Merge pull request #3015 from microsoft/Dev

Release 1.23.315.1

CHANGELOG.md

@@ -1,5 +1,43 @@
 # Change log for Microsoft365DSC
 
+# 1.23.315.1
+
+* AADConditionalAccessPolicy
+  * Handle Named Location "Multifactor authentication trusted IPs"
+    Fixed [#2974](https://github.com/microsoft/Microsoft365DSC/issues/2974)
+  * Export and handle guest and external users.
+    Fixed [#2965](https://github.com/microsoft/Microsoft365DSC/issues/2965)
+* AADEntitlementManagementConnectedOrganization
+  * Initial release
+* EXOOrganizationConfig
+  * Add support for the MessageRecallEnabled parameter.
+    FIXES [#2978](https://github.com/microsoft/Microsoft365DSC/issues/2978)
+* EXORoleAssignmentPolicy
+  * Allow description and role change at the same time.
+    FIXES [#2977](https://github.com/microsoft/Microsoft365DSC/issues/2977)
+* EXORoleGroup
+  * Initial release
+* EXOTransportConfig
+  * Ensures the ExternalDsnDefaultLanguage property is correctly escaped.
+    FIXES [#2970](https://github.com/microsoft/Microsoft365DSC/issues/2970)
+* IntuneAppProtectionPolicyiOS
+  * Amended MinimumWipeOSVersion case
+    FIXES [#3000](https://github.com/microsoft/Microsoft365DSC/issues/3000)
+* PPTenantIsolationSettings
+  * Fixes the export of the Rules block which wasn't properly formatted.
+    FIXES [#2979](https://github.com/microsoft/Microsoft365DSC/issues/2979)
+* SPOTenantSettings
+  * Add support for the CommentsOnSitePagesDisabled parameter.
+* MISC
+  * Added checks in New-M365DSCConnection to ensure beta MSGraph profile is correctly set when requested
+    FIXES [#2942](https://github.com/microsoft/Microsoft365DSC/issues/2942)
+  * Added all Certificate related property to the returned values of the Get-TargetResource function
+    across all Security & Compliance resources.
+    FIXES [#2989](https://github.com/microsoft/Microsoft365DSC/issues/2989)
+* DEPENDENCIES
+  * Updated Microsoft.Graph dependencies to version 1.23.0.
+  * Updated Microsoft.PowerApps.Administration.PowerShell to 2.0.156.
+
 # 1.23.308.1
 
 * AADAdministrativeUnit

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1

@@ -55,6 +55,34 @@ function Get-TargetResource
         [System.String[]]
         $ExcludeRoles,
 
+        [Parameter()]
+        [System.String[]]
+        [validateSet('none', 'internalGuest', 'b2bCollaborationGuest', 'b2bCollaborationMember', 'b2bDirectConnectUser', 'otherExternalUser', 'serviceProvider', 'unknownFutureValue')]
+        $IncludeGuestOrExternalUserTypes,
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')]
+        $IncludeExternalTenantsMembershipKind,
+
+        [Parameter()]
+        [System.String[]]
+        $IncludeExternalTenantsMembers,
+
+        [Parameter()]
+        [System.String[]]
+        [validateSet('none', 'internalGuest', 'b2bCollaborationGuest', 'b2bCollaborationMember', 'b2bDirectConnectUser', 'otherExternalUser', 'serviceProvider', 'unknownFutureValue')]
+        $ExcludeGuestOrExternalUserTypes,
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')]
+        $ExcludeExternalTenantsMembershipKind,
+
+        [Parameter()]
+        [System.String[]]
+        $ExcludeExternalTenantsMembers,
+
         #ConditionalAccessPlatformCondition
         [Parameter()]
         [System.String[]]
@@ -447,6 +475,10 @@ function Get-TargetResource
                     {
                         $IncludeLocations += $IncludeLocationGUID
                     }
+                    elseif ($IncludeLocationGUID -eq '00000000-0000-0000-0000-000000000000')
+                    {
+                        $IncludeLocations += 'Multifactor authentication trusted IPs'
+                    }
                     elseif ($null -eq $Locationlookup[$IncludeLocationGUID])
                     {
                         $message = "Couldn't find Location $IncludeLocationGUID , couldn't add to policy $PolicyDisplayName"
@@ -471,6 +503,10 @@ function Get-TargetResource
                     {
                         $ExcludeLocations += $ExcludeLocationGUID
                     }
+                    elseif ($IncludeLocationGUID -eq '00000000-0000-0000-0000-000000000000')
+                    {
+                        $IncludeLocations += 'Multifactor authentication trusted IPs'
+                    }
                     elseif ($null -eq $Locationlookup[$ExcludeLocationGUID])
                     {
                         $message = "Couldn't find Location $ExcludeLocationGUID , couldn't add to policy $PolicyDisplayName"
@@ -510,6 +546,14 @@ function Get-TargetResource
         {
             $PersistentBrowserMode = $null
         }
+        if ($Policy.Conditions.Users.IncludeGuestsOrExternalUsers.GuestOrExternalUserTypes)
+        {
+            [Array]$IncludeGuestOrExternalUserTypes = ($Policy.Conditions.Users.IncludeGuestsOrExternalUsers.GuestOrExternalUserTypes).Split(',')
+        }
+        if ($Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.GuestOrExternalUserTypes)
+        {
+            [Array]$ExcludeGuestOrExternalUserTypes = ($Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.GuestOrExternalUserTypes).Split(',')
+        }
 
