT_DeviceEnrollmentPlatformRestriction -Property @{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + } -ClientOnly) } Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration' - PlatformRestriction = @{ - PersonalDeviceEnrollmentBlocked = $true; #drift - PlatformBlocked = $False; + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration' + PlatformRestriction = @{ + PersonalDeviceEnrollmentBlocked = $true; #drift + PlatformBlocked = $False } - platformType = 'ios' + platformType = 'ios' } - id = "12345-12345-12345-12345-12345_SinglePlatformRestriction" - DeviceEnrollmentConfigurationType = "singlePlatformRestriction" - Description = ""; - DisplayName = "My DSC Restriction"; + id = '12345-12345-12345-12345-12345_SinglePlatformRestriction' + DeviceEnrollmentConfigurationType = 'singlePlatformRestriction' + Description = '' + DisplayName = 'My DSC Restriction' } } } - It "Should return false from the Test method" { + It 'Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } } @@ -171,32 +178,32 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'When the restriction exists and it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - Identity = "12345-12345-12345-12345-12345_SinglePlatformRestriction" - Description = ""; - DisplayName = "My DSC Restriction"; - Ensure = "Absent" - DeviceEnrollmentConfigurationType = "singlePlatformRestriction" - Credential = $Credential; - iOSRestriction = (New-CimInstance -ClassName MSFT_DeviceEnrollmentPlatformRestriction -Property @{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - } -ClientOnly) + Identity = '12345-12345-12345-12345-12345_SinglePlatformRestriction' + Description = '' + DisplayName = 'My DSC Restriction' + Ensure = 'Absent' + DeviceEnrollmentConfigurationType = 'singlePlatformRestriction' + Credential = $Credential + iOSRestriction = (New-CimInstance -ClassName MSFT_DeviceEnrollmentPlatformRestriction -Property @{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + } -ClientOnly) } Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration' - PlatformRestriction = @{ - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $False; + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration' + PlatformRestriction = @{ + PersonalDeviceEnrollmentBlocked = $False + PlatformBlocked = $False } - platformType = 'ios' + platformType = 'ios' } - id = "12345-12345-12345-12345-12345_SinglePlatformRestriction" - DeviceEnrollmentConfigurationType = "singlePlatformRestriction" - Description = ""; - DisplayName = "My DSC Restriction"; + id = '12345-12345-12345-12345-12345_SinglePlatformRestriction' + DeviceEnrollmentConfigurationType = 'singlePlatformRestriction' + Description = '' + DisplayName = 'My DSC Restriction' } } } @@ -225,18 +232,18 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceEnrollmentConfiguration -MockWith { return @{ - AdditionalProperties = @{ + AdditionalProperties = @{ '@odata.type' = '#microsoft.graph.deviceEnrollmentPlatformRestrictionConfiguration' PlatformRestriction = @{ - PersonalDeviceEnrollmentBlocked = $False; - PlatformBlocked = $False; + PersonalDeviceEnrollmentBlocked = $False + PlatformBlocked = $False } platformType = 'ios' } - id = "12345-12345-12345-12345-12345_SinglePlatformRestriction" - DeviceEnrollmentConfigurationType = "singlePlatformRestriction" - Description = ""; - DisplayName = "My DSC Restriction"; + id = '12345-12345-12345-12345-12345_SinglePlatformRestriction' + DeviceEnrollmentConfigurationType = 'singlePlatformRestriction' + Description = '' + DisplayName = 'My DSC Restriction' } } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.Tests.ps1 index 84465389e4..0e09eb522c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.Tests.ps1 @@ -46,6 +46,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return 'Credentials' } + Mock -CommandName Select-MgProfile -MockWith { + } + Mock -CommandName Get-MgDeviceManagementWindowFeatureUpdateProfileAssignment -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCAutoSensitivityLabelPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCAutoSensitivityLabelPolicy.Tests.ps1 index 81a9af3302..8952c8fc8d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCAutoSensitivityLabelPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCAutoSensitivityLabelPolicy.Tests.ps1 @@ -52,6 +52,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + Mock -CommandName Start-Sleep -MockWith { + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCLabelPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCLabelPolicy.Tests.ps1 index 0a848a66b0..d78d441b9f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCLabelPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCLabelPolicy.Tests.ps1 @@ -55,6 +55,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + Mock -CommandName Start-Sleep -MockWith { + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } @@ -170,7 +173,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ Credential = $Credential } - Mock -CommandName Get-LabelPolicy -MockWith { + Mock -CommandName Get-LabelPolicy -MockWith { return @{ Name = 'TestPolicy' Settings = '{"Key": "LabelStatus", diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 index e9361f4249..be55929918 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 @@ -61,6 +61,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + Mock -CommandName Start-Sleep -MockWith { + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } From d0eeb51201299a029c69cd20d3d3662a4766ab20 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Tue, 4 Apr 2023 21:36:18 +0200 Subject: [PATCH 180/187] Added mocks for Start-Sleep --- .../Microsoft365DSC.AADApplication.Tests.ps1 | 3 +++ ...crosoft365DSC.SCComplianceSearch.Tests.ps1 | 3 +++ ...5DSC.SCRetentionCompliancePolicy.Tests.ps1 | 21 +++++++++++-------- ...365DSC.SCRetentionComplianceRule.Tests.ps1 | 3 +++ ...crosoft365DSC.SCSensitivityLabel.Tests.ps1 | 3 +++ ...rosoft365DSC.SPOOrgAssetsLibrary.Tests.ps1 | 9 +++++--- .../Microsoft365DSC.TeamsTeam.Tests.ps1 | 3 +++ 7 files changed, 33 insertions(+), 12 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 index 5dc7d0210e..28e0fc71ff 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 @@ -56,6 +56,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return 'Credentials' } + Mock -CommandName Start-Sleep -MockWith { + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCComplianceSearch.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCComplianceSearch.Tests.ps1 index 3805aa0bc8..037bda4f55 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCComplianceSearch.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCComplianceSearch.Tests.ps1 @@ -56,6 +56,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + Mock -CommandName Start-Sleep -MockWith { + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRetentionCompliancePolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRetentionCompliancePolicy.Tests.ps1 index 77562eaaa5..d6a1261b96 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRetentionCompliancePolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRetentionCompliancePolicy.Tests.ps1 @@ -46,6 +46,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + Mock -CommandName Start-Sleep -MockWith { + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } @@ -100,31 +103,31 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return @{ Name = 'TestPolicy' ExchangeLocation = @{ - Name = "https://contoso.sharepoint.com/sites/demo" + Name = 'https://contoso.sharepoint.com/sites/demo' } ExchangeLocationException = @{ - Name = "https://contoso.sharepoint.com" + Name = 'https://contoso.sharepoint.com' } OneDriveLocation = @{ - Name = "https://contoso.sharepoint.com/sites/demo" + Name = 'https://contoso.sharepoint.com/sites/demo' } OneDriveLocationException = @{ - Name = "https://contoso.com" + Name = 'https://contoso.com' } PublicFolderLocation = @{ - Name = "\\contoso\PF" + Name = '\\contoso\PF' } SkypeLocation = @{ - Name = "https://contoso.sharepoint.com/sites/demo" + Name = 'https://contoso.sharepoint.com/sites/demo' } SkypeLocationException = @{ - Name = "https://contoso.sharepoint.com/" + Name = 'https://contoso.sharepoint.com/' } SharePointLocation = @{ - Name = "https://contoso.sharepoint.com/sites/demo" + Name = 'https://contoso.sharepoint.com/sites/demo' } SharePointLocationException = @{ - Name = "https://contoso.com" + Name = 'https://contoso.com' } } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRetentionComplianceRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRetentionComplianceRule.Tests.ps1 index c7903be255..9c6e2b8c1a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRetentionComplianceRule.