From ab2ec9bf51b7b4fd162002b22dc42ace995a60dc Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sun, 22 Jan 2023 18:52:15 +0000 Subject: [PATCH 01/64] tmp --- ...AdministrativeTemplatePolicyWindows10.psm1 | 1532 +++++ ...strativeTemplatePolicyWindows10.schema.mof | 51 + .../readme.md | 6 + .../settings.json | 39 + ...istrativeTemplatePolicyWindows10.Tests.ps1 | 212 + Tests/Unit/Stubs/Microsoft365.psm1 | 5495 ++++++++++------- 6 files changed, 5266 insertions(+), 2069 deletions(-) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/settings.json create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 new file mode 100644 index 0000000000..c2102dd8de --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -0,0 +1,1532 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [ValidateSet('unknown','custom','builtIn','mixed','unknownFutureValue')] + [System.String] + $PolicyConfigurationIngestionType, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $DefinitionValues, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = $true, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + Select-MgProfile 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgDeviceManagementGroupPolicyConfiguration -GroupPolicyConfigurationId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id}" + + if(-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgDeviceManagementGroupPolicyConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Administrative Template Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." + + #region resource generator code + $enumPolicyConfigurationIngestionType = $null + if ($null -ne $getValue.PolicyConfigurationIngestionType) + { + $enumPolicyConfigurationIngestionType = $getValue.PolicyConfigurationIngestionType.ToString() + } + + #endregion + + #region + $settings = Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` + -GroupPolicyConfigurationId $Id + + $complexDefinitionValues = @() + foreach($setting in $settings) + { + $definitionValue=@{} + $definitionValue.Add('Id',$setting.Id) + if($null -ne $setting.ConfigurationType) + { + $definitionValue.Add('ConfigurationType',$setting.ConfigurationType.toString()) + } + $definitionValue.Add('Enabled',$setting.Enabled) + $definition = Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition ` + -GroupPolicyConfigurationId $Id ` + -GroupPolicyDefinitionValueId $setting.Id + + $enumClassType = $null + if ($null -ne $definition.ClassType) + { + $enumClassType = $definition.ClassType.ToString() + } + + $enumPolicyType = $null + if ($null -ne $definition.PolicyType) + { + $enumPolicyType = $definition.PolicyType.ToString() + } + $complexDefinition = @{ + CategoryPath = $definition.CategoryPath + ClassType = $enumClassType + DisplayName = $definition.DisplayName + #ExplainText = $definition.ExplainText + #GroupPolicyCategoryId = $definition.GroupPolicyCategoryId + #HasRelatedDefinitions = $definition.HasRelatedDefinitions + #MinDeviceCspVersion = $definition.MinDeviceCspVersion + #MinUserCspVersion = $definition.MinUserCspVersion + PolicyType = $enumPolicyType + SupportedOn = $definition.SupportedOn + #Id = $definition.Id + } + + $definitionValue.Add('Definition',$complexDefinition) + $complexDefinitionValues += $definitionValue + } + #endregion + + $results = @{ + #region resource generator code + Description = $getValue.Description + DisplayName = $getValue.DisplayName + PolicyConfigurationIngestionType = $enumPolicyConfigurationIngestionType + DefinitionValues = $complexDefinitionValues + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + $assignmentsValues = Get-MgDeviceManagementGroupPolicyConfigurationAssignment -GroupPolicyConfigurationId $Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [ValidateSet('unknown','custom','builtIn','mixed','unknownFutureValue')] + [System.String] + $PolicyConfigurationIngestionType, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $DefinitionValues, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = $true, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('Credential') | Out-Null + $PSBoundParameters.Remove('ApplicationId') | Out-Null + $PSBoundParameters.Remove('ApplicationSecret') | Out-Null + $PSBoundParameters.Remove('TenantId') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('Verbose') | Out-Null + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Device Configuration Administrative Template Policy for Windows10 with DisplayName {$DisplayName}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $CreateParameters.Remove('Id') | Out-Null + $CreateParameters.Remove('DefinitionValues') | Out-Null + + $keys=(([Hashtable]$CreateParameters).clone()).Keys + foreach($key in $keys) + { + if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + { + if($key -eq 'DefinitionValues') + { + #Removing Key Definition because it is Read-Only + foreach($definitionValue in ($CreateParameters.$key).DefinitionValues) + { + $definitionValue.remove('Definition') + } + } + $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + } + } + #region resource generator code + $policy=New-MgDeviceManagementGroupPolicyConfiguration -BodyParameter $CreateParameters + $assignmentsHash=@() + foreach($assignment in $Assignments) + { + $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + + if($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/groupPolicyConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Device Configuration Administrative Template Policy for Windows10 with Id {$($currentInstance.Id)}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + $UpdateParameters.Remove('DefinitionValues') | Out-Null + + $keys=(([Hashtable]$UpdateParameters).clone()).Keys + foreach($key in $keys) + { + if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + { + $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + } + #region resource generator code + #Update Core policy + $UpdateParameters.Add("@odata.type", "#microsoft.graph.GroupPolicyConfiguration") + Update-MgDeviceManagementGroupPolicyConfiguration ` + -GroupPolicyConfigurationId $currentInstance.Id ` + -BodyParameter $UpdateParameters + + #Update Assignments + $assignmentsHash=@() + foreach($assignment in $Assignments) + { + $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/groupPolicyConfigurations' + #endregion + #Update DefinitionValues + [Array]$targetDefinitionValues = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $DefinitionValues + if($null -ne $targetDefinitionValues -and $targetDefinitionValues.count -gt 0) + { + #Removing Key Definition because it is Read-Only + foreach($definitionValue in $targetDefinitionValues) + { + $definitionValue.remove('Definition') + } + } + $currentDefinitionValues=$currentInstance.DefinitionValues + if($null -ne $currentDefinitionValues -and $currentDefinitionValues.count -gt 0) + { + #Removing Key Definition because it is Read-Only + foreach($definitionValue in $currentDefinitionValues) + { + $definitionValue.remove('Definition') + } + } + $comparedDefinitionValues = Compare-Object ` + -ReferenceObject $currentDefinitionValues.Id ` + -DifferenceObject $targetDefinitionValues.Id ` + -IncludeEqual + + $definitionValuesToAdd = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '=>'}).InputObject + $definitionValuesToRemove = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '<='}).InputObject + $definitionValuesToCheck = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '='}).InputObject + + foreach($definitionValueId in $definitionValuesToAdd) + { + $definitionValue = $targetDefinitionValues | Where-Object - FilterScript {$_.Id -eq $definitionValueId} + $enumConfigurationType = $null + if($null -ne $definitionValue.ConfigurationType) + { + $enumConfigurationType = $definitionValue.ConfigurationType.toString() + } + $complexDefinitionValue = @{ + Id = $definitionValue.Id + Enabled = $definitionValue.Enabled + ConfigurationType = $enumConfigurationType + } + New-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` + -GroupPolicyConfigurationId $currentInstance.Id ` + -BodyParameter $complexDefinitionValue + } + + foreach($definitionValueId in $definitionValuesToRemove) + { + Remove-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` + -GroupPolicyConfigurationId $currentInstance.Id ` + -GroupPolicyDefinitionValueId $definitionValueId + } + + foreach($definitionValueId in $definitionValuesToCheck) + { + $definitionValue = $targetDefinitionValues | Where-Object - FilterScript {$_.Id -eq $definitionValueId} + $currentDefinitionValue = $currentDefinitionValues | Where-Object - FilterScript {$_.Id -eq $definitionValueId} + $enumConfigurationType = $null + if($null -ne $definitionValue.ConfigurationType) + { + $enumConfigurationType = $definitionValue.ConfigurationType.toString() + } + $complexDefinitionValue = @{ + Id = $definitionValue.Id + Enabled = $definitionValue.Enabled + ConfigurationType = $enumConfigurationType + } + + $toUpdate = Compare-M365DSCComplexObject ` + -Source $currentDefinitionValue ` + -Target $complexDefinitionValue + + If(-not $toUpdate) + { + $complexDefinitionValue.Remove('Id') + Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` + -GroupPolicyConfigurationId $currentInstance.Id ` + -GroupPolicyDefinitionValueId $definitionValueId ` + -BodyParameter $complexDefinitionValue + } + } + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Device Configuration Administrative Template Policy for Windows10 with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgDeviceManagementGroupPolicyConfiguration -GroupPolicyConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [ValidateSet('unknown','custom','builtIn','mixed','unknownFutureValue')] + [System.String] + $PolicyConfigurationIngestionType, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $DefinitionValues, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter(Mandatory = $true)] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = $true, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + #Removing Key Definition because it is Read-Only + if($key -eq 'DefinitionValues') + { + foreach($definitionValue in $source.DefinitionValues) + { + $definitionValue.remove('Definition') + } + foreach($definitionValue in $target.DefinitionValues) + { + $definitionValue.remove('Definition') + } + } + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + $testResult = $false + break; + } + + $ValuesToCheck.Remove($key) | Out-Null + + } + } + + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + Select-MgProfile 'beta' -ErrorAction Stop + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgDeviceManagementGroupPolicyConfiguration ` + -All ` + -ErrorAction Stop + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if($Results.DefinitionValues) + { + $complexMapping=@( + @{ + Name="Definition" + CimInstanceName="MSFT_IntuneGroupPolicyDefinition" + IsRequired=$false + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.DefinitionValues ` + -CIMInstanceName IntuneGroupPolicyDefinitionValue ` + -ComplexTypeMapping $complexMapping + if ($complexTypeStringResult) + { + $Results.DefinitionValues = $complexTypeStringResult + } + else + { + $Results.Remove('DefinitionValues') | Out-Null + } + } + if($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + } + if ($Results.DefinitionValues) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DefinitionValues" -isCIMArray:$true + } + if ($Results.Definition) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Definition" + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + function Update-DeviceConfigurationPolicyAssignment + { + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $Targets, + + [Parameter()] + [System.String] + $Repository='deviceManagement/configurationPolicies', + + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion='beta' + ) + try + { + $deviceManagementPolicyAssignments=@() + + $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + + foreach($target in $targets) + { + $formattedTarget=@{"@odata.type"=$target.dataType} + if($target.groupId) + { + $formattedTarget.Add('groupId',$target.groupId) + } + if($target.collectionId) + { + $formattedTarget.Add('collectionId',$target.collectionId) + } + if($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + } + if($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + } + $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' + -Exception $_ + -Source $($MyInvocation.MyCommand.Source) + -TenantId $TenantId + -Credential $Credential + + return $null + } + + + }function Rename-M365DSCCimInstanceParameter +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $Properties + ) + + $keyToRename=@{ + "odataType"="@odata.type" + } + + $result=$Properties + + $type=$Properties.getType().FullName + + #region Array + if ($type -like '*[[\]]') + { + $values = @() + foreach ($item in $Properties) + { + $values += Rename-M365DSCCimInstanceParameter $item + } + $result=$values + + return ,$result + } + #endregion + + #region Single + if($type -like "*Hashtable") + { + $result=([Hashtable]$Properties).clone() + } + if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + { + $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result + $keys=($hashProperties.clone()).keys + foreach($key in $keys) + { + $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + if ($key -in $keyToRename.Keys) + { + $keyName=$keyToRename.$key + } + + $property=$hashProperties.$key + if($null -ne $property) + { + $hashProperties.Remove($key) + $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + } + } + $result = $hashProperties + } + + return $result + #endregion +} +function Get-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter()] + $ComplexObject + ) + + if($null -eq $ComplexObject) + { + return $null + } + + if($ComplexObject.gettype().fullname -like "*[[\]]") + { + $results=@() + + foreach($item in $ComplexObject) + { + if($item) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results+=$hash + } + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + + if($ComplexObject.getType().fullname -like '*Dictionary*') + { + $results = @{} + + $ComplexObject=[hashtable]::new($ComplexObject) + $keys=$ComplexObject.Keys + foreach ($key in $keys) + { + if($null -ne $ComplexObject.$key) + { + $keyName = $key + + $keyType=$ComplexObject.$key.gettype().fullname + + if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$key) + } + } + } + return [hashtable]$results + } + + $results = @{} + + if($ComplexObject.getType().Fullname -like "*hashtable") + { + $keys = $ComplexObject.keys + } + else + { + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + } + + foreach ($key in $keys) + { + $keyName=$key + if($ComplexObject.getType().Fullname -notlike "*hashtable") + { + $keyName=$key.Name + } + + if($null -ne $ComplexObject.$keyName) + { + $keyType=$ComplexObject.$keyName.gettype().fullname + if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$keyName) + } + } + } + + return [hashtable]$results +} + +<# + Use ComplexTypeMapping to overwrite the type of nested CIM + Example + $complexMapping=@( + @{ + Name="ApprovalStages" + CimInstanceName="MSFT_MicrosoftGraphapprovalstage1" + IsRequired=$false + } + @{ + Name="PrimaryApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + @{ + Name="EscalationApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + ) + With + Name: the name of the parameter to be overwritten + CimInstanceName: The type of the CIM instance (can include or not the prefix MSFT_) + IsRequired: If isRequired equals true, an empty hashtable or array will be returned. Some of the Graph parameters are required even though they are empty +#> +function Get-M365DSCDRGComplexTypeToString +{ + [CmdletBinding()] + param( + [Parameter()] + $ComplexObject, + + [Parameter(Mandatory = $true)] + [System.String] + $CIMInstanceName, + + [Parameter()] + [Array] + $ComplexTypeMapping, + + [Parameter()] + [System.String] + $Whitespace='', + + [Parameter()] + [System.uint32] + $IndentLevel=3, + + [Parameter()] + [switch] + $isArray=$false + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + $indent='' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent+=' ' + } + #If ComplexObject is an Array + if ($ComplexObject.GetType().FullName -like "*[[\]]") + { + $currentProperty=@() + $IndentLevel++ + foreach ($item in $ComplexObject) + { + $splat=@{ + 'ComplexObject'=$item + 'CIMInstanceName'=$CIMInstanceName + 'IndentLevel'=$IndentLevel + } + if ($ComplexTypeMapping) + { + $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + } + + $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,$currentProperty + } + + $currentProperty='' + if($isArray) + { + $currentProperty += "`r`n" + $currentProperty += $indent + } + + $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $currentProperty += "MSFT_$CIMInstanceName{`r`n" + $IndentLevel++ + $indent='' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent+=' ' + } + $keyNotNull = 0 + + if ($ComplexObject.Keys.count -eq 0) + { + return $null + } + + foreach ($key in $ComplexObject.Keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyNotNull++ + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + { + $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + + $isArray=$false + if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + { + $isArray=$true + } + #overwrite type if object defined in mapping complextypemapping + if($key -in $ComplexTypeMapping.Name) + { + $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashProperty=$ComplexObject[$key] + } + else + { + $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + } + + if(-not $isArray) + { + $currentProperty += $indent + $key + ' = ' + } + + if($isArray -and $key -in $ComplexTypeMapping.Name ) + { + if($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $key + ' = ' + $currentProperty += "@(" + } + } + + if ($isArray) + { + $IndentLevel++ + foreach ($item in $ComplexObject[$key]) + { + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + { + $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "@()`r`n" + } + $currentProperty += $nestedPropertyString + } + $IndentLevel-- + } + else + { + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "`$null`r`n" + } + $currentProperty += $nestedPropertyString + } + if($isArray) + { + if($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $currentProperty += ')' + $currentProperty += "`r`n" + } + } + $isArray=$PSBoundParameters.IsArray + } + else + { + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($indent) + } + } + else + { + $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + + if($mappedKey -and $mappedKey.isRequired) + { + if($mappedKey.isArray) + { + $currentProperty += "$indent$key = @()`r`n" + } + else + { + $currentProperty += "$indent$key = `$null`r`n" + } + } + } + } + $indent='' + for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + { + $indent+=' ' + } + $currentProperty += "$indent}" + if($isArray -or $IndentLevel -gt 4) + { + $currentProperty += "`r`n" + } + + #Indenting last parenthese when the cim instance is an array + if($IndentLevel -eq 5) + { + $indent='' + for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + { + $indent+=' ' + } + $currentProperty += $indent + } + + $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") + if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + { + $currentProperty=$null + } + + return $currentProperty +} + +Function Get-M365DSCDRGSimpleObjectTypeToString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory = 'true')] + [System.String] + $Key, + + [Parameter(Mandatory = 'true')] + $Value, + + [Parameter()] + [System.String] + $Space=" " + + ) + + $returnValue="" + switch -Wildcard ($Value.GetType().Fullname ) + { + "*.Boolean" + { + $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + } + "*.String" + { + if($key -eq '@odata.type') + { + $key='odataType' + } + $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + } + "*.DateTime" + { + $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + } + "*[[\]]" + { + $returnValue= $Space + $key + " = @(" + $whitespace="" + $newline="" + if($Value.count -gt 1) + { + $returnValue += "`r`n" + $whitespace=$Space+" " + $newline="`r`n" + } + foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + { + switch -Wildcard ($item.GetType().Fullname ) + { + "*.String" + { + $returnValue += "$whitespace'$item'$newline" + } + "*.DateTime" + { + $returnValue += "$whitespace'$item'$newline" + } + Default + { + $returnValue += "$whitespace$item$newline" + } + } + } + if($Value.count -gt 1) + { + $returnValue += "$Space)`r`n" + } + else + { + $returnValue += ")`r`n" + + } + } + Default + { + $returnValue= $Space + $Key + " = " + $Value + "`r`n" + } + } + return $returnValue +} + +function Compare-M365DSCComplexObject +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param( + [Parameter()] + $Source, + [Parameter()] + $Target + ) + + #Comparing full objects + if($null -eq $Source -and $null -eq $Target) + { + return $true + } + + $sourceValue="" + $targetValue="" + if (($null -eq $Source) -xor ($null -eq $Target)) + { + if($null -eq $Source) + { + $sourceValue="Source is null" + } + + if($null -eq $Target) + { + $targetValue="Target is null" + } + Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" + return $false + } + + if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + { + if($source.count -ne $target.count) + { + Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" + return $false + } + if($source.count -eq 0) + { + return $true + } + + foreach($item in $Source) + { + + $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach($targetItem in $Target) + { + $compareResult= Compare-M365DSCComplexObject ` + -Source $hashSource ` + -Target $targetItem + + if ($compareResult) + { + break + } + } + + if(-not $compareResult) + { + Write-Verbose -Message "Configuration drift - The complex array items are not identical" + return $false + } + } + return $true + } + + $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + foreach ($key in $keys) + { + #Matching possible key names between Source and Target + $skey=$key + $tkey=$key + + $sourceValue=$Source.$key + $targetValue=$Target.$tkey + #One of the item is null and not the other + if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) + { + + if($null -eq $Source.$key) + { + $sourceValue="null" + } + + if($null -eq $Target.$tkey) + { + $targetValue="null" + } + + #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + + #Both keys aren't null or empty + if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + { + if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + { + #Recursive call for complex object + $compareResult= Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` + -Target $Target.$tkey + + if(-not $compareResult) + { + + #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + else + { + #Simple object comparison + $referenceObject=$Target.$tkey + $differenceObject=$Source.$key + + #Identifying date from the current values + $targetType=($Target.$tkey.getType()).Name + if($targetType -like "*Date*") + { + $compareResult=$true + $sourceDate= [DateTime]$Source.$key + if($sourceDate -ne $targetType) + { + $compareResult=$null + } + } + else + { + $compareResult = Compare-Object ` + -ReferenceObject ($referenceObject) ` + -DifferenceObject ($differenceObject) + } + + if ($null -ne $compareResult) + { + #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + } + } + + return $true +} +function Convert-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $ComplexObject + ) + + + if($ComplexObject.getType().Fullname -like "*[[\]]") + { + $results=@() + foreach($item in $ComplexObject) + { + $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results+=$hash + } + + #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject + + if($null -ne $hashComplexObject) + { + + $results=$hashComplexObject.clone() + $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + foreach ($key in $keys) + { + if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + { + $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + } + else + { + $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) + $propertyValue=$results[$key] + $results.remove($key)|out-null + $results.add($propertyName,$propertyValue) + } + } + } + return [hashtable]$results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof new file mode 100644 index 0000000000..384a19c876 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof @@ -0,0 +1,51 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; +[ClassVersion("1.0.0.0")] +class MSFT_IntuneGroupPolicyDefinition +{ + [Write, Description("The localized full category path for the policy.")] String CategoryPath; + [Write, Description("Identifies the type of groups the policy can be applied to. Possible values are: user, machine."), ValueMap{"user","machine"}, Values{"user","machine"}] String ClassType; + [Write, Description("The localized policy name.")] String DisplayName; + [Write, Description("The localized explanation or help text associated with the policy. The default value is empty.")] String ExplainText; + [Write, Description("The category id of the parent category")] String GroupPolicyCategoryId; + [Write, Description("Signifies whether or not there are related definitions to this definition")] Boolean HasRelatedDefinitions; + [Write, Description("Minimum required CSP version for device configuration in this definition")] String MinDeviceCspVersion; + [Write, Description("Minimum required CSP version for user configuration in this definition")] String MinUserCspVersion; + [Write, Description("Specifies the type of group policy. Possible values are: admxBacked, admxIngested."), ValueMap{"admxBacked","admxIngested"}, Values{"admxBacked","admxIngested"}] String PolicyType; + [Write, Description("Localized string used to specify what operating system or application version is affected by the policy.")] String SupportedOn; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; +} + +[ClassVersion("1.0.0.0")] +class MSFT_IntuneGroupPolicyDefinitionValue +{ + [Write, Description("Specifies how the value should be configured. This can be either as a Policy or as a Preference. Possible values are: policy, preference."), ValueMap{"policy","preference"}, Values{"policy","preference"}] String ConfigurationType; + [Write, Description("Enables or disables the associated group policy definition.")] Boolean Enabled; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("The associated group policy definition with the value. Read-Only."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinition")] String Definition; +} + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10")] +class MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 : OMI_BaseResource +{ + [Write, Description("User provided description for the resource object.")] String Description; + [Write, Description("User provided name for the resource object.")] String DisplayName; + [Write, Description("Type of definitions configured for this policy. Possible values are: unknown, custom, builtIn, mixed, unknownFutureValue."), ValueMap{"unknown","custom","builtIn","mixed","unknownFutureValue"}, Values{"unknown","custom","builtIn","mixed","unknownFutureValue"}] String PolicyConfigurationIngestionType; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("The list of enabled or disabled group policy definition values for the configuration."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinitionValue")] String DefinitionValues[]; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/readme.md new file mode 100644 index 0000000000..6563fb5ea8 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/readme.md @@ -0,0 +1,6 @@ + +# IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 + +## Description + +Intune Device Configuration Administrative Template Policy for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/settings.json new file mode 100644 index 0000000000..dff983cd83 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/settings.json @@ -0,0 +1,39 @@ +{ + "resourceName": "IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10", + "description": "This resource configures an Intune Device Configuration Administrative Template Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } +} + +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 new file mode 100644 index 0000000000..daccdb85bf --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 @@ -0,0 +1,212 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath "..\..\Unit" ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\Stubs\Microsoft365.psm1" ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\Stubs\Generic.psm1" ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\UnitTestHelper.psm1" ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgDeviceManagementGroupPolicyConfiguration -MockWith { + } + + Mock -CommandName New-MgDeviceManagementGroupPolicyConfiguration -MockWith { + } + + Mock -CommandName Remove-MgDeviceManagementGroupPolicyConfiguration -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationAssignment -MockWith { + } + + } + # Test contexts + Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { + return $null + } + } + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgDeviceManagementGroupPolicyConfiguration -Exactly 1 + } + } + + Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + Ensure = "Absent" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.GroupPolicyConfiguration" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + + } + } + } + + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgDeviceManagementGroupPolicyConfiguration -Exactly 1 + } + } + Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.GroupPolicyConfiguration" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { + return @{ + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + } + } + } + + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It "Should call the Set method" { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgDeviceManagementGroupPolicyConfiguration -Exactly 1 + } + } + + Context -Name "ReverseDSC Tests" -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.GroupPolicyConfiguration" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + PolicyConfigurationIngestionType = "unknown" + + } + } + } + It "Should Reverse Engineer resource from the Export method" { + Export-TargetResource @testParams + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 5c03d259f7..5c71b93b98 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -17179,7 +17179,8 @@ function Update-MgDeviceManagementIntent function Update-MgDeviceManagementIntentSetting { [CmdletBinding()] - param( + param + ( [Parameter()] [System.String] $DeviceManagementSettingInstanceId, @@ -17245,55 +17246,74 @@ function Update-MgDeviceManagementIntentSetting $HttpPipelineAppend ) } -#endregion -#region MicrosoftGraph -function Get-MgDeviceManagementRoleAssignment +function Get-MgDeviceManagementWindowAutopilotDeploymentProfile { [CmdletBinding()] - param( + param + ( [Parameter()] - [System.String[]] - $Property, + [System.String] + $WindowsAutopilotDeploymentProfileId, [Parameter()] [PSObject] $InputObject, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Int32] - $PageSize, + [System.String[]] + $Property, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, [Parameter()] [System.Int32] $Skip, + [Parameter()] + [System.String[]] + $Sort, + [Parameter()] [System.Int32] $Top, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String] - $DeviceAndAppManagementRoleAssignmentId, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -17301,113 +17321,125 @@ function Get-MgDeviceManagementRoleAssignment [Parameter()] [System.String] - $Filter, + $CountVariable + ) +} +function New-MgDeviceManagementWindowAutopilotDeploymentProfile +{ + [CmdletBinding()] + param + ( [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $BodyParameter, [Parameter()] - [System.String] - $Search, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject[]] + $AssignedDevices, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject[]] + $Assignments, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgDeviceManagementRoleDefinition -{ - [CmdletBinding()] - param( + [System.DateTime] + $CreatedDateTime, + [Parameter()] - [System.String[]] - $Property, + [System.String] + $Description, + + [Parameter()] + [System.String] + $DeviceNameTemplate, [Parameter()] [PSObject] - $InputObject, + $DeviceType, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $DisplayName, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $EnableWhiteGlove, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $EnrollmentStatusScreenSettings, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $ExtractHardwareHash, [Parameter()] - [System.Int32] - $Top, + [System.String] + $Id, [Parameter()] [System.String] - $CountVariable, + $Language, [Parameter()] - [System.Uri] - $Proxy, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.String[]] - $Sort, + [System.String] + $ManagementServiceAppId, [Parameter()] - [System.String] - $RoleDefinitionId, + [PSObject] + $OutOfBoxExperienceSettings, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Break, [Parameter()] - [System.String] - $Filter, + [PSObject[]] + $HttpPipelineAppend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject[]] + $HttpPipelinePrepend, [Parameter()] - [System.String] - $Search, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.Management.Automation.SwitchParameter] + $Confirm ) } -function Get-MgDeviceManagementRoleDefinitionRoleAssignment + +function Remove-MgDeviceManagementWindowAutopilotDeploymentProfile { [CmdletBinding()] - param( + param + ( [Parameter()] - [System.String[]] - $Property, + [System.String] + $WindowsAutopilotDeploymentProfileId, [Parameter()] [PSObject] @@ -17415,209 +17447,212 @@ function Get-MgDeviceManagementRoleDefinitionRoleAssignment [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] - [System.Int32] - $PageSize, + [PSObject[]] + $HttpPipelineAppend, [Parameter()] - [PSObject] + [PSObject[]] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, - - [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, - - [Parameter()] - [System.String] - $RoleAssignmentId, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $RoleDefinitionId, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm + ) +} +function Update-MgDeviceManagementWindowAutopilotDeploymentProfile +{ + [CmdletBinding()] + param + ( [Parameter()] [System.String] - $Filter, + $WindowsAutopilotDeploymentProfileId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $InputObject, [Parameter()] - [System.String] - $Search, + [PSObject] + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject[]] + $AssignedDevices, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function New-MgDeviceManagementRoleAssignment -{ - [CmdletBinding()] - param( + [PSObject[]] + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + [Parameter()] [System.String] $Description, [Parameter()] [System.String] - $DisplayName, + $DeviceNameTemplate, [Parameter()] - [System.String[]] - $ResourceScopes, + [PSObject] + $DeviceType, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $DisplayName, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $EnableWhiteGlove, [Parameter()] [PSObject] - $RoleScopeTags, + $EnrollmentStatusScreenSettings, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $ExtractHardwareHash, [Parameter()] - [PSObject] - $ScopeType, + [System.String] + $Id, [Parameter()] - [System.String[]] - $Members, + [System.String] + $Language, [Parameter()] - [System.Uri] - $Proxy, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.String[]] - $ScopeMembers, + [System.String] + $ManagementServiceAppId, [Parameter()] [PSObject] - $BodyParameter, + $OutOfBoxExperienceSettings, [Parameter()] - [System.String] - $Id, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [PSObject] - $RoleDefinition, + [PSObject[]] + $HttpPipelineAppend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject[]] + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $PassThru, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function New-MgDeviceManagementRoleDefinition -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $Description, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $DisplayName, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Confirm + ) +} +function Get-MgDeviceManagementWindowAutopilotDeploymentProfileAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $WindowsAutopilotDeploymentProfileId, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $InputObject, [Parameter()] - [PSObject] - $Permissions, + [System.String[]] + $ExpandProperty, [Parameter()] [System.String[]] - $RoleScopeTagIds, + $Property, [Parameter()] - [PSObject] - $RoleAssignments, + [System.String] + $Filter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltIn, + [System.String] + $Search, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $BodyParameter, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $Id, + [System.Int32] + $Top, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] - [PSObject] - $RolePermissions, + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.PSCredential] @@ -17625,158 +17660,135 @@ function New-MgDeviceManagementRoleDefinition [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsBuiltInRoleDefinition, + $All, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.String] + $CountVariable ) } -function Remove-MgDeviceManagementRoleAssignment +#endregion +#region MicrosoftGraph +function Get-MgDeviceManagementRoleAssignment { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String[]] + $Property, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $IfMatch, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Int32] + $Top, [Parameter()] [System.String] - $DeviceAndAppManagementRoleAssignmentId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + $CountVariable, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgDeviceManagementRoleDefinition -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $DeviceAndAppManagementRoleAssignmentId, [Parameter()] - [System.Uri] - $Proxy, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $All, [Parameter()] [System.String] - $IfMatch, - - [Parameter()] - [PSObject] - $InputObject, + $Filter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] - [System.String] - $RoleDefinitionId, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + [PSObject] + $HttpPipelineAppend ) } -function Update-MgDeviceManagementRoleAssignment +function Get-MgDeviceManagementRoleDefinition { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, - [Parameter()] [System.String[]] - $ResourceScopes, + $Property, [Parameter()] [PSObject] $InputObject, - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $DeviceAndAppManagementRoleAssignmentId, + [System.Int32] + $PageSize, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $ScopeType, + [System.Int32] + $Skip, [Parameter()] - [System.String[]] - $Members, + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, [Parameter()] [System.Uri] @@ -17784,291 +17796,277 @@ function Update-MgDeviceManagementRoleAssignment [Parameter()] [System.String[]] - $ScopeMembers, - - [Parameter()] - [PSObject] - $BodyParameter, + $Sort, [Parameter()] [System.String] - $Id, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $RoleDefinitionId, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $All, [Parameter()] - [PSObject] - $RoleDefinition, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [PSObject] - $RoleScopeTags, + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgDeviceManagementRoleDefinition +function Get-MgDeviceManagementRoleDefinitionRoleAssignment { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, + [System.String[]] + $Property, [Parameter()] [PSObject] $InputObject, - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Int32] + $PageSize, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $Permissions, + [System.Int32] + $Skip, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $RoleAssignments, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltIn, + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.String[]] + $Sort, [Parameter()] [System.String] - $Id, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $RoleAssignmentId, [Parameter()] [System.String] $RoleDefinitionId, [Parameter()] - [PSObject] - $RolePermissions, + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltInRoleDefinition, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgDeviceManagementRoleScopeTag +function New-MgDeviceManagementRoleAssignment { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + [Parameter()] [System.String[]] - $Property, + $ResourceScopes, [Parameter()] - [PSObject] - $InputObject, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $RoleScopeTags, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $RoleScopeTagId, + [PSObject] + $ScopeType, [Parameter()] - [System.Int32] - $Skip, + [System.String[]] + $Members, [Parameter()] - [System.Int32] - $Top, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $CountVariable, + [System.String[]] + $ScopeMembers, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $BodyParameter, [Parameter()] - [System.String[]] - $Sort, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, [Parameter()] - [System.String] - $Filter, + [PSObject] + $RoleDefinition, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.String] - $Search, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -#endregion -#region MicrosoftGraph -function Get-MgDeviceManagementDeviceEnrollmentConfiguration +function New-MgDeviceManagementRoleDefinition { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [System.String] + $Description, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $DisplayName, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $Permissions, [Parameter()] - [System.Int32] - $Top, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $RoleAssignments, [Parameter()] - [System.String] - $DeviceEnrollmentConfigurationId, + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $Confirm, [Parameter()] - [System.String] - $Filter, + [PSObject] + $RolePermissions, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [System.String] - $Search, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $IsBuiltInRoleDefinition, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgRoleManagement +function Remove-MgDeviceManagementRoleAssignment { [CmdletBinding()] param( @@ -18076,39 +18074,55 @@ function Get-MgRoleManagement [PSObject] $HttpPipelinePrepend, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $IfMatch, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $InputObject, [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $DeviceAndAppManagementRoleAssignmentId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break + $Break, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Get-MgRoleManagementDirectory +function Remove-MgDeviceManagementRoleDefinition { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [PSObject] $HttpPipelinePrepend, @@ -18118,69 +18132,81 @@ function Get-MgRoleManagementDirectory $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $IfMatch, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $InputObject, [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] $HttpPipelineAppend, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $RoleDefinitionId, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break ) } -function Get-MgRoleManagementDirectoryRoleAssignment +function Update-MgDeviceManagementRoleAssignment { [CmdletBinding()] param( [Parameter()] [System.String] - $UnifiedRoleAssignmentId, + $Description, + + [Parameter()] + [System.String] + $DisplayName, [Parameter()] [System.String[]] - $Property, + $ResourceScopes, [Parameter()] [PSObject] $InputObject, + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $DeviceAndAppManagementRoleAssignmentId, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, + [PSObject] + $ScopeType, [Parameter()] - [System.String] - $CountVariable, + [System.String[]] + $Members, [Parameter()] [System.Uri] @@ -18188,115 +18214,46 @@ function Get-MgRoleManagementDirectoryRoleAssignment [Parameter()] [System.String[]] - $Sort, + $ScopeMembers, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $Filter, + $Id, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $Search, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.String[]] - $ExpandProperty, - - [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgRoleManagementDirectoryRoleDefinition -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $Property, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Int32] - $PageSize, - - [Parameter()] - [System.String] - $UnifiedRoleDefinitionId, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, - - [Parameter()] - [System.String] - $CountVariable, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.String[]] - $Sort, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, - - [Parameter()] - [System.String] - $Filter, + $RoleDefinition, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.String] - $Search, + [PSObject] + $RoleScopeTags, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, - [Parameter()] - [System.String[]] - $ExpandProperty, - [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgDeviceManagementDeviceEnrollmentConfiguration +function Update-MgDeviceManagementRoleDefinition { [CmdletBinding()] param( @@ -18305,20 +18262,12 @@ function New-MgDeviceManagementDeviceEnrollmentConfiguration $Description, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.String] + $DisplayName, [Parameter()] [PSObject] - $Assignments, - - [Parameter()] - [System.DateTime] - $CreatedDateTime, - - [Parameter()] - [System.String] - $DisplayName, + $InputObject, [Parameter()] [System.Collections.Hashtable] @@ -18329,21 +18278,29 @@ function New-MgDeviceManagementDeviceEnrollmentConfiguration $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $Priority, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Version, + [PSObject] + $Permissions, [Parameter()] [System.String[]] $RoleScopeTagIds, + [Parameter()] + [PSObject] + $RoleAssignments, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, + [Parameter()] [System.Uri] $Proxy, @@ -18361,45 +18318,49 @@ function New-MgDeviceManagementDeviceEnrollmentConfiguration $Confirm, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $RoleDefinitionId, [Parameter()] [PSObject] - $DeviceEnrollmentConfigurationType, + $RolePermissions, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsBuiltInRoleDefinition, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgRoleManagementDirectoryRoleAssignment +function Get-MgDeviceManagementRoleScopeTag { [CmdletBinding()] param( [Parameter()] - [PSObject] - $Principal, - - [Parameter()] - [System.String] - $ResourceScope, + [System.String[]] + $Property, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $DirectoryScope, + [System.Int32] + $PageSize, [Parameter()] [PSObject] @@ -18407,147 +18368,137 @@ function New-MgRoleManagementDirectoryRoleAssignment [Parameter()] [System.String] - $PrincipalId, + $RoleScopeTagId, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $Skip, [Parameter()] - [PSObject] - $BodyParameter, + [System.Int32] + $Top, [Parameter()] [System.String] - $Id, + $CountVariable, [Parameter()] - [System.String] - $Condition, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $RoleDefinitionId, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [PSObject] - $RoleDefinition, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, - [Parameter()] - [PSObject] - $AppScope, - - [Parameter()] - [System.String] - $DirectoryScopeId, - - [Parameter()] - [System.String] - $PrincipalOrganizationId, - [Parameter()] [System.String] - $AppScopeId, + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function New-MgRoleManagementDirectoryRoleDefinition +#endregion +#region MicrosoftGraph +function Get-MgDeviceManagementDeviceEnrollmentConfiguration { [CmdletBinding()] param( - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, - [Parameter()] [System.String[]] - $ResourceScopes, + $Property, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $TemplateId, + [System.Int32] + $PageSize, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.String] - $Version, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltIn, + [System.Int32] + $Top, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $CountVariable, [Parameter()] - [PSObject] - $BodyParameter, + [System.String] + $DeviceEnrollmentConfigurationId, [Parameter()] - [System.String] - $Id, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $InheritsPermissionsFrom, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $All, [Parameter()] - [PSObject] - $RolePermissions, + [System.String] + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Search, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsEnabled, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgDeviceManagementDeviceEnrollmentConfiguration +function Get-MgRoleManagement { [CmdletBinding()] param( @@ -18555,48 +18506,36 @@ function Remove-MgDeviceManagementDeviceEnrollmentConfiguration [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [System.Uri] $Proxy, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $IfMatch, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $Property, [Parameter()] - [System.String] - $DeviceEnrollmentConfigurationId, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [PSObject] - $HttpPipelineAppend + $Break ) } -function Remove-MgRoleManagementDirectory +function Get-MgRoleManagementDirectory { [CmdletBinding()] param( @@ -18604,138 +18543,190 @@ function Remove-MgRoleManagementDirectory [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [System.String] - $IfMatch, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String[]] + $Property, [Parameter()] [PSObject] - $HttpPipelineAppend + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break ) } -function Remove-MgRoleManagementDirectoryRoleAssignment +function Get-MgRoleManagementDirectoryRoleAssignment { [CmdletBinding()] param( + [Parameter()] + [System.String] + $UnifiedRoleAssignmentId, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $UnifiedRoleAssignmentId, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $IfMatch, + $Filter, [Parameter()] - [PSObject] - $InputObject, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Remove-MgRoleManagementDirectoryRoleDefinition +function Get-MgRoleManagementDirectoryRoleDefinition { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String[]] + $Property, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $InputObject, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Int32] + $PageSize, [Parameter()] [System.String] $UnifiedRoleDefinitionId, + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + [Parameter()] [System.String] - $IfMatch, + $CountVariable, [Parameter()] - [PSObject] - $InputObject, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $Sort, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $All, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, + [Parameter()] + [System.String[]] + $ExpandProperty, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgDeviceManagementDeviceEnrollmentConfiguration +function New-MgDeviceManagementDeviceEnrollmentConfiguration { [CmdletBinding()] param( @@ -18759,10 +18750,6 @@ function Update-MgDeviceManagementDeviceEnrollmentConfiguration [System.String] $DisplayName, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, @@ -18787,10 +18774,6 @@ function Update-MgDeviceManagementDeviceEnrollmentConfiguration [System.String[]] $RoleScopeTagIds, - [Parameter()] - [System.String] - $DeviceEnrollmentConfigurationId, - [Parameter()] [System.Uri] $Proxy, @@ -18807,10 +18790,6 @@ function Update-MgDeviceManagementDeviceEnrollmentConfiguration [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, @@ -18828,78 +18807,110 @@ function Update-MgDeviceManagementDeviceEnrollmentConfiguration $HttpPipelineAppend ) } -function Update-MgRoleManagement +function New-MgRoleManagementDirectoryRoleAssignment { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [PSObject] - $HttpPipelinePrepend, + $Principal, [Parameter()] - [PSObject] - $BodyParameter, + [System.String] + $ResourceScope, [Parameter()] - [System.Uri] - $Proxy, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $DeviceManagement, + $DirectoryScope, [Parameter()] [PSObject] - $HttpPipelineAppend, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $PrincipalId, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $EntitlementManagement, + $BodyParameter, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $Condition, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.String] + $RoleDefinitionId, + [Parameter()] [PSObject] - $Directory, + $RoleDefinition, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $CloudPc, + $AppScope, + + [Parameter()] + [System.String] + $DirectoryScopeId, + + [Parameter()] + [System.String] + $PrincipalOrganizationId, + + [Parameter()] + [System.String] + $AppScopeId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties + [PSObject] + $HttpPipelineAppend ) } -function Update-MgRoleManagementDirectory +function New-MgRoleManagementDirectoryRoleDefinition { [CmdletBinding()] param( [Parameter()] - [PSObject] - $RoleAssignmentScheduleRequests, + [System.String] + $Description, [Parameter()] - [PSObject] - $TransitiveRoleAssignments, + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $ResourceScopes, [Parameter()] [System.Collections.Hashtable] @@ -18910,36 +18921,20 @@ function Update-MgRoleManagementDirectory $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $RoleEligibilitySchedules, - - [Parameter()] - [PSObject] - $ResourceNamespaces, + [System.String] + $TemplateId, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $RoleDefinitions, - - [Parameter()] - [PSObject] - $RoleEligibilityScheduleInstances, - - [Parameter()] - [PSObject] - $RoleEligibilityScheduleRequests, - - [Parameter()] - [PSObject] - $RoleAssignmentSchedules, + [System.String] + $Version, [Parameter()] - [PSObject] - $RoleAssignments, + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, [Parameter()] [System.Uri] @@ -18953,161 +18948,201 @@ function Update-MgRoleManagementDirectory [System.String] $Id, + [Parameter()] + [PSObject] + $InheritsPermissionsFrom, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $RolePermissions, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [PSObject] - $RoleAssignmentScheduleInstances, - - [Parameter()] - [PSObject] - $RoleAssignmentApprovals, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $IsEnabled, [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgRoleManagementDirectoryRoleDefinition +function Remove-MgDeviceManagementDeviceEnrollmentConfiguration { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $ResourceScopes, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $InputObject, + [System.Uri] + $Proxy, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $UnifiedRoleDefinitionId, + $IfMatch, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $Version, + $DeviceEnrollmentConfigurationId, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsBuiltIn, + [PSObject] + $HttpPipelineAppend + ) +} +function Remove-MgRoleManagementDirectory +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [System.String] - $Id, + $IfMatch, [Parameter()] - [PSObject] - $InheritsPermissionsFrom, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $Break, [Parameter()] [PSObject] - $RolePermissions, + $HttpPipelineAppend + ) +} +function Remove-MgRoleManagementDirectoryRoleAssignment +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + [Parameter()] [System.String] - $TemplateId, + $UnifiedRoleAssignmentId, + + [Parameter()] + [System.String] + $IfMatch, + + [Parameter()] + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsEnabled, + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -#endregion -#region MicrosoftGraph -function Invoke-MgTargetDeviceAppMgtTargetedManagedAppConfigurationApp +function Remove-MgRoleManagementDirectoryRoleDefinition { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, - [Parameter()] - [PSObject] - $AppGroupType, - [Parameter()] [System.Management.Automation.SwitchParameter] $PassThru, [Parameter()] - [PSObject] - $Apps, + [System.String] + $UnifiedRoleDefinitionId, + + [Parameter()] + [System.String] + $IfMatch, [Parameter()] [PSObject] @@ -19117,58 +19152,46 @@ function Invoke-MgTargetDeviceAppMgtTargetedManagedAppConfigurationApp [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [PSObject] - $HttpPipelineAppend, - [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $TargetedManagedAppConfigurationId, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + [PSObject] + $HttpPipelineAppend ) } -function New-MgDeviceAppMgtAndroidManagedAppProtection +function Update-MgDeviceManagementDeviceEnrollmentConfiguration { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $FingerprintBlocked, + [System.String] + $Description, [Parameter()] - [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanHigh, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] [PSObject] - $MaximumAllowedDeviceThreatLevel, + $Assignments, [Parameter()] - [System.String] - $CustomBrowserDisplayName, + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] - $MinimumRequiredPatchVersion, + $DisplayName, [Parameter()] [PSObject] - $AppActionIfAndroidDeviceModelNotAllowed, + $InputObject, [Parameter()] [System.Collections.Hashtable] @@ -19176,1460 +19199,1551 @@ function New-MgDeviceAppMgtAndroidManagedAppProtection [Parameter()] [System.Management.Automation.SwitchParameter] - $DisableAppEncryptionIfDeviceEncryptionIsEnabled, + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $Priority, [Parameter()] [PSObject] - $MobileThreatDefensePartnerPriority, + $HttpPipelinePrepend, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Int32] + $Version, [Parameter()] [System.String[]] - $AllowedAndroidDeviceModels, + $RoleScopeTagIds, [Parameter()] [System.String] - $MinimumWarningAppVersion, + $DeviceEnrollmentConfigurationId, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $ManagedBrowser, + $BodyParameter, [Parameter()] [System.String] - $Description, + $Id, [Parameter()] - [System.TimeSpan] - $PeriodOnlineBeforeAccessCheck, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Int32] - $PreviousPinBlockCount, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.String] - $MaximumWarningOSVersion, - - [Parameter()] - [System.TimeSpan] - $PeriodBeforePinReset, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $MinimumWarningCompanyPortalVersion, + [PSObject] + $DeviceEnrollmentConfigurationType, [Parameter()] [System.Management.Automation.SwitchParameter] - $RequireClass3Biometrics, - - [Parameter()] - [System.String] - $MinimumWarningPatchVersion, + $Break, [Parameter()] [PSObject] - $AppActionIfDeviceComplianceRequired, - + $HttpPipelineAppend + ) +} +function Update-MgRoleManagement +{ + [CmdletBinding()] + param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $PrintBlocked, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $CustomDialerAppDisplayName, + [PSObject] + $HttpPipelinePrepend, [Parameter()] [PSObject] - $AllowedDataIngestionLocations, + $BodyParameter, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Int32] - $DeployedAppCount, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [PSObject] - $NotificationRestriction, + $DeviceManagement, [Parameter()] - [System.String] - $CustomBrowserPackageId, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $BiometricAuthenticationBlocked, + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanMedium, + $EntitlementManagement, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $RequiredAndroidSafetyNetAppsVerificationType, + $Directory, [Parameter()] [PSObject] - $ApprovedKeyboards, + $CloudPc, [Parameter()] [System.Management.Automation.SwitchParameter] - $DeviceComplianceRequired, + $Break, [Parameter()] - [PSObject] - $AppGroupType, - + [System.Collections.Hashtable] + $AdditionalProperties + ) +} +function Update-MgRoleManagementDirectory +{ + [CmdletBinding()] + param( [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeAccessCheck, + [PSObject] + $RoleAssignmentScheduleRequests, [Parameter()] [PSObject] - $AppActionIfUnableToAuthenticateUser, + $TransitiveRoleAssignments, [Parameter()] - [System.String] - $MinimumRequiredOSVersion, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $RequirePinAfterBiometricChange, + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $MaximumRequiredOSVersion, + [PSObject] + $RoleEligibilitySchedules, [Parameter()] - [System.String] - $MinimumWipePatchVersion, + [PSObject] + $ResourceNamespaces, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ContactSyncBlocked, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $MaximumPinRetries, + [PSObject] + $RoleDefinitions, [Parameter()] [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanLow, + $RoleEligibilityScheduleInstances, [Parameter()] [PSObject] - $AppActionIfMaximumPinRetriesExceeded, + $RoleEligibilityScheduleRequests, [Parameter()] - [System.String] - $MinimumWipeCompanyPortalVersion, + [PSObject] + $RoleAssignmentSchedules, [Parameter()] [PSObject] - $AllowedOutboundDataTransferDestinations, + $RoleAssignments, [Parameter()] - [PSObject] - $AppActionIfAndroidDeviceManufacturerNotAllowed, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $MinimumWipeAppVersion, + [PSObject] + $BodyParameter, [Parameter()] [System.String] - $AllowedAndroidDeviceManufacturers, + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $OrganizationalCredentialsRequired, + $Confirm, [Parameter()] - [System.String] - $CustomDialerAppPackageId, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $AllowedDataStorageLocations, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Int32] - $BlockAfterCompanyPortalUpdateDeferralInDays, + [PSObject] + $RoleAssignmentScheduleInstances, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $RoleAssignmentApprovals, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsAssigned, + $Break, [Parameter()] [PSObject] - $DialerRestrictionLevel, + $HttpPipelineAppend + ) +} +function Update-MgRoleManagementDirectoryRoleDefinition +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, [Parameter()] - [System.Int32] - $AllowedOutboundClipboardSharingExceptionLength, + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $ResourceScopes, [Parameter()] [PSObject] - $AppActionIfAndroidSafetyNetDeviceAttestationFailed, + $InputObject, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.String] - $Version, + $UnifiedRoleDefinitionId, [Parameter()] [PSObject] - $AppActionIfAndroidSafetyNetAppsVerificationFailed, + $HttpPipelinePrepend, [Parameter()] [System.String] - $MinimumWipeOSVersion, + $Version, [Parameter()] [System.Management.Automation.SwitchParameter] - $DataBackupBlocked, - - [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeWipeIsEnforced, + $Break, [Parameter()] - [System.TimeSpan] - $PinRequiredInsteadOfBiometricTimeout, + [System.Management.Automation.SwitchParameter] + $IsBuiltIn, [Parameter()] - [System.String] - $MinimumRequiredAppVersion, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $BodyParameter, [Parameter()] - [PSObject] - $MobileThreatDefenseRemediationAction, + [System.String] + $Id, [Parameter()] [PSObject] - $ExemptedAppPackages, + $InheritsPermissionsFrom, [Parameter()] [System.Management.Automation.SwitchParameter] - $KeyboardsRestricted, + $Confirm, [Parameter()] - [PSObject] - $DeploymentSummary, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] [PSObject] - $Apps, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ScreenCaptureBlocked, + $RolePermissions, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ManagedBrowserToOpenLinksRequired, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $MaximumWipeOSVersion, + $TemplateId, [Parameter()] - [System.Int32] - $MinimumPinLength, + [System.Management.Automation.SwitchParameter] + $IsEnabled, [Parameter()] [System.Management.Automation.SwitchParameter] - $SimplePinBlocked, + $ProxyUseDefaultCredentials, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +#endregion +#region MicrosoftGraph +function Invoke-MgTargetDeviceAppMgtTargetedManagedAppConfigurationApp +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] [PSObject] - $HttpPipelineAppend, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $EncryptAppData, + [PSObject] + $BodyParameter, [Parameter()] - [System.String] - $MinimumWarningOSVersion, + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $AppGroupType, [Parameter()] [System.Management.Automation.SwitchParameter] - $ConnectToVpnOnLaunch, + $PassThru, [Parameter()] - [System.Int32] - $WipeAfterCompanyPortalUpdateDeferralInDays, + [PSObject] + $Apps, [Parameter()] [PSObject] - $RequiredAndroidSafetyNetEvaluationType, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $PinRequired, + $Confirm, [Parameter()] - [System.Int32] - $WarnAfterCompanyPortalUpdateDeferralInDays, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $FingerprintAndBiometricEnabled, + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $AppActionIfDeviceLockNotSet, + [System.String] + $TargetedManagedAppConfigurationId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SaveAsBlocked, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.TimeSpan] - $GracePeriodToBlockAppsDuringOffClockHours, - + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function New-MgDeviceAppMgtAndroidManagedAppProtection +{ + [CmdletBinding()] + param( [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $MinimumRequiredCompanyPortalVersion, + [System.Management.Automation.SwitchParameter] + $FingerprintBlocked, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BlockDataIngestionIntoOrganizationDocuments, + [PSObject] + $AppActionIfDevicePasscodeComplexityLessThanHigh, [Parameter()] [PSObject] - $Assignments, + $MaximumAllowedDeviceThreatLevel, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.String] + $CustomBrowserDisplayName, [Parameter()] - [PSObject] - $AllowedInboundDataTransferSources, + [System.String] + $MinimumRequiredPatchVersion, [Parameter()] [PSObject] - $RequiredAndroidSafetyNetDeviceAttestationType, + $AppActionIfAndroidDeviceModelNotAllowed, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DisableAppPinIfDevicePinIsSet, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $DisableAppEncryptionIfDeviceEncryptionIsEnabled, [Parameter()] [PSObject] - $BodyParameter, + $MobileThreatDefensePartnerPriority, [Parameter()] - [PSObject] - $AllowedOutboundClipboardSharingLevel, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DeviceLockRequired, + [System.String[]] + $AllowedAndroidDeviceModels, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $MinimumWarningAppVersion, [Parameter()] [PSObject] - $PinCharacterSet, + $ManagedBrowser, [Parameter()] - [PSObject] - $TargetedAppManagementLevels - ) -} -function Set-MgDeviceAppMgtTargetedManagedAppConfiguration -{ - [CmdletBinding()] - param( + [System.String] + $Description, + [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.TimeSpan] + $PeriodOnlineBeforeAccessCheck, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Int32] + $PreviousPinBlockCount, [Parameter()] - [PSObject] - $BodyParameter, + [System.String] + $MaximumWarningOSVersion, [Parameter()] - [System.Uri] - $Proxy, + [System.TimeSpan] + $PeriodBeforePinReset, + + [Parameter()] + [System.String] + $MinimumWarningCompanyPortalVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $RequireClass3Biometrics, [Parameter()] - [PSObject] - $Assignments, + [System.String] + $MinimumWarningPatchVersion, [Parameter()] [PSObject] - $InputObject, + $AppActionIfDeviceComplianceRequired, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $PrintBlocked, + + [Parameter()] + [System.String] + $CustomDialerAppDisplayName, [Parameter()] [PSObject] - $HttpPipelineAppend, + $AllowedDataIngestionLocations, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $TargetedManagedAppConfigurationId, + [System.Int32] + $DeployedAppCount, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $NotificationRestriction, + + [Parameter()] + [System.String] + $CustomBrowserPackageId, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Update-MgDeviceAppMgt -{ - [CmdletBinding()] - param( + $BiometricAuthenticationBlocked, + [Parameter()] [PSObject] - $TargetedManagedAppConfigurations, + $AppActionIfDevicePasscodeComplexityLessThanMedium, [Parameter()] - [PSObject] - $ManagedEBooks, + [System.String] + $Id, [Parameter()] [PSObject] - $MobileApps, + $RequiredAndroidSafetyNetAppsVerificationType, [Parameter()] [PSObject] - $EnterpriseCodeSigningCertificates, + $ApprovedKeyboards, [Parameter()] - [PSObject] - $ManagedAppPolicies, + [System.Management.Automation.SwitchParameter] + $DeviceComplianceRequired, [Parameter()] [PSObject] - $DeviceAppManagementTasks, + $AppGroupType, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.TimeSpan] + $PeriodOfflineBeforeAccessCheck, [Parameter()] [PSObject] - $ManagedAppStatuses, + $AppActionIfUnableToAuthenticateUser, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $MinimumRequiredOSVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $RequirePinAfterBiometricChange, [Parameter()] [System.String] - $MicrosoftStoreForBusinessLanguage, + $MaximumRequiredOSVersion, [Parameter()] [System.String] - $Id, + $MinimumWipePatchVersion, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ContactSyncBlocked, + + [Parameter()] + [System.Int32] + $MaximumPinRetries, [Parameter()] [PSObject] - $ManagedAppRegistrations, + $AppActionIfDevicePasscodeComplexityLessThanLow, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AppActionIfMaximumPinRetriesExceeded, + + [Parameter()] + [System.String] + $MinimumWipeCompanyPortalVersion, [Parameter()] [PSObject] - $WindowsManagedAppProtections, + $AllowedOutboundDataTransferDestinations, [Parameter()] [PSObject] - $DefaultManagedAppProtections, + $AppActionIfAndroidDeviceManufacturerNotAllowed, + + [Parameter()] + [System.String] + $MinimumWipeAppVersion, + + [Parameter()] + [System.String] + $AllowedAndroidDeviceManufacturers, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsEnabledForMicrosoftStoreForBusiness, + $OrganizationalCredentialsRequired, [Parameter()] - [PSObject] - $MobileAppCategories, + [System.String] + $CustomDialerAppPackageId, [Parameter()] [PSObject] - $ManagedEBookCategories, + $AllowedDataStorageLocations, [Parameter()] - [System.DateTime] - $MicrosoftStoreForBusinessLastCompletedApplicationSyncTime, + [System.Int32] + $BlockAfterCompanyPortalUpdateDeferralInDays, [Parameter()] - [PSObject] - $SymantecCodeSigningCertificate, + [System.String] + $DisplayName, [Parameter()] - [PSObject] - $IosManagedAppProtections, + [System.Management.Automation.SwitchParameter] + $IsAssigned, [Parameter()] [PSObject] - $IosLobAppProvisioningConfigurations, + $DialerRestrictionLevel, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $AllowedOutboundClipboardSharingExceptionLength, [Parameter()] [PSObject] - $BodyParameter, + $AppActionIfAndroidSafetyNetDeviceAttestationFailed, [Parameter()] - [PSObject] - $WindowsInformationProtectionWipeActions, + [System.String] + $Version, [Parameter()] [PSObject] - $MdmWindowsInformationProtectionPolicies, + $AppActionIfAndroidSafetyNetAppsVerificationFailed, [Parameter()] - [PSObject] - $WindowsManagementApp, + [System.String] + $MinimumWipeOSVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $DataBackupBlocked, [Parameter()] - [PSObject] - $SideLoadingKeys, + [System.TimeSpan] + $PeriodOfflineBeforeWipeIsEnforced, [Parameter()] - [PSObject] - $PolicySets, + [System.TimeSpan] + $PinRequiredInsteadOfBiometricTimeout, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $MinimumRequiredAppVersion, [Parameter()] [PSObject] - $WindowsInformationProtectionDeviceRegistrations, + $HttpPipelinePrepend, [Parameter()] [PSObject] - $VppTokens, + $MobileThreatDefenseRemediationAction, [Parameter()] [PSObject] - $WindowsInformationProtectionPolicies, + $ExemptedAppPackages, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $KeyboardsRestricted, [Parameter()] [PSObject] - $MicrosoftStoreForBusinessPortalSelection, + $DeploymentSummary, [Parameter()] [PSObject] - $AndroidManagedAppProtections, + $Apps, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ScreenCaptureBlocked, [Parameter()] - [System.DateTime] - $MicrosoftStoreForBusinessLastSuccessfulSyncDateTime, + [System.Management.Automation.SwitchParameter] + $ManagedBrowserToOpenLinksRequired, [Parameter()] - [PSObject] - $MobileAppConfigurations, + [System.String] + $MaximumWipeOSVersion, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Int32] + $MinimumPinLength, - [Parameter()] - [PSObject] - $WdacSupplementalPolicies - ) -} -function Update-MgDeviceAppMgtAndroidManagedAppProtection -{ - [CmdletBinding()] - param( [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $SimplePinBlocked, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FingerprintBlocked, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanHigh, - - [Parameter()] - [System.String] - $AndroidManagedAppProtectionId, + $HttpPipelineAppend, [Parameter()] - [PSObject] - $MaximumAllowedDeviceThreatLevel, + [System.Management.Automation.SwitchParameter] + $EncryptAppData, [Parameter()] [System.String] - $CustomBrowserDisplayName, + $MinimumWarningOSVersion, [Parameter()] - [System.String] - $MinimumRequiredPatchVersion, + [System.Management.Automation.SwitchParameter] + $ConnectToVpnOnLaunch, [Parameter()] - [PSObject] - $AppActionIfAndroidDeviceModelNotAllowed, + [System.Int32] + $WipeAfterCompanyPortalUpdateDeferralInDays, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $RequiredAndroidSafetyNetEvaluationType, [Parameter()] [System.Management.Automation.SwitchParameter] - $DisableAppEncryptionIfDeviceEncryptionIsEnabled, + $PinRequired, [Parameter()] - [PSObject] - $MobileThreatDefensePartnerPriority, + [System.Int32] + $WarnAfterCompanyPortalUpdateDeferralInDays, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Management.Automation.SwitchParameter] + $FingerprintAndBiometricEnabled, [Parameter()] - [System.String[]] - $AllowedAndroidDeviceModels, + [PSObject] + $AppActionIfDeviceLockNotSet, [Parameter()] - [PSObject] - $ManagedBrowser, + [System.Management.Automation.SwitchParameter] + $SaveAsBlocked, [Parameter()] [System.TimeSpan] - $PeriodOnlineBeforeAccessCheck, + $GracePeriodToBlockAppsDuringOffClockHours, [Parameter()] - [System.Int32] - $PreviousPinBlockCount, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [System.String] - $MaximumWarningOSVersion, + $MinimumRequiredCompanyPortalVersion, [Parameter()] - [System.TimeSpan] - $PeriodBeforePinReset, + [System.Management.Automation.SwitchParameter] + $BlockDataIngestionIntoOrganizationDocuments, [Parameter()] - [System.String] - $MinimumWarningCompanyPortalVersion, + [PSObject] + $Assignments, [Parameter()] - [System.Management.Automation.SwitchParameter] - $RequireClass3Biometrics, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.String] - $MinimumWarningPatchVersion, + [PSObject] + $AllowedInboundDataTransferSources, [Parameter()] [PSObject] - $AppActionIfDeviceComplianceRequired, + $RequiredAndroidSafetyNetDeviceAttestationType, [Parameter()] [System.Management.Automation.SwitchParameter] - $PrintBlocked, + $DisableAppPinIfDevicePinIsSet, [Parameter()] - [System.String] - $CustomDialerAppDisplayName, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $AllowedDataIngestionLocations, + $BodyParameter, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $AllowedOutboundClipboardSharingLevel, [Parameter()] - [System.Int32] - $DeployedAppCount, + [System.Management.Automation.SwitchParameter] + $DeviceLockRequired, [Parameter()] - [PSObject] - $NotificationRestriction, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $CustomBrowserPackageId, + [PSObject] + $PinCharacterSet, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BiometricAuthenticationBlocked, + [PSObject] + $TargetedAppManagementLevels + ) +} +function Set-MgDeviceAppMgtTargetedManagedAppConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanMedium, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $Id, + [PSObject] + $BodyParameter, [Parameter()] - [PSObject] - $ApprovedKeyboards, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $DeviceComplianceRequired, + $PassThru, [Parameter()] [PSObject] - $AppGroupType, + $Assignments, [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeAccessCheck, + [PSObject] + $InputObject, [Parameter()] - [PSObject] - $AppActionIfUnableToAuthenticateUser, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.String] - $MinimumRequiredOSVersion, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $RequirePinAfterBiometricChange, + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $MaximumRequiredOSVersion, + $TargetedManagedAppConfigurationId, [Parameter()] - [System.String] - $MinimumWipePatchVersion, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $ContactSyncBlocked, - + $Break + ) +} +function Update-MgDeviceAppMgt +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $AllowedOutboundClipboardSharingLevel, + $TargetedManagedAppConfigurations, [Parameter()] - [System.String] - $Description, + [PSObject] + $ManagedEBooks, [Parameter()] [PSObject] - $RequiredAndroidSafetyNetAppsVerificationType, + $MobileApps, [Parameter()] [PSObject] - $AppActionIfMaximumPinRetriesExceeded, + $EnterpriseCodeSigningCertificates, [Parameter()] - [System.String] - $MinimumWipeCompanyPortalVersion, + [PSObject] + $ManagedAppPolicies, [Parameter()] - [System.String] - $Version, + [PSObject] + $DeviceAppManagementTasks, [Parameter()] - [PSObject] - $AllowedOutboundDataTransferDestinations, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [PSObject] - $AppActionIfAndroidDeviceManufacturerNotAllowed, + $ManagedAppStatuses, [Parameter()] - [System.String] - $MinimumWipeAppVersion, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.Int32] - $AllowedOutboundClipboardSharingExceptionLength, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $AllowedAndroidDeviceManufacturers, + $MicrosoftStoreForBusinessLanguage, [Parameter()] - [System.Management.Automation.SwitchParameter] - $OrganizationalCredentialsRequired, + [System.String] + $Id, [Parameter()] - [System.String] - $CustomDialerAppPackageId, + [PSObject] + $ManagedAppRegistrations, [Parameter()] [PSObject] - $AllowedDataStorageLocations, + $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $BlockAfterCompanyPortalUpdateDeferralInDays, + [PSObject] + $WindowsManagedAppProtections, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $DefaultManagedAppProtections, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $IsEnabledForMicrosoftStoreForBusiness, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAssigned, + [PSObject] + $MobileAppCategories, [Parameter()] [PSObject] - $DialerRestrictionLevel, + $ManagedEBookCategories, [Parameter()] - [System.String] - $MinimumWarningAppVersion, + [System.DateTime] + $MicrosoftStoreForBusinessLastCompletedApplicationSyncTime, [Parameter()] [PSObject] - $AppActionIfAndroidSafetyNetDeviceAttestationFailed, + $SymantecCodeSigningCertificate, [Parameter()] - [System.Int32] - $MaximumPinRetries, + [PSObject] + $IosManagedAppProtections, [Parameter()] [PSObject] - $AppActionIfAndroidSafetyNetAppsVerificationFailed, - - [Parameter()] - [System.String] - $MinimumWipeOSVersion, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $DataBackupBlocked, - - [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeWipeIsEnforced, + $IosLobAppProvisioningConfigurations, [Parameter()] - [System.TimeSpan] - $PinRequiredInsteadOfBiometricTimeout, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $MinimumRequiredAppVersion, + [PSObject] + $BodyParameter, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $WindowsInformationProtectionWipeActions, [Parameter()] [PSObject] - $MobileThreatDefenseRemediationAction, + $MdmWindowsInformationProtectionPolicies, [Parameter()] [PSObject] - $ExemptedAppPackages, + $WindowsManagementApp, [Parameter()] [System.Management.Automation.SwitchParameter] - $KeyboardsRestricted, + $PassThru, [Parameter()] [PSObject] - $DeploymentSummary, + $SideLoadingKeys, [Parameter()] [PSObject] - $Apps, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ScreenCaptureBlocked, + $PolicySets, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ManagedBrowserToOpenLinksRequired, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.String] - $MaximumWipeOSVersion, + [PSObject] + $WindowsInformationProtectionDeviceRegistrations, [Parameter()] - [System.Int32] - $MinimumPinLength, + [PSObject] + $VppTokens, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SimplePinBlocked, + [PSObject] + $WindowsInformationProtectionPolicies, [Parameter()] - [System.String] - $MinimumWarningOSVersion, + [PSObject] + $MicrosoftStoreForBusinessPortalSelection, [Parameter()] [PSObject] - $HttpPipelineAppend, + $AndroidManagedAppProtections, [Parameter()] [System.Management.Automation.SwitchParameter] - $EncryptAppData, + $Break, [Parameter()] - [System.TimeSpan] - $GracePeriodToBlockAppsDuringOffClockHours, + [System.DateTime] + $MicrosoftStoreForBusinessLastSuccessfulSyncDateTime, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ConnectToVpnOnLaunch, + [PSObject] + $MobileAppConfigurations, [Parameter()] - [System.Int32] - $WipeAfterCompanyPortalUpdateDeferralInDays, + [PSObject] + $HttpPipelineAppend, [Parameter()] [PSObject] - $RequiredAndroidSafetyNetEvaluationType, - + $WdacSupplementalPolicies + ) +} +function Update-MgDeviceAppMgtAndroidManagedAppProtection +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] - $PinRequired, + $Confirm, [Parameter()] - [System.Int32] - $WarnAfterCompanyPortalUpdateDeferralInDays, + [System.Management.Automation.SwitchParameter] + $FingerprintBlocked, [Parameter()] [PSObject] - $AppActionIfDevicePasscodeComplexityLessThanLow, + $AppActionIfDevicePasscodeComplexityLessThanHigh, + + [Parameter()] + [System.String] + $AndroidManagedAppProtectionId, [Parameter()] [PSObject] - $AppActionIfDeviceLockNotSet, + $MaximumAllowedDeviceThreatLevel, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SaveAsBlocked, + [System.String] + $CustomBrowserDisplayName, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $MinimumRequiredPatchVersion, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [PSObject] + $AppActionIfAndroidDeviceModelNotAllowed, [Parameter()] - [System.String] - $MinimumRequiredCompanyPortalVersion, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] - $BlockDataIngestionIntoOrganizationDocuments, + $DisableAppEncryptionIfDeviceEncryptionIsEnabled, [Parameter()] [PSObject] - $Assignments, + $MobileThreatDefensePartnerPriority, [Parameter()] [System.DateTime] - $LastModifiedDateTime, + $CreatedDateTime, [Parameter()] - [PSObject] - $AllowedInboundDataTransferSources, + [System.String[]] + $AllowedAndroidDeviceModels, [Parameter()] [PSObject] - $RequiredAndroidSafetyNetDeviceAttestationType, + $ManagedBrowser, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FingerprintAndBiometricEnabled, + [System.TimeSpan] + $PeriodOnlineBeforeAccessCheck, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DisableAppPinIfDevicePinIsSet, + [System.Int32] + $PreviousPinBlockCount, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $MaximumWarningOSVersion, [Parameter()] - [PSObject] - $BodyParameter, + [System.TimeSpan] + $PeriodBeforePinReset, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $MinimumWarningCompanyPortalVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $DeviceLockRequired, + $RequireClass3Biometrics, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $MinimumWarningPatchVersion, [Parameter()] [PSObject] - $PinCharacterSet, + $AppActionIfDeviceComplianceRequired, [Parameter()] - [PSObject] - $TargetedAppManagementLevels - ) -} -function Get-MgDeviceAppManagement -{ - [CmdletBinding()] - param( + [System.Management.Automation.SwitchParameter] + $PrintBlocked, + + [Parameter()] + [System.String] + $CustomDialerAppDisplayName, + [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AllowedDataIngestionLocations, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Int32] + $DeployedAppCount, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $NotificationRestriction, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $CustomBrowserPackageId, [Parameter()] - [System.String[]] - $Property, + [System.Management.Automation.SwitchParameter] + $BiometricAuthenticationBlocked, [Parameter()] [PSObject] - $HttpPipelineAppend, + $AppActionIfDevicePasscodeComplexityLessThanMedium, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Get-MgDeviceAppManagementAndroidManagedAppProtection -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $Property, + [System.String] + $Id, [Parameter()] [PSObject] - $InputObject, + $ApprovedKeyboards, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $DeviceComplianceRequired, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $AppGroupType, + + [Parameter()] + [System.TimeSpan] + $PeriodOfflineBeforeAccessCheck, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AppActionIfUnableToAuthenticateUser, [Parameter()] - [System.Int32] - $Skip, + [System.String] + $MinimumRequiredOSVersion, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $RequirePinAfterBiometricChange, [Parameter()] [System.String] - $CountVariable, + $MaximumRequiredOSVersion, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $MinimumWipePatchVersion, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $ContactSyncBlocked, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $AllowedOutboundClipboardSharingLevel, [Parameter()] [System.String] - $Filter, + $Description, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $RequiredAndroidSafetyNetAppsVerificationType, + + [Parameter()] + [PSObject] + $AppActionIfMaximumPinRetriesExceeded, [Parameter()] [System.String] - $AndroidManagedAppProtectionId, + $MinimumWipeCompanyPortalVersion, [Parameter()] [System.String] - $Search, + $Version, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $AllowedOutboundDataTransferDestinations, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $AppActionIfAndroidDeviceManufacturerNotAllowed, [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgDeviceAppManagementiOSManagedAppProtection -{ - [CmdletBinding()] - param( + [System.String] + $MinimumWipeAppVersion, + [Parameter()] - [System.String[]] - $Property, + [System.Int32] + $AllowedOutboundClipboardSharingExceptionLength, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $AllowedAndroidDeviceManufacturers, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $OrganizationalCredentialsRequired, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $CustomDialerAppPackageId, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AllowedDataStorageLocations, + + [Parameter()] + [System.Int32] + $BlockAfterCompanyPortalUpdateDeferralInDays, [Parameter()] [System.String] - $IosManagedAppProtectionId, + $DisplayName, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $IsAssigned, + + [Parameter()] + [PSObject] + $DialerRestrictionLevel, [Parameter()] [System.String] - $CountVariable, + $MinimumWarningAppVersion, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $AppActionIfAndroidSafetyNetDeviceAttestationFailed, [Parameter()] - [System.String[]] - $Sort, + [System.Int32] + $MaximumPinRetries, [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, + [PSObject] + $AppActionIfAndroidSafetyNetAppsVerificationFailed, [Parameter()] [System.String] - $Filter, + $MinimumWipeOSVersion, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $DataBackupBlocked, [Parameter()] - [System.String] - $Search, + [System.TimeSpan] + $PeriodOfflineBeforeWipeIsEnforced, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.TimeSpan] + $PinRequiredInsteadOfBiometricTimeout, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.String] + $MinimumRequiredAppVersion, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgDeviceAppManagementiOSManagedAppProtectionApp -{ - [CmdletBinding()] - param( + $HttpPipelinePrepend, + [Parameter()] - [System.String[]] - $Property, + [PSObject] + $MobileThreatDefenseRemediationAction, [Parameter()] [PSObject] - $InputObject, + $ExemptedAppPackages, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $KeyboardsRestricted, [Parameter()] - [System.Int32] - $PageSize, + [PSObject] + $DeploymentSummary, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $Apps, [Parameter()] - [System.String] - $IosManagedAppProtectionId, + [System.Management.Automation.SwitchParameter] + $ScreenCaptureBlocked, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $ManagedBrowserToOpenLinksRequired, + + [Parameter()] + [System.String] + $MaximumWipeOSVersion, [Parameter()] [System.Int32] - $Top, + $MinimumPinLength, [Parameter()] - [System.String] - $CountVariable, + [System.Management.Automation.SwitchParameter] + $SimplePinBlocked, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $MinimumWarningOSVersion, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $EncryptAppData, [Parameter()] - [System.String] - $Filter, + [System.TimeSpan] + $GracePeriodToBlockAppsDuringOffClockHours, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ConnectToVpnOnLaunch, [Parameter()] - [System.String] - $Search, + [System.Int32] + $WipeAfterCompanyPortalUpdateDeferralInDays, [Parameter()] - [System.String] - $ManagedMobileAppId, + [PSObject] + $RequiredAndroidSafetyNetEvaluationType, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $PinRequired, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Int32] + $WarnAfterCompanyPortalUpdateDeferralInDays, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgDeviceAppManagementTargetedManagedAppConfiguration -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String[]] - $Property, + $AppActionIfDevicePasscodeComplexityLessThanLow, [Parameter()] [PSObject] - $InputObject, + $AppActionIfDeviceLockNotSet, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $SaveAsBlocked, [Parameter()] - [System.Int32] - $PageSize, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String[]] + $RoleScopeTagIds, [Parameter()] - [System.Int32] - $Skip, + [System.String] + $MinimumRequiredCompanyPortalVersion, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $BlockDataIngestionIntoOrganizationDocuments, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $Assignments, [Parameter()] - [System.Uri] - $Proxy, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [System.String[]] - $Sort, + [PSObject] + $AllowedInboundDataTransferSources, [Parameter()] - [System.String] - $TargetedManagedAppConfigurationId, + [PSObject] + $RequiredAndroidSafetyNetDeviceAttestationType, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $FingerprintAndBiometricEnabled, [Parameter()] - [System.String] - $Filter, + [System.Management.Automation.SwitchParameter] + $DisableAppPinIfDevicePinIsSet, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $Search, + [PSObject] + $BodyParameter, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $DeviceLockRequired, [Parameter()] [System.Management.Automation.SwitchParameter] $Break, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $PinCharacterSet, [Parameter()] [PSObject] - $HttpPipelineAppend + $TargetedAppManagementLevels ) } -function Get-MgDeviceAppManagementTargetedManagedAppConfigurationAssignment +function Get-MgDeviceAppManagement { [CmdletBinding()] param( [Parameter()] - [System.String[]] - $Property, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $InputObject, + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, [Parameter()] - [System.Int32] - $PageSize, + [System.String[]] + $ExpandProperty, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String[]] + $Property, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Int32] - $Top, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Get-MgDeviceAppManagementAndroidManagedAppProtection +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] - [System.String] - $TargetedManagedAppPolicyAssignmentId, + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, [Parameter()] [System.String] @@ -20643,10 +20757,6 @@ function Get-MgDeviceAppManagementTargetedManagedAppConfigurationAssignment [System.String[]] $Sort, - [Parameter()] - [System.String] - $TargetedManagedAppConfigurationId, - [Parameter()] [System.Management.Automation.SwitchParameter] $All, @@ -20659,6 +20769,10 @@ function Get-MgDeviceAppManagementTargetedManagedAppConfigurationAssignment [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $AndroidManagedAppProtectionId, + [Parameter()] [System.String] $Search, @@ -20676,1007 +20790,974 @@ function Get-MgDeviceAppManagementTargetedManagedAppConfigurationAssignment $HttpPipelineAppend ) } -function New-MgDeviceAppManagementiOSManagedAppProtection +function Get-MgDeviceAppManagementiOSManagedAppProtection { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] [System.String[]] - $ExemptedUniversalLinks, + $Property, [Parameter()] [PSObject] - $MaximumAllowedDeviceThreatLevel, - - [Parameter()] - [System.String] - $MinimumWipeSdkVersion, + $InputObject, [Parameter()] - [PSObject] - $AppDataEncryptionType, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $MobileThreatDefensePartnerPriority, + $HttpPipelinePrepend, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.String] + $IosManagedAppProtectionId, [Parameter()] - [PSObject] - $TargetedAppManagementLevels, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ThirdPartyKeyboardsBlocked, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $ManagedBrowser, + [System.String] + $CountVariable, [Parameter()] - [System.String] - $Description, + [System.Uri] + $Proxy, [Parameter()] - [System.TimeSpan] - $PeriodOnlineBeforeAccessCheck, + [System.String[]] + $Sort, [Parameter()] - [System.Int32] - $PreviousPinBlockCount, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $MaximumWarningOSVersion, + $Filter, [Parameter()] - [System.TimeSpan] - $PeriodBeforePinReset, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $AppActionIfDeviceComplianceRequired, + [System.String] + $Search, [Parameter()] [System.Management.Automation.SwitchParameter] - $PrintBlocked, + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PinRequired, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $AllowedDataIngestionLocations, - + $HttpPipelineAppend + ) +} +function Get-MgDeviceAppManagementiOSManagedAppProtectionApp +{ + [CmdletBinding()] + param( [Parameter()] - [System.Uri] - $Proxy, + [System.String[]] + $Property, [Parameter()] - [System.Int32] - $DeployedAppCount, + [PSObject] + $InputObject, [Parameter()] - [PSObject] - $NotificationRestriction, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $AllowedOutboundClipboardSharingLevel, + $HttpPipelinePrepend, [Parameter()] [System.String] - $MinimumWarningSdkVersion, + $IosManagedAppProtectionId, [Parameter()] - [System.String] - $Id, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DeviceComplianceRequired, + [System.Int32] + $Top, [Parameter()] - [PSObject] - $AppGroupType, + [System.String] + $CountVariable, [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeAccessCheck, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $AppActionIfUnableToAuthenticateUser, + [System.String[]] + $Sort, [Parameter()] - [System.String] - $MinimumRequiredOSVersion, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ManagedBrowserToOpenLinksRequired, + [System.String] + $Filter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FilterOpenInToOnlyManagedApps, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $MaximumRequiredOSVersion, + $Search, [Parameter()] [System.String] - $AllowedIosDeviceModels, + $ManagedMobileAppId, [Parameter()] [System.Management.Automation.SwitchParameter] - $ContactSyncBlocked, + $Break, [Parameter()] - [System.Int32] - $MaximumPinRetries, + [System.String[]] + $ExpandProperty, [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeWipeIsEnforced, + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgDeviceAppManagementTargetedManagedAppConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, [Parameter()] [PSObject] - $AllowedOutboundDataTransferDestinations, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $DataBackupBlocked, - - [Parameter()] - [System.String] - $MinimumWipeAppVersion, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $OrganizationalCredentialsRequired, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $AllowedDataStorageLocations, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $DisplayName, + [System.Int32] + $Skip, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FaceIdBlocked, + [System.Int32] + $Top, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SaveAsBlocked, + [System.String] + $CountVariable, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProtectInboundDataFromUnknownSources, + [System.Uri] + $Proxy, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAssigned, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $DialerRestrictionLevel, + [System.String] + $TargetedManagedAppConfigurationId, [Parameter()] - [System.String] - $MinimumWarningAppVersion, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $Version, + $Filter, [Parameter()] - [System.String] - $MinimumWipeOSVersion, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $Apps, + [System.String] + $Search, [Parameter()] - [System.TimeSpan] - $PinRequiredInsteadOfBiometricTimeout, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $MinimumRequiredAppVersion, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [PSObject] - $MobileThreatDefenseRemediationAction, - + $HttpPipelineAppend + ) +} +function Get-MgDeviceAppManagementTargetedManagedAppConfigurationAssignment +{ + [CmdletBinding()] + param( [Parameter()] - [System.Int32] - $AllowedOutboundClipboardSharingExceptionLength, + [System.String[]] + $Property, [Parameter()] [PSObject] - $DeploymentSummary, + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $SimplePinBlocked, + $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $PinCharacterSet, + [System.Int32] + $PageSize, [Parameter()] - [System.String] - $MaximumWipeOSVersion, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DisableProtectionOfManagedOutboundOpenInData, + [System.Int32] + $Skip, [Parameter()] [System.Int32] - $MinimumPinLength, + $Top, [Parameter()] [System.String] - $MinimumWarningOSVersion, - - [Parameter()] - [PSObject] - $HttpPipelineAppend, + $TargetedManagedAppPolicyAssignmentId, [Parameter()] - [System.TimeSpan] - $GracePeriodToBlockAppsDuringOffClockHours, + [System.String] + $CountVariable, [Parameter()] - [PSObject] - $ExemptedAppProtocols, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] - $Assignments, + [System.String[]] + $Sort, [Parameter()] - [PSObject] - $AppActionIfMaximumPinRetriesExceeded, + [System.String] + $TargetedManagedAppConfigurationId, [Parameter()] - [PSObject] - $AppActionIfIosDeviceModelNotAllowed, + [System.Management.Automation.SwitchParameter] + $All, [Parameter()] [System.String] - $CustomDialerAppProtocol, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $FingerprintBlocked, + $Filter, [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BlockDataIngestionIntoOrganizationDocuments, + [System.String] + $Search, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] - [System.String] - $CustomBrowserProtocol, + [System.String[]] + $ExpandProperty, [Parameter()] [PSObject] - $AllowedInboundDataTransferSources, - + $HttpPipelineAppend + ) +} +function New-MgDeviceAppManagementiOSManagedAppProtection +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] - $DisableAppPinIfDevicePinIsSet, + $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String[]] + $ExemptedUniversalLinks, [Parameter()] [PSObject] - $BodyParameter, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + $MaximumAllowedDeviceThreatLevel, [Parameter()] [System.String] - $MinimumRequiredSdkVersion, - - [Parameter()] - [System.String[]] - $ManagedUniversalLinks - ) -} -function New-MgDeviceAppManagementTargetedManagedAppConfiguration -{ - [CmdletBinding()] - param( - [Parameter()] - [System.Int32] - $DeployedAppCount, + $MinimumWipeSdkVersion, [Parameter()] [PSObject] - $TargetedAppManagementLevels, + $AppDataEncryptionType, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [PSObject] - $Assignments, + $MobileThreatDefensePartnerPriority, [Parameter()] [System.DateTime] $CreatedDateTime, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $TargetedAppManagementLevels, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ThirdPartyKeyboardsBlocked, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $ManagedBrowser, [Parameter()] [System.String] $Description, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAssigned, + [System.TimeSpan] + $PeriodOnlineBeforeAccessCheck, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Int32] + $PreviousPinBlockCount, [Parameter()] [System.String] - $Version, + $MaximumWarningOSVersion, + + [Parameter()] + [System.TimeSpan] + $PeriodBeforePinReset, [Parameter()] [PSObject] - $DeploymentSummary, + $AppActionIfDeviceComplianceRequired, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Management.Automation.SwitchParameter] + $PrintBlocked, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PinRequired, [Parameter()] [PSObject] - $AppGroupType, + $AllowedDataIngestionLocations, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $CustomSettings, + [System.Int32] + $DeployedAppCount, [Parameter()] [PSObject] - $BodyParameter, + $NotificationRestriction, [Parameter()] - [System.String] - $Id, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [PSObject] - $Apps, + $AllowedOutboundClipboardSharingLevel, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $MinimumWarningSdkVersion, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $DeviceComplianceRequired, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgDeviceAppManagementAndroidManagedAppProtection -{ - [CmdletBinding()] - param( + $AppGroupType, + [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.TimeSpan] + $PeriodOfflineBeforeAccessCheck, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $AppActionIfUnableToAuthenticateUser, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $MinimumRequiredOSVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $ManagedBrowserToOpenLinksRequired, [Parameter()] - [System.String] - $IfMatch, + [System.Management.Automation.SwitchParameter] + $FilterOpenInToOnlyManagedApps, [Parameter()] [System.String] - $AndroidManagedAppProtectionId, + $MaximumRequiredOSVersion, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $AllowedIosDeviceModels, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ContactSyncBlocked, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.Int32] + $MaximumPinRetries, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.TimeSpan] + $PeriodOfflineBeforeWipeIsEnforced, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgDeviceAppManagementiOSManagedAppProtection -{ - [CmdletBinding()] - param( - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $AllowedOutboundDataTransferDestinations, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $DataBackupBlocked, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $MinimumWipeAppVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [System.String] - $IfMatch, + $OrganizationalCredentialsRequired, [Parameter()] [PSObject] - $InputObject, + $AllowedDataStorageLocations, [Parameter()] [System.String] - $IosManagedAppProtectionId, + $DisplayName, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $FaceIdBlocked, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $SaveAsBlocked, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $ProtectInboundDataFromUnknownSources, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsAssigned, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Remove-MgDeviceAppManagementTargetedManagedAppConfiguration -{ - [CmdletBinding()] - param( + $DialerRestrictionLevel, + [Parameter()] [System.String] - $TargetedManagedAppConfigurationId, + $MinimumWarningAppVersion, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Version, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $MinimumWipeOSVersion, [Parameter()] - [System.Uri] - $Proxy, + [PSObject] + $Apps, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.TimeSpan] + $PinRequiredInsteadOfBiometricTimeout, [Parameter()] [System.String] - $IfMatch, + $MinimumRequiredAppVersion, [Parameter()] [PSObject] - $InputObject, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $MobileThreatDefenseRemediationAction, + + [Parameter()] + [System.Int32] + $AllowedOutboundClipboardSharingExceptionLength, [Parameter()] [PSObject] - $HttpPipelineAppend, + $DeploymentSummary, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $SimplePinBlocked, + + [Parameter()] + [PSObject] + $PinCharacterSet, + + [Parameter()] + [System.String] + $MaximumWipeOSVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Update-MgDeviceAppManagement -{ - [CmdletBinding()] - param( + $DisableProtectionOfManagedOutboundOpenInData, + [Parameter()] - [System.DateTime] - $MicrosoftStoreForBusinessLastSuccessfulSyncDateTime, + [System.Int32] + $MinimumPinLength, [Parameter()] - [PSObject] - $TargetedManagedAppConfigurations, + [System.String] + $MinimumWarningOSVersion, [Parameter()] [PSObject] - $PolicySets, + $HttpPipelineAppend, [Parameter()] - [PSObject] - $ManagedEBooks, + [System.TimeSpan] + $GracePeriodToBlockAppsDuringOffClockHours, [Parameter()] [PSObject] - $MobileApps, + $ExemptedAppProtocols, [Parameter()] [PSObject] - $EnterpriseCodeSigningCertificates, + $Assignments, [Parameter()] [PSObject] - $ManagedAppPolicies, + $AppActionIfMaximumPinRetriesExceeded, [Parameter()] [PSObject] - $DeviceAppManagementTasks, + $AppActionIfIosDeviceModelNotAllowed, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $CustomDialerAppProtocol, [Parameter()] - [PSObject] - $ManagedAppStatuses, + [System.Management.Automation.SwitchParameter] + $FingerprintBlocked, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $BlockDataIngestionIntoOrganizationDocuments, [Parameter()] - [PSObject] - $WindowsManagementApp, + [System.DateTime] + $LastModifiedDateTime, [Parameter()] - [PSObject] - $ManagedAppRegistrations, + [System.String] + $CustomBrowserProtocol, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AllowedInboundDataTransferSources, [Parameter()] - [PSObject] - $WindowsManagedAppProtections, + [System.Management.Automation.SwitchParameter] + $DisableAppPinIfDevicePinIsSet, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $DefaultManagedAppProtections, + $BodyParameter, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsEnabledForMicrosoftStoreForBusiness, + $Break, [Parameter()] - [PSObject] - $WindowsInformationProtectionWipeActions, + [System.String] + $MinimumRequiredSdkVersion, [Parameter()] - [System.String] - $MicrosoftStoreForBusinessLanguage, + [System.String[]] + $ManagedUniversalLinks + ) +} +function New-MgDeviceAppManagementTargetedManagedAppConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Int32] + $DeployedAppCount, [Parameter()] [PSObject] - $ManagedEBookCategories, + $TargetedAppManagementLevels, [Parameter()] [System.DateTime] - $MicrosoftStoreForBusinessLastCompletedApplicationSyncTime, + $LastModifiedDateTime, [Parameter()] [PSObject] - $SymantecCodeSigningCertificate, + $Assignments, [Parameter()] - [PSObject] - $IosManagedAppProtections, + [System.DateTime] + $CreatedDateTime, [Parameter()] - [PSObject] - $IosLobAppProvisioningConfigurations, + [System.String] + $DisplayName, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $BodyParameter, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.String] - $Id, - - [Parameter()] - [PSObject] - $MobileAppCategories, + $Description, [Parameter()] [System.Management.Automation.SwitchParameter] - $PassThru, + $IsAssigned, [Parameter()] [PSObject] - $SideLoadingKeys, + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $Version, [Parameter()] [PSObject] - $WindowsInformationProtectionDeviceRegistrations, + $DeploymentSummary, [Parameter()] - [PSObject] - $VppTokens, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [PSObject] - $WindowsInformationProtectionPolicies, + $AppGroupType, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $MicrosoftStoreForBusinessPortalSelection, + $CustomSettings, [Parameter()] [PSObject] - $AndroidManagedAppProtections, + $BodyParameter, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $Id, [Parameter()] [PSObject] - $MdmWindowsInformationProtectionPolicies, + $Apps, [Parameter()] - [PSObject] - $MobileAppConfigurations, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $WdacSupplementalPolicies + $HttpPipelineAppend ) } -function Update-MgDeviceAppManagementiOSManagedAppProtection +function Remove-MgDeviceAppManagementAndroidManagedAppProtection { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.String[]] - $ExemptedUniversalLinks, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [PSObject] - $MaximumAllowedDeviceThreatLevel, + [System.Uri] + $Proxy, [Parameter()] - [System.String] - $MinimumWipeSdkVersion, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $AppDataEncryptionType, + [System.String] + $IfMatch, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [System.String] + $AndroidManagedAppProtectionId, [Parameter()] [PSObject] - $MobileThreatDefensePartnerPriority, + $InputObject, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [PSObject] - $TargetedAppManagementLevels, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Management.Automation.SwitchParameter] - $ThirdPartyKeyboardsBlocked, + $Break, [Parameter()] [PSObject] - $ManagedBrowser, - - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.TimeSpan] - $PeriodOnlineBeforeAccessCheck, - - [Parameter()] - [System.Int32] - $PreviousPinBlockCount, - - [Parameter()] - [PSObject] - $AllowedOutboundClipboardSharingLevel, - - [Parameter()] - [System.Int32] - $MinimumPinLength, - + $HttpPipelineAppend + ) +} +function Remove-MgDeviceAppManagementiOSManagedAppProtection +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] - $AppActionIfDeviceComplianceRequired, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $SaveAsBlocked, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PinRequired, + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $AllowedDataIngestionLocations, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [System.Int32] - $DeployedAppCount, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [PSObject] - $NotificationRestriction, + [System.String] + $IfMatch, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [PSObject] + $InputObject, [Parameter()] [System.String] $IosManagedAppProtectionId, [Parameter()] - [System.String] - $MinimumWarningSdkVersion, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $Id, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Management.Automation.SwitchParameter] - $DeviceComplianceRequired, + $Break, [Parameter()] [PSObject] - $AppGroupType, - + $HttpPipelineAppend + ) +} +function Remove-MgDeviceAppManagementTargetedManagedAppConfiguration +{ + [CmdletBinding()] + param( [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeAccessCheck, + [System.String] + $TargetedManagedAppConfigurationId, [Parameter()] [PSObject] - $AppActionIfUnableToAuthenticateUser, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $MinimumRequiredOSVersion, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ManagedBrowserToOpenLinksRequired, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.SwitchParameter] - $FilterOpenInToOnlyManagedApps, + $PassThru, [Parameter()] [System.String] - $MaximumRequiredOSVersion, + $IfMatch, [Parameter()] - [System.String] - $AllowedIosDeviceModels, + [PSObject] + $InputObject, [Parameter()] [System.Management.Automation.SwitchParameter] - $ContactSyncBlocked, + $Confirm, [Parameter()] - [System.Int32] - $MaximumPinRetries, + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] - $PrintBlocked, + $ProxyUseDefaultCredentials, [Parameter()] - [System.TimeSpan] - $PeriodOfflineBeforeWipeIsEnforced, - + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Update-MgDeviceAppManagement +{ + [CmdletBinding()] + param( [Parameter()] - [PSObject] - $InputObject, + [System.DateTime] + $MicrosoftStoreForBusinessLastSuccessfulSyncDateTime, [Parameter()] [PSObject] - $AllowedOutboundDataTransferDestinations, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $DataBackupBlocked, + $TargetedManagedAppConfigurations, [Parameter()] - [System.String] - $MinimumWipeAppVersion, + [PSObject] + $PolicySets, [Parameter()] - [System.Management.Automation.SwitchParameter] - $OrganizationalCredentialsRequired, + [PSObject] + $ManagedEBooks, [Parameter()] [PSObject] - $AllowedDataStorageLocations, + $MobileApps, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $EnterpriseCodeSigningCertificates, [Parameter()] - [System.Management.Automation.SwitchParameter] - $FaceIdBlocked, + [PSObject] + $ManagedAppPolicies, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProtectInboundDataFromUnknownSources, + [PSObject] + $DeviceAppManagementTasks, [Parameter()] [System.Management.Automation.SwitchParameter] - $IsAssigned, + $Confirm, [Parameter()] [PSObject] - $DialerRestrictionLevel, - - [Parameter()] - [System.String] - $MinimumWarningAppVersion, + $ManagedAppStatuses, [Parameter()] - [System.String] - $Version, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] - [System.String] - $MinimumWipeOSVersion, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [PSObject] - $Apps, - - [Parameter()] - [System.String] - $MinimumRequiredSdkVersion, - - [Parameter()] - [System.TimeSpan] - $PinRequiredInsteadOfBiometricTimeout, + $WindowsManagementApp, [Parameter()] - [System.String] - $MinimumRequiredAppVersion, + [PSObject] + $ManagedAppRegistrations, [Parameter()] [PSObject] @@ -21684,406 +21765,597 @@ function Update-MgDeviceAppManagementiOSManagedAppProtection [Parameter()] [PSObject] - $MobileThreatDefenseRemediationAction, - - [Parameter()] - [System.Int32] - $AllowedOutboundClipboardSharingExceptionLength, + $WindowsManagedAppProtections, [Parameter()] [PSObject] - $DeploymentSummary, + $DefaultManagedAppProtections, [Parameter()] [System.Management.Automation.SwitchParameter] - $SimplePinBlocked, + $IsEnabledForMicrosoftStoreForBusiness, [Parameter()] - [System.String] - $MaximumWipeOSVersion, + [PSObject] + $WindowsInformationProtectionWipeActions, [Parameter()] - [System.Management.Automation.SwitchParameter] - $DisableProtectionOfManagedOutboundOpenInData, + [System.String] + $MicrosoftStoreForBusinessLanguage, [Parameter()] - [System.TimeSpan] - $GracePeriodToBlockAppsDuringOffClockHours, + [PSObject] + $ManagedEBookCategories, [Parameter()] - [System.String] - $MinimumWarningOSVersion, + [System.DateTime] + $MicrosoftStoreForBusinessLastCompletedApplicationSyncTime, [Parameter()] [PSObject] - $HttpPipelineAppend, + $SymantecCodeSigningCertificate, [Parameter()] [PSObject] - $ExemptedAppProtocols, + $IosManagedAppProtections, [Parameter()] [PSObject] - $Assignments, + $IosLobAppProvisioningConfigurations, [Parameter()] - [PSObject] - $AppActionIfMaximumPinRetriesExceeded, + [System.Uri] + $Proxy, [Parameter()] [PSObject] - $AppActionIfIosDeviceModelNotAllowed, + $BodyParameter, [Parameter()] [System.String] - $CustomDialerAppProtocol, + $Id, [Parameter()] - [System.String] - $MaximumWarningOSVersion, + [PSObject] + $MobileAppCategories, [Parameter()] [System.Management.Automation.SwitchParameter] - $FingerprintBlocked, + $PassThru, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $SideLoadingKeys, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.TimeSpan] - $PeriodBeforePinReset, + [PSObject] + $WindowsInformationProtectionDeviceRegistrations, [Parameter()] - [System.Management.Automation.SwitchParameter] - $BlockDataIngestionIntoOrganizationDocuments, + [PSObject] + $VppTokens, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [PSObject] + $WindowsInformationProtectionPolicies, [Parameter()] - [System.String] - $CustomBrowserProtocol, + [PSObject] + $MicrosoftStoreForBusinessPortalSelection, [Parameter()] [PSObject] - $AllowedInboundDataTransferSources, + $AndroidManagedAppProtections, [Parameter()] [System.Management.Automation.SwitchParameter] - $DisableAppPinIfDevicePinIsSet, + $Break, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $MdmWindowsInformationProtectionPolicies, [Parameter()] [PSObject] - $BodyParameter, + $MobileAppConfigurations, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $HttpPipelineAppend, [Parameter()] [PSObject] - $PinCharacterSet, - - [Parameter()] - [System.String[]] - $ManagedUniversalLinks + $WdacSupplementalPolicies ) } -function Update-MgDeviceAppManagementTargetedManagedAppConfiguration +function Update-MgDeviceAppManagementiOSManagedAppProtection { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String[]] + $ExemptedUniversalLinks, + [Parameter()] [PSObject] - $DeploymentSummary, + $MaximumAllowedDeviceThreatLevel, + + [Parameter()] + [System.String] + $MinimumWipeSdkVersion, [Parameter()] [PSObject] - $TargetedAppManagementLevels, + $AppDataEncryptionType, [Parameter()] - [System.DateTime] - $LastModifiedDateTime, + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [PSObject] - $Assignments, + $MobileThreatDefensePartnerPriority, [Parameter()] [System.DateTime] $CreatedDateTime, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $TargetedAppManagementLevels, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $ThirdPartyKeyboardsBlocked, [Parameter()] [PSObject] - $InputObject, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + $ManagedBrowser, [Parameter()] [System.String] $Description, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.TimeSpan] + $PeriodOnlineBeforeAccessCheck, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsAssigned, + [System.Int32] + $PreviousPinBlockCount, [Parameter()] [PSObject] - $HttpPipelinePrepend, + $AllowedOutboundClipboardSharingLevel, [Parameter()] - [System.String] - $Version, + [System.Int32] + $MinimumPinLength, [Parameter()] - [System.Int32] - $DeployedAppCount, + [PSObject] + $AppActionIfDeviceComplianceRequired, [Parameter()] - [System.String[]] - $RoleScopeTagIds, + [System.Management.Automation.SwitchParameter] + $SaveAsBlocked, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PinRequired, [Parameter()] [PSObject] - $AppGroupType, + $AllowedDataIngestionLocations, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $CustomSettings, + [System.Int32] + $DeployedAppCount, [Parameter()] [PSObject] - $BodyParameter, - - [Parameter()] - [System.String] - $Id, + $NotificationRestriction, [Parameter()] - [PSObject] - $Apps, + [System.String[]] + $RoleScopeTagIds, [Parameter()] [System.String] - $TargetedManagedAppConfigurationId, + $IosManagedAppProtectionId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $MinimumWarningSdkVersion, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $DeviceComplianceRequired, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -#endregion -#region MicrosoftGraph -function Get-MgGroup -{ - [CmdletBinding()] - param( + $AppGroupType, + [Parameter()] - [System.String[]] - $Property, + [System.TimeSpan] + $PeriodOfflineBeforeAccessCheck, [Parameter()] [PSObject] - $InputObject, + $AppActionIfUnableToAuthenticateUser, [Parameter()] - [System.Int32] - $PageSize, + [System.String] + $MinimumRequiredOSVersion, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Management.Automation.SwitchParameter] + $ManagedBrowserToOpenLinksRequired, [Parameter()] - [System.Int32] - $Skip, + [System.Management.Automation.SwitchParameter] + $FilterOpenInToOnlyManagedApps, [Parameter()] - [System.Int32] - $Top, + [System.String] + $MaximumRequiredOSVersion, [Parameter()] [System.String] - $CountVariable, + $AllowedIosDeviceModels, [Parameter()] - [System.String] - $GroupId, + [System.Management.Automation.SwitchParameter] + $ContactSyncBlocked, [Parameter()] - [System.Uri] - $Proxy, + [System.Int32] + $MaximumPinRetries, [Parameter()] - [System.String[]] - $Sort, + [System.Management.Automation.SwitchParameter] + $PrintBlocked, [Parameter()] - [System.String] - $ConsistencyLevel, + [System.TimeSpan] + $PeriodOfflineBeforeWipeIsEnforced, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $AllowedOutboundDataTransferDestinations, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $DataBackupBlocked, [Parameter()] [System.String] - $Filter, + $MinimumWipeAppVersion, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $OrganizationalCredentialsRequired, + + [Parameter()] + [PSObject] + $AllowedDataStorageLocations, [Parameter()] [System.String] - $Search, + $DisplayName, [Parameter()] [System.Management.Automation.SwitchParameter] - $Break, + $FaceIdBlocked, [Parameter()] - [System.String[]] - $ExpandProperty, + [System.Management.Automation.SwitchParameter] + $ProtectInboundDataFromUnknownSources, [Parameter()] [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + $IsAssigned, [Parameter()] [PSObject] - $HttpPipelineAppend - ) -} -function Get-MgGroupLifecyclePolicy -{ - [CmdletBinding()] - param( + $DialerRestrictionLevel, + [Parameter()] - [System.String[]] - $Property, + [System.String] + $MinimumWarningAppVersion, [Parameter()] - [PSObject] - $InputObject, + [System.String] + $Version, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $MinimumWipeOSVersion, + + [Parameter()] + [PSObject] + $Apps, [Parameter()] [System.String] - $GroupLifecyclePolicyId, + $MinimumRequiredSdkVersion, [Parameter()] - [System.Int32] - $PageSize, + [System.TimeSpan] + $PinRequiredInsteadOfBiometricTimeout, + + [Parameter()] + [System.String] + $MinimumRequiredAppVersion, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Int32] - $Skip, + [PSObject] + $MobileThreatDefenseRemediationAction, [Parameter()] [System.Int32] - $Top, + $AllowedOutboundClipboardSharingExceptionLength, [Parameter()] - [System.String] - $CountVariable, + [PSObject] + $DeploymentSummary, [Parameter()] - [System.Uri] - $Proxy, + [System.Management.Automation.SwitchParameter] + $SimplePinBlocked, [Parameter()] - [System.String[]] - $Sort, + [System.String] + $MaximumWipeOSVersion, [Parameter()] [System.Management.Automation.SwitchParameter] - $All, + $DisableProtectionOfManagedOutboundOpenInData, + + [Parameter()] + [System.TimeSpan] + $GracePeriodToBlockAppsDuringOffClockHours, [Parameter()] [System.String] - $Filter, + $MinimumWarningOSVersion, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.String] - $Search, + [PSObject] + $ExemptedAppProtocols, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $Assignments, [Parameter()] - [System.String[]] - $ExpandProperty, + [PSObject] + $AppActionIfMaximumPinRetriesExceeded, [Parameter()] [PSObject] - $HttpPipelineAppend - ) + $AppActionIfIosDeviceModelNotAllowed, + + [Parameter()] + [System.String] + $CustomDialerAppProtocol, + + [Parameter()] + [System.String] + $MaximumWarningOSVersion, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $FingerprintBlocked, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.TimeSpan] + $PeriodBeforePinReset, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $BlockDataIngestionIntoOrganizationDocuments, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [System.String] + $CustomBrowserProtocol, + + [Parameter()] + [PSObject] + $AllowedInboundDataTransferSources, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $DisableAppPinIfDevicePinIsSet, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject] + $PinCharacterSet, + + [Parameter()] + [System.String[]] + $ManagedUniversalLinks + ) } -function Get-MgGroupMember +function Update-MgDeviceAppManagementTargetedManagedAppConfiguration { [CmdletBinding()] param( + [Parameter()] + [PSObject] + $DeploymentSummary, + + [Parameter()] + [PSObject] + $TargetedAppManagementLevels, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsAssigned, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.String] + $Version, + + [Parameter()] + [System.Int32] + $DeployedAppCount, + [Parameter()] [System.String[]] - $Property, + $RoleScopeTagIds, + + [Parameter()] + [PSObject] + $AppGroupType, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $CustomSettings, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [PSObject] + $Apps, + + [Parameter()] + [System.String] + $TargetedManagedAppConfigurationId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +#endregion +#region MicrosoftGraph +function Get-MgGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Int32] $PageSize, @@ -22144,12 +22416,16 @@ function Get-MgGroupMember [System.String[]] $ExpandProperty, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Get-MgGroupMemberOf +function Get-MgGroupLifecyclePolicy { [CmdletBinding()] param( @@ -22157,10 +22433,18 @@ function Get-MgGroupMemberOf [System.String[]] $Property, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [System.String] + $GroupLifecyclePolicyId, + [Parameter()] [System.Int32] $PageSize, @@ -22173,10 +22457,6 @@ function Get-MgGroupMemberOf [System.Int32] $Skip, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Int32] $Top, @@ -22185,10 +22465,6 @@ function Get-MgGroupMemberOf [System.String] $CountVariable, - [Parameter()] - [System.String] - $GroupId, - [Parameter()] [System.Uri] $Proxy, @@ -22197,10 +22473,6 @@ function Get-MgGroupMemberOf [System.String[]] $Sort, - [Parameter()] - [System.String] - $ConsistencyLevel, - [Parameter()] [System.Management.Automation.SwitchParameter] $All, @@ -22217,10 +22489,6 @@ function Get-MgGroupMemberOf [System.String] $Search, - [Parameter()] - [System.String] - $DirectoryObjectId, - [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -22234,7 +22502,7 @@ function Get-MgGroupMemberOf $HttpPipelineAppend ) } -function Get-MgGroupOwner +function Get-MgGroupMember { [CmdletBinding()] param( @@ -22311,52 +22579,214 @@ function Get-MgGroupOwner $HttpPipelineAppend ) } -function New-MgGroup +function Get-MgGroupMemberOf { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String[]] + $Property, [Parameter()] - [System.String] - $Mail, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.String] - $Visibility, + [System.Int32] + $PageSize, [Parameter()] [PSObject] - $PermissionGrants, + $HttpPipelinePrepend, [Parameter()] - [System.String] - $CreatedByAppId, + [System.Int32] + $Skip, [Parameter()] [PSObject] - $Sites, + $InputObject, [Parameter()] - [PSObject] - $AppRoleAssignments, + [System.Int32] + $Top, [Parameter()] - [System.Management.Automation.SwitchParameter] - $SecurityEnabled, + [System.String] + $CountVariable, [Parameter()] - [PSObject] - $AssignedLabels, + [System.String] + $GroupId, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Uri] + $Proxy, [Parameter()] - [PSObject] + [System.String[]] + $Sort, + + [Parameter()] + [System.String] + $ConsistencyLevel, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.String] + $DirectoryObjectId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgGroupOwner +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, + + [Parameter()] + [System.String] + $GroupId, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.String] + $ConsistencyLevel, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function New-MgGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Mail, + + [Parameter()] + [System.String] + $Visibility, + + [Parameter()] + [PSObject] + $PermissionGrants, + + [Parameter()] + [System.String] + $CreatedByAppId, + + [Parameter()] + [PSObject] + $Sites, + + [Parameter()] + [PSObject] + $AppRoleAssignments, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $SecurityEnabled, + + [Parameter()] + [PSObject] + $AssignedLabels, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [PSObject] $Calendar, [Parameter()] @@ -46356,3 +46786,930 @@ function Set-CsUserCallingSettings ) } #endregion +#region MgDeviceManagementGroupPolicyConfiguration +function Get-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject[]] + $DefinitionValues, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $PolicyConfigurationIngestionType, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject[]] + $DefinitionValues, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $PolicyConfigurationIngestionType, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +#endregion + +#region MgDeviceManagementGroupPolicyConfigurationAssignment +function Get-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationAssignmentId, + + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Target, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationAssignmentId, + + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationAssignmentId, + + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Target, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +#endregion + +#region MgDeviceManagementGroupPolicyConfigurationDefinitionValue +function Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject] + $ConfigurationType, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $Definition, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Enabled, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject[]] + $PresentationValues, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject] + $ConfigurationType, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $Definition, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Enabled, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject[]] + $PresentationValues, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +#endregion + +#region MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition +function Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials + ) +} + +#endregion + From e7ce923c81c94518e19b4496947abece115b9406 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Mon, 6 Feb 2023 19:49:42 +0000 Subject: [PATCH 02/64] merge --- CHANGELOG.md | 46 +++++- ...ntuneDeviceConfigurationPolicyWindows10.md | 4 +- ...ionProtectionPolicyWindows10MdmEnrolled.md | 144 ++++++++++++++++++ docs/docs/resources/planner/PlannerBucket.md | 4 +- docs/docs/resources/planner/PlannerPlan.md | 4 +- .../power-platform/PPPowerAppsEnvironment.md | 2 +- .../security-compliance/SCProtectionAlert.md | 13 +- .../resources/teams/TeamsCallHoldPolicy.md | 23 +++ .../resources/teams/TeamsCallParkPolicy.md | 26 ++++ .../teams/TeamsComplianceRecordingPolicy.md | 26 ++++ .../resources/teams/TeamsCortanaPolicy.md | 23 +++ .../teams/TeamsEnhancedEncryptionPolicy.md | 24 +++ .../resources/teams/TeamsMobilityPolicy.md | 25 +++ .../teams/TeamsNetworkRoamingPolicy.md | 24 +++ .../teams/TeamsTenantNetworkRegion.md | 23 +++ .../resources/teams/TeamsTenantNetworkSite.md | 29 ++++ .../teams/TeamsTenantNetworkSubnet.md | 24 +++ .../resources/teams/TeamsTranslationRule.md | 24 +++ .../teams/TeamsUnassignedNumberTreatment.md | 26 ++++ docs/docs/resources/teams/TeamsVdiPolicy.md | 24 +++ .../resources/teams/TeamsWorkloadPolicy.md | 29 ++++ .../Update-M365DSCAzureAdApplication.md | 4 +- 22 files changed, 557 insertions(+), 14 deletions(-) create mode 100644 docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md create mode 100644 docs/docs/resources/teams/TeamsCallHoldPolicy.md create mode 100644 docs/docs/resources/teams/TeamsCallParkPolicy.md create mode 100644 docs/docs/resources/teams/TeamsComplianceRecordingPolicy.md create mode 100644 docs/docs/resources/teams/TeamsCortanaPolicy.md create mode 100644 docs/docs/resources/teams/TeamsEnhancedEncryptionPolicy.md create mode 100644 docs/docs/resources/teams/TeamsMobilityPolicy.md create mode 100644 docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md create mode 100644 docs/docs/resources/teams/TeamsTenantNetworkRegion.md create mode 100644 docs/docs/resources/teams/TeamsTenantNetworkSite.md create mode 100644 docs/docs/resources/teams/TeamsTenantNetworkSubnet.md create mode 100644 docs/docs/resources/teams/TeamsTranslationRule.md create mode 100644 docs/docs/resources/teams/TeamsUnassignedNumberTreatment.md create mode 100644 docs/docs/resources/teams/TeamsVdiPolicy.md create mode 100644 docs/docs/resources/teams/TeamsWorkloadPolicy.md diff --git a/CHANGELOG.md b/CHANGELOG.md index a87802b110..d994c8228b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,29 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.23.201.1 + +* PlannerTask + * Fixed issue where Attachments Uri weren't properly exiting single quotes. + FIXES [#2822](https://github.com/microsoft/Microsoft365DSC/issues/2822) +* PPPowerAppsEnvironment + * Adds support for Developr SKU and fix for Teams SKU + FIXES [#2821](https://github.com/microsoft/Microsoft365DSC/issues/2821) +* SCProtectionAlert + * Support for certificate based auth + * Fix removal of alert + * Added additional supported values for ThreatType, Severity & AggregationType + FIXES [#2793](https://github.com/microsoft/Microsoft365DSC/issues/2793) +* TeamsTenantNetworkRegion + * Initial Release. +* TeamsTenantNetworkSite + * Initial Release. +* TeamsTenantNetworkSubnet + * Initial Release. +* DEPENDENCIES + * Updated Microsoft.Graph.* to version 1.21.0 + * Updated MicrosoftTeams to version 4.9.3 + +# 1.23.125.1 * TeamsAudioConferencingPolicy * Initial Release. @@ -20,6 +43,27 @@ * Initial Release. * TeamsTranslationRule * Initial Release. +* TeamsUnassignedNumberTreatment + * Initial Release. +* TeamsVDIPolicy + * Initial Release. +* TeamsWorkloadPolicy + * Initial Release. +* DRG + * Added CIM constructor in Get-TargetResource + * Improved management of AdditionalProperties + * Improved datetime and dateoffset management + * Fixed UnitTest + * Generate Stubs if required + * Fixes #2819 +* IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled + * Initial Release + * Fixes #2604 +* DEPENDENCIES + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.155. +* Planner + * Fixed api-permissions on PlannerBucket and PlannerPlan. + FIXES [#2843](https://github.com/microsoft/Microsoft365DSC/issues/2843) # 1.23.118.1 diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md index cc272d78b2..d45a84a0b4 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md @@ -4,8 +4,8 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **DisplayName** | Key | String | Description of the device configuration policy for Windows 10. | | -| **Description** | Write | String | Display name of the device configuration policy for Windows 10. | | +| **DisplayName** | Key | String | Display name of the device configuration policy for Windows 10. | | +| **Description** | Write | String | Description of the device configuration policy for Windows 10. | | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | | **EnterpriseCloudPrintDiscoveryEndPoint** | Write | String | Endpoint for discovering cloud printers. | | | **EnterpriseCloudPrintOAuthAuthority** | Write | String | Authentication endpoint for acquiring OAuth tokens. | | diff --git a/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md b/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md new file mode 100644 index 0000000000..a6b1b07bb9 --- /dev/null +++ b/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md @@ -0,0 +1,144 @@ +# IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **AzureRightsManagementServicesAllowed** | Write | Boolean | Specifies whether to allow Azure RMS encryption for WIP | | +| **DataRecoveryCertificate** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionDataRecoveryCertificate | Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent(DRA) certificate for encrypting file system(EFS) | | +| **EnforcementLevel** | Write | String | WIP enforcement level.See the Enum definition for supported values. Possible values are: noProtection, encryptAndAuditOnly, encryptAuditAndPrompt, encryptAuditAndBlock. | `noProtection`, `encryptAndAuditOnly`, `encryptAuditAndPrompt`, `encryptAuditAndBlock` | +| **EnterpriseDomain** | Write | String | Primary enterprise domain | | +| **EnterpriseInternalProxyServers** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[] | This is the comma-separated list of internal proxy servers. For example, '157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59'. These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains through these proxies | | +| **EnterpriseIPRanges** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionIPRangeCollection[] | Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to | | +| **EnterpriseIPRangesAreAuthoritative** | Write | Boolean | Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false | | +| **EnterpriseNetworkDomainNames** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[] | This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to | | +| **EnterpriseProtectedDomainNames** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[] | List of enterprise domains to be protected | | +| **EnterpriseProxiedDomains** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionProxiedDomainCollection[] | Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy | | +| **EnterpriseProxyServers** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[] | This is a list of proxy servers. Any server not on this list is considered non-enterprise | | +| **EnterpriseProxyServersAreAuthoritative** | Write | Boolean | Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false | | +| **ExemptApps** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionApp[] | Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data. | | +| **IconsVisible** | Write | Boolean | Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app | | +| **IndexingEncryptedStoresOrItemsBlocked** | Write | Boolean | This switch is for the Windows Search Indexer, to allow or disallow indexing of items | | +| **NeutralDomainResources** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[] | List of domain names that can used for work or personal resource | | +| **ProtectedApps** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionApp[] | Protected applications can access enterprise data and the data handled by those applications are protected with encryption | | +| **ProtectionUnderLockConfigRequired** | Write | Boolean | Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured | | +| **RevokeOnUnenrollDisabled** | Write | Boolean | This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. | | +| **RightsManagementServicesTemplateId** | Write | String | TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access | | +| **SmbAutoEncryptedFileExtensions** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[] | Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary | | +| **Description** | Write | String | The policy's description. | | +| **DisplayName** | Write | String | Policy display name. | | +| **Id** | Write | String | The unique identifier for an entity. Read-only. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +### MSFT_MicrosoftGraphWindowsInformationProtectionDataRecoveryCertificate + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Certificate** | Write | String | Data recovery Certificate | | +| **Description** | Write | String | Data recovery Certificate description | | +| **ExpirationDateTime** | Write | String | Data recovery Certificate expiration datetime | | +| **SubjectName** | Write | String | Data recovery Certificate subject name | | + +### MSFT_MicrosoftGraphWindowsInformationProtectionResourceCollection + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Write | String | Display name | | +| **Resources** | Write | StringArray[] | Collection of resources | | + +### MSFT_MicrosoftGraphWindowsInformationProtectionIPRangeCollection + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Write | String | Display name | | +| **Ranges** | Write | MSFT_MicrosoftGraphIpRange[] | Collection of ip ranges | | + +### MSFT_MicrosoftGraphIpRange + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **CidrAddress** | Write | String | IPv4 address in CIDR notation. Not nullable. | | +| **LowerAddress** | Write | String | Lower address. | | +| **UpperAddress** | Write | String | Upper address. | | +| **odataType** | Write | String | The type of the entity. | `#microsoft.graph.iPv4CidrRange`, `#microsoft.graph.iPv6CidrRange`, `#microsoft.graph.iPv4Range`, `#microsoft.graph.iPv6Range` | + +### MSFT_MicrosoftGraphWindowsInformationProtectionProxiedDomainCollection + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Write | String | Display name | | +| **ProxiedDomains** | Write | MSFT_MicrosoftGraphProxiedDomain[] | Collection of proxied domains | | + +### MSFT_MicrosoftGraphProxiedDomain + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IpAddressOrFQDN** | Write | String | The IP address or FQDN | | +| **Proxy** | Write | String | Proxy IP or FQDN | | + +### MSFT_MicrosoftGraphWindowsInformationProtectionApp + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Denied** | Write | Boolean | If true, app is denied protection or exemption. | | +| **Description** | Write | String | The app's description. | | +| **DisplayName** | Write | String | App display name. | | +| **ProductName** | Write | String | The product name. | | +| **PublisherName** | Write | String | The publisher name | | +| **BinaryName** | Write | String | The binary name. | | +| **BinaryVersionHigh** | Write | String | The high binary version. | | +| **BinaryVersionLow** | Write | String | The lower binary version. | | +| **odataType** | Write | String | The type of the entity. | `#microsoft.graph.windowsInformationProtectionDesktopApp`, `#microsoft.graph.windowsInformationProtectionStoreApp` | + + +## Description + +Intune Windows Information Protection Policy for Windows10 Mdm Enrolled + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementApps.Read.All, DeviceManagementApps.ReadWrite.All + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - DeviceManagementApps.Read.All, DeviceManagementApps.ReadWrite.All + +- **Update** + + - None + + diff --git a/docs/docs/resources/planner/PlannerBucket.md b/docs/docs/resources/planner/PlannerBucket.md index 3e1b358d09..26d9594560 100644 --- a/docs/docs/resources/planner/PlannerBucket.md +++ b/docs/docs/resources/planner/PlannerBucket.md @@ -32,11 +32,11 @@ To authenticate with the Microsoft Graph API, this resource required the followi - **Read** - - Tasks.Read + - Tasks.Read.All - **Update** - - Tasks.ReadWrite + - Tasks.ReadWrite.All #### Application permissions diff --git a/docs/docs/resources/planner/PlannerPlan.md b/docs/docs/resources/planner/PlannerPlan.md index 28052b4b67..e56b54164b 100644 --- a/docs/docs/resources/planner/PlannerPlan.md +++ b/docs/docs/resources/planner/PlannerPlan.md @@ -31,11 +31,11 @@ To authenticate with the Microsoft Graph API, this resource required the followi - **Read** - - Group.Read.All, Tasks.Read + - Group.Read.All, Tasks.Read.All - **Update** - - Group.Read.All, Tasks.Read, Tasks.ReadWrite + - Group.Read.All, Tasks.Read.All, Tasks.ReadWrite.All #### Application permissions diff --git a/docs/docs/resources/power-platform/PPPowerAppsEnvironment.md b/docs/docs/resources/power-platform/PPPowerAppsEnvironment.md index d7c14e1e5b..fa00e7f85a 100644 --- a/docs/docs/resources/power-platform/PPPowerAppsEnvironment.md +++ b/docs/docs/resources/power-platform/PPPowerAppsEnvironment.md @@ -6,7 +6,7 @@ | --- | --- | --- | --- | --- | | **DisplayName** | Key | String | Display name for the PowerApps environment | | | **Location** | Required | String | Location of the PowerApps environment. | `canada`, `unitedstates`, `europe`, `asia`, `australia`, `india`, `japan`, `unitedkingdom`, `unitedstatesfirstrelease`, `southamerica`, `france`, `usgov` | -| **EnvironmentSKU** | Required | String | Environment type. | `Production`, `Standard`, `Trial`, `Sandbox`, `SubscriptionBasedTrial`, `Teams` | +| **EnvironmentSKU** | Required | String | Environment type. | `Production`, `Standard`, `Trial`, `Sandbox`, `SubscriptionBasedTrial`, `Teams`, `Developer` | | **Ensure** | Write | String | Only accepted value is 'Present'. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Power Platform Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | diff --git a/docs/docs/resources/security-compliance/SCProtectionAlert.md b/docs/docs/resources/security-compliance/SCProtectionAlert.md index 3c47761e1a..c7d4b5d38c 100644 --- a/docs/docs/resources/security-compliance/SCProtectionAlert.md +++ b/docs/docs/resources/security-compliance/SCProtectionAlert.md @@ -6,7 +6,7 @@ | --- | --- | --- | --- | --- | | **AlertBy** | Write | StringArray[] | Specifies the scope for aggregated alert policies | | | **AlertFor** | Write | StringArray[] | This parameter is reserved for internal Microsoft use | | -| **AggregationType** | Write | String | Specifies how the alert policy triggers alerts for multiple occurrences of monitored activity | `None`, `SimpleAggregation`, `AnomalousAggregation` | +| **AggregationType** | Write | String | Specifies how the alert policy triggers alerts for multiple occurrences of monitored activity | `None`, `SimpleAggregation`, `AnomalousAggregation`, `CustomAggregation` | | **Category** | Write | String | Specifies a category for the alert policy | | | **Comment** | Write | String | Specifies an optional comment | | | **Disabled** | Write | Boolean | Enables or disables the alert policy | | @@ -24,12 +24,17 @@ | **PrivacyManagementScopedSensitiveInformationTypes** | Write | StringArray[] | PrivacyManagementScopedSensitiveInformationTypes | | | **PrivacyManagementScopedSensitiveInformationTypesForCounting** | Write | StringArray[] | PrivacyManagementScopedSensitiveInformationTypesForCounting | | | **PrivacyManagementScopedSensitiveInformationTypesThreshold** | Write | UInt64 | PrivacyManagementScopedSensitiveInformationTypesThreshold | | -| **Severity** | Write | String | specifies the severity of the detection | `Low`, `Medium`, `High` | -| **ThreatType** | Write | String | Specifies the type of activities that are monitored by the alert policy | `Activity`, `Malware`, `Phish`, `Malicious`, `MaliciousUrlClick` | +| **Severity** | Write | String | specifies the severity of the detection | `Low`, `Medium`, `High`, `Informational` | +| **ThreatType** | Write | String | Specifies the type of activities that are monitored by the alert policy | `Activity`, `Malware`, `Phish`, `Malicious`, `MaliciousUrlClick`, `MailFlow` | | **Threshold** | Write | UInt32 | Specifies the number of detections that trigger the alert policy within the time period specified by the TimeWindow parameter. A valid value is an integer that's greater than or equal to 3. | | | **TimeWindow** | Write | UInt32 | Specifies the time interval in minutes for number of detections specified by the Threshold parameter. A valid value is an integer that's greater than 60 (one hour). | | | **VolumeThreshold** | Write | UInt32 | Volume Threshold | | -| **Credential** | Required | PSCredential | Credentials of the Global Admin | | +| **Credential** | Write | PSCredential | Credentials of the Global Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | +| **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | ## Description diff --git a/docs/docs/resources/teams/TeamsCallHoldPolicy.md b/docs/docs/resources/teams/TeamsCallHoldPolicy.md new file mode 100644 index 0000000000..6db5659545 --- /dev/null +++ b/docs/docs/resources/teams/TeamsCallHoldPolicy.md @@ -0,0 +1,23 @@ +# TeamsCallHoldPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identifier to be assigned to the new Teams call hold policy. Use the 'Global' Identity if you wish to assign this policy to the entire tenant. | | +| **AudioFileId** | Write | String | A string representing the ID referencing an audio file uploaded via the Import-CsOnlineAudioFile cmdlet. | | +| **Description** | Write | String | Enables administrators to provide explanatory text to accompany a Teams call hold policy. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +Creates a new Teams call hold policy in your tenant. The Teams call hold policy is used to customize the call hold experience for Teams clients. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsCallParkPolicy.md b/docs/docs/resources/teams/TeamsCallParkPolicy.md new file mode 100644 index 0000000000..c3fffb4949 --- /dev/null +++ b/docs/docs/resources/teams/TeamsCallParkPolicy.md @@ -0,0 +1,26 @@ +# TeamsCallParkPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | A unique identifier for the policy - this will be used to retrieve the policy later on to assign it to specific users. | | +| **AllowCallPark** | Write | Boolean | If set to true, customers will be able to leverage the call park feature to place calls on hold and then decide how the call should be handled - transferred to another department, retrieved using the same phone, or retrieved using a different phone. | | +| **Description** | Write | String | Description of the Teams Call Park Policy. | | +| **ParkTimeoutSeconds** | Write | UInt64 | Specify the number of seconds to wait before ringing the parker when the parked call hasn't been picked up. Value can be from 120 to 1800 (seconds). | | +| **PickupRangeEnd** | Write | UInt64 | Specify the maximum value that a rendered pickup code can take. Value can be from 10 to 9999. Note: PickupRangeStart must be smaller than PickupRangeEnd. | | +| **PickupRangeStart** | Write | UInt64 | Specify the minimum value that a rendered pickup code can take. Value can be from 10 to 9999. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +The TeamsCallParkPolicy controls whether or not users are able to leverage the call park feature in Microsoft Teams. Call park allows enterprise voice customers to place a call on hold and then perform a number of actions on that call: transfer to another department, retrieve via the same phone, or retrieve via a different Teams phone. The New-CsTeamsCallParkPolicy resource lets you create a new custom policy that can then be assigned to one or more specific users. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsComplianceRecordingPolicy.md b/docs/docs/resources/teams/TeamsComplianceRecordingPolicy.md new file mode 100644 index 0000000000..9cad2bfe71 --- /dev/null +++ b/docs/docs/resources/teams/TeamsComplianceRecordingPolicy.md @@ -0,0 +1,26 @@ +# TeamsComplianceRecordingPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identifier of the application instance of a policy-based recording application to be retrieved. | | +| **ComplianceRecordingApplications** | Write | StringArray[] | A list of application instances of policy-based recording applications to assign to this policy. The Id of each of these application instances must be the ObjectId of the application instance as obtained by the Get-CsOnlineApplicationInstance cmdlet. | | +| **Description** | Write | String | Enables administrators to provide explanatory text to accompany a Teams recording policy. For example, the Description might include information about the users the policy should be assigned to. | | +| **DisableComplianceRecordingAudioNotificationForCalls** | Write | Boolean | Setting this attribute to true disables recording audio notifications for 1:1 calls that are under compliance recording. | | +| **Enabled** | Write | Boolean | Controls whether this Teams recording policy is active or not. | | +| **WarnUserOnRemoval** | Write | Boolean | This parameter is reserved for future use. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +Creates a new Teams recording policy for governing automatic policy-based recording in your tenant. Automatic policy-based recording is only applicable to Microsoft Teams users. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsCortanaPolicy.md b/docs/docs/resources/teams/TeamsCortanaPolicy.md new file mode 100644 index 0000000000..51f3fb6502 --- /dev/null +++ b/docs/docs/resources/teams/TeamsCortanaPolicy.md @@ -0,0 +1,23 @@ +# TeamsCortanaPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identifier for Teams cortana policy you're creating. | | +| **CortanaVoiceInvocationMode** | Write | String | The value of this field indicates if Cortana is enabled and mode of invocation. | `Disabled`, `PushToTalkUserOverride`, `WakeWordPushToTalkUserOverride` | +| **Description** | Write | String | Provide a description of your policy to identify purpose of creating it. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +The CsTeamsCortanaPolicy resources enable administrators to control settings for Cortana voice assistant in Microsoft Teams. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsEnhancedEncryptionPolicy.md b/docs/docs/resources/teams/TeamsEnhancedEncryptionPolicy.md new file mode 100644 index 0000000000..36dc81c7f7 --- /dev/null +++ b/docs/docs/resources/teams/TeamsEnhancedEncryptionPolicy.md @@ -0,0 +1,24 @@ +# TeamsEnhancedEncryptionPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identifier assigned to the Teams enhanced encryption policy. | | +| **CallingEndtoEndEncryptionEnabledType** | Write | String | Determines whether End-to-end encrypted calling is available for the user in Teams. Set this to DisabledUserOverride to allow user to turn on End-to-end encrypted calls. Set this to Disabled to prohibit. | | +| **Description** | Write | String | Enables administrators to provide explanatory text to accompany a Teams enhanced encryption policy. | | +| **MeetingEndToEndEncryption** | Write | String | N/A | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +Use this resource to create a new Teams enhanced encryption policy. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsMobilityPolicy.md b/docs/docs/resources/teams/TeamsMobilityPolicy.md new file mode 100644 index 0000000000..63971e3521 --- /dev/null +++ b/docs/docs/resources/teams/TeamsMobilityPolicy.md @@ -0,0 +1,25 @@ +# TeamsMobilityPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Specify the name of the policy that you are creating. | | +| **Description** | Write | String | Enables administrators to provide explanatory text about the policy. For example, the Description might indicate the users the policy should be assigned to. | | +| **IPAudioMobileMode** | Write | String | When set to WifiOnly, prohibits the user from making and receiving calls or joining meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks. | `WifiOnly`, `AllNetworks` | +| **IPVideoMobileMode** | Write | String | When set to WifiOnly, prohibits the user from making and receiving video calls or enabling video in meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks. | `WifiOnly`, `AllNetworks` | +| **MobileDialerPreference** | Write | String | N/A | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +The TeamsMobilityPolicy allows Admins to control Teams mobile usage for users. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md b/docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md new file mode 100644 index 0000000000..4ef6442b08 --- /dev/null +++ b/docs/docs/resources/teams/TeamsNetworkRoamingPolicy.md @@ -0,0 +1,24 @@ +# TeamsNetworkRoamingPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | | | +| **AllowIPVideo** | Write | Boolean | Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their video. Set this to FALSE to prohibit the user from sharing their video. | | +| **Description** | Write | String | Description of the new policy to be created. | | +| **MediaBitRateKb** | Write | UInt64 | Determines the media bit rate for audio/video/app sharing transmissions in meetings. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +New-CsTeamsNetworkRoamingPolicy allows IT Admins to create policies for Network Roaming and Bandwidth Control experiences in Microsoft Teams. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsTenantNetworkRegion.md b/docs/docs/resources/teams/TeamsTenantNetworkRegion.md new file mode 100644 index 0000000000..90e5257224 --- /dev/null +++ b/docs/docs/resources/teams/TeamsTenantNetworkRegion.md @@ -0,0 +1,23 @@ +# TeamsTenantNetworkRegion + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identifier for the network region to be created. | | +| **CentralSite** | Write | String | Name of the associated Central Site. | | +| **Description** | Write | String | Provide a description of the network region to identify purpose of creating it. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +As an Admin, you can use the Windows PowerShell command, New-CsTenantNetworkRegion to define network regions. A network region interconnects various parts of a network across multiple geographic areas. The RegionID parameter is a logical name that represents the geography of the region, and has no dependencies or restrictions. Tenant network region is used for Location Based Routing. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsTenantNetworkSite.md b/docs/docs/resources/teams/TeamsTenantNetworkSite.md new file mode 100644 index 0000000000..359e30bf52 --- /dev/null +++ b/docs/docs/resources/teams/TeamsTenantNetworkSite.md @@ -0,0 +1,29 @@ +# TeamsTenantNetworkSite + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identifier for the network site to be created. | | +| **Description** | Write | String | Provide a description of the network site to identify purpose of creating it. | | +| **EmergencyCallingPolicy** | Write | String | This parameter is used to assign a custom emergency calling policy to a network site | | +| **EmergencyCallRoutingPolicy** | Write | String | This parameter is used to assign a custom emergency call routing policy to a network site | | +| **EnableLocationBasedRouting** | Write | Boolean | This parameter determines whether the current site is enabled for location based routing. | | +| **LocationPolicy** | Write | String | LocationPolicy is the identifier for the location policy which the current network site is associating to. | | +| **NetworkRegionID** | Write | String | NetworkRegionID is the identifier for the network region which the current network site is associating to. | | +| **NetworkRoamingPolicy** | Write | String | NetworkRoamingPolicy is the identifier for the network roaming policy to which the network site will associate to. | | +| **SiteAddress** | Write | String | The address of current network site. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +As an Admin, you can use the Windows PowerShell command, New-CsTenantNetworkSite to define network sites. Network sites are defined as a collection of IP subnets. Each network site must be associated with a network region. Tenant network site is used for Location Based Routing. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsTenantNetworkSubnet.md b/docs/docs/resources/teams/TeamsTenantNetworkSubnet.md new file mode 100644 index 0000000000..f032e9c269 --- /dev/null +++ b/docs/docs/resources/teams/TeamsTenantNetworkSubnet.md @@ -0,0 +1,24 @@ +# TeamsTenantNetworkSubnet + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **MaskBits** | Key | UInt32 | This parameter determines the length of bits to mask to the subnet. IPv4 format subnet accepts maskbits from 0 to 32 inclusive. IPv6 format subnet accepts maskbits from 0 to 128 inclusive. | | +| **Identity** | Key | String | Unique identifier for the network subnet to be created. | | +| **Description** | Write | String | Provide a description of the network subnet to identify purpose of creating it. | | +| **NetworkSiteID** | Write | String | NetworkSiteID is the identifier for the network site which the current network subnet is associating to. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +As an Admin, you can use the Windows PowerShell command, New-CsTenantNetworkSubnet to define network subnets and assign them to network sites. Each internal subnet may only be associated with one site. Tenant network subnet is used for Location Based Routing. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsTranslationRule.md b/docs/docs/resources/teams/TeamsTranslationRule.md new file mode 100644 index 0000000000..97ee1fce55 --- /dev/null +++ b/docs/docs/resources/teams/TeamsTranslationRule.md @@ -0,0 +1,24 @@ +# TeamsTranslationRule + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | The Identifier of the rule. This parameter is required and later used to assign the rule to the Inbound or Outbound Trunk Normalization policy. | | +| **Description** | Write | String | A friendly description of the normalization rule. | | +| **Pattern** | Write | String | A regular expression that caller or callee number must match in order for this rule to be applied. | | +| **Translation** | Write | String | The regular expression pattern that will be applied to the number to convert it. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +Cmdlet to create a new telephone number manipulation rule. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsUnassignedNumberTreatment.md b/docs/docs/resources/teams/TeamsUnassignedNumberTreatment.md new file mode 100644 index 0000000000..9231bbe5e2 --- /dev/null +++ b/docs/docs/resources/teams/TeamsUnassignedNumberTreatment.md @@ -0,0 +1,26 @@ +# TeamsUnassignedNumberTreatment + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | The Id of the treatment. | | +| **Description** | Write | String | Free format description of this treatment. | | +| **Pattern** | Write | String | A regular expression that the called number must match in order for the treatment to take effect. It is best pratice to start the regular expression with the hat character and end it with the dollar character. You can use various regular expression test sites on the Internet to validate the expression. | | +| **Target** | Write | String | The identity of the destination the call should be routed to. Depending on the TargetType it should either be the ObjectId of the user or application instance/resource account or the AudioFileId of the uploaded audio file. | | +| **TargetType** | Write | String | The type of target used for the treatment. Allowed values are User, ResourceAccount and Announcement. | `User`, `ResourceAccount`, `Announcement` | +| **TreatmentPriority** | Write | UInt32 | The priority of the treatment. Used to distinguish identical patterns. The lower the priority the higher preference. The priority needs to be unique. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +Creates a new treatment for how calls to an unassigned number range should be routed. The call can be routed to a user, an application or to an announcement service where a custom message will be played to the caller. + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsVdiPolicy.md b/docs/docs/resources/teams/TeamsVdiPolicy.md new file mode 100644 index 0000000000..6f7f3ac712 --- /dev/null +++ b/docs/docs/resources/teams/TeamsVdiPolicy.md @@ -0,0 +1,24 @@ +# TeamsVdiPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identity of the VDI Policy. | | +| **DisableAudioVideoInCallsAndMeetings** | Write | Boolean | Disables Audio and Video in Calls and Meeting. | | +| **DisableCallsAndMeetings** | Write | Boolean | Disables Calls and Meetings. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +This resource implements Teams VDI Policies. + + +## Permissions + + diff --git a/docs/docs/resources/teams/TeamsWorkloadPolicy.md b/docs/docs/resources/teams/TeamsWorkloadPolicy.md new file mode 100644 index 0000000000..11e9da9b3b --- /dev/null +++ b/docs/docs/resources/teams/TeamsWorkloadPolicy.md @@ -0,0 +1,29 @@ +# TeamsWorkloadPolicy + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | Unique identity for the Teams workload policy | | +| **AllowCalling** | Write | Boolean | Allows calling. | | +| **AllowCallingPinned** | Write | Boolean | Allows pinning a call. | | +| **AllowMeeting** | Write | Boolean | Allows meetins. | | +| **AllowMeetingPinned** | Write | Boolean | Allows pinning meetings. | | +| **AllowMessaging** | Write | Boolean | Allows messaging. | | +| **AllowMessagingPinned** | Write | Boolean | Allows pinning a message. | | +| **Description** | Write | String | Description of the policy. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | + + +## Description + +This resources implements a Teams workload policy. + + +## Permissions + + diff --git a/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md b/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md index a595c3b5cb..d4732bc0d3 100644 --- a/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md +++ b/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md @@ -22,7 +22,7 @@ Exchange permissions: https://docs.microsoft.com/en-us/exchange/permissions-exo/ Note: If you want to configure App-Only permission for Exchange, as described here: https://docs.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps#step-2-assign-api-permissions-to-the-application -Using the following permission will achieve exactly that: @{Api='Exchange';PermissionName='Exchange.ManageAsApp'} +Using the following permission will achieve exactly that: @{Api='Exchange';PermissionsName='Exchange.ManageAsApp'} ## Output @@ -55,6 +55,6 @@ This function does not generate any output. -------------------------- EXAMPLE 3 -------------------------- -`Update-M365DSCAzureAdApplication -ApplicationName 'Microsoft365DSC' -Permissions @(@{Api='SharePoint';PermissionName='Sites.FullControl.All'},@{Api='Graph';PermissionName='Group.ReadWrite.All'},@{Api='Exchange';PermissionName='Exchange.ManageAsApp'}) -AdminConsent -Type Certificate -CertificatePath c:\Temp\M365DSC.cer` +`Update-M365DSCAzureAdApplication -ApplicationName 'Microsoft365DSC' -Permissions @(@{Api='SharePoint';PermissionName='Sites.FullControl.All'},@{Api='Graph';PermissionName='Group.ReadWrite.All'},@{Api='Exchange';PermissionsName='Exchange.ManageAsApp'}) -AdminConsent -Type Certificate -CertificatePath c:\Temp\M365DSC.cer` From 308d4e8f7308d52b9daf0144e07b0ff6288592a8 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Thu, 16 Feb 2023 19:28:00 +0000 Subject: [PATCH 03/64] tmp --- ...AdministrativeTemplatePolicyWindows10.psm1 | 333 ++++++++++++------ ...strativeTemplatePolicyWindows10.schema.mof | 29 +- .../M365DSCResourceGenerator.psm1 | 112 +++--- Tests/Unit/Stubs/Microsoft365.psm1 | 303 ++++++++++++++++ 4 files changed, 614 insertions(+), 163 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index c2102dd8de..da8744c9c6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -18,7 +18,7 @@ function Get-TargetResource [System.String] $PolicyConfigurationIngestionType, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -157,11 +157,59 @@ function Get-TargetResource #MinUserCspVersion = $definition.MinUserCspVersion PolicyType = $enumPolicyType SupportedOn = $definition.SupportedOn - #Id = $definition.Id + Id = $definition.Id } $definitionValue.Add('Definition',$complexDefinition) + + $presentationValues = get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` + -GroupPolicyConfigurationId $Id ` + -GroupPolicyDefinitionValueId $setting.Id + + $complexPresentationValues = @() + foreach($presentationValue in $presentationValues) + { + $complexPresentationValue = @{} + $complexPresentationValue.Add("odataType",$presentationValue.AdditionalProperties.'@odata.type') + $complexPresentationValue.Add("Id",$presentationValue.Id) + switch -Wildcard ($presentationValue.AdditionalProperties.'@odata.type') + { + "*.groupPolicyPresentationValueBoolean" + { + $complexPresentationValue.Add("BooleanValue",$presentationValue.AdditionalProperties.value) + } + "*.groupPolicyPresentationValue*Decimal" + { + $complexPresentationValue.Add("DecimalValue",$presentationValue.AdditionalProperties.value) + } + "*.groupPolicyPresentationValueList" + { + $complexKeyValuePairValues = @() + foreach($value in $presentationValue.AdditionalProperties.values) + { + $complexKeyValuePairValues += @{ + Name = $(if($null -ne $value.name){$value.name.replace('"','')}) + Value = $(if($null -ne $value.value){$value.value.replace('"','')}) + } + } + $complexPresentationValue.Add("KeyValuePairValues",$complexKeyValuePairValues) + } + "*.groupPolicyPresentationValueMultiText" + { + $complexPresentationValue.Add("StringValue",$presentationValue.AdditionalProperties.values) + } + "*.groupPolicyPresentationValueText" + { + $complexPresentationValue.Add("StringValue",$presentationValue.AdditionalProperties.value) + } + } + $complexPresentationValues += $complexPresentationValue + } + + $definitionValue.Add('PresentationValues',$complexPresentationValues) $complexDefinitionValues += $definitionValue + + } #endregion @@ -228,7 +276,7 @@ function Set-TargetResource [System.String] $PolicyConfigurationIngestionType, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -333,6 +381,44 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository 'deviceManagement/groupPolicyConfigurations' } + + #Create DefinitionValues + [Array]$targetDefinitionValues = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $DefinitionValues + #write-verbose ($targetDefinitionValues |convertto-json -depth 20) + + <#if($null -ne $targetDefinitionValues -and $targetDefinitionValues.count -gt 0) + { + #Removing Key Definition because it is Read-Only + foreach($definitionValue in $targetDefinitionValues) + { + $definitionValue.remove('Definition') + } + }#> + + foreach($definitionValue in $targetDefinitionValues) + { + $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue + $enumConfigurationType = $null + if($null -ne $definitionValue.ConfigurationType) + { + $enumConfigurationType = $definitionValue.ConfigurationType.toString() + } + $complexPresentationValues = @() + if($null -ne $definitionValue.PresentationValues) + { + $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues + } + $complexDefinitionValue = @{ + Definition = @{Id = $definitionValue.Definition.Id} + Enabled = $definitionValue.Enabled + ConfigurationType = $enumConfigurationType + PresentationValues = $complexPresentationValues + } + + New-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` + -GroupPolicyConfigurationId $currentInstance.Id ` + -BodyParameter $complexDefinitionValue + } #endregion } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') @@ -371,47 +457,42 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository 'deviceManagement/groupPolicyConfigurations' #endregion + #Update DefinitionValues [Array]$targetDefinitionValues = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $DefinitionValues - if($null -ne $targetDefinitionValues -and $targetDefinitionValues.count -gt 0) - { - #Removing Key Definition because it is Read-Only - foreach($definitionValue in $targetDefinitionValues) - { - $definitionValue.remove('Definition') - } - } - $currentDefinitionValues=$currentInstance.DefinitionValues - if($null -ne $currentDefinitionValues -and $currentDefinitionValues.count -gt 0) - { - #Removing Key Definition because it is Read-Only - foreach($definitionValue in $currentDefinitionValues) - { - $definitionValue.remove('Definition') - } - } + #write-verbose ($targetDefinitionValues |convertto-json -depth 20) + write-verbose ("currentDefinitionValues: $($currentDefinitionValues.Id.count) - targetDefinitionValues: $($targetDefinitionValues.Id.count)") + $comparedDefinitionValues = Compare-Object ` - -ReferenceObject $currentDefinitionValues.Id ` - -DifferenceObject $targetDefinitionValues.Id ` + -ReferenceObject ($currentDefinitionValues.Id) ` + -DifferenceObject ($targetDefinitionValues.Id) ` -IncludeEqual $definitionValuesToAdd = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '=>'}).InputObject $definitionValuesToRemove = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '<='}).InputObject - $definitionValuesToCheck = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '='}).InputObject - + $definitionValuesToCheck = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '=='}).InputObject + write-verbose ("Add: $($definitionValuesToAdd.count) - Remove: $($definitionValuesToRemove.count) - Check: $($definitionValuesToCheck.count)") foreach($definitionValueId in $definitionValuesToAdd) { - $definitionValue = $targetDefinitionValues | Where-Object - FilterScript {$_.Id -eq $definitionValueId} + $definitionValue = $targetDefinitionValues | Where-Object -FilterScript {$_.Id -eq $definitionValueId} + $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue $enumConfigurationType = $null if($null -ne $definitionValue.ConfigurationType) { $enumConfigurationType = $definitionValue.ConfigurationType.toString() } + $complexPresentationValues = @() + if($null -ne $definitionValue.PresentationValues) + { + $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues + } $complexDefinitionValue = @{ - Id = $definitionValue.Id - Enabled = $definitionValue.Enabled - ConfigurationType = $enumConfigurationType + Definition = @{Id = $definitionValue.Definition.Id} + Enabled = $definitionValue.Enabled + ConfigurationType = $enumConfigurationType + PresentationValues = $complexPresentationValues } + write-verbose( $complexDefinitionValue|convertto-json) New-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` -GroupPolicyConfigurationId $currentInstance.Id ` -BodyParameter $complexDefinitionValue @@ -426,30 +507,53 @@ function Set-TargetResource foreach($definitionValueId in $definitionValuesToCheck) { - $definitionValue = $targetDefinitionValues | Where-Object - FilterScript {$_.Id -eq $definitionValueId} - $currentDefinitionValue = $currentDefinitionValues | Where-Object - FilterScript {$_.Id -eq $definitionValueId} + $currentDefinitionValue = $currentDefinitionValues | Where-Object -FilterScript {$_.Id -eq $definitionValueId} + $currentDefinitionValue.remove('Definition') + $currentDefinitionValue = Rename-M365DSCCimInstanceParameter -Properties $currentDefinitionValue + $definitionValue = $targetDefinitionValues | Where-Object -FilterScript {$_.Id -eq $definitionValueId} + $definitionValue.remove('Definition') + $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue $enumConfigurationType = $null if($null -ne $definitionValue.ConfigurationType) { $enumConfigurationType = $definitionValue.ConfigurationType.toString() } + $complexPresentationValues = @() + if($null -ne $definitionValue.PresentationValues) + { + $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues + } $complexDefinitionValue = @{ - Id = $definitionValue.Id - Enabled = $definitionValue.Enabled - ConfigurationType = $enumConfigurationType + Id = $definitionValue.Id + Enabled = $definitionValue.Enabled + ConfigurationType = $enumConfigurationType + PresentationValues = $complexPresentationValues } $toUpdate = Compare-M365DSCComplexObject ` - -Source $currentDefinitionValue ` - -Target $complexDefinitionValue + -Source $complexDefinitionValue ` + -Target $currentDefinitionValue If(-not $toUpdate) { $complexDefinitionValue.Remove('Id') + $complexDefinitionValue.Remove('PresentationValues') Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` -GroupPolicyConfigurationId $currentInstance.Id ` -GroupPolicyDefinitionValueId $definitionValueId ` -BodyParameter $complexDefinitionValue + + foreach($presentationValue in $complexPresentationValues) + { + $presentationValueId = $presentationValue.Id + $presentationValue.remove('Id') + + Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` + -GroupPolicyConfigurationId $currentInstance.Id ` + -GroupPolicyDefinitionValueId $definitionValueId ` + -GroupPolicyPresentationValueId $presentationValueId ` + -BodyParameter $presentationValue + } } } } @@ -482,7 +586,7 @@ function Test-TargetResource [System.String] $PolicyConfigurationIngestionType, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Id, @@ -524,7 +628,6 @@ function Test-TargetResource [Switch] $ManagedIdentity ) - #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -540,6 +643,7 @@ function Test-TargetResource Write-Verbose -Message "Testing configuration of the Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) @@ -581,7 +685,6 @@ function Test-TargetResource } $ValuesToCheck.Remove($key) | Out-Null - } } @@ -700,7 +803,17 @@ function Export-TargetResource $complexMapping=@( @{ Name="Definition" - CimInstanceName="MSFT_IntuneGroupPolicyDefinition" + CimInstanceName="MSFT_IntuneGroupPolicyDefinitionValueDefinition" + IsRequired=$false + } + @{ + Name="PresentationValues" + CimInstanceName="MSFT_IntuneGroupPolicyDefinitionValuePresentationValue" + IsRequired=$false + } + @{ + Name="KeyValuePairValues" + CimInstanceName="MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair" IsRequired=$false } ) @@ -742,10 +855,22 @@ function Export-TargetResource { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DefinitionValues" -isCIMArray:$true } - if ($Results.Definition) + if ($Results.DefinitionValues.Definition) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Definition" } + if ($Results.DefinitionValues.PresentationValues) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "PresentationValues" + } + if ($Results.DefinitionValues.PresentationValues.KeyValuePairValues) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "KeyValuePairValues" + } + + #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable + $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) + $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -768,73 +893,74 @@ function Export-TargetResource return '' } } - function Update-DeviceConfigurationPolicyAssignment +function Update-DeviceConfigurationPolicyAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $Targets, + + [Parameter()] + [System.String] + $Repository='deviceManagement/configurationPolicies', + + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion='beta' + ) + try { - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param ( - [Parameter(Mandatory = 'true')] - [System.String] - $DeviceConfigurationPolicyId, - - [Parameter()] - [Array] - $Targets, - - [Parameter()] - [System.String] - $Repository='deviceManagement/configurationPolicies', - - [Parameter()] - [ValidateSet('v1.0','beta')] - [System.String] - $APIVersion='beta' - ) - try - { - $deviceManagementPolicyAssignments=@() + $deviceManagementPolicyAssignments=@() - $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach($target in $targets) + { + $formattedTarget=@{"@odata.type"=$target.dataType} + if($target.groupId) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) - { - $formattedTarget.Add('groupId',$target.groupId) - } - if($target.collectionId) - { - $formattedTarget.Add('collectionId',$target.collectionId) - } - if($target.deviceAndAppManagementAssignmentFilterType) - { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) - } - if($target.deviceAndAppManagementAssignmentFilterId) - { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) - } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $formattedTarget.Add('groupId',$target.groupId) } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 - #write-verbose -Message $body - Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - + if($target.collectionId) + { + $formattedTarget.Add('collectionId',$target.collectionId) + } + if($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + } + if($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} } - catch - { - New-M365DSCLogEntry -Message 'Error updating data:' - -Exception $_ - -Source $($MyInvocation.MyCommand.Source) - -TenantId $TenantId - -Credential $Credential + $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - return $null - } + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' + -Exception $_ + -Source $($MyInvocation.MyCommand.Source) + -TenantId $TenantId + -Credential $Credential + return $null + } - }function Rename-M365DSCCimInstanceParameter + +} +function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] @@ -845,6 +971,11 @@ function Export-TargetResource $keyToRename=@{ "odataType"="@odata.type" + "BooleanValue"="value" + "StringValue"="value" + "DecimalValue"="value" + "KeyValuePairValues"="values" + "StringValues"="values" } $result=$Properties @@ -1359,7 +1490,7 @@ function Compare-M365DSCComplexObject { $targetValue="Target is null" } - Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" + #Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } @@ -1367,7 +1498,7 @@ function Compare-M365DSCComplexObject { if($source.count -ne $target.count) { - Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" + #Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } if($source.count -eq 0) @@ -1470,7 +1601,7 @@ function Compare-M365DSCComplexObject if ($null -ne $compareResult) { - #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" return $false } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof index 384a19c876..48f0ad49f9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof @@ -8,7 +8,7 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; }; [ClassVersion("1.0.0.0")] -class MSFT_IntuneGroupPolicyDefinition +class MSFT_IntuneGroupPolicyDefinitionValueDefinition { [Write, Description("The localized full category path for the policy.")] String CategoryPath; [Write, Description("Identifies the type of groups the policy can be applied to. Possible values are: user, machine."), ValueMap{"user","machine"}, Values{"user","machine"}] String ClassType; @@ -21,7 +21,7 @@ class MSFT_IntuneGroupPolicyDefinition [Write, Description("Specifies the type of group policy. Possible values are: admxBacked, admxIngested."), ValueMap{"admxBacked","admxIngested"}, Values{"admxBacked","admxIngested"}] String PolicyType; [Write, Description("Localized string used to specify what operating system or application version is affected by the policy.")] String SupportedOn; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; -} +}; [ClassVersion("1.0.0.0")] class MSFT_IntuneGroupPolicyDefinitionValue @@ -29,8 +29,27 @@ class MSFT_IntuneGroupPolicyDefinitionValue [Write, Description("Specifies how the value should be configured. This can be either as a Policy or as a Preference. Possible values are: policy, preference."), ValueMap{"policy","preference"}, Values{"policy","preference"}] String ConfigurationType; [Write, Description("Enables or disables the associated group policy definition.")] Boolean Enabled; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; - [Write, Description("The associated group policy definition with the value. Read-Only."