         $termsOfUseName = $null
         if ($Policy.GrantControls.TermsOfUse)
@@ -537,6 +581,13 @@ function Get-TargetResource
             ExcludeGroups                            = $ExcludeGroups
             IncludeRoles                             = $IncludeRoles
             ExcludeRoles                             = $ExcludeRoles
+            IncludeGuestOrExternalUserTypes          = [System.String[]]$IncludeGuestOrExternalUserTypes
+            IncludeExternalTenantsMembershipKind     = [System.String]$Policy.Conditions.Users.IncludeGuestsOrExternalUsers.ExternalTenants.MembershipKind
+            IncludeExternalTenantsMembers            = [System.String[]](@() + $Policy.Conditions.Users.IncludeGuestsOrExternalUsers.ExternalTenants.AdditionalProperties.members)
+
+            ExcludeGuestOrExternalUserTypes          = [System.String[]]$ExcludeGuestOrExternalUserTypes
+            ExcludeExternalTenantsMembershipKind     = [System.String]$Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants.MembershipKind
+            ExcludeExternalTenantsMembers            = [System.String[]](@() + $Policy.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants.AdditionalProperties.members)
 
             IncludePlatforms                         = [System.String[]](@() + $Policy.Conditions.Platforms.IncludePlatforms)
             #no translation needed, return empty string array if undefined
@@ -651,6 +702,34 @@ function Set-TargetResource
         [System.String[]]
         $ExcludeRoles,
 
+        [Parameter()]
+        [System.String[]]
+        [validateSet('none', 'internalGuest', 'b2bCollaborationGuest', 'b2bCollaborationMember', 'b2bDirectConnectUser', 'otherExternalUser', 'serviceProvider', 'unknownFutureValue')]
+        $IncludeGuestOrExternalUserTypes,
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')]
+        $IncludeExternalTenantsMembershipKind,
+
+        [Parameter()]
+        [System.String[]]
+        $IncludeExternalTenantsMembers,
+
+        [Parameter()]
+        [System.String[]]
+        [validateSet('none', 'internalGuest', 'b2bCollaborationGuest', 'b2bCollaborationMember', 'b2bDirectConnectUser', 'otherExternalUser', 'serviceProvider', 'unknownFutureValue')]
+        $ExcludeGuestOrExternalUserTypes,
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')]
+        $ExcludeExternalTenantsMembershipKind,
+
+        [Parameter()]
+        [System.String[]]
+        $ExcludeExternalTenantsMembers,
+
         #ConditionalAccessPlatformCondition
         [Parameter()]
         [System.String[]]
@@ -1070,6 +1149,56 @@ function Set-TargetResource
                 }
             }
         }
+        Write-Verbose -Message 'Set-Targetresource: process includeGuestsOrExternalUsers'
+        $includeGuestsOrExternalUsers = @{}
+        [string]$IncludeGuestOrExternalUserTypes = $IncludeGuestOrExternalUserTypes -join ','
+        $includeGuestsOrExternalUsers.Add('guestOrExternalUserTypes', $IncludeGuestOrExternalUserTypes)
+        $externalTenants = @{}
+        if ($IncludeExternalTenantsMembershipKind -eq 'All')
+        {
+            $externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessAllExternalTenants')
+        }
+        elseif ($IncludeExternalTenantsMembershipKind -eq 'enumerated')
+        {
+            $externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessEnumeratedExternalTenants')
+        }
+        else
+        {
+            $externalTenants.Add('@odata.type', '')
+        }
+        $externalTenants.Add('membershipKind', $IncludeExternalTenantsMembershipKind)
+        if ($IncludeExternalTenantsMembers)
+        {
+            $externalTenants.Add('members', $IncludeExternalTenantsMembers)
+        }
+        $includeGuestsOrExternalUsers.Add('externalTenants', $externalTenants)
+        $conditions.Users.Add('includeGuestsOrExternalUsers', $includeGuestsOrExternalUsers)
+
+        Write-Verbose -Message 'Set-Targetresource: process excludeGuestsOrExternalUsers'
+        $excludeGuestsOrExternalUsers = @{}
+        [string]$ExcludeGuestOrExternalUserTypes = $ExcludeGuestOrExternalUserTypes -join ','
+        $excludeGuestsOrExternalUsers.Add('guestOrExternalUserTypes', $ExcludeGuestOrExternalUserTypes)
+        $externalTenants = @{}
+        if ($ExcludeExternalTenantsMembershipKind -eq 'All')
+        {
+            $externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessAllExternalTenants')
+        }
+        elseif ($ExcludeExternalTenantsMembershipKind -eq 'enumerated')
+        {
+            $externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessEnumeratedExternalTenants')
+        }
+        else
+        {
+            $externalTenants.Add('@odata.type', '')
+        }
+        $externalTenants.Add('membershipKind', $ExcludeExternalTenantsMembershipKind)
+        if ($ExcludeExternalTenantsMembers)
+        {
+            $externalTenants.Add('members', $ExcludeExternalTenantsMembers)
+        }
+        $excludeGuestsOrExternalUsers.Add('externalTenants', $externalTenants)
+        $conditions.Users.Add('excludeGuestsOrExternalUsers', $excludeGuestsOrExternalUsers)
+
         Write-Verbose -Message 'Set-Targetresource: process platform condition'
         if ($IncludePlatforms -or $ExcludePlatforms)
         {
@@ -1129,6 +1258,10 @@ function Set-TargetResource
                     {
                         $conditions.Locations.IncludeLocations += $IncludeLocation
                     }
+                    elseif ($IncludeLocation -eq 'Multifactor authentication trusted IPs')
+                    {
+                        $conditions.Locations.IncludeLocations += '00000000-0000-0000-0000-000000000000'
+                    }
                     elseif ($null -eq $LocationLookup[$IncludeLocation])
                     {
                         $message = "Couldn't find Location $IncludeLocation , couldn't add to policy $DisplayName"
@@ -1151,6 +1284,10 @@ function Set-TargetResource
                     {
                         $conditions.Locations.ExcludeLocations += $ExcludeLocation
                     }
+                    elseif ($ExcludeLocation -eq 'Multifactor authentication trusted IPs')
+                    {
+                        $conditions.Locations.ExcludeLocations += '00000000-0000-0000-0000-000000000000'
+                    }
                     elseif ($null -eq $LocationLookup[$ExcludeLocation])
                     {
                         $message = "Couldn't find Location $ExcludeLocation , couldn't add to policy $DisplayName"
@@ -1433,6 +1570,34 @@ function Test-TargetResource
         [System.String[]]
         $ExcludeRoles,
 