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCRetentionComplianceRule.Tests.ps1 @@ -46,6 +46,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + Mock -CommandName Start-Sleep -MockWith { + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCSensitivityLabel.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCSensitivityLabel.Tests.ps1 index 9e52964b0e..32557095ab 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCSensitivityLabel.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SCSensitivityLabel.Tests.ps1 @@ -52,6 +52,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + Mock -CommandName Start-Sleep -MockWith { + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOOrgAssetsLibrary.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOOrgAssetsLibrary.Tests.ps1 index 5d31924db0..6c34d9eecb 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOOrgAssetsLibrary.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOOrgAssetsLibrary.Tests.ps1 @@ -53,6 +53,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return 'contoso' } + Mock -CommandName Start-Sleep -MockWith { + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } @@ -116,7 +119,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { decodedurl = 'sites/m365dsc/Branding' } } - CdnType = 'Public' + CdnType = 'Public' } } @@ -161,7 +164,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { decodedurl = 'sites/m365dsc/Branding' } } - CdnType = 'Public' + CdnType = 'Public' } } @@ -238,7 +241,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { LibraryUrl = @{ decodedurl = 'https://contoso.sharepoint.com/sites/m365dsc/Branding' } - CdnType = 'Public' + CdnType = 'Public' } } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1 index 574ac60596..544e272c32 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1 @@ -35,6 +35,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return 'Credentials' } + Mock -CommandName Start-Sleep -MockWith { + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } From 0b515212f1bbeda4d4fe705254b3eba05579f29f Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Tue, 4 Apr 2023 21:58:09 +0200 Subject: [PATCH 181/187] Added Select-MgProfile mocks --- ...entAccessPackageAssignmentPolicy.Tests.ps1 | 3 + ...tManagementConnectedOrganization.Tests.ps1 | 243 +++++++++--------- ...sinessRingUpdateProfileWindows10.Tests.ps1 | 3 + 3 files changed, 129 insertions(+), 120 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 index 2839989527..f569fb8b1a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 @@ -46,6 +46,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return 'Credentials' } + Mock -CommandName Select-MgProfile -MockWith { + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 index 586fc6ae8c..3bde1d3506 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "AADEntitlementManagementConnectedOrganization" -GenericStubModule $GenericStubPath + -DscResource 'AADEntitlementManagementConnectedOrganization' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "test@password1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -55,7 +55,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' + } + + Mock -CommandName Select-MgProfile { } # Mock Write-Host to hide output during the tests @@ -63,25 +66,25 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } # Test contexts - Context -Name "The AADEntitlementManagementConnectedOrganization should exist but it DOES NOT" -Fixture { + Context -Name 'The AADEntitlementManagementConnectedOrganization should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "ConnectedOrganzition_Description" - DisplayName = "ConnectedOrganzition_DisplayName" - ExternalSponsors =@("12345678-1234-1234-1234-123456789012") - Id = "ConnectedOrganization_Id" - IdentitySources =@( + Description = 'ConnectedOrganzition_Description' + DisplayName = 'ConnectedOrganzition_DisplayName' + ExternalSponsors = @('12345678-1234-1234-1234-123456789012') + Id = 'ConnectedOrganization_Id' + IdentitySources = @( (New-CimInstance -ClassName MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource -Property @{ - ExternalTenantId = "IdentitySource_TenantId" - odataType = "#microsoft.graph.azureActiveDirectoryTenant" - displayName = "IdentitySource_DisplayName" - } -ClientOnly) - ) - InternalSponsors =@("12345678-1234-1234-1234-123456789012") - State = "configured" + ExternalTenantId = 'IdentitySource_TenantId' + odataType = '#microsoft.graph.azureActiveDirectoryTenant' + displayName = 'IdentitySource_DisplayName' + } -ClientOnly) + ) + InternalSponsors = @('12345678-1234-1234-1234-123456789012') + State = 'configured' - Ensure = "Present" - Credential = $Credential; + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgEntitlementManagementConnectedOrganization -MockWith { @@ -95,19 +98,19 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName Get-MgDirectoryObject -MockWith { return @{ - Id="12345678-1234-1234-1234-123456789012" - AdditionalProperties=@{ - "@odata.type" = "#microsoft.graph.user" + Id = '12345678-1234-1234-1234-123456789012' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.user' } } } Mock -CommandName New-MgEntitlementManagementConnectedOrganization -MockWith { return @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -121,61 +124,61 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The AADEntitlementManagementConnectedOrganization exists but it SHOULD NOT" -Fixture { + Context -Name 'The AADEntitlementManagementConnectedOrganization exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "ConnectedOrganization_Description" - DisplayName = "ConnectedOrganization_DisplayName" - ExternalSponsors =@("12345678-1234-1234-1234-123456789012") - Id = "ConnectedOrganization_Id" - IdentitySources =@( + Description = 'ConnectedOrganization_Description' + DisplayName = 'ConnectedOrganization_DisplayName' + ExternalSponsors = @('12345678-1234-1234-1234-123456789012') + Id = 'ConnectedOrganization_Id' + IdentitySources = @( (New-CimInstance -ClassName MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource -Property @{ - ExternalTenantId = "IdentitySource_TenantId" - odataType = "#microsoft.graph.azureActiveDirectoryTenant" - displayName = "IdentitySource_DisplayName" + ExternalTenantId = 'IdentitySource_TenantId' + odataType = '#microsoft.graph.azureActiveDirectoryTenant' + displayName = 'IdentitySource_DisplayName' } -ClientOnly) ) - InternalSponsors =@("12345678-1234-1234-1234-123456789012") - State = "configured" - Ensure = "Absent" - Credential = $Credential; + InternalSponsors = @('12345678-1234-1234-1234-123456789012') + State = 'configured' + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgEntitlementManagementConnectedOrganization -MockWith { return @{ - Description = "ConnectedOrganization_Description" - DisplayName = "ConnectedOrganization_DisplayName" - Id = "ConnectedOrganization_Id" - IdentitySources =@( + Description = 'ConnectedOrganization_Description' + DisplayName = 'ConnectedOrganization_DisplayName' + Id = 'ConnectedOrganization_Id' + IdentitySources = @( @{ - AdditionalProperties=@{ - "@odata.type" = "#microsoft.graph.azureActiveDirectoryTenant" - tenantId = "IdentitySource_TenantId" - displayName = "IdentitySource_DisplayName" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.azureActiveDirectoryTenant' + tenantId = 'IdentitySource_TenantId' + displayName = 'IdentitySource_DisplayName' } } ) - State = "configured" + State = 'configured' } } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationExternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } ) } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationInternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } ) } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -188,54 +191,54 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgEntitlementManagementConnectedOrganization -Exactly 1 } } - Context -Name "The AADEntitlementManagementConnectedOrganization Exists and Values are already in the desired state" -Fixture { + Context -Name 'The AADEntitlementManagementConnectedOrganization Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "ConnectedOrganization_Description" - DisplayName = "ConnectedOrganization_DisplayName" - ExternalSponsors =@("12345678-1234-1234-1234-123456789012") - Id = "12345678-1234-1234-1234-123456789012" - IdentitySources =@( + Description = 'ConnectedOrganization_Description' + DisplayName = 'ConnectedOrganization_DisplayName' + ExternalSponsors = @('12345678-1234-1234-1234-123456789012') + Id = '12345678-1234-1234-1234-123456789012' + IdentitySources = @( (New-CimInstance -ClassName MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource -Property @{ - ExternalTenantId = "IdentitySource_TenantId" - odataType = "#microsoft.graph.azureActiveDirectoryTenant" - displayName = "IdentitySource_DisplayName" + ExternalTenantId = 'IdentitySource_TenantId' + odataType = '#microsoft.graph.azureActiveDirectoryTenant' + displayName = 'IdentitySource_DisplayName' } -ClientOnly) ) - InternalSponsors =@("12345678-1234-1234-1234-123456789012") - State = "configured" - Ensure = "Present" - Credential = $Credential; + InternalSponsors = @('12345678-1234-1234-1234-123456789012') + State = 'configured' + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgEntitlementManagementConnectedOrganization -MockWith { return @{ - Description = "ConnectedOrganization_Description" - DisplayName = "ConnectedOrganization_DisplayName" - Id = "12345678-1234-1234-1234-123456789012" - IdentitySources =@( + Description = 'ConnectedOrganization_Description' + DisplayName = 'ConnectedOrganization_DisplayName' + Id = '12345678-1234-1234-1234-123456789012' + IdentitySources = @( @{ - AdditionalProperties=@{ - "@odata.type" = "#microsoft.graph.azureActiveDirectoryTenant" - tenantId = "IdentitySource_TenantId" - displayName = "IdentitySource_DisplayName" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.azureActiveDirectoryTenant' + tenantId = 'IdentitySource_TenantId' + displayName = 'IdentitySource_DisplayName' } } ) - State = "configured" + State = 'configured' } } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationExternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } ) } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationInternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } ) } @@ -245,64 +248,64 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The AADEntitlementManagementConnectedOrganization exists and values are NOT in the desired state" -Fixture { + Context -Name 'The AADEntitlementManagementConnectedOrganization exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "ConnectedOrganization_Description" - DisplayName = "ConnectedOrganization_DisplayName" - ExternalSponsors =@("12345678-1234-1234-1234-123456789012") - Id = "12345678-1234-1234-1234-123456789012" - IdentitySources =@( + Description = 'ConnectedOrganization_Description' + DisplayName = 'ConnectedOrganization_DisplayName' + ExternalSponsors = @('12345678-1234-1234-1234-123456789012') + Id = '12345678-1234-1234-1234-123456789012' + IdentitySources = @( (New-CimInstance -ClassName MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource -Property @{ - ExternalTenantId = "IdentitySource_TenantId" - odataType = "#microsoft.graph.azureActiveDirectoryTenant" - displayName = "IdentitySource_DisplayName" + ExternalTenantId = 'IdentitySource_TenantId' + odataType = '#microsoft.graph.azureActiveDirectoryTenant' + displayName = 'IdentitySource_DisplayName' } -ClientOnly) ) - InternalSponsors =@("12345678-1234-1234-1234-123456789012") - State = "configured" + InternalSponsors = @('12345678-1234-1234-1234-123456789012') + State = 'configured' - Ensure = "Present" - Credential = $Credential; + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgEntitlementManagementConnectedOrganization -MockWith { return @{ - Description = "ConnectedOrganization_Description" - DisplayName = "ConnectedOrganization_DisplayName" - Id = "12345678-1234-1234-1234-123456789012" - IdentitySources =@( + Description = 'ConnectedOrganization_Description' + DisplayName = 'ConnectedOrganization_DisplayName' + Id = '12345678-1234-1234-1234-123456789012' + IdentitySources = @( @{ - AdditionalProperties=@{ - "@odata.type" = "#microsoft.graph.azureActiveDirectoryTenant" - tenantId = "IdentitySource_TenantId" - displayName = "IdentitySource_DisplayName" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.azureActiveDirectoryTenant' + tenantId = 'IdentitySource_TenantId' + displayName = 'IdentitySource_DisplayName' } } ) - State = "configured" + State = 'configured' } } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationExternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' }, @{ - Id="12345678-1234-1234-1234-234567890123" #Drift + Id = '12345678-1234-1234-1234-234567890123' #Drift } ) } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationInternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } ) } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -310,14 +313,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgEntitlementManagementConnectedOrganization -Exactly 1 Should -Invoke -CommandName Remove-MgEntitlementManagementConnectedOrganizationExternalSponsorByRef -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $testParams = @{ @@ -326,38 +329,38 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgEntitlementManagementConnectedOrganization -MockWith { return @{ - Description = "ConnectedOrganization_Description" - DisplayName = "ConnectedOrganization_DisplayName" - Id = "ConnectedOrganization_Id" - IdentitySources =@( + Description = 'ConnectedOrganization_Description' + DisplayName = 'ConnectedOrganization_DisplayName' + Id = 'ConnectedOrganization_Id' + IdentitySources = @( @{ - AdditionalProperties=@{ - "@odata.type" = "#microsoft.graph.azureActiveDirectoryTenant" - tenantId = "IdentitySource_TenantId" - displayName = "IdentitySource_DisplayName" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.azureActiveDirectoryTenant' + tenantId = 'IdentitySource_TenantId' + displayName = 'IdentitySource_DisplayName' } } ) - State = "configured" + State = 'configured' } } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationExternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } ) } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationInternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } ) } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 index 212ecba2cd..ec48bb9197 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 @@ -46,6 +46,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return 'Credentials' } + Mock -CommandName Select-MgProfile -MockWith { + } + Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } From a669eaa36c3332c56c08b61fcf0aa13d2f2d5af1 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Tue, 4 Apr 2023 21:58:09 +0200 Subject: [PATCH 182/187] Added Select-MgProfile mocks --- ...entAccessPackageAssignmentPolicy.Tests.ps1 | 3 + ...tManagementConnectedOrganization.Tests.ps1 | 243 +++++++++--------- ...sinessRingUpdateProfileWindows10.Tests.ps1 | 3 + 3 files changed, 129 insertions(+), 120 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 index 2839989527..f569fb8b1a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackageAssignmentPolicy.Tests.ps1 @@ -46,6 +46,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return 'Credentials' } + Mock -CommandName Select-MgProfile -MockWith { + } + # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 index 586fc6ae8c..3bde1d3506 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "AADEntitlementManagementConnectedOrganization" -GenericStubModule $GenericStubPath + -DscResource 'AADEntitlementManagementConnectedOrganization' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "test@password1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -55,7 +55,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' + } + + Mock -CommandName Select-MgProfile { } # Mock Write-Host to hide output during the tests @@ -63,25 +66,25 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } # Test contexts - Context -Name "The AADEntitlementManagementConnectedOrganization