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinition")] String Definition; -} + [Write, Description("The associated group policy definition with the value. Read-Only."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinitionValueDefinition")] String Definition; + [Write, Description("The associated group policy presentation values with the definition value."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinitionValuePresentationValue")] String PresentationValues[]; +}; + +[ClassVersion("1.0.0.0")] +class MSFT_IntuneGroupPolicyDefinitionValuePresentationValue +{ + [Write, Description("A value for the associated presentation.")] Boolean BooleanValue; + [Write, Description("A value for the associated presentation.")] Uint64 DecimalValue; + [Write, Description("A value for the associated presentation.")] String StringValue; + [Write, Description("A list of pairs for the associated presentation."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair")] String KeyValuePairValues[]; + [Write, Description("A list of pairs for the associated presentation.")] String StringValues[]; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("A value for the associated presentation."), ValueMap{"#microsoft.graph.groupPolicyPresentationValueBoolean","#microsoft.graph.groupPolicyPresentationValueDecimal","#microsoft.graph.groupPolicyPresentationValueList","#microsoft.graph.groupPolicyPresentationValueLongDecimal","#microsoft.graph.groupPolicyPresentationValueMultiText","#microsoft.graph.groupPolicyPresentationValueText"}, Values{"#microsoft.graph.groupPolicyPresentationValueBoolean","#microsoft.graph.groupPolicyPresentationValueDecimal","#microsoft.graph.groupPolicyPresentationValueList","#microsoft.graph.groupPolicyPresentationValueLongDecimal","#microsoft.graph.groupPolicyPresentationValueMultiText","#microsoft.graph.groupPolicyPresentationValueText"}] String odataType; +}; +[ClassVersion("1.0.0.0")] +class MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair +{ + [Write, Description("Value for this key-value pair.")] String Value; + [Write, Description("Name for this key-value pair.")] String Name; +}; [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10")] class MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 : OMI_BaseResource @@ -38,7 +57,7 @@ class MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 : OMI_ [Write, Description("User provided description for the resource object.")] String Description; [Write, Description("User provided name for the resource object.")] String DisplayName; [Write, Description("Type of definitions configured for this policy. Possible values are: unknown, custom, builtIn, mixed, unknownFutureValue."), ValueMap{"unknown","custom","builtIn","mixed","unknownFutureValue"}, Values{"unknown","custom","builtIn","mixed","unknownFutureValue"}] String PolicyConfigurationIngestionType; - [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Key, Description("The unique identifier for an entity. Read-only.")] String Id; [Write, Description("The list of enabled or disabled group policy definition values for the configuration."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinitionValue")] String DefinitionValues[]; [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index bfc2e9b9a5..419617c5fe 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -581,73 +581,71 @@ function New-M365DSCResource $AssignmentsUpdate += " -Repository '$repository'`r`n" $AssignmentsFunctions = @" - function Update-DeviceConfigurationPolicyAssignment - { - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param ( - [Parameter(Mandatory = 'true')] - [System.String] - `$DeviceConfigurationPolicyId, +function Update-DeviceConfigurationPolicyAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + `$DeviceConfigurationPolicyId, - [Parameter()] - [Array] - `$Targets, + [Parameter()] + [Array] + `$Targets, - [Parameter()] - [System.String] - `$Repository='deviceManagement/configurationPolicies', + [Parameter()] + [System.String] + `$Repository='deviceManagement/configurationPolicies', - [Parameter()] - [ValidateSet('v1.0','beta')] - [System.String] - `$APIVersion='beta' - ) - try - { - `$deviceManagementPolicyAssignments=@() + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + `$APIVersion='beta' + ) + try + { + `$deviceManagementPolicyAssignments=@() - `$Uri="https://graph.microsoft.com/`$APIVersion/`$Repository/`$DeviceConfigurationPolicyId/assign" + `$Uri="https://graph.microsoft.com/`$APIVersion/`$Repository/`$DeviceConfigurationPolicyId/assign" - foreach(`$target in `$targets) + foreach(`$target in `$targets) + { + `$formattedTarget=@{"@odata.type"=`$target.dataType} + if(`$target.groupId) { - `$formattedTarget=@{"@odata.type"=`$target.dataType} - if(`$target.groupId) - { - `$formattedTarget.Add('groupId',`$target.groupId) - } - if(`$target.collectionId) - { - `$formattedTarget.Add('collectionId',`$target.collectionId) - } - if(`$target.deviceAndAppManagementAssignmentFilterType) - { - `$formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',`$target.deviceAndAppManagementAssignmentFilterType) - } - if(`$target.deviceAndAppManagementAssignmentFilterId) - { - `$formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',`$target.deviceAndAppManagementAssignmentFilterId) - } - `$deviceManagementPolicyAssignments+=@{'target'= `$formattedTarget} + `$formattedTarget.Add('groupId',`$target.groupId) } - `$body=@{'assignments'=`$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 - #write-verbose -Message `$body - Invoke-MgGraphRequest -Method POST -Uri `$Uri -Body `$body -ErrorAction Stop - - } - catch - { - New-M365DSCLogEntry -Message 'Error updating data:' ` - -Exception `$_ ` - -Source `$(`$MyInvocation.MyCommand.Source) ` - -TenantId `$TenantId ` - -Credential `$Credential - - return `$null + if(`$target.collectionId) + { + `$formattedTarget.Add('collectionId',`$target.collectionId) + } + if(`$target.deviceAndAppManagementAssignmentFilterType) + { + `$formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',`$target.deviceAndAppManagementAssignmentFilterType) + } + if(`$target.deviceAndAppManagementAssignmentFilterId) + { + `$formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',`$target.deviceAndAppManagementAssignmentFilterId) + } + `$deviceManagementPolicyAssignments+=@{'target'= `$formattedTarget} } + `$body=@{'assignments'=`$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + #write-verbose -Message `$body + Invoke-MgGraphRequest -Method POST -Uri `$Uri -Body `$body -ErrorAction Stop + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' ` + -Exception `$_ ` + -Source `$(`$MyInvocation.MyCommand.Source) ` + -TenantId `$TenantId ` + -Credential `$Credential - + return `$null } +} + "@ $AssignmentsCIM = @' diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index f0d160b18b..96c1c8dfbd 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -47269,3 +47269,306 @@ function Update-MgDeviceAppMgtMdmWindowInformationProtectionPolicy #endregion +#region MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue +function Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [System.String] + $GroupPolicyPresentationValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $DefinitionValue, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Presentation, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [System.String] + $GroupPolicyPresentationValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [System.String] + $GroupPolicyPresentationValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $DefinitionValue, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Presentation, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +#endregion + From 8ef597edbead5c17fe81dfaad762cedd9a254418 Mon Sep 17 00:00:00 2001 From: menswearUK <98314167+menswearUK@users.noreply.github.com> Date: Wed, 29 Mar 2023 08:06:54 +0100 Subject: [PATCH 04/64] initial amendments to Get-MgDeviceManagementDeviceConfiguration amended IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator and IntuneDeviceConfigurationPolicyiOS with commands as suggested in the issue. I did add a filterscript after the displayname search as this is present in my example of a config that does use this form of the command - would prevent identically named profiles for different configs showing up if they exist --- ...figurationPolicyAndroidDeviceAdministrator.psm1 | 13 ++++--------- .../MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 | 14 ++++---------- 2 files changed, 8 insertions(+), 19 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 index 98b4674903..b2abbfd317 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -289,20 +289,15 @@ function Get-TargetResource #region resource generator code if (-Not [string]::IsNullOrEmpty($DisplayName)) { - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.DisplayName -eq "$($DisplayName)" ` + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidGeneralDeviceConfiguration' ` } } if (-not $getValue) { - [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.id -eq $id ` - } + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 index 7d61a42be8..dab4fd7da6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 @@ -836,19 +836,13 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.id -eq $id ` - } + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id if (-not $getValue) { - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.DisplayName -eq "$DisplayName" ` - -and $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosGeneralDeviceConfiguration' ` + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosGeneralDeviceConfiguration' ` } } #endregion From 786933bf4c6a9b7a82d41ec80f5f4e886e2e10fc Mon Sep 17 00:00:00 2001 From: menswearUK <98314167+menswearUK@users.noreply.github.com> Date: Wed, 29 Mar 2023 08:09:16 +0100 Subject: [PATCH 05/64] added silentlycontinue error action --- ...neDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 | 4 ++-- .../MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 index b2abbfd317..14aeb39e9c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -289,7 +289,7 @@ function Get-TargetResource #region resource generator code if (-Not [string]::IsNullOrEmpty($DisplayName)) { - $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" | Where-Object ` + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidGeneralDeviceConfiguration' ` } @@ -297,7 +297,7 @@ function Get-TargetResource if (-not $getValue) { - $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 index dab4fd7da6..ce8bd1b975 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 @@ -836,11 +836,11 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue if (-not $getValue) { - $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" | Where-Object ` + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosGeneralDeviceConfiguration' ` } From d3955c7cfeee0a4fb825073325d6076a5aa4711c Mon Sep 17 00:00:00 2001 From: menswearUK <98314167+menswearUK@users.noreply.github.com> Date: Thu, 30 Mar 2023 11:14:17 +0100 Subject: [PATCH 06/64] amended other instances of get-MgDeviceManagementDeviceConfiguration --- ...iceConfigurationPolicyAndroidDeviceOwner.psm1 | 15 ++++----------- ...figurationPolicyAndroidOpenSourceProject.psm1 | 14 ++++---------- ...iceConfigurationPolicyAndroidWorkProfile.psm1 | 16 ++++++++-------- ...SFT_IntuneDeviceConfigurationPolicyMacOS.psm1 | 14 +++++--------- ...IntuneDeviceConfigurationPolicyWindows10.psm1 | 16 ++++++++-------- ...gurationPolicyAndroidDeviceAdministrator.psm1 | 13 ++++--------- ...rationPolicyAndroidEntrepriseDeviceOwner.psm1 | 13 ++++--------- ...rationPolicyAndroidEntrepriseWorkProfile.psm1 | 13 ++++--------- ...uneWifiConfigurationPolicyAndroidForWork.psm1 | 14 ++++---------- ...figurationPolicyAndroidOpenSourceProject.psm1 | 13 ++++--------- .../MSFT_IntuneWifiConfigurationPolicyIOS.psm1 | 13 ++++--------- .../MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 | 13 ++++--------- ...T_IntuneWifiConfigurationPolicyWindows10.psm1 | 14 ++++---------- 13 files changed, 61 insertions(+), 120 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 index a698022ef5..3777bdf792 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 @@ -643,20 +643,13 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -All:$true ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.id -eq $Id ` - } + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue if (-not $getValue) { - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -All:$true ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration' -and $_.displayName -eq $($DisplayName) ` + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration' ` } } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 index 0c547707f6..47ea8120de 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -141,20 +141,14 @@ function Get-TargetResource #region resource generator code if (-Not [string]::IsNullOrEmpty($DisplayName)) { - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.DisplayName -eq "$($DisplayName)" ` + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.aospDeviceOwnerDeviceConfiguration' ` } - } if (-not $getValue) { - [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.id -eq $id ` - } + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 index 9ed168a880..c63c90ab36 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 @@ -644,10 +644,10 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Present') { Write-Verbose -Message "Updating existing Device Configuration Policy {$DisplayName}" - $configDevicePolicy = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration' -and ` - $_.displayName -eq $($DisplayName) } + $configDevicePolicy = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration' ` + } $PSBoundParameters.Remove('DisplayName') | Out-Null $PSBoundParameters.Remove('Description') | Out-Null @@ -671,10 +671,10 @@ function Set-TargetResource elseif ($Ensure -eq 'Absent' -and $currentPolicy.Ensure -eq 'Present') { Write-Verbose -Message "Removing Device Configuration Policy {$DisplayName}" - $configDevicePolicy = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration' -and ` - $_.displayName -eq $($DisplayName) } + $configDevicePolicy = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration' ` + } Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $configDevicePolicy.Id } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index 62166aba7a..b6a05683d9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -323,20 +323,16 @@ function Get-TargetResource #region resource generator code if (-Not [string]::IsNullOrEmpty($DisplayName)) { - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.DisplayName -eq "$($DisplayName)" ` + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSGeneralDeviceConfiguration' ` } + } if (-not $getValue) { - [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.id -eq $id ` - } + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 index 1c86747e12..aaaa95ac59 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 @@ -2089,10 +2089,10 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Present') { Write-Verbose -Message "Updating existing Device Configuration Policy {$DisplayName}" - $configDevicePolicy = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' -and ` - $_.displayName -eq $($DisplayName) } + $configDevicePolicy = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' ` + } $PSBoundParameters.Remove('DisplayName') | Out-Null $PSBoundParameters.Remove('Description') | Out-Null @@ -2120,10 +2120,10 @@ function Set-TargetResource elseif ($Ensure -eq 'Absent' -and $currentPolicy.Ensure -eq 'Present') { Write-Verbose -Message "Removing Device Configuration Policy {$DisplayName}" - $configDevicePolicy = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' -and ` - $_.displayName -eq $($DisplayName) } + $configDevicePolicy = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' ` + } Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $configDevicePolicy.Id } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 index 9fd22114ca..0fbae8c032 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -105,20 +105,15 @@ function Get-TargetResource #region resource generator code if (-Not [string]::IsNullOrEmpty($DisplayName)) { - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.DisplayName -eq "$($DisplayName)" ` + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWiFiConfiguration' ` } } if (-not $getValue) { - [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.id -eq $id ` - } + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 index 043ebbf8d6..e53597edc7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseDeviceOwner.psm1 @@ -134,20 +134,15 @@ function Get-TargetResource #region resource generator code if (-Not [string]::IsNullOrEmpty($DisplayName)) { - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.DisplayName -eq "$($DisplayName)" ` + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerWiFiConfiguration' ` } } if (-not $getValue) { - [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.id -eq $id ` - } + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 index b0cad95c9b..2c106bf477 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEntrepriseWorkProfile.psm1 @@ -105,20 +105,15 @@ function Get-TargetResource #region resource generator code if (-Not [string]::IsNullOrEmpty($DisplayName)) { - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.DisplayName -eq "$($DisplayName)" ` + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileWiFiConfiguration' ` } } if (-not $getValue) { - [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.id -eq $id ` - } + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 index e8b71073d8..5450508193 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 @@ -105,20 +105,14 @@ function Get-TargetResource #region resource generator code if (-Not [string]::IsNullOrEmpty($DisplayName)) { - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.DisplayName -eq "$($DisplayName)" ` + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidForWorkWiFiConfiguration' ` } - } if (-not $getValue) { - [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.id -eq $id ` - } + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 index f4e4d7a442..e30b4b11d4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -113,20 +113,15 @@ function Get-TargetResource #region resource generator code if (-Not [string]::IsNullOrEmpty($DisplayName)) { - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.DisplayName -eq "$($DisplayName)" ` + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.aospDeviceOwnerWiFiConfiguration' ` } } if (-not $getValue) { - [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.id -eq $id ` - } + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 index 2f33cae9c8..4671098230 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 @@ -130,20 +130,15 @@ function Get-TargetResource #region resource generator code if (-Not [string]::IsNullOrEmpty($DisplayName)) { - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.DisplayName -eq "$($DisplayName)" ` + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosWiFiConfiguration' ` } } if (-not $getValue) { - [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.id -eq $id ` - } + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 index a621c74d12..260797bc92 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 @@ -126,20 +126,15 @@ function Get-TargetResource #region resource generator code if (-Not [string]::IsNullOrEmpty($DisplayName)) { - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.DisplayName -eq "$($DisplayName)" ` + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSWiFiConfiguration' ` } } if (-not $getValue) { - [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.id -eq $id ` - } + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 index 7b05cbfb49..d3533c15ae 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 @@ -139,20 +139,14 @@ function Get-TargetResource #region resource generator code if (-Not [string]::IsNullOrEmpty($DisplayName)) { - $getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.DisplayName -eq "$($DisplayName)" ` - } + $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsWifiConfiguration' ` } if (-not $getValue) { - [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.id -eq $id ` - } + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } #endregion From 53cc71d8680115ca164282c4902824290c78877b Mon Sep 17 00:00:00 2001 From: menswearUK <98314167+menswearUK@users.noreply.github.com> Date: Thu, 30 Mar 2023 11:52:31 +0100 Subject: [PATCH 07/64] updated changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ce7e9958d2..3695d45c10 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -99,6 +99,8 @@ * Added a fix making sure that the progress bar "Scanning dependencies" is no longer displayed after the operation is completed. * Changed configuration drift reporting to event log to include the instance name as the source. FIXES [#2981](https://github.com/microsoft/Microsoft365DSC/issues/2981) + * Changed Get-MgDeviceManagementDeviceConfiguration to use the cmdlet switches rather than filtering output once returned. + Fixes #3082 # 1.23.322.1 From 5e32b3953454d792720880e3db9555dd6c2b3b73 Mon Sep 17 00:00:00 2001 From: Adrian von Buttlar Date: Thu, 30 Mar 2023 17:38:33 +0200 Subject: [PATCH 08/64] removed broken/duplicate configuration part --- .../2-CreateNewAdministrativeUnit.ps1 | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 index d09f4fdecc..b1ac3d9df3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 @@ -3,17 +3,6 @@ This example is used to test new resources and showcase the usage of new resourc It is not meant to use as a production baseline. #> -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsGlobalAdmin - ) - - Import-DscResource -ModuleName Microsoft365DSC - Configuration Example { param From ac18cd532649d30d6fd6844f60b20b4162228067 Mon Sep 17 00:00:00 2001 From: menswearUK <98314167+menswearUK@users.noreply.github.com> Date: Fri, 31 Mar 2023 17:02:54 +0100 Subject: [PATCH 09/64] resolved conflicts and updated changelog again --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7bf1a7e003..4c87f25d41 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -117,6 +117,8 @@ * Added a fix making sure that the progress bar "Scanning dependencies" is no longer displayed after the operation is completed. * Added a new Set-M365DSCLoggingOption function to enable logging information about non-drifted resources in Event Viewer. FIXES [#2981](https://github.com/microsoft/Microsoft365DSC/issues/2981) + * Changed Get-MgDeviceManagementDeviceConfiguration to use the cmdlet switches rather than filtering output once returned. + Fixes #3082 * DEPENDENCIES * Updated MicrosoftTeams dependency to version 5.1.0. From 737fbb5695c2e17a0ed7261ecbeafbbc81ef3675 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sun, 2 Apr 2023 17:18:35 +0100 Subject: [PATCH 10/64] initial release --- CHANGELOG.md | 2 + ...iceConfigurationCustomPolicyWindows10.psm1 | 1398 +++++++++++++++++ ...figurationCustomPolicyWindows10.schema.mof | 40 + .../readme.md | 6 + .../settings.json | 33 + ...igurationCustomPolicyWindows10-Example.ps1 | 52 + ...nfigurationCustomPolicyWindows10.Tests.ps1 | 318 ++++ 7 files changed, 1849 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/1-IntuneDeviceConfigurationCustomPolicyWindows10-Example.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationCustomPolicyWindows10.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 78c9bb4f62..fbea58a362 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* IntuneDeviceConfigurationCustomPolicyWindows10 + * Initial Release * IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 * Initial Release FIXES [#2830](https://github.com/microsoft/Microsoft365DSC/issues/2830) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 new file mode 100644 index 0000000000..180f79c261 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 @@ -0,0 +1,1398 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $OmaSettings, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Custom Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgDeviceManagementDeviceConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10CustomConfiguration" ` + } + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Custom Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Device Configuration Custom Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." + + #region resource generator code + $complexOmaSettings = @() + foreach ($currentomaSettings in $getValue.AdditionalProperties.omaSettings) + { + $myomaSettings = @{} + $myomaSettings.Add('Description', $currentomaSettings.description) + $myomaSettings.Add('DisplayName', $currentomaSettings.displayName) + $myomaSettings.Add('IsEncrypted', $currentomaSettings.isEncrypted) + $myomaSettings.Add('OmaUri', $currentomaSettings.omaUri) + $myomaSettings.Add('SecretReferenceValueId', $currentomaSettings.secretReferenceValueId) + $myomaSettings.Add('FileName', $currentomaSettings.fileName) + $myomaSettings.Add('Value', $currentomaSettings.value) + if ($currentomaSettings.'@odata.type' -eq '#microsoft.graph.omaSettingInteger') + { + $myomaSettings.Add('IsReadOnly', $currentomaSettings.isReadOnly) + } + if ($null -ne $currentomaSettings.'@odata.type') + { + $myomaSettings.Add('odataType', $currentomaSettings.'@odata.type'.toString()) + } + if ($myomaSettings.values.Where({$null -ne $_}).count -gt 0) + { + $complexOmaSettings += $myomaSettings + } + } + #endregion + + $results = @{ + #region resource generator code + OmaSettings = $complexOmaSettings + Description = $getValue.Description + DisplayName = $getValue.DisplayName + SupportsScopeTags = $getValue.SupportsScopeTags + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + $assignmentsValues = Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $OmaSettings, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('Credential') | Out-Null + $PSBoundParameters.Remove('ApplicationId') | Out-Null + $PSBoundParameters.Remove('ApplicationSecret') | Out-Null + $PSBoundParameters.Remove('TenantId') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('Verbose') | Out-Null + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Device Configuration Custom Policy for Windows10 with DisplayName {$DisplayName}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $CreateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + { + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + } + } + #region resource generator code + $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10CustomConfiguration") + foreach ($omaSetting in $CreateParameters.OmaSettings) + { + if ($omaSetting.odataType -ne '#microsoft.graph.omaSettingInteger') + { + $omaSetting.remove('isReadOnly') + } + } + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Device Configuration Custom Policy for Windows10 with Id {$($currentInstance.Id)}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + { + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + } + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10CustomConfiguration") + + foreach ($omaSetting in $UpdateParameters.OmaSettings) + { + if ($omaSetting.odataType -ne '#microsoft.graph.omaSettingInteger') + { + $omaSetting.remove('isReadOnly') + } + } + Update-MgDeviceManagementDeviceConfiguration ` + -DeviceConfigurationId $currentInstance.Id ` + -BodyParameter $UpdateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Device Configuration Custom Policy for Windows10 with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $OmaSettings, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Device Configuration Custom Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + $testResult = $false + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.remove("Id") | Out-Null + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10CustomConfiguration' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + if ($null -ne $Results.OmaSettings) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.OmaSettings ` + -CIMInstanceName 'MicrosoftGraphomaSetting' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.OmaSettings = $complexTypeStringResult + } + else + { + $Results.Remove('OmaSettings') | Out-Null + } + } + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.OmaSettings) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "OmaSettings" -isCIMArray:$True + } + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + } + #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable + $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace("`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace("`r`n,`r`n" , "`r`n" ) + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function Update-DeviceConfigurationPolicyAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $Targets, + + [Parameter()] + [System.String] + $Repository = 'deviceManagement/configurationPolicies', + + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion = 'beta' + ) + try + { + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + + foreach ($target in $targets) + { + $formattedTarget = @{"@odata.type" = $target.dataType} + if ($target.groupId) + { + $formattedTarget.Add('groupId',$target.groupId) + } + if ($target.collectionId) + { + $formattedTarget.Add('collectionId',$target.collectionId) + } + if ($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + } + if ($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + } + $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $null + } +} + +function Rename-M365DSCCimInstanceParameter +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $Properties + ) + + $keyToRename = @{ + "odataType" = "@odata.type" + } + + $result = $Properties + + $type = $Properties.getType().FullName + + #region Array + if ($type -like '*[[\]]') + { + $values = @() + foreach ($item in $Properties) + { + $values += Rename-M365DSCCimInstanceParameter $item + } + $result = $values + + return ,$result + } + #endregion + + #region Single + if ($type -like "*Hashtable") + { + $result = ([Hashtable]$Properties).clone() + } + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + { + $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) + { + $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + if ($key -in $keyToRename.Keys) + { + $keyName = $keyToRename.