+        [Parameter()]
+        [System.String[]]
+        [validateSet('none', 'internalGuest', 'b2bCollaborationGuest', 'b2bCollaborationMember', 'b2bDirectConnectUser', 'otherExternalUser', 'serviceProvider', 'unknownFutureValue')]
+        $IncludeGuestOrExternalUserTypes,
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')]
+        $IncludeExternalTenantsMembershipKind,
+
+        [Parameter()]
+        [System.String[]]
+        $IncludeExternalTenantsMembers,
+
+        [Parameter()]
+        [System.String[]]
+        [validateSet('none', 'internalGuest', 'b2bCollaborationGuest', 'b2bCollaborationMember', 'b2bDirectConnectUser', 'otherExternalUser', 'serviceProvider', 'unknownFutureValue')]
+        $ExcludeGuestOrExternalUserTypes,
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')]
+        $ExcludeExternalTenantsMembershipKind,
+
+        [Parameter()]
+        [System.String[]]
+        $ExcludeExternalTenantsMembers,
+
         #ConditionalAccessPlatformCondition
         [Parameter()]
         [System.String[]]

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof

@@ -13,6 +13,12 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
     [Write, Description("Groups out of scope of the Policy.")] String ExcludeGroups[];
     [Write, Description("AAD Admin Roles in scope of the Policy.")] String IncludeRoles[];
     [Write, Description("AAD Admin Roles out of scope of the Policy.")] String ExcludeRoles[];
+    [Write, Description("Represents the Included internal guests or external user types. This is a multi-valued property. Supported values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, OtherExternalUser, serviceProvider and unknownFutureValue."), ValueMap{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}, Values{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}] String IncludeGuestOrExternalUserTypes[];
+    [Write, Description("Represents the Included Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type."), ValueMap{"","all","enumerated","unknownFutureValue"}, Values{"","all","enumerated","unknownFutureValue"}] String IncludeExternalTenantsMembershipKind;
+    [Write, Description("Represents the Included collection of tenant ids in the scope of Conditional Access for guests and external users policy targeting.")] String IncludeExternalTenantsMembers[];
+    [Write, Description("Represents the Excluded internal guests or external user types. This is a multi-valued property. Supported values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, OtherExternalUser, serviceProvider and unknownFutureValue."), ValueMap{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}, Values{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}] String ExcludeGuestOrExternalUserTypes[];
+    [Write, Description("Represents the Excluded Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type."), ValueMap{"","all","enumerated","unknownFutureValue"}, Values{"","all","enumerated","unknownFutureValue"}] String ExcludeExternalTenantsMembershipKind;
+    [Write, Description("Represents the Excluded collection of tenant ids in the scope of Conditional Access for guests and external users policy targeting.")] String ExcludeExternalTenantsMembers[];
     [Write, Description("Client Device Platforms in scope of the Policy.")] String IncludePlatforms[];
     [Write, Description("Client Device Platforms out of scope of the Policy.")] String ExcludePlatforms[];
     [Write, Description("AAD Named Locations in scope of the Policy.")] String IncludeLocations[];