should exist but it DOES NOT" -Fixture { + Context -Name 'The AADEntitlementManagementConnectedOrganization should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "ConnectedOrganzition_Description" - DisplayName = "ConnectedOrganzition_DisplayName" - ExternalSponsors =@("12345678-1234-1234-1234-123456789012") - Id = "ConnectedOrganization_Id" - IdentitySources =@( + Description = 'ConnectedOrganzition_Description' + DisplayName = 'ConnectedOrganzition_DisplayName' + ExternalSponsors = @('12345678-1234-1234-1234-123456789012') + Id = 'ConnectedOrganization_Id' + IdentitySources = @( (New-CimInstance -ClassName MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource -Property @{ - ExternalTenantId = "IdentitySource_TenantId" - odataType = "#microsoft.graph.azureActiveDirectoryTenant" - displayName = "IdentitySource_DisplayName" - } -ClientOnly) - ) - InternalSponsors =@("12345678-1234-1234-1234-123456789012") - State = "configured" + ExternalTenantId = 'IdentitySource_TenantId' + odataType = '#microsoft.graph.azureActiveDirectoryTenant' + displayName = 'IdentitySource_DisplayName' + } -ClientOnly) + ) + InternalSponsors = @('12345678-1234-1234-1234-123456789012') + State = 'configured' - Ensure = "Present" - Credential = $Credential; + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgEntitlementManagementConnectedOrganization -MockWith { @@ -95,19 +98,19 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName Get-MgDirectoryObject -MockWith { return @{ - Id="12345678-1234-1234-1234-123456789012" - AdditionalProperties=@{ - "@odata.type" = "#microsoft.graph.user" + Id = '12345678-1234-1234-1234-123456789012' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.user' } } } Mock -CommandName New-MgEntitlementManagementConnectedOrganization -MockWith { return @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -121,61 +124,61 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The AADEntitlementManagementConnectedOrganization exists but it SHOULD NOT" -Fixture { + Context -Name 'The AADEntitlementManagementConnectedOrganization exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "ConnectedOrganization_Description" - DisplayName = "ConnectedOrganization_DisplayName" - ExternalSponsors =@("12345678-1234-1234-1234-123456789012") - Id = "ConnectedOrganization_Id" - IdentitySources =@( + Description = 'ConnectedOrganization_Description' + DisplayName = 'ConnectedOrganization_DisplayName' + ExternalSponsors = @('12345678-1234-1234-1234-123456789012') + Id = 'ConnectedOrganization_Id' + IdentitySources = @( (New-CimInstance -ClassName MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource -Property @{ - ExternalTenantId = "IdentitySource_TenantId" - odataType = "#microsoft.graph.azureActiveDirectoryTenant" - displayName = "IdentitySource_DisplayName" + ExternalTenantId = 'IdentitySource_TenantId' + odataType = '#microsoft.graph.azureActiveDirectoryTenant' + displayName = 'IdentitySource_DisplayName' } -ClientOnly) ) - InternalSponsors =@("12345678-1234-1234-1234-123456789012") - State = "configured" - Ensure = "Absent" - Credential = $Credential; + InternalSponsors = @('12345678-1234-1234-1234-123456789012') + State = 'configured' + Ensure = 'Absent' + Credential = $Credential } Mock -CommandName Get-MgEntitlementManagementConnectedOrganization -MockWith { return @{ - Description = "ConnectedOrganization_Description" - DisplayName = "ConnectedOrganization_DisplayName" - Id = "ConnectedOrganization_Id" - IdentitySources =@( + Description = 'ConnectedOrganization_Description' + DisplayName = 'ConnectedOrganization_DisplayName' + Id = 'ConnectedOrganization_Id' + IdentitySources = @( @{ - AdditionalProperties=@{ - "@odata.type" = "#microsoft.graph.azureActiveDirectoryTenant" - tenantId = "IdentitySource_TenantId" - displayName = "IdentitySource_DisplayName" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.azureActiveDirectoryTenant' + tenantId = 'IdentitySource_TenantId' + displayName = 'IdentitySource_DisplayName' } } ) - State = "configured" + State = 'configured' } } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationExternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } ) } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationInternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } ) } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -188,54 +191,54 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgEntitlementManagementConnectedOrganization -Exactly 1 } } - Context -Name "The AADEntitlementManagementConnectedOrganization Exists and Values are already in the desired state" -Fixture { + Context -Name 'The AADEntitlementManagementConnectedOrganization Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "ConnectedOrganization_Description" - DisplayName = "ConnectedOrganization_DisplayName" - ExternalSponsors =@("12345678-1234-1234-1234-123456789012") - Id = "12345678-1234-1234-1234-123456789012" - IdentitySources =@( + Description = 'ConnectedOrganization_Description' + DisplayName = 'ConnectedOrganization_DisplayName' + ExternalSponsors = @('12345678-1234-1234-1234-123456789012') + Id = '12345678-1234-1234-1234-123456789012' + IdentitySources = @( (New-CimInstance -ClassName MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource -Property @{ - ExternalTenantId = "IdentitySource_TenantId" - odataType = "#microsoft.graph.azureActiveDirectoryTenant" - displayName = "IdentitySource_DisplayName" + ExternalTenantId = 'IdentitySource_TenantId' + odataType = '#microsoft.graph.azureActiveDirectoryTenant' + displayName = 'IdentitySource_DisplayName' } -ClientOnly) ) - InternalSponsors =@("12345678-1234-1234-1234-123456789012") - State = "configured" - Ensure = "Present" - Credential = $Credential; + InternalSponsors = @('12345678-1234-1234-1234-123456789012') + State = 'configured' + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgEntitlementManagementConnectedOrganization -MockWith { return @{ - Description = "ConnectedOrganization_Description" - DisplayName = "ConnectedOrganization_DisplayName" - Id = "12345678-1234-1234-1234-123456789012" - IdentitySources =@( + Description = 'ConnectedOrganization_Description' + DisplayName = 'ConnectedOrganization_DisplayName' + Id = '12345678-1234-1234-1234-123456789012' + IdentitySources = @( @{ - AdditionalProperties=@{ - "@odata.type" = "#microsoft.graph.azureActiveDirectoryTenant" - tenantId = "IdentitySource_TenantId" - displayName = "IdentitySource_DisplayName" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.azureActiveDirectoryTenant' + tenantId = 'IdentitySource_TenantId' + displayName = 'IdentitySource_DisplayName' } } ) - State = "configured" + State = 'configured' } } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationExternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } ) } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationInternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } ) } @@ -245,64 +248,64 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } - Context -Name "The AADEntitlementManagementConnectedOrganization exists and values are NOT in the desired state" -Fixture { + Context -Name 'The AADEntitlementManagementConnectedOrganization exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "ConnectedOrganization_Description" - DisplayName = "ConnectedOrganization_DisplayName" - ExternalSponsors =@("12345678-1234-1234-1234-123456789012") - Id = "12345678-1234-1234-1234-123456789012" - IdentitySources =@( + Description = 'ConnectedOrganization_Description' + DisplayName = 'ConnectedOrganization_DisplayName' + ExternalSponsors = @('12345678-1234-1234-1234-123456789012') + Id = '12345678-1234-1234-1234-123456789012' + IdentitySources = @( (New-CimInstance -ClassName MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource -Property @{ - ExternalTenantId = "IdentitySource_TenantId" - odataType = "#microsoft.graph.azureActiveDirectoryTenant" - displayName = "IdentitySource_DisplayName" + ExternalTenantId = 'IdentitySource_TenantId' + odataType = '#microsoft.graph.azureActiveDirectoryTenant' + displayName = 'IdentitySource_DisplayName' } -ClientOnly) ) - InternalSponsors =@("12345678-1234-1234-1234-123456789012") - State = "configured" + InternalSponsors = @('12345678-1234-1234-1234-123456789012') + State = 'configured' - Ensure = "Present" - Credential = $Credential; + Ensure = 'Present' + Credential = $Credential } Mock -CommandName Get-MgEntitlementManagementConnectedOrganization -MockWith { return @{ - Description = "ConnectedOrganization_Description" - DisplayName = "ConnectedOrganization_DisplayName" - Id = "12345678-1234-1234-1234-123456789012" - IdentitySources =@( + Description = 'ConnectedOrganization_Description' + DisplayName = 'ConnectedOrganization_DisplayName' + Id = '12345678-1234-1234-1234-123456789012' + IdentitySources = @( @{ - AdditionalProperties=@{ - "@odata.type" = "#microsoft.graph.azureActiveDirectoryTenant" - tenantId = "IdentitySource_TenantId" - displayName = "IdentitySource_DisplayName" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.azureActiveDirectoryTenant' + tenantId = 'IdentitySource_TenantId' + displayName = 'IdentitySource_DisplayName' } } ) - State = "configured" + State = 'configured' } } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationExternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' }, @{ - Id="12345678-1234-1234-1234-234567890123" #Drift + Id = '12345678-1234-1234-1234-234567890123' #Drift } ) } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationInternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } ) } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -310,14 +313,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgEntitlementManagementConnectedOrganization -Exactly 1 Should -Invoke -CommandName Remove-MgEntitlementManagementConnectedOrganizationExternalSponsorByRef -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $testParams = @{ @@ -326,38 +329,38 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgEntitlementManagementConnectedOrganization -MockWith { return @{ - Description = "ConnectedOrganization_Description" - DisplayName = "ConnectedOrganization_DisplayName" - Id = "ConnectedOrganization_Id" - IdentitySources =@( + Description = 'ConnectedOrganization_Description' + DisplayName = 'ConnectedOrganization_DisplayName' + Id = 'ConnectedOrganization_Id' + IdentitySources = @( @{ - AdditionalProperties=@{ - "@odata.type" = "#microsoft.graph.azureActiveDirectoryTenant" - tenantId = "IdentitySource_TenantId" - displayName = "IdentitySource_DisplayName" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.azureActiveDirectoryTenant' + tenantId = 'IdentitySource_TenantId' + displayName = 'IdentitySource_DisplayName' } } ) - State = "configured" + State = 'configured' } } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationExternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } ) } Mock -CommandName Get-MgEntitlementManagementConnectedOrganizationInternalSponsor -MockWith { return @( @{ - Id="12345678-1234-1234-1234-123456789012" + Id = '12345678-1234-1234-1234-123456789012' } ) } } - It "Should Reverse Engineer resource from the Export method" { + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 index 212ecba2cd..ec48bb9197 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.Tests.ps1 @@ -46,6 +46,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return 'Credentials' } + Mock -CommandName Select-MgProfile -MockWith { + } + Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } From 8a90d86137d09d85f6cc28b823a22b45f1767b24 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 5 Apr 2023 08:32:15 -0400 Subject: [PATCH 183/187] Updates --- .../Microsoft365DSC/Modules/M365DSCUtil.psm1 | 65 ++++++++++++++++++- 1 file changed, 64 insertions(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index fdb2746f1c..b0bb6ca7a0 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -1088,8 +1088,17 @@ function Export-M365DSCConfiguration } else { - return $true + $invalid = $_ -notmatch ".onmicrosoft." + if (-not $invalid) + { + return $true + } + else + { + throw "Please provide the tenant name in format .onmicrosoft.com for TenantId." + } } + return $true })] [System.String] $TenantId, @@ -1103,6 +1112,18 @@ function Export-M365DSCConfiguration $CertificateThumbprint, [Parameter(ParameterSetName = 'Export')] + [ValidateScript({ + $invalid = $_.Username -notmatch ".onmicrosoft." + if (-not $invalid) + { + return $true + } + else + { + throw "Please provide a username in the format of .onmicrosoft.com for the Credential property." + } + return $true + })] [System.Management.Automation.PSCredential] $Credential, @@ -1548,6 +1569,48 @@ function New-M365DSCConnection $Workload, [Parameter(Mandatory = $true)] + [ValidateScript({ + if ($null -ne $Credential) + { + $invalid = $_.Credential.Username -notmatch ".onmicrosoft." + if (-not $invalid) + { + return $true + } + else + { + throw "Please provide a username in the format of .onmicrosoft.com for the Credential property." + } + } + + $invalid = $false + try + { + [System.Guid]::Parse($_.TenantId) | Out-Null + $invalid = $true + } + catch + { + $invalid = $false + } + if ($invalid) + { + throw "Please provide the tenant name (e.g., contoso.onmicrosoft.com) for TenantId instead of its GUID." + } + else + { + $invalid = $_.TenantId -notmatch ".onmicrosoft." + if (-not $invalid) + { + return $true + } + else + { + throw "Please provide the tenant name in format .onmicrosoft.com for TenantId." + } + } + return $true + })] [System.Collections.Hashtable] $InboundParameters, From 9bb3a33e4fd8ead08e3b1cea88650dc1947da7c6 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 5 Apr 2023 09:11:10 -0400 Subject: [PATCH 184/187] Update april-2023-major-release.md --- docs/docs/blog/april-2023-major-release.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index 4a28c02329..65a5b1f275 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -38,10 +38,6 @@ We have modified the logic of all the resources below to ensure we have a primar * IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled * IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 -## TeamsGroupPolicyAssignment: New Key Parameters ([3054](https://github.com/microsoft/Microsoft365DSC/issues/3054)) - -TeamsGroupPolicyAssignment used to have the Priority as key parameter. This could cause issues due to duplicate keys. With this release the previous key is now replaced by the following three parameters: GroupId, GroupDisplayName and PolicyType. This will ensure that the resource is unique and will not cause any issues. If the GroupId is not known or no group with the given id exists, the display name will be used instead. - ## Removed the Identity Parameters from EXOIRMConfiguration, EXOPerimeterConfiguration & EXOResourceConfiguraton The Identity parameter, which was the primary key for the resources listed, has been replaced by the IsSingleInstance parameter. This is because there could only ever be one instance of these resources on the tenants and in order to align with other tenant-wide resources, the IsSingleInstance parameter needs to be present. This parameter only ever accepts a value of 'Yes' and its sole purpose is to ensure there isn't more than one instance of the given resource per configuration file. @@ -132,6 +128,10 @@ We are removing parameters that have been deprecated from various resources as p +## TeamsGroupPolicyAssignment: New Key Parameters ([3054](https://github.com/microsoft/Microsoft365DSC/issues/3054)) + +TeamsGroupPolicyAssignment used to have the Priority as key parameter. This could cause issues due to duplicate keys. With this release the previous key is now replaced by the following three parameters: GroupId, GroupDisplayName and PolicyType. This will ensure that the resource is unique and will not cause any issues. If the GroupId is not known or no group with the given id exists, the display name will be used instead. + ## AADGroup - Added SecurityEnabled and MailEnabled as Mandatory Parameters ([#3077](https://github.com/microsoft/Microsoft365DSC/pull/3077)) We've updated the AADGroup resource to enforce the MailEnabled and SecurityEnabled parameters as mandatory. Omitting these parameters was throwing an error since they were required by the Microsoft Graph API associated with it. To update existing configurations, simply make sure that every instances of the AADGroup resource includes both the MailEnabled and SecurityEnabled parameters. @@ -176,3 +176,7 @@ Set-M365DSCLoggingOption -IncludeNonDrifted $True These events will be reported as Information entries having an Event ID of 2. ![image](https://raw.githubusercontent.com/microsoft/Microsoft365DSC/Dev/docs/docs/Images/April2023MR-EventViewer.png) + +## Enforcing Tenant ID to be in Format '.onmicrosoft.' + +Starting with this version, the TenantID property will no longer be accepting GUIDs or tenant names that are not in the form of '.onmicrosoft.. Same applies for the Credential property. For example, instead of trying to connect with account **John.Smith.contoso.com**, the user should use its **John.Smith@contoso.onmicrosoft.com** credentials to authenticate to Microsoft365DSC. From bdb4917ece1dd4692b723bf77750046275774f54 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 5 Apr 2023 16:51:33 +0200 Subject: [PATCH 185/187] Release v1.23.405.1 --- .vscode/settings.json | 34 ++-- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 201 +++++++++++++++---- 3 files changed, 179 insertions(+), 58 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index ddaa4fd812..fec14bf251 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,16 +1,27 @@ // Place your settings in this file to overwrite the default settings { - "powershell.scriptAnalysis.enable": true, - "powershell.scriptAnalysis.settingsPath": ".vscode/ScriptAnalyzerSettings.psd1", - "powershell.codeFormatting.preset": "Custom", + "editor.insertSpaces": true, + "editor.tabSize": 4, + "files.insertFinalNewline": true, + "files.exclude": { + "**/.git": true, + "**/.svn": true, + "**/.hg": true, + "**/.DS_Store": true, + "node_modules": true, + "markdownissues.txt": true + }, + "files.trimTrailingWhitespace": true, + "powershell.codeFormatting.addWhitespaceAroundPipe": true, "powershell.codeFormatting.alignPropertyValuePairs": true, "powershell.codeFormatting.autoCorrectAliases": true, "powershell.codeFormatting.avoidSemicolonsAsLineTerminators": true, "powershell.codeFormatting.ignoreOneLineBlock": false, - "powershell.codeFormatting.newLineAfterOpenBrace": true, "powershell.codeFormatting.newLineAfterCloseBrace": true, + "powershell.codeFormatting.newLineAfterOpenBrace": true, "powershell.codeFormatting.openBraceOnSameLine": false, "powershell.codeFormatting.pipelineIndentationStyle": "IncreaseIndentationForFirstPipeline", + "powershell.codeFormatting.preset": "Custom", "powershell.codeFormatting.trimWhitespaceAroundPipe": true, "powershell.codeFormatting.useConstantStrings": true, "powershell.codeFormatting.useCorrectCasing": true, @@ -19,17 +30,8 @@ "powershell.codeFormatting.whitespaceBeforeOpenBrace": true, "powershell.codeFormatting.whitespaceBeforeOpenParen": true, "powershell.codeFormatting.whitespaceBetweenParameters": true, + "powershell.codeFormatting.whitespaceInsideBrace": true, "powershell.pester.useLegacyCodeLens": false, - "editor.insertSpaces": true, - "editor.tabSize": 4, - "files.trimTrailingWhitespace": true, - "files.insertFinalNewline": true, - "files.exclude": { - "**/.git": true, - "**/.svn": true, - "**/.hg": true, - "**/.DS_Store": true, - "node_modules": true, - "markdownissues.txt": true - } + "powershell.scriptAnalysis.enable": true, + "powershell.scriptAnalysis.settingsPath": ".vscode/ScriptAnalyzerSettings.psd1" } diff --git a/CHANGELOG.md b/CHANGELOG.md index f15527ae17..880d9dcd13 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.23.405.1 * IntuneDeviceEnrollmentPlatformRestriction * [BREAKING CHANGE] Updated resource to manage single and default platform restriction policies diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 8db015977f..8d803c5db7 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2023-03-22 +# Generated on: 2023-04-05 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.23.322.1' + ModuleVersion = '1.23.405.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -139,50 +139,169 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AADRoleSetting - * Added CertificateThumbPrint and ApplicationId to the output of the Get method - * EXODistributionGroup - * Fixed an error where the name wasn t properly escaped in the Filter - FIXES [#3044](https://github.com/microsoft/Microsoft365DSC/issues/3044) - * IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 + ReleaseNotes = '* IntuneDeviceEnrollmentPlatformRestriction + * [BREAKING CHANGE] Updated resource to manage single and default platform restriction policies + FIXES [#2347](https://github.com/microsoft/Microsoft365DSC/issues/2347) + * IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 * Initial Release - FIXES [#2832](https://github.com/microsoft/Microsoft365DSC/issues/2832) - * EXORoleAssignmentPolicy - * Fix issue with IsDefault parameter - FIXES [#2977](https://github.com/microsoft/Microsoft365DSC/issues/2977) - * IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 + FIXES [#2830](https://github.com/microsoft/Microsoft365DSC/issues/2830) + * IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 * Initial release - FIXES [#2834](https://github.com/microsoft/Microsoft365DSC/issues/2834) - * IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 + * IntuneDeviceConfigurationPolicyWindows10 + * [BREAKING CHANGE] Added complex parameters as embedded CIM (DefenderDetectedMalwareActions, EdgeHomeButtonConfiguration, EdgeSearchEngine, NetworkProxyServer, Windows10AppsForceUpdateSchedule) + * Resource regenerated with DRG + * FIXES[#2867](https://github.com/microsoft/Microsoft365DSC/issues/2867) + * FIXES[#2868](https://github.com/microsoft/Microsoft365DSC/issues/2868) + * IntuneDeviceEnrollmentStatusPageWindows10 + * [BREAKING CHANGE] Renamed resource IntuneDeviceEnrollmentConfigurationWindows10 to IntuneDeviceEnrollmentStatusPageWindows10 + * Added support for property Assignments. + * Added support for property Priority + * FIXES [#2933](https://github.com/microsoft/Microsoft365DSC/issues/2933) + * AADAdministrativeUnit + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required + * Fixes extraction of the Members property. + * Fixes extraction of the ScopedRoleMembers property. + * AADApplication + * [BREAKING CHANGE] Remove deprecated parameter Oauth2RequirePostResponse + * AADAuthorizationPolicy + * Fixes an error where the authentication method was not recognized when doing an export using app secret. + FIXES [#3056](https://github.com/microsoft/Microsoft365DSC/issues/3056) + * AADConditionalAccessPolicy + * Add condition for empty External Guest/User include/exclude + FIXES [#3108](https://github.com/microsoft/Microsoft365DSC/issues/3108) + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required + * [BREAKING CHANGE] Remove deprecated parameters IncludeDevices and ExcludeDevices + * AADEntitlementManagementAccessPackage, AADEntitlementManagementAccessPackageAssignmentPolicy, + AADEntitlementManagementAccessPackageCatalog, AADEntitlementManagementAccessPackageCatalogResource, + AADEntitlementManagementAccessPackageCatalogResource, AADEntitlementManagementConnectedOrganization, + AADRoleSetting + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required + * AADGroup + * Changed the SecurityEnabled and MailEnabled parameters to become mandatory. + FIXES [#3072](https://github.com/microsoft/Microsoft365DSC/issues/3072) + * Stopped GroupTypes defaulting to "Unified" to allow creation of Security groups. + FIXES [#3073](https://github.com/microsoft/Microsoft365DSC/issues/3073) + * AADUser + * [BREAKING CHANGE] Remove deprecated parameter PreferredDataLocation* EXOAntiPhishPolicy + * [BREAKING CHANGE] Remove deprecated parameters EnableAntispoofEnforcement and + TargetedDomainProtectionAction + * EXOGroupSettings + * Initial Release + FIXES [#3089](https://github.com/microsoft/Microsoft365DSC/issues/3089) + * EXOHostedContentFilterPolicy + * [BREAKING CHANGE] Remove deprecated parameters EndUserSpamNotificationCustomFromAddress + and EndUserSpamNotificationCustomFromName + * EXOIRMConfiguration + * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance + FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) + * EXOMalwareFilterPolicy + * [BREAKING CHANGE] Remove deprecated parameters Action, CustomAlertText, + EnableExternalSenderNotifications and EnableInternalSenderNotifications + * EXOManagementRoleAssignment + * Use Microsoft Graph to retrieve administrative units. This fixes the issue where a soft + deleted AU was present while a new one got created with the same name. + FIXES [#3064](https://github.com/microsoft/Microsoft365DSC/issues/3064) + * EXOOrganizationConfig + * [BREAKING CHANGE] Remove deprecated parameters AllowPlusAddressInRecipients + * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance + FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) + * EXOPerimeterConfiguration + * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance + FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) + * EXOResourceConfiguration + * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance + FIXES [#2969](https://github.com/microsoft/Microsoft365DSC/issues/2969) + * EXOSaveLinksPolicy + * [BREAKING CHANGE] Remove deprecated parameters DoNotAllowClickThrough, + DoNotTrackUserClicks and IsEnabled + * EXOSharedMailbox + * [BREAKING CHANGE] Remove deprecated parameter Aliases + * EXOTransportRule + * [BREAKING CHANGE] Remove deprecated parameter ExceptIfMessageContainsAllDataClassifications, + IncidentReportOriginalMail and MessageContainsAllDataClassifications + * IntuneAntivirusPolicyWindows10SettingCatalog, IntuneASRRulesPolicyWindows10, + IntuneAppProtectionPolicyiOS, IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager, + IntuneSettingCatalogASRRulesPolicyWindows10 + * [BREAKING CHANGE] Setting Identity as Key parameter and DisplayName as Required + * IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager + * [BREAKING CHANGE] Fix resource + * IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator, IntuneDeviceConfigurationPolicyAndroidDeviceOwner, + IntuneDeviceConfigurationPolicyAndroidOpenSourceProject, IntuneDeviceConfigurationPolicyMacOS, + IntuneDeviceConfigurationPolicyiOS, IntuneExploitProtectionPolicyWindows10SettingCatalog, + IntuneWifiConfigurationPolicyAndroidDeviceAdministrator, IntuneWifiConfigurationPolicyAndroidForWork, + IntuneWifiConfigurationPolicyAndroidOpenSourceProject, IntuneWifiConfigurationPolicyIOS, + IntuneWifiConfigurationPolicyMacOS, IntuneWifiConfigurationPolicyWindows10, + IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled, IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required + * Properly escapes single quotes from CIMInstances string values. + FIXES [#3117](https://github.com/microsoft/Microsoft365DSC/issues/3117) + * IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required + * [BREAKING CHANGE] Corrected typo in resource name (Entreprise to Enterprise) + FIXES [#3024](https://github.com/microsoft/Microsoft365DSC/issues/3024) + * IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required + * [BREAKING CHANGE] Corrected typo in resource name (Entreprise to Enterprise) + FIXES [#3024](https://github.com/microsoft/Microsoft365DSC/issues/3024) + * IntuneWindowsAutopilotDeploymentProfileAzureADJoined * Initial release - FIXES [#2831](https://github.com/microsoft/Microsoft365DSC/issues/2831) - * SCDLPCompliancePolicy - * Added support or Endpoint, On-Premises, PowerBI and ThirdPartyApps locations and exceptions. - FIXES [#3023](https://github.com/microsoft/Microsoft365DSC/issues/3023) - * SCSensitivityLabel - * Added ContentType parameter, so you can specify where to apply the label. - FIXES [#2992](https://github.com/microsoft/Microsoft365DSC/issues/2992) - * Updated the resource to use and apply the correct parameters from the LabelActions - property. - FIXES [#3035](https://github.com/microsoft/Microsoft365DSC/issues/3035) - * Deprecated all FontName properties, since these are no longer configurable. - FIXES [#3035](https://github.com/microsoft/Microsoft365DSC/issues/3035) + FIXES [#2605](https://github.com/microsoft/Microsoft365DSC/issues/2605) + * IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined + * Initial release + FIXES [#2605](https://github.com/microsoft/Microsoft365DSC/issues/2605) + * IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 + * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required + * [BREAKING CHANGE] Corrected typo in resource name (Window to Windows) + FIXES [#3024](https://github.com/microsoft/Microsoft365DSC/issues/3024) + * SCAuditConfigurationPolicy, SCAutoSensitivityLabelPolicy, SCCaseHoldPolicy, SCCaseHoldRule, + SCComplianceCase, SCComplianceSearch, SCComplianceSearchAction, SCComplianceTag, + SCDeviceConditionalAccessPolicy, SCDeviceConfigurationPolicy, SCDLPComplianceRule, + SCFilePlanPropertyAuthority, SCFilePlanPropertyCategory, SCFilePlanPropertyCitation, + SCFilePlanPropertyDepartment, SCFilePlanPropertyReferenceId, SCFilePlanPropertySubCategory, + SCLabelPolicy, SCProtectionAlert, SCRetentionCompliancePolicy, SCRetentionComplianceRule, + SCRetentionEventType, SCSupervisoryReviewPolicy, SCSupervisoryReviewRule * Fixed the collection of new and set parameters to ensure the correct values are passed to the New/Set cmdlets. - FIXES [#3050](https://github.com/microsoft/Microsoft365DSC/issues/3050) - * MISC - * Added QA test that checks for existence of an example for each resource. - * Amended output for Convert-M365DscHashtableToString to show each value on a new line - Fixes[#2980](https://github.com/microsoft/Microsoft365DSC/issues/2980) + FIXES [#3075](https://github.com/microsoft/Microsoft365DSC/issues/3075) + * SCSensitivityLabel + * [BREAKING CHANGE] Remove deprecated parameters Disabled, ApplyContentMarkingFooterFontName, + ApplyContentMarkingHeaderFontName, ApplyWaterMarkingFontName and EncryptionAipTemplateScopes + * SPOApp + * Fixed issue in the Export where an error was displayed in Verbose mode when Credentials were specified + and the apps were not exported. + * SPOTenantSettings + * [BREAKING CHANGE] Remove deprecated parameter RequireAcceptingAccountMatchInvitedAccount + * Fixes how we are extracting the DisabledWebPartIds parameter. + FIXES [#3066](https://github.com/microsoft/Microsoft365DSC/issues/3066) + * TeamsGroupPolicyAssignment change of key and required parameters + * [BREAKING CHANGE] Setting GroupId and PolicyType as Key parameters + FIXES [#3054](https://github.com/microsoft/Microsoft365DSC/issues/3054) + * TeamsMeetingPolicy + * [BREAKING CHANGE] Remove deprecated parameter RecordingStorageMode + * TeamsUpdateManagementPolicy + * Added support for the new UseNewTeamsClient parameter. + FIXES [#3062](https://github.com/microsoft/Microsoft365DSC/issues/3062) * DRG - * Various fixes: - Remove invalid character from description in schema.mof - Add Id as key in schema.mof - Add DisplayName as Required in schema.mof - Fix issue with nested CIM array from test unit - Remove Select-MgProfile from module - Add DisplayName as Mandatory in module - Fix issue with AdditionalProperties for nested objects from module - Fix Ensure default value' + * Various fixes + * Cleanup generated code + * Fix AdditionalProperties complex constructor + * Fix Read privileges in settings file + * MISC + * Fixed an issue `New-M365DSCReportFromConfiguration` where a non existing parameter was used to retrieve the configuration. + * Improved unit test performance + * Added a QA check to test for the presence of a Key parameter and fixes + resources where this was not the case. + FIXES [#2925](https://github.com/microsoft/Microsoft365DSC/issues/2925) + * Major changes to the export process where resource instances will now be assigned a meaningful nam + that will follow the ResourceName-PrimaryKey convention. + * Added a fix making sure that the progress bar "Scanning dependencies" is no longer displayed after the operation is completed. + * Added a new Set-M365DSCLoggingOption function to enable logging information about non-drifted resources in Event Viewer. + FIXES [#2981](https://github.com/microsoft/Microsoft365DSC/issues/2981) + * Updated the Update-M365DSCModule to unload dependencies before updating them and then to reload the new versions. + FIXES [#3097](https://github.com/microsoft/Microsoft365DSC/issues/3097) + * Added a new internal function to remove the authentication parameters from the bound paramters. `Remove-M365DSCAuthenticationParameter` + * DEPENDENCIES + * Updated Microsoft.Graph dependencies to version 1.25.0. + * Updated MicrosoftTeams dependency to version 5.1.0.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false From 111bd2aed555140b2f98c02d332ce8b8e5243f38 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 5 Apr 2023 11:31:19 -0400 Subject: [PATCH 186/187] Fixes --- .../Microsoft365DSC/Modules/M365DSCUtil.psm1 | 47 ++++++++++--------- docs/docs/blog/april-2023-major-release.md | 4 +- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index b0bb6ca7a0..8d97b8f2b1 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -1095,7 +1095,7 @@ function Export-M365DSCConfiguration } else { - throw "Please provide the tenant name in format .onmicrosoft.com for TenantId." + Write-Warning -Message "We recommend providing the TenantId property in the format of .onmicrosoft.*" } } return $true @@ -1120,7 +1120,7 @@ function Export-M365DSCConfiguration } else { - throw "Please provide a username in the format of .onmicrosoft.com for the Credential property." + Write-Warning -Message "We recommend providing the username in the format of .onmicrosoft.* for the Credential property." } return $true })] @@ -1570,7 +1570,7 @@ function New-M365DSCConnection [Parameter(Mandatory = $true)] [ValidateScript({ - if ($null -ne $Credential) + if ($null -ne $_.Credential) { $invalid = $_.Credential.Username -notmatch ".onmicrosoft." if (-not $invalid) @@ -1579,34 +1579,37 @@ function New-M365DSCConnection } else { - throw "Please provide a username in the format of .onmicrosoft.com for the Credential property." + Write-Warning -Message "We recommend providing the username in the format of .onmicrosoft.* for the Credential property." } } - $invalid = $false - try - { - [System.Guid]::Parse($_.TenantId) | Out-Null - $invalid = $true - } - catch + if ($null -ne $_.TenantId) { $invalid = $false - } - if ($invalid) - { - throw "Please provide the tenant name (e.g., contoso.onmicrosoft.com) for TenantId instead of its GUID." - } - else - { - $invalid = $_.TenantId -notmatch ".onmicrosoft." - if (-not $invalid) + try { - return $true + [System.Guid]::Parse($_.TenantId) | Out-Null + $invalid = $true + } + catch + { + $invalid = $false + } + if ($invalid) + { + throw "Please provide the tenant name (e.g., contoso.onmicrosoft.com) for TenantId instead of its GUID." } else { - throw "Please provide the tenant name in format .onmicrosoft.com for TenantId." + $invalid = $_.TenantId -notmatch ".onmicrosoft." + if (-not $invalid) + { + return $true + } + else + { + Write-Warning -Message "We recommend providing the tenant name in format .onmicrosoft.* for TenantId." + } } } return $true diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index 65a5b1f275..f652325e5c 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -177,6 +177,6 @@ Set-M365DSCLoggingOption -IncludeNonDrifted $True These events will be reported as Information entries having an Event ID of 2. ![image](https://raw.githubusercontent.com/microsoft/Microsoft365DSC/Dev/docs/docs/Images/April2023MR-EventViewer.png) -## Enforcing Tenant ID to be in Format '.onmicrosoft.' +## Enforcing Tenant ID to be in Format '.onmicrosoft.' ([#3137](https://github.com/microsoft/Microsoft365DSC/pull/3137)) -Starting with this version, the TenantID property will no longer be accepting GUIDs or tenant names that are not in the form of '.onmicrosoft.. Same applies for the Credential property. For example, instead of trying to connect with account **John.Smith.contoso.com**, the user should use its **John.Smith@contoso.onmicrosoft.com** credentials to authenticate to Microsoft365DSC. +Starting with this version, the TenantID property will no longer be accepting GUIDs. Instead customers should provide their tenants' name, ideally in the format of .onmicrosoft.. From 42d07c648722f3c585e17af934ded589b44f2d7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Wed, 5 Apr 2023 19:06:25 +0200 Subject: [PATCH 187/187] Blog typos and formatting fixes --- docs/docs/blog/april-2023-major-release.md | 55 ++++++++++++---------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/docs/docs/blog/april-2023-major-release.md b/docs/docs/blog/april-2023-major-release.md index f652325e5c..2b7af4f1c1 100644 --- a/docs/docs/blog/april-2023-major-release.md +++ b/docs/docs/blog/april-2023-major-release.md @@ -8,7 +8,7 @@ As part of the April 2023 major release, this resource is being re-written almos ## Primary Keys of Multiple Resources ([#2968](https://github.com/microsoft/Microsoft365DSC/pull/2968)) -We have modified the logic of all the resources below to ensure we have a primary key defined. In most cases we have marked the Identity or DisplayName properties as now being mandatory. While we don't believe this change will have a major impact on most existing configuration since they probably already defined these properties, there is a small chance that customers omitted to include them. The recomendation in this case is to ensure you add the new required properties to your resources. Resources impacted are: +We have modified the logic of all the resources below to ensure we have a primary key defined. In most cases we have marked the Identity or DisplayName properties as now being mandatory. While we don't believe this change will have a major impact on most existing configuration since they probably already defined these properties, there is a small chance that customers omitted to include them. The recommendation in this case is to ensure you add the new required properties to your resources. Resources impacted are: * AADAdministrativeUnit * AADConditionalAccessPolicy @@ -26,8 +26,8 @@ We have modified the logic of all the resources below to ensure we have a primar * IntuneDeviceConfigurationPolicyiOS * IntuneExploitProtectionPolicyWindows10SettingCatalog * IntuneWifiConfigurationPolicyAndroidDeviceAdministrator -* IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner -* IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile +* IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner +* IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile * IntuneWifiConfigurationPolicyAndroidForWork * IntuneWifiConfigurationPolicyAndroidOpenSourceProject * IntuneWifiConfigurationPolicyIOS, @@ -125,8 +125,9 @@ We are removing parameters that have been deprecated from various resources as p
  • TeamsMeetingPolicy
    • RecordingStorageMode
      • -
    • + + ## TeamsGroupPolicyAssignment: New Key Parameters ([3054](https://github.com/microsoft/Microsoft365DSC/issues/3054)) @@ -142,35 +143,37 @@ In order to make it easier for folks to follow the execution process of the Star 1. If the resource implements the **IsSingleInstance** property, the resource instance's will simply take the resource's name. E.g., - ```powershell - SPOTenantSettings 'SPOTenantSettings' - { - ... - } - ``` + ```powershell + SPOTenantSettings 'SPOTenantSettings' + { + ... + } + ``` 2. Otherwise, the resource will always be named following the "[ResourceName]-[PrimaryKey]" pattern. E.g., - ```powershell - TeamsMeetingPolicy 'TeamsMeetingPolicy-MyPolicy' - { - DisplayName = 'MyPolicy' - ... - } - ``` - - The primary key will always give priority to the following properties in order: - * DisplayName - * Identity - * Id - * Name - This means that if a resource instance defines both DisplayName and Id, that the DisplayName value will be used to name the instance. + ```powershell + TeamsMeetingPolicy 'TeamsMeetingPolicy-MyPolicy' + { + DisplayName = 'MyPolicy' + ... + } + ``` + + The primary key will always give priority to the following properties in order: + + * DisplayName + * Identity + * Id + * Name + + This means that if a resource instance defines both DisplayName and Id, that the DisplayName value will be used to name the instance. ## Logging Improvements for Non-Drifted Resource Instances ([#3090](https://github.com/microsoft/Microsoft365DSC/pull/3099)) -Starting with this version of M365DSC, users can decide to also include informaton about resources that don't have any detected drifts in them by setting the logging settings with the new Set-M365DSCLoggingOption. E.g., +Starting with this version of M365DSC, users can decide to also include information about resources that don't have any detected drifts in them by setting the logging settings with the new Set-M365DSCLoggingOption. E.g., -``` +```powershell Set-M365DSCLoggingOption -IncludeNonDrifted $True ```