$key + } + + $property = $hashProperties.$key + if ($null -ne $property) + { + $hashProperties.Remove($key) + $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + } + } + $result = $hashProperties + } + return $result + #endregion +} + +function Get-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter()] + $ComplexObject + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + if ($ComplexObject.gettype().fullname -like "*[[\]]") + { + $results = @() + + foreach ($item in $ComplexObject) + { + if ($item) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash + } + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + + if ($ComplexObject.getType().fullname -like '*Dictionary*') + { + $results = @{} + + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys + foreach ($key in $keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyName = $key + + $keyType = $ComplexObject.$key.gettype().fullname + + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$key) + } + } + } + return [hashtable]$results + } + + $results = @{} + + if ($ComplexObject.getType().Fullname -like "*hashtable") + { + $keys = $ComplexObject.keys + } + else + { + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + } + + foreach ($key in $keys) + { + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike "*hashtable") + { + $keyName = $key.Name + } + + if ($null -ne $ComplexObject.$keyName) + { + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$keyName) + } + } + } + return [hashtable]$results +} + +<# + Use ComplexTypeMapping to overwrite the type of nested CIM + Example + $complexMapping=@( + @{ + Name="ApprovalStages" + CimInstanceName="MSFT_MicrosoftGraphapprovalstage1" + IsRequired=$false + } + @{ + Name="PrimaryApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + @{ + Name="EscalationApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + ) + With + Name: the name of the parameter to be overwritten + CimInstanceName: The type of the CIM instance (can include or not the prefix MSFT_) + IsRequired: If isRequired equals true, an empty hashtable or array will be returned. Some of the Graph parameters are required even though they are empty +#> +function Get-M365DSCDRGComplexTypeToString +{ + [CmdletBinding()] + param( + [Parameter()] + $ComplexObject, + + [Parameter(Mandatory = $true)] + [System.String] + $CIMInstanceName, + + [Parameter()] + [Array] + $ComplexTypeMapping, + + [Parameter()] + [System.String] + $Whitespace = '', + + [Parameter()] + [System.uint32] + $IndentLevel = 3, + + [Parameter()] + [switch] + $isArray = $false + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' + } + #If ComplexObject is an Array + if ($ComplexObject.GetType().FullName -like "*[[\]]") + { + $currentProperty = @() + $IndentLevel++ + foreach ($item in $ComplexObject) + { + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel + } + if ($ComplexTypeMapping) + { + $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + } + + $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,$currentProperty + } + + $currentProperty = '' + if ($isArray) + { + $currentProperty += "`r`n" + $currentProperty += $indent + } + + $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $currentProperty += "MSFT_$CIMInstanceName{`r`n" + $IndentLevel++ + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' + } + $keyNotNull = 0 + + if ($ComplexObject.Keys.count -eq 0) + { + return $null + } + + foreach ($key in $ComplexObject.Keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyNotNull++ + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + { + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() + + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + { + $isArray = $true + } + #overwrite type if object defined in mapping complextypemapping + if ($key -in $ComplexTypeMapping.Name) + { + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] + } + else + { + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + } + + if (-not $isArray) + { + $currentProperty += $indent + $key + ' = ' + } + + if ($isArray -and $key -in $ComplexTypeMapping.Name) + { + if ($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $key + ' = ' + $currentProperty += "@(" + } + } + + if ($isArray) + { + $IndentLevel++ + foreach ($item in $ComplexObject[$key]) + { + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + { + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "@()`r`n" + } + $currentProperty += $nestedPropertyString + } + $IndentLevel-- + } + else + { + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "`$null`r`n" + } + $currentProperty += $nestedPropertyString + } + if ($isArray) + { + if ($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $currentProperty += ')' + $currentProperty += "`r`n" + } + } + $isArray = $PSBoundParameters.IsArray + } + else + { + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($indent) + } + } + else + { + $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} + + if ($mappedKey -and $mappedKey.isRequired) + { + if ($mappedKey.isArray) + { + $currentProperty += "$indent$key = @()`r`n" + } + else + { + $currentProperty += "$indent$key = `$null`r`n" + } + } + } + } + $indent = '' + for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + { + $indent += ' ' + } + $currentProperty += "$indent}" + if ($isArray -or $IndentLevel -gt 4) + { + $currentProperty += "`r`n" + } + + #Indenting last parenthese when the cim instance is an array + if ($IndentLevel -eq 5) + { + $indent = '' + for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + { + $indent += ' ' + } + $currentProperty += $indent + } + + $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") + { + $currentProperty = $null + } + return $currentProperty +} + +Function Get-M365DSCDRGSimpleObjectTypeToString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory = 'true')] + [System.String] + $Key, + + [Parameter(Mandatory = 'true')] + $Value, + + [Parameter()] + [System.String] + $Space = ' ' + + ) + + $returnValue = '' + switch -Wildcard ($Value.GetType().Fullname ) + { + "*.Boolean" + { + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + } + "*.String" + { + if ($key -eq '@odata.type') + { + $key ='odataType' + } + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" + } + "*.DateTime" + { + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" + } + "*[[\]]" + { + $returnValue = $Space + $key + " = @(" + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) + { + $returnValue += "`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" + } + foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + { + switch -Wildcard ($item.GetType().Fullname) + { + "*.String" + { + $returnValue += "$whitespace'$item'$newline" + } + "*.DateTime" + { + $returnValue += "$whitespace'$item'$newline" + } + Default + { + $returnValue += "$whitespace$item$newline" + } + } + } + if ($Value.count -gt 1) + { + $returnValue += "$Space)`r`n" + } + else + { + $returnValue += ")`r`n" + + } + } + Default + { + $returnValue = $Space + $Key + " = " + $Value + "`r`n" + } + } + return $returnValue +} + +function Compare-M365DSCComplexObject +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param( + [Parameter()] + $Source, + [Parameter()] + $Target + ) + + #Comparing full objects + if ($null -eq $Source -and $null -eq $Target) + { + return $true + } + + $sourceValue = '' + $targetValue = '' + if (($null -eq $Source) -xor ($null -eq $Target)) + { + if ($null -eq $Source) + { + $sourceValue = 'Source is null' + } + + if ($null -eq $Target) + { + $targetValue = 'Target is null' + } + Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" + return $false + } + + if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + { + if ($source.count -ne $target.count) + { + Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" + return $false + } + if ($source.count -eq 0) + { + return $true + } + + foreach ($item in $Source) + { + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) + { + $compareResult = Compare-M365DSCComplexObject ` + -Source $hashSource ` + -Target $targetItem + + if ($compareResult) + { + break + } + } + + if (-not $compareResult) + { + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' + return $false + } + } + return $true + } + + $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} + foreach ($key in $keys) + { + #Matching possible key names between Source and Target + $skey = $key + $tkey = $key + + $sourceValue = $Source.$key + $targetValue = $Target.$tkey + #One of the item is null and not the other + if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) + { + + if ($null -eq $Source.$key) + { + $sourceValue = 'null' + } + + if ($null -eq $Target.$tkey) + { + $targetValue = 'null' + } + + #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + + #Both keys aren't null or empty + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + { + if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") + { + #Recursive call for complex object + $compareResult = Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` + -Target $Target.$tkey + + if (-not $compareResult) + { + #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + else + { + #Simple object comparison + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key + + #Identifying date from the current values + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like "*Date*") + { + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) + { + $compareResult = $null + } + } + else + { + $compareResult = Compare-Object ` + -ReferenceObject ($referenceObject) ` + -DifferenceObject ($differenceObject) + } + + if ($null -ne $compareResult) + { + #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + } + } + return $true +} + +function Convert-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $ComplexObject + ) + + if ($ComplexObject.getType().Fullname -like "*[[\]]") + { + $results = @() + foreach ($item in $ComplexObject) + { + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash + } + + #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return ,[hashtable[]]$results + } + $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject + + if ($null -ne $hashComplexObject) + { + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} + foreach ($key in $keys) + { + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + { + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + } + else + { + $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName,$propertyValue) + } + } + } + return [hashtable]$results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.schema.mof new file mode 100644 index 0000000000..4364e97a35 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.schema.mof @@ -0,0 +1,40 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphOmaSetting +{ + [Write, Description("Description.")] String Description; + [Write, Description("Display Name.")] String DisplayName; + [Write, Description("Indicates whether the value field is encrypted. This property is read-only.")] Boolean IsEncrypted; + [Write, Description("OMA.")] String OmaUri; + [Write, Description("ReferenceId for looking up secret for decryption. This property is read-only.")] String SecretReferenceValueId; + [Write, Description("File name associated with the Value property (.cer")] String FileName; + [Write, Description("Value. (Base64 encoded string)")] String Value; + [Write, Description("By setting to true, the CSP (configuration service provider) specified in the OMA-URI will perform a get, instead of set")] Boolean IsReadOnly; + [Write, Description("The type of the entity."), ValueMap{"#microsoft.graph.omaSettingBase64","#microsoft.graph.omaSettingBoolean","#microsoft.graph.omaSettingDateTime","#microsoft.graph.omaSettingFloatingPoint","#microsoft.graph.omaSettingInteger","#microsoft.graph.omaSettingString","#microsoft.graph.omaSettingStringXml"}, Values{"#microsoft.graph.omaSettingBase64","#microsoft.graph.omaSettingBoolean","#microsoft.graph.omaSettingDateTime","#microsoft.graph.omaSettingFloatingPoint","#microsoft.graph.omaSettingInteger","#microsoft.graph.omaSettingString","#microsoft.graph.omaSettingStringXml"}] String odataType; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationCustomPolicyWindows10")] +class MSFT_IntuneDeviceConfigurationCustomPolicyWindows10 : OMI_BaseResource +{ + [Write, Description("OMA settings. This collection can contain a maximum of 1000 elements."), EmbeddedInstance("MSFT_MicrosoftGraphomaSetting")] String OmaSettings[]; + [Write, Description("Admin provided description of the Device Configuration.")] String Description; + [Required, Description("Admin provided name of the device configuration.")] String DisplayName; + [Write, Description("Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.")] Boolean SupportsScopeTags; + [Key, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/readme.md new file mode 100644 index 0000000000..e5f11e88ce --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/readme.md @@ -0,0 +1,6 @@ + +# IntuneDeviceConfigurationCustomPolicyWindows10 + +## Description + +Intune Device Configuration Custom Policy for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/settings.json new file mode 100644 index 0000000000..a9b8d6e3a0 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "IntuneDeviceConfigurationCustomPolicyWindows10", + "description": "This resource configures an Intune Device Configuration Custom Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } +} + +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/1-IntuneDeviceConfigurationCustomPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/1-IntuneDeviceConfigurationCustomPolicyWindows10-Example.ps1 new file mode 100644 index 0000000000..c5f0533321 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/1-IntuneDeviceConfigurationCustomPolicyWindows10-Example.ps1 @@ -0,0 +1,52 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationCustomPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "custom"; + Ensure = "Present"; + Id = "e072d616-12bc-4ea3-9171-ab080e4c120d"; + OmaSettings = @( + MSFT_MicrosoftGraphomaSetting{ + Description = 'custom' + OmaUri = '/oma/custom' + odataType = '#microsoft.graph.omaSettingString' + SecretReferenceValueId = '5b0e1dba-4523-455e-9fdd-e36c833b57bf_e072d616-12bc-4ea3-9171-ab080e4c120d_1f958162-15d4-42ba-92c4-17c2544b2179' + Value = '****' + IsEncrypted = $True + DisplayName = 'oma' + } + MSFT_MicrosoftGraphomaSetting{ + Description = 'custom 2' + OmaUri = '/oma/custom2' + odataType = '#microsoft.graph.omaSettingInteger' + Value = 2 + IsReadOnly = $False + IsEncrypted = $False + DisplayName = 'custom 2' + } + ); + SupportsScopeTags = $True; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationCustomPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationCustomPolicyWindows10.Tests.ps1 new file mode 100644 index 0000000000..0eba77f4be --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationCustomPolicyWindows10.Tests.ps1 @@ -0,0 +1,318 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath "..\..\Unit" ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\Stubs\Microsoft365.psm1" ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\Stubs\Generic.psm1" ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath "\UnitTestHelper.psm1" ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneDeviceConfigurationCustomPolicyWindows10" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { + } + + } + # Test contexts + Context -Name "The IntuneDeviceConfigurationCustomPolicyWindows10 should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + omaSettings = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphomaSetting -Property @{ + fileName = "FakeStringValue" + description = "FakeStringValue" + omaUri = "FakeStringValue" + odataType = "#microsoft.graph.omaSettingBase64" + secretReferenceValueId = "FakeStringValue" + value = "FakeStringValue" + isReadOnly = $True + isEncrypted = $True + displayName = "FakeStringValue" + } -ClientOnly) + ) + supportsScopeTags = $True + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name "The IntuneDeviceConfigurationCustomPolicyWindows10 exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + omaSettings = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphomaSetting -Property @{ + fileName = "FakeStringValue" + description = "FakeStringValue" + omaUri = "FakeStringValue" + odataType = "#microsoft.graph.omaSettingBase64" + secretReferenceValueId = "FakeStringValue" + value = "FakeStringValue" + isReadOnly = $True + isEncrypted = $True + displayName = "FakeStringValue" + } -ClientOnly) + ) + supportsScopeTags = $True + Ensure = "Absent" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.windows10CustomConfiguration" + omaSettings = @( + @{ + fileName = "FakeStringValue" + description = "FakeStringValue" + omaUri = "FakeStringValue" + '@odata.type' = "#microsoft.graph.omaSettingBase64" + secretReferenceValueId = "FakeStringValue" + value = "FakeStringValue" + isReadOnly = $True + isEncrypted = $True + displayName = "FakeStringValue" + } + ) + } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + + } + } + } + + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + Context -Name "The IntuneDeviceConfigurationCustomPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + omaSettings = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphomaSetting -Property @{ + fileName = "FakeStringValue" + description = "FakeStringValue" + omaUri = "FakeStringValue" + odataType = "#microsoft.graph.omaSettingBase64" + secretReferenceValueId = "FakeStringValue" + value = "FakeStringValue" + isReadOnly = $True + isEncrypted = $True + displayName = "FakeStringValue" + } -ClientOnly) + ) + supportsScopeTags = $True + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.windows10CustomConfiguration" + omaSettings = @( + @{ + fileName = "FakeStringValue" + description = "FakeStringValue" + omaUri = "FakeStringValue" + '@odata.type' = "#microsoft.graph.omaSettingBase64" + secretReferenceValueId = "FakeStringValue" + value = "FakeStringValue" + isReadOnly = $True + isEncrypted = $True + displayName = "FakeStringValue" + } + ) + } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneDeviceConfigurationCustomPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + omaSettings = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphomaSetting -Property @{ + fileName = "FakeStringValue" + description = "FakeStringValue" + omaUri = "FakeStringValue" + odataType = "#microsoft.graph.omaSettingBase64" + secretReferenceValueId = "FakeStringValue" + value = "FakeStringValue" + isReadOnly = $True + isEncrypted = $True + displayName = "FakeStringValue" + } -ClientOnly) + ) + supportsScopeTags = $True + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.windows10CustomConfiguration" + omaSettings = @( + @{ + '@odata.type' = "#microsoft.graph.omaSettingBase64" + description = "FakeStringValue" + fileName = "FakeStringValue" + omaUri = "FakeStringValue" + secretReferenceValueId = "FakeStringValue" + value = "FakeStringValue" + displayName = "FakeStringValue" + } + ) + } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + } + } + } + + It "Should return Values from the Get method" { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It "Should call the Set method" { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name "ReverseDSC Tests" -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.windows10CustomConfiguration" + omaSettings = @( + @{ + fileName = "FakeStringValue" + description = "FakeStringValue" + omaUri = "FakeStringValue" + '@odata.type' = "#microsoft.graph.omaSettingBase64" + secretReferenceValueId = "FakeStringValue" + value = "FakeStringValue" + isReadOnly = $True + isEncrypted = $True + displayName = "FakeStringValue" + } + ) + } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + + } + } + } + It "Should Reverse Engineer resource from the Export method" { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From 47166d4637a1bd856a913fb2ed64f9c7e290bf77 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sun, 2 Apr 2023 18:59:07 +0100 Subject: [PATCH 11/64] temp --- ...AdministrativeTemplatePolicyWindows10.psm1 | 829 ++++++++++-------- ...strativeTemplatePolicyWindows10.schema.mof | 2 +- 2 files changed, 456 insertions(+), 375 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index da8744c9c6..087c7a18a1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -9,12 +9,12 @@ function Get-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] - [ValidateSet('unknown','custom','builtIn','mixed','unknownFutureValue')] + [ValidateSet('unknown', 'custom', 'builtIn', 'mixed', 'unknownFutureValue')] [System.String] $PolicyConfigurationIngestionType, @@ -31,10 +31,10 @@ function Get-TargetResource $Assignments, #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -67,8 +67,6 @@ function Get-TargetResource -InboundParameters $PSBoundParameters ` -ProfileName 'beta' - Select-MgProfile 'beta' - #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -86,13 +84,13 @@ function Get-TargetResource $getValue = $null #region resource generator code - $getValue = Get-MgDeviceManagementGroupPolicyConfiguration -GroupPolicyConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = Get-MgDeviceManagementGroupPolicyConfiguration -GroupPolicyConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id}" - if(-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgDeviceManagementGroupPolicyConfiguration ` -Filter "DisplayName eq '$DisplayName'" ` @@ -118,99 +116,105 @@ function Get-TargetResource #endregion #region - $settings = Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` - -GroupPolicyConfigurationId $Id + $settings = Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` + -GroupPolicyConfigurationId $Id - $complexDefinitionValues = @() - foreach($setting in $settings) + $complexDefinitionValues = @() + foreach ($setting in $settings) + { + $definitionValue = @{} + $definitionValue.Add('Id', $setting.Id) + if ($null -ne $setting.ConfigurationType) { - $definitionValue=@{} - $definitionValue.Add('Id',$setting.Id) - if($null -ne $setting.ConfigurationType) - { - $definitionValue.Add('ConfigurationType',$setting.ConfigurationType.toString()) - } - $definitionValue.Add('Enabled',$setting.Enabled) - $definition = Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition ` - -GroupPolicyConfigurationId $Id ` - -GroupPolicyDefinitionValueId $setting.Id + $definitionValue.Add('ConfigurationType', $setting.ConfigurationType.toString()) + } + $definitionValue.Add('Enabled', $setting.Enabled) + $definition = Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition ` + -GroupPolicyConfigurationId $Id ` + -GroupPolicyDefinitionValueId $setting.Id - $enumClassType = $null - if ($null -ne $definition.ClassType) - { - $enumClassType = $definition.ClassType.ToString() - } + $enumClassType = $null + if ($null -ne $definition.ClassType) + { + $enumClassType = $definition.ClassType.ToString() + } - $enumPolicyType = $null - if ($null -ne $definition.PolicyType) - { - $enumPolicyType = $definition.PolicyType.ToString() - } - $complexDefinition = @{ - CategoryPath = $definition.CategoryPath - ClassType = $enumClassType - DisplayName = $definition.DisplayName - #ExplainText = $definition.ExplainText - #GroupPolicyCategoryId = $definition.GroupPolicyCategoryId - #HasRelatedDefinitions = $definition.HasRelatedDefinitions - #MinDeviceCspVersion = $definition.MinDeviceCspVersion - #MinUserCspVersion = $definition.MinUserCspVersion - PolicyType = $enumPolicyType - SupportedOn = $definition.SupportedOn - Id = $definition.Id - } + $enumPolicyType = $null + if ($null -ne $definition.PolicyType) + { + $enumPolicyType = $definition.PolicyType.ToString() + } + $complexDefinition = @{ + CategoryPath = $definition.CategoryPath + ClassType = $enumClassType + DisplayName = $definition.DisplayName + #ExplainText = $definition.ExplainText + #GroupPolicyCategoryId = $definition.GroupPolicyCategoryId + #HasRelatedDefinitions = $definition.HasRelatedDefinitions + #MinDeviceCspVersion = $definition.MinDeviceCspVersion + #MinUserCspVersion = $definition.MinUserCspVersion + PolicyType = $enumPolicyType + SupportedOn = $definition.SupportedOn + Id = $definition.Id + } - $definitionValue.Add('Definition',$complexDefinition) + $definitionValue.Add('Definition', $complexDefinition) - $presentationValues = get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` - -GroupPolicyConfigurationId $Id ` - -GroupPolicyDefinitionValueId $setting.Id + $presentationValues = get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` + -GroupPolicyConfigurationId $Id ` + -GroupPolicyDefinitionValueId $setting.Id - $complexPresentationValues = @() - foreach($presentationValue in $presentationValues) + $complexPresentationValues = @() + foreach ($presentationValue in $presentationValues) + { + $complexPresentationValue = @{} + $complexPresentationValue.Add('odataType', $presentationValue.AdditionalProperties.'@odata.type') + $complexPresentationValue.Add('Id', $presentationValue.Id) + switch -Wildcard ($presentationValue.AdditionalProperties.'@odata.type') { - $complexPresentationValue = @{} - $complexPresentationValue.Add("odataType",$presentationValue.AdditionalProperties.'@odata.type') - $complexPresentationValue.Add("Id",$presentationValue.Id) - switch -Wildcard ($presentationValue.AdditionalProperties.'@odata.type') + '*.groupPolicyPresentationValueBoolean' { - "*.groupPolicyPresentationValueBoolean" - { - $complexPresentationValue.Add("BooleanValue",$presentationValue.AdditionalProperties.value) - } - "*.groupPolicyPresentationValue*Decimal" - { - $complexPresentationValue.Add("DecimalValue",$presentationValue.AdditionalProperties.value) - } - "*.groupPolicyPresentationValueList" + $complexPresentationValue.Add('BooleanValue', $presentationValue.AdditionalProperties.value) + } + '*.groupPolicyPresentationValue*Decimal' + { + $complexPresentationValue.Add('DecimalValue', $presentationValue.AdditionalProperties.value) + } + '*.groupPolicyPresentationValueList' + { + $complexKeyValuePairValues = @() + foreach ($value in $presentationValue.AdditionalProperties.values) { - $complexKeyValuePairValues = @() - foreach($value in $presentationValue.AdditionalProperties.values) - { - $complexKeyValuePairValues += @{ - Name = $(if($null -ne $value.name){$value.name.replace('"','')}) - Value = $(if($null -ne $value.value){$value.value.replace('"','')}) - } + $complexKeyValuePairValues += @{ + Name = $(if ($null -ne $value.name) + { + $value.name.replace('"', '') + }) + Value = $(if ($null -ne $value.value) + { + $value.value.replace('"', '') + }) } - $complexPresentationValue.Add("KeyValuePairValues",$complexKeyValuePairValues) - } - "*.groupPolicyPresentationValueMultiText" - { - $complexPresentationValue.Add("StringValue",$presentationValue.AdditionalProperties.values) - } - "*.groupPolicyPresentationValueText" - { - $complexPresentationValue.Add("StringValue",$presentationValue.AdditionalProperties.value) } + $complexPresentationValue.Add('KeyValuePairValues', $complexKeyValuePairValues) + } + '*.groupPolicyPresentationValueMultiText' + { + $complexPresentationValue.Add('StringValue', $presentationValue.AdditionalProperties.values) + } + '*.groupPolicyPresentationValueText' + { + $complexPresentationValue.Add('StringValue', $presentationValue.AdditionalProperties.value) } - $complexPresentationValues += $complexPresentationValue } + $complexPresentationValues += $complexPresentationValue + } - $definitionValue.Add('PresentationValues',$complexPresentationValues) - $complexDefinitionValues += $definitionValue + $definitionValue.Add('PresentationValues', $complexPresentationValues) + $complexDefinitionValues += $definitionValue - } + } #endregion $results = @{ @@ -234,10 +238,10 @@ function Get-TargetResource foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } @@ -267,12 +271,12 @@ function Set-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] - [ValidateSet('unknown','custom','builtIn','mixed','unknownFutureValue')] + [ValidateSet('unknown', 'custom', 'builtIn', 'mixed', 'unknownFutureValue')] [System.String] $PolicyConfigurationIngestionType, @@ -289,10 +293,10 @@ function Set-TargetResource $Assignments, #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -344,40 +348,40 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Administrative Template Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null $CreateParameters.Remove('DefinitionValues') | Out-Null - $keys=(([Hashtable]$CreateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { - if($key -eq 'DefinitionValues') + if ($key -eq 'DefinitionValues') { #Removing Key Definition because it is Read-Only - foreach($definitionValue in ($CreateParameters.$key).DefinitionValues) + foreach ($definitionValue in ($CreateParameters.$key).DefinitionValues) { $definitionValue.remove('Definition') } } - $CreateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code - $policy=New-MgDeviceManagementGroupPolicyConfiguration -BodyParameter $CreateParameters - $assignmentsHash=@() - foreach($assignment in $Assignments) + $policy = New-MgDeviceManagementGroupPolicyConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - if($policy.id) + if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/groupPolicyConfigurations' } @@ -395,21 +399,21 @@ function Set-TargetResource } }#> - foreach($definitionValue in $targetDefinitionValues) + foreach ($definitionValue in $targetDefinitionValues) { $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue $enumConfigurationType = $null - if($null -ne $definitionValue.ConfigurationType) + if ($null -ne $definitionValue.ConfigurationType) { $enumConfigurationType = $definitionValue.ConfigurationType.toString() } $complexPresentationValues = @() - if($null -ne $definitionValue.PresentationValues) + if ($null -ne $definitionValue.PresentationValues) { $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues } $complexDefinitionValue = @{ - Definition = @{Id = $definitionValue.Definition.Id} + Definition = @{Id = $definitionValue.Definition.Id } Enabled = $definitionValue.Enabled ConfigurationType = $enumConfigurationType PresentationValues = $complexPresentationValues @@ -424,7 +428,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Administrative Template Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -432,26 +436,26 @@ function Set-TargetResource $UpdateParameters.Remove('Id') | Out-Null $UpdateParameters.Remove('DefinitionValues') | Out-Null - $keys=(([Hashtable]$UpdateParameters).clone()).Keys - foreach($key in $keys) + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) { - if($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { - $UpdateParameters.$key= Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code #Update Core policy - $UpdateParameters.Add("@odata.type", "#microsoft.graph.GroupPolicyConfiguration") + $UpdateParameters.Add('@odata.type', '#microsoft.graph.GroupPolicyConfiguration') Update-MgDeviceManagementGroupPolicyConfiguration ` -GroupPolicyConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters #Update Assignments - $assignmentsHash=@() - foreach($assignment in $Assignments) + $assignmentsHash = @() + foreach ($assignment in $Assignments) { - $assignmentsHash+=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` @@ -459,67 +463,91 @@ function Set-TargetResource #endregion #Update DefinitionValues + [Array]$currentDefinitionValues = $currentInstance.DefinitionValues [Array]$targetDefinitionValues = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $DefinitionValues #write-verbose ($targetDefinitionValues |convertto-json -depth 20) - write-verbose ("currentDefinitionValues: $($currentDefinitionValues.Id.count) - targetDefinitionValues: $($targetDefinitionValues.Id.count)") + Write-Verbose ("currentDefinitionValues: $($currentDefinitionValues.Id.count) - targetDefinitionValues: $($targetDefinitionValues.Id.count)") $comparedDefinitionValues = Compare-Object ` -ReferenceObject ($currentDefinitionValues.Id) ` -DifferenceObject ($targetDefinitionValues.Id) ` -IncludeEqual - $definitionValuesToAdd = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '=>'}).InputObject - $definitionValuesToRemove = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '<='}).InputObject - $definitionValuesToCheck = ($comparedDefinitionValues | Where-Object -FilterScript {$_.SideIndicator -eq '=='}).InputObject - write-verbose ("Add: $($definitionValuesToAdd.count) - Remove: $($definitionValuesToRemove.count) - Check: $($definitionValuesToCheck.count)") - foreach($definitionValueId in $definitionValuesToAdd) + $definitionValuesToAdd = ($comparedDefinitionValues | Where-Object -FilterScript { $_.SideIndicator -eq '=>' }).InputObject + $definitionValuesToRemove = ($comparedDefinitionValues | Where-Object -FilterScript { $_.SideIndicator -eq '<=' }).InputObject + $definitionValuesToCheck = ($comparedDefinitionValues | Where-Object -FilterScript { $_.SideIndicator -eq '==' }).InputObject + Write-Verbose ("Add: $($definitionValuesToAdd.count) - Remove: $($definitionValuesToRemove.count) - Check: $($definitionValuesToCheck.count)") + + $formattedDefinitionValuesToAdd = @() + foreach ($definitionValueId in $definitionValuesToAdd) { - $definitionValue = $targetDefinitionValues | Where-Object -FilterScript {$_.Id -eq $definitionValueId} + $definitionValue = $targetDefinitionValues | Where-Object -FilterScript { $_.Id -eq $definitionValueId } $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue $enumConfigurationType = $null - if($null -ne $definitionValue.ConfigurationType) + if ($null -ne $definitionValue.ConfigurationType) { $enumConfigurationType = $definitionValue.ConfigurationType.toString() } $complexPresentationValues = @() - if($null -ne $definitionValue.PresentationValues) + if ($null -ne $definitionValue.PresentationValues) { $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues } $complexDefinitionValue = @{ - Definition = @{Id = $definitionValue.Definition.Id} + Definition = @{Id = $definitionValue.Definition.Id } Enabled = $definitionValue.Enabled ConfigurationType = $enumConfigurationType PresentationValues = $complexPresentationValues } - write-verbose( $complexDefinitionValue|convertto-json) - New-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` - -GroupPolicyConfigurationId $currentInstance.Id ` - -BodyParameter $complexDefinitionValue + $formattedDefinitionValuesToAdd += $complexDefinitionValue } - foreach($definitionValueId in $definitionValuesToRemove) + $formattedDefinitionValuesToUpdate = @() + foreach ($definitionValueId in $definitionValuesToCheck) { - Remove-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` - -GroupPolicyConfigurationId $currentInstance.Id ` - -GroupPolicyDefinitionValueId $definitionValueId + $definitionValue = $targetDefinitionValues | Where-Object -FilterScript { $_.Id -eq $definitionValueId } + $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue + $enumConfigurationType = $null + if ($null -ne $definitionValue.ConfigurationType) + { + $enumConfigurationType = $definitionValue.ConfigurationType.toString() + } + $complexPresentationValues = @() + if ($null -ne $definitionValue.PresentationValues) + { + $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues + } + $complexDefinitionValue = @{ + Definition = @{Id = $definitionValue.Definition.Id } + Enabled = $definitionValue.Enabled + ConfigurationType = $enumConfigurationType + PresentationValues = $complexPresentationValues + } + $formattedDefinitionValuesToUpdate += $complexDefinitionValue } - foreach($definitionValueId in $definitionValuesToCheck) + Write-Verbose( $formattedDefinitionValuesToAdd | ConvertTo-Json) + Write-Verbose( $formattedDefinitionValuesToUpdate | ConvertTo-Json) + Update-DeviceConfigurationGroupPolicyDefinitionValue ` + -DeviceConfigurationPolicyId $currentInstance.Id ` + -DefinitionValueToAdd $formattedDefinitionValuesToAdd ` + -DefinitionValueToUpdate $formattedDefinitionValuesToUpdate ` + -DefinitionValueToRemove $definitionValuesToRemove + <#foreach ($definitionValueId in $definitionValuesToCheck) { - $currentDefinitionValue = $currentDefinitionValues | Where-Object -FilterScript {$_.Id -eq $definitionValueId} + $currentDefinitionValue = $currentDefinitionValues | Where-Object -FilterScript { $_.Id -eq $definitionValueId } $currentDefinitionValue.remove('Definition') $currentDefinitionValue = Rename-M365DSCCimInstanceParameter -Properties $currentDefinitionValue - $definitionValue = $targetDefinitionValues | Where-Object -FilterScript {$_.Id -eq $definitionValueId} + $definitionValue = $targetDefinitionValues | Where-Object -FilterScript { $_.Id -eq $definitionValueId } $definitionValue.remove('Definition') $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue $enumConfigurationType = $null - if($null -ne $definitionValue.ConfigurationType) + if ($null -ne $definitionValue.ConfigurationType) { $enumConfigurationType = $definitionValue.ConfigurationType.toString() } $complexPresentationValues = @() - if($null -ne $definitionValue.PresentationValues) + if ($null -ne $definitionValue.PresentationValues) { $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues } @@ -534,7 +562,7 @@ function Set-TargetResource -Source $complexDefinitionValue ` -Target $currentDefinitionValue - If(-not $toUpdate) + If (-not $toUpdate) { $complexDefinitionValue.Remove('Id') $complexDefinitionValue.Remove('PresentationValues') @@ -543,7 +571,7 @@ function Set-TargetResource -GroupPolicyDefinitionValueId $definitionValueId ` -BodyParameter $complexDefinitionValue - foreach($presentationValue in $complexPresentationValues) + foreach ($presentationValue in $complexPresentationValues) { $presentationValueId = $presentationValue.Id $presentationValue.remove('Id') @@ -551,11 +579,11 @@ function Set-TargetResource Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` -GroupPolicyConfigurationId $currentInstance.Id ` -GroupPolicyDefinitionValueId $definitionValueId ` - -GroupPolicyPresentationValueId $presentationValueId ` + -GroupPolicyPresentationValueId $presentationValueId ` -BodyParameter $presentationValue } } - } + }#> } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -577,12 +605,12 @@ function Test-TargetResource [System.String] $Description, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] - [ValidateSet('unknown','custom','builtIn','mixed','unknownFutureValue')] + [ValidateSet('unknown', 'custom', 'builtIn', 'mixed', 'unknownFutureValue')] [System.String] $PolicyConfigurationIngestionType, @@ -599,10 +627,10 @@ function Test-TargetResource $Assignments, #endregion - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -662,13 +690,13 @@ function Test-TargetResource { $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source #Removing Key Definition because it is Read-Only - if($key -eq 'DefinitionValues') + if ($key -eq 'DefinitionValues') { - foreach($definitionValue in $source.DefinitionValues) + foreach ($definitionValue in $source.DefinitionValues) { $definitionValue.remove('Definition') } - foreach($definitionValue in $target.DefinitionValues) + foreach ($definitionValue in $target.DefinitionValues) { $definitionValue.remove('Definition') } @@ -681,7 +709,7 @@ function Test-TargetResource if (-Not $testResult) { $testResult = $false - break; + break } $ValuesToCheck.Remove($key) | Out-Null @@ -693,8 +721,8 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" if ($testResult) { @@ -743,7 +771,6 @@ function Export-TargetResource $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` -ProfileName 'beta' - Select-MgProfile 'beta' -ErrorAction Stop #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -785,6 +812,7 @@ function Export-TargetResource Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -798,23 +826,23 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if($Results.DefinitionValues) + if ($Results.DefinitionValues) { - $complexMapping=@( + $complexMapping = @( @{ - Name="Definition" - CimInstanceName="MSFT_IntuneGroupPolicyDefinitionValueDefinition" - IsRequired=$false + Name = 'Definition' + CimInstanceName = 'MSFT_IntuneGroupPolicyDefinitionValueDefinition' + IsRequired = $false } @{ - Name="PresentationValues" - CimInstanceName="MSFT_IntuneGroupPolicyDefinitionValuePresentationValue" - IsRequired=$false + Name = 'PresentationValues' + CimInstanceName = 'MSFT_IntuneGroupPolicyDefinitionValuePresentationValue' + IsRequired = $false } @{ - Name="KeyValuePairValues" - CimInstanceName="MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair" - IsRequired=$false + Name = 'KeyValuePairValues' + CimInstanceName = 'MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair' + IsRequired = $false } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` @@ -830,7 +858,7 @@ function Export-TargetResource $Results.Remove('DefinitionValues') | Out-Null } } - if($Results.Assignments) + if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) @@ -849,28 +877,29 @@ function Export-TargetResource -Credential $Credential if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } if ($Results.DefinitionValues) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DefinitionValues" -isCIMArray:$true + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DefinitionValues' -IsCIMArray:$true } if ($Results.DefinitionValues.Definition) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Definition" + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Definition' } if ($Results.DefinitionValues.PresentationValues) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "PresentationValues" + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'PresentationValues' } if ($Results.DefinitionValues.PresentationValues.KeyValuePairValues) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "KeyValuePairValues" + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'KeyValuePairValues' } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable - $currentDSCBlock=$currentDSCBlock.replace( " ,`r`n" , " `r`n" ) - $currentDSCBlock=$currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( " ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace( "`r`n,`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` @@ -908,41 +937,41 @@ function Update-DeviceConfigurationPolicyAssignment [Parameter()] [System.String] - $Repository='deviceManagement/configurationPolicies', + $Repository = 'deviceManagement/configurationPolicies', [Parameter()] - [ValidateSet('v1.0','beta')] + [ValidateSet('v1.0', 'beta')] [System.String] - $APIVersion='beta' + $APIVersion = 'beta' ) try { - $deviceManagementPolicyAssignments=@() + $deviceManagementPolicyAssignments = @() - $Uri="https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" - foreach($target in $targets) + foreach ($target in $targets) { - $formattedTarget=@{"@odata.type"=$target.dataType} - if($target.groupId) + $formattedTarget = @{'@odata.type' = $target.dataType } + if ($target.groupId) { - $formattedTarget.Add('groupId',$target.groupId) + $formattedTarget.Add('groupId', $target.groupId) } - if($target.collectionId) + if ($target.collectionId) { - $formattedTarget.Add('collectionId',$target.collectionId) + $formattedTarget.Add('collectionId', $target.collectionId) } - if($target.deviceAndAppManagementAssignmentFilterType) + if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) } - if($target.deviceAndAppManagementAssignmentFilterId) + if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) } - $deviceManagementPolicyAssignments+=@{'target'= $formattedTarget} + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget } } - $body=@{'assignments'=$deviceManagementPolicyAssignments}|ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop @@ -950,37 +979,89 @@ function Update-DeviceConfigurationPolicyAssignment catch { New-M365DSCLogEntry -Message 'Error updating data:' - -Exception $_ - -Source $($MyInvocation.MyCommand.Source) - -TenantId $TenantId - -Credential $Credential + -Exception $_ + -Source $($MyInvocation.MyCommand.Source) + -TenantId $TenantId + -Credential $Credential + + return $null + } + + +} + +function Update-DeviceConfigurationGroupPolicyDefinitionValue +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $DefinitionValueToAdd, + + [Parameter()] + [Array] + $DefinitionValueToUpdate, + + [Parameter()] + [Array] + $DefinitionValueToRemove + ) + try + { + $deviceManagementPolicyAssignments = @() + + $Uri = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations/$DeviceConfigurationPolicyId/updateDefinitionValues" + + $body = @{ + 'added' = $DefinitionValueToAdd + 'updated' = $DefinitionValueToUpdate + 'deletedIds' = $DefinitionValueToRemove.Id + } | ConvertTo-Json -Depth 20 + write-verbose -Message ("In update") + write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' + -Exception $_ + -Source $($MyInvocation.MyCommand.Source) + -TenantId $TenantId + -Credential $Credential return $null } } + function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] param( [Parameter(Mandatory = 'true')] $Properties ) - $keyToRename=@{ - "odataType"="@odata.type" - "BooleanValue"="value" - "StringValue"="value" - "DecimalValue"="value" - "KeyValuePairValues"="values" - "StringValues"="values" + $keyToRename = @{ + 'odataType' = '@odata.type' + 'BooleanValue' = 'value' + 'StringValue' = 'value' + 'DecimalValue' = 'value' + 'KeyValuePairValues' = 'values' + 'StringValues' = 'values' } - $result=$Properties + $result = $Properties - $type=$Properties.getType().FullName + $type = $Properties.getType().FullName #region Array if ($type -like '*[[\]]') @@ -990,34 +1071,34 @@ function Rename-M365DSCCimInstanceParameter { $values += Rename-M365DSCCimInstanceParameter $item } - $result=$values + $result = $values - return ,$result + return , $result } #endregion #region Single - if($type -like "*Hashtable") + if ($type -like '*Hashtable') { - $result=([Hashtable]$Properties).clone() + $result = ([Hashtable]$Properties).clone() } - if($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result - $keys=($hashProperties.clone()).keys - foreach($key in $keys) + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) { - $keyName=$key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) if ($key -in $keyToRename.Keys) { - $keyName=$keyToRename.$key + $keyName = $keyToRename.$key } - $property=$hashProperties.$key - if($null -ne $property) + $property = $hashProperties.$key + if ($null -ne $property) { $hashProperties.Remove($key) - $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) } } $result = $hashProperties @@ -1029,51 +1110,51 @@ function Rename-M365DSCCimInstanceParameter function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter()] $ComplexObject ) - if($null -eq $ComplexObject) + if ($null -eq $ComplexObject) { return $null } - if($ComplexObject.gettype().fullname -like "*[[\]]") + if ($ComplexObject.gettype().fullname -like '*[[\]]') { - $results=@() + $results = @() - foreach($item in $ComplexObject) + foreach ($item in $ComplexObject) { - if($item) + if ($item) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $results += $hash } } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } - if($ComplexObject.getType().fullname -like '*Dictionary*') + if ($ComplexObject.getType().fullname -like '*Dictionary*') { $results = @{} - $ComplexObject=[hashtable]::new($ComplexObject) - $keys=$ComplexObject.Keys + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys foreach ($key in $keys) { - if($null -ne $ComplexObject.$key) + if ($null -ne $ComplexObject.$key) { $keyName = $key - $keyType=$ComplexObject.$key.gettype().fullname + $keyType = $ComplexObject.$key.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key @@ -1090,27 +1171,27 @@ function Get-M365DSCDRGComplexTypeToHashtable $results = @{} - if($ComplexObject.getType().Fullname -like "*hashtable") + if ($ComplexObject.getType().Fullname -like '*hashtable') { $keys = $ComplexObject.keys } else { - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } } foreach ($key in $keys) { - $keyName=$key - if($ComplexObject.getType().Fullname -notlike "*hashtable") + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') { - $keyName=$key.Name + $keyName = $key.Name } - if($null -ne $ComplexObject.$keyName) + if ($null -ne $ComplexObject.$keyName) { - $keyType=$ComplexObject.$keyName.gettype().fullname - if($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" ) + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' ) { $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName @@ -1168,15 +1249,15 @@ function Get-M365DSCDRGComplexTypeToString [Parameter()] [System.String] - $Whitespace='', + $Whitespace = '', [Parameter()] [System.uint32] - $IndentLevel=3, + $IndentLevel = 3, [Parameter()] [switch] - $isArray=$false + $isArray = $false ) if ($null -eq $ComplexObject) @@ -1184,26 +1265,26 @@ function Get-M365DSCDRGComplexTypeToString return $null } - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like "*[[\]]") + if ($ComplexObject.GetType().FullName -like '*[[\]]') { - $currentProperty=@() + $currentProperty = @() $IndentLevel++ foreach ($item in $ComplexObject) { - $splat=@{ - 'ComplexObject'=$item - 'CIMInstanceName'=$CIMInstanceName - 'IndentLevel'=$IndentLevel + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $splat.add('ComplexTypeMapping',$ComplexTypeMapping) + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) } $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat @@ -1212,23 +1293,23 @@ function Get-M365DSCDRGComplexTypeToString # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,$currentProperty + return , $currentProperty } - $currentProperty='' - if($isArray) + $currentProperty = '' + if ($isArray) { $currentProperty += "`r`n" $currentProperty += $indent } - $CIMInstanceName=$CIMInstanceName.replace("MSFT_","") + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') $currentProperty += "MSFT_$CIMInstanceName{`r`n" $IndentLevel++ - $indent='' + $indent = '' for ($i = 0; $i -lt $IndentLevel ; $i++) { - $indent+=' ' + $indent += ' ' } $keyNotNull = 0 @@ -1242,37 +1323,37 @@ function Get-M365DSCDRGComplexTypeToString if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) { - $hashPropertyType=$ComplexObject[$key].GetType().Name.tolower() + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() - $isArray=$false - if($ComplexObject[$key].GetType().FullName -like "*[[\]]") + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') { - $isArray=$true + $isArray = $true } #overwrite type if object defined in mapping complextypemapping - if($key -in $ComplexTypeMapping.Name) + if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType=([Array]($ComplexTypeMapping|Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] - $hashProperty=$ComplexObject[$key] + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] } else { - $hashProperty=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if(-not $isArray) + if (-not $isArray) { $currentProperty += $indent + $key + ' = ' } - if($isArray -and $key -in $ComplexTypeMapping.Name ) + if ($isArray -and $key -in $ComplexTypeMapping.Name ) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent + $key + ' = ' - $currentProperty += "@(" + $currentProperty += '@(' } } @@ -1281,17 +1362,17 @@ function Get-M365DSCDRGComplexTypeToString $IndentLevel++ foreach ($item in $ComplexObject[$key]) { - if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') { - $item=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item } $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $item ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping ` - -IsArray:$true - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "@()`r`n" } @@ -1302,26 +1383,26 @@ function Get-M365DSCDRGComplexTypeToString else { $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -IndentLevel $IndentLevel ` - -ComplexTypeMapping $ComplexTypeMapping - if([string]::IsNullOrWhiteSpace($nestedPropertyString)) + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) { $nestedPropertyString = "`$null`r`n" } $currentProperty += $nestedPropertyString } - if($isArray) + if ($isArray) { - if($ComplexObject.$key.count -gt 0) + if ($ComplexObject.$key.count -gt 0) { $currentProperty += $indent $currentProperty += ')' $currentProperty += "`r`n" } } - $isArray=$PSBoundParameters.IsArray + $isArray = $PSBoundParameters.IsArray } else { @@ -1330,11 +1411,11 @@ function Get-M365DSCDRGComplexTypeToString } else { - $mappedKey=$ComplexTypeMapping|where-object -filterscript {$_.name -eq $key} + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } - if($mappedKey -and $mappedKey.isRequired) + if ($mappedKey -and $mappedKey.isRequired) { - if($mappedKey.isArray) + if ($mappedKey.isArray) { $currentProperty += "$indent$key = @()`r`n" } @@ -1345,32 +1426,32 @@ function Get-M365DSCDRGComplexTypeToString } } } - $indent='' - for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += "$indent}" - if($isArray -or $IndentLevel -gt 4) + if ($isArray -or $IndentLevel -gt 4) { $currentProperty += "`r`n" } #Indenting last parenthese when the cim instance is an array - if($IndentLevel -eq 5) + if ($IndentLevel -eq 5) { - $indent='' - for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) { - $indent+=' ' + $indent += ' ' } $currentProperty += $indent } - $emptyCIM=$currentProperty.replace(" ","").replace("`r`n","") - if($emptyCIM -eq "MSFT_$CIMInstanceName{}") + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") { - $currentProperty=$null + $currentProperty = $null } return $currentProperty @@ -1390,49 +1471,49 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] - $Space=" " + $Space = ' ' ) - $returnValue="" + $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - "*.Boolean" + '*.Boolean' { - $returnValue= $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - "*.String" + '*.String' { - if($key -eq '@odata.type') + if ($key -eq '@odata.type') { - $key='odataType' + $key = 'odataType' } - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*.DateTime" + '*.DateTime' { - $returnValue= $Space + $Key + " = '" + $Value + "'`r`n" + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - "*[[\]]" + '*[[\]]' { - $returnValue= $Space + $key + " = @(" - $whitespace="" - $newline="" - if($Value.count -gt 1) + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) { $returnValue += "`r`n" - $whitespace=$Space+" " - $newline="`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" } - foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) { switch -Wildcard ($item.GetType().Fullname ) { - "*.String" + '*.String' { $returnValue += "$whitespace'$item'$newline" } - "*.DateTime" + '*.DateTime' { $returnValue += "$whitespace'$item'$newline" } @@ -1442,7 +1523,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } } } - if($Value.count -gt 1) + if ($Value.count -gt 1) { $returnValue += "$Space)`r`n" } @@ -1454,7 +1535,7 @@ Function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue= $Space + $Key + " = " + $Value + "`r`n" + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" } } return $returnValue @@ -1472,47 +1553,47 @@ function Compare-M365DSCComplexObject ) #Comparing full objects - if($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } - $sourceValue="" - $targetValue="" + $sourceValue = '' + $targetValue = '' if (($null -eq $Source) -xor ($null -eq $Target)) { - if($null -eq $Source) + if ($null -eq $Source) { - $sourceValue="Source is null" + $sourceValue = 'Source is null' } - if($null -eq $Target) + if ($null -eq $Target) { - $targetValue="Target is null" + $targetValue = 'Target is null' } #Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" return $false } - if($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') { - if($source.count -ne $target.count) + if ($source.count -ne $target.count) { #Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" return $false } - if($source.count -eq 0) + if ($source.count -eq 0) { return $true } - foreach($item in $Source) + foreach ($item in $Source) { - $hashSource=Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - foreach($targetItem in $Target) + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) { - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source $hashSource ` -Target $targetItem @@ -1522,36 +1603,36 @@ function Compare-M365DSCComplexObject } } - if(-not $compareResult) + if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - The complex array items are not identical" + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } } return $true } - $keys= $Source.Keys|Where-Object -FilterScript {$_ -ne "PSComputerName"} + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { #Matching possible key names between Source and Target - $skey=$key - $tkey=$key + $skey = $key + $tkey = $key - $sourceValue=$Source.$key - $targetValue=$Target.$tkey + $sourceValue = $Source.$key + $targetValue = $Target.$tkey #One of the item is null and not the other if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if($null -eq $Source.$key) + if ($null -eq $Source.$key) { - $sourceValue="null" + $sourceValue = 'null' } - if($null -eq $Target.$tkey) + if ($null -eq $Target.$tkey) { - $targetValue="null" + $targetValue = 'null' } #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" @@ -1559,16 +1640,16 @@ function Compare-M365DSCComplexObject } #Both keys aren't null or empty - if(($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*" ) + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*' ) { #Recursive call for complex object - $compareResult= Compare-M365DSCComplexObject ` + $compareResult = Compare-M365DSCComplexObject ` -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey - if(-not $compareResult) + if (-not $compareResult) { #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" @@ -1578,18 +1659,18 @@ function Compare-M365DSCComplexObject else { #Simple object comparison - $referenceObject=$Target.$tkey - $differenceObject=$Source.$key + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key #Identifying date from the current values - $targetType=($Target.$tkey.getType()).Name - if($targetType -like "*Date*") + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') { - $compareResult=$true - $sourceDate= [DateTime]$Source.$key - if($sourceDate -ne $targetType) + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) { - $compareResult=$null + $compareResult = $null } } else @@ -1613,47 +1694,47 @@ function Compare-M365DSCComplexObject function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable],[hashtable[]])] + [OutputType([hashtable], [hashtable[]])] param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if($ComplexObject.getType().Fullname -like "*[[\]]") + if ($ComplexObject.getType().Fullname -like '*[[\]]') { - $results=@() - foreach($item in $ComplexObject) + $results = @() + foreach ($item in $ComplexObject) { - $hash=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item - $results+=$hash + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash } #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return ,[hashtable[]]$results + return , [hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if($null -ne $hashComplexObject) + if ($null -ne $hashComplexObject) { - $results=$hashComplexObject.clone() - $keys=$hashComplexObject.Keys|Where-Object -FilterScript {$_ -ne 'PSComputerName'} + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) { - if($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') { - $results[$key]=Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } else { $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) - $propertyValue=$results[$key] - $results.remove($key)|out-null - $results.add($propertyName,$propertyValue) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof index 48f0ad49f9..024ee6033c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof @@ -55,7 +55,7 @@ class MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair class MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 : OMI_BaseResource { [Write, Description("User provided description for the resource object.")] String Description; - [Write, Description("User provided name for the resource object.")] String DisplayName; + [Required, Description("User provided name for the resource object.")] String DisplayName; [Write, Description("Type of definitions configured for this policy. Possible values are: unknown, custom, builtIn, mixed, unknownFutureValue."), ValueMap{"unknown","custom","builtIn","mixed","unknownFutureValue"}, Values{"unknown","custom","builtIn","mixed","unknownFutureValue"}] String PolicyConfigurationIngestionType; [Key, Description("The unique identifier for an entity. Read-only.")] String Id; [Write, Description("The list of enabled or disabled group policy definition values for the configuration."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinitionValue")] String DefinitionValues[]; From b0ea99e2296061e88b4aed1c81fdc20e0f9e5e19 Mon Sep 17 00:00:00 2001 From: Adrian von Buttlar Date: Sun, 2 Apr 2023 22:01:25 +0200 Subject: [PATCH 12/64] ignore password property when updating an exisiting user --- .../MSFT_AADUser/MSFT_AADUser.psm1 | 69 ++++++++++--------- 1 file changed, 38 insertions(+), 31 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 index 5c9c2d5426..6cbff99f90 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 @@ -462,51 +462,58 @@ function Set-TargetResource } #endregion - if ($null -ne $Password) + if ($user.UserPrincipalName) { - $passwordValue = $Password.GetNetworkCredential().Password + Write-Verbose -Message "Updating Office 365 User $UserPrincipalName Information" + + if ($null -ne $Password) + { + Write-Verbose -Message "PasswordProfile property will not be updated" + } + + $CreationParams.Add('UserId', $UserPrincipalName) + Update-MgUser @CreationParams } else { - try + + if ($null -ne $Password) { - # This only works in PowerShell 5.1 - $passwordValue = [System.Web.Security.Membership]::GeneratePassword(30, 2) + $passwordValue = $Password.GetNetworkCredential().Password } - catch + else { - $TokenSet = @{ - U = [Char[]]'ABCDEFGHIJKLMNOPQRSTUVWXYZ' - L = [Char[]]'abcdefghijklmnopqrstuvwxyz' - N = [Char[]]'0123456789' - S = [Char[]]'!"#$%&''()*+,-./:;<=>?@[\]^_`{|}~' + try + { + # This only works in PowerShell 5.1 + $passwordValue = [System.Web.Security.Membership]::GeneratePassword(30, 2) } + catch + { + $TokenSet = @{ + U = [Char[]]'ABCDEFGHIJKLMNOPQRSTUVWXYZ' + L = [Char[]]'abcdefghijklmnopqrstuvwxyz' + N = [Char[]]'0123456789' + S = [Char[]]'!"#$%&''()*+,-./:;<=>?@[\]^_`{|}~' + } - $Upper = Get-Random -Count 5 -InputObject $TokenSet.U - $Lower = Get-Random -Count 5 -InputObject $TokenSet.L - $Number = Get-Random -Count 5 -InputObject $TokenSet.N - $Special = Get-Random -Count 5 -InputObject $TokenSet.S + $Upper = Get-Random -Count 5 -InputObject $TokenSet.U + $Lower = Get-Random -Count 5 -InputObject $TokenSet.L + $Number = Get-Random -Count 5 -InputObject $TokenSet.N + $Special = Get-Random -Count 5 -InputObject $TokenSet.S - $StringSet = $Upper + $Lower + $Number + $Special + $StringSet = $Upper + $Lower + $Number + $Special - $stringPassword = (Get-Random -Count 15 -InputObject $StringSet) -join '' - $passwordValue = ConvertTo-SecureString $stringPassword -AsPlainText -Force + $stringPassword = (Get-Random -Count 15 -InputObject $StringSet) -join '' + $passwordValue = ConvertTo-SecureString $stringPassword -AsPlainText -Force + } } - } - $PasswordProfile = @{ - Password = $passwordValue - } - $CreationParams.Add('PasswordProfile', $PasswordProfile) + $PasswordProfile = @{ + Password = $passwordValue + } + $CreationParams.Add('PasswordProfile', $PasswordProfile) - if ($user.UserPrincipalName) - { - Write-Verbose -Message "Updating Office 365 User $UserPrincipalName Information" - $CreationParams.Add('UserId', $UserPrincipalName) - Update-MgUser @CreationParams - } - else - { Write-Verbose -Message "Creating Office 365 User $UserPrincipalName" $CreationParams.Add('AccountEnabled', $true) $CreationParams.Add('MailNickName', $UserPrincipalName.Split('@')[0]) From a080340a4292af8a00c5b8d95790e0379c2303c2 Mon Sep 17 00:00:00 2001 From: Adrian von Buttlar Date: Sun, 2 Apr 2023 22:01:48 +0200 Subject: [PATCH 13/64] added note on password property usage --- docs/docs/resources/azure-ad/AADUser.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/resources/azure-ad/AADUser.md b/docs/docs/resources/azure-ad/AADUser.md index 41da535e54..cdfa5e0fdd 100644 --- a/docs/docs/resources/azure-ad/AADUser.md +++ b/docs/docs/resources/azure-ad/AADUser.md @@ -11,7 +11,7 @@ | **Roles** | Write | StringArray[] | The list of Azure Active Directory roles assigned to the user. | | | **UsageLocation** | Write | String | The country code the user will be assigned to | | | **LicenseAssignment** | Write | StringArray[] | The account SKU Id for the license to be assigned to the user | | -| **Password** | Write | PSCredential | The password for the account. The parameter is a PSCredential object, but only the Password component will be used | | +| **Password** | Write | PSCredential | The password for the account. The parameter is a PSCredential object, but only the Password component will be used. Property will only be used when creating the user and not on subsequent updates. If password is not supplied for a new resource a new random password will be generated. | | | **City** | Write | String | The City name of the user | | | **Country** | Write | String | The Country name of the user | | | **Department** | Write | String | The Department name of the user | | From eb157c6d5bb17cb16fa651c3e31e281e09bc1ba6 Mon Sep 17 00:00:00 2001 From: Adrian von Buttlar Date: Sun, 2 Apr 2023 22:01:48 +0200 Subject: [PATCH 14/64] added note on password property usage --- docs/docs/resources/azure-ad/AADUser.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/resources/azure-ad/AADUser.md b/docs/docs/resources/azure-ad/AADUser.md index 41da535e54..b33fe966cd 100644 --- a/docs/docs/resources/azure-ad/AADUser.md +++ b/docs/docs/resources/azure-ad/AADUser.md @@ -11,7 +11,7 @@ | **Roles** | Write | StringArray[] | The list of Azure Active Directory roles assigned to the user. | | | **UsageLocation** | Write | String | The country code the user will be assigned to | | | **LicenseAssignment** | Write | StringArray[] | The account SKU Id for the license to be assigned to the user | | -| **Password** | Write | PSCredential | The password for the account. The parameter is a PSCredential object, but only the Password component will be used | | +| **Password** | Write | PSCredential | The password for the account. The parameter is a PSCredential object, but only the Password component will be used. If Password is not supplied for a new resource a new random password will be generated. Property will only be used when creating the user and not on subsequent updates. | | | **City** | Write | String | The City name of the user | | | **Country** | Write | String | The Country name of the user | | | **Department** | Write | String | The Department name of the user | | From 3fa08b29f3896692c5d69192bd672c3639c282b4 Mon Sep 17 00:00:00 2001 From: Adrian von Buttlar Date: Mon, 3 Apr 2023 08:56:17 +0200 Subject: [PATCH 15/64] entry for #3093: AADUser password property usage --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 78c9bb4f62..21bb04bced 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,6 +41,8 @@ * [BREAKING CHANGE] Remove deprecated parameter PreferredDataLocation* EXOAntiPhishPolicy * [BREAKING CHANGE] Remove deprecated parameters EnableAntispoofEnforcement and TargetedDomainProtectionAction + * Password property will only used with New-MgUser and ignored for updates + FIXES [#3093](https://github.com/microsoft/Microsoft365DSC/issues/3093) * EXOGroupSettings * Initial Release FIXES [#3089](https://github.com/microsoft/Microsoft365DSC/issues/3089) From 7d995d4ba74d92ecc2392fbdb7b944a94ed9717c Mon Sep 17 00:00:00 2001 From: Adrian von Buttlar Date: Tue, 4 Apr 2023 09:33:41 +0200 Subject: [PATCH 16/64] add assembly in case password is generated, only for PowerShell v5 --- .../DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 index 6cbff99f90..f1aaedd3d7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 @@ -485,7 +485,8 @@ function Set-TargetResource { try { - # This only works in PowerShell 5.1 + # This only works in PowerShell 5. + Add-Type -AssemblyName System.Web $passwordValue = [System.Web.Security.Membership]::GeneratePassword(30, 2) } catch From 07bff5efa91ac797ac8c24a5e23f57a0a41dd852 Mon Sep 17 00:00:00 2001 From: Adrian von Buttlar Date: Tue, 4 Apr 2023 10:10:05 +0200 Subject: [PATCH 17/64] properly check for null values --- .../Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 index f1aaedd3d7..056bf2052e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 @@ -462,7 +462,7 @@ function Set-TargetResource } #endregion - if ($user.UserPrincipalName) + if ($null -ne $user.UserPrincipalName) { Write-Verbose -Message "Updating Office 365 User $UserPrincipalName Information" From 1ced50870243d5f858b8c0eca7d6c771ad5dd478 Mon Sep 17 00:00:00 2001 From: Adrian von Buttlar Date: Tue, 4 Apr 2023 10:10:39 +0200 Subject: [PATCH 18/64] generated password in PowerShell > v5 are now 30 chars long --- .../Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 index 056bf2052e..1b92df93a9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 @@ -505,7 +505,7 @@ function Set-TargetResource $StringSet = $Upper + $Lower + $Number + $Special - $stringPassword = (Get-Random -Count 15 -InputObject $StringSet) -join '' + $stringPassword = (Get-Random -Count 30 -InputObject $StringSet) -join '' $passwordValue = ConvertTo-SecureString $stringPassword -AsPlainText -Force } } From 8042fe84ade085831f02735d37578d0a3262bb3a Mon Sep 17 00:00:00 2001 From: Adrian von Buttlar Date: Tue, 4 Apr 2023 10:24:03 +0200 Subject: [PATCH 19/64] pick enough chars from the token sets to get a 30 char password --- .../DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 index 1b92df93a9..358e3844f8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 @@ -498,10 +498,10 @@ function Set-TargetResource S = [Char[]]'!"#$%&''()*+,-./:;<=>?@[\]^_`{|}~' } - $Upper = Get-Random -Count 5 -InputObject $TokenSet.U - $Lower = Get-Random -Count 5 -InputObject $TokenSet.L - $Number = Get-Random -Count 5 -InputObject $TokenSet.N - $Special = Get-Random -Count 5 -InputObject $TokenSet.S + $Upper = Get-Random -Count 8 -InputObject $TokenSet.U + $Lower = Get-Random -Count 8 -InputObject $TokenSet.L + $Number = Get-Random -Count 8 -InputObject $TokenSet.N + $Special = Get-Random -Count 8 -InputObject $TokenSet.S $StringSet = $Upper + $Lower + $Number + $Special From cdf327c854793ab3a63766f826f685b4c7cd7495 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Thu, 6 Apr 2023 09:48:05 +0200 Subject: [PATCH 20/64] Draft for Key Params --- docs/docs/concepts/key-parameters.md | 85 ++++++++++++++++++++++++++++ docs/mkdocs.yml | 1 + 2 files changed, 86 insertions(+) create mode 100644 docs/docs/concepts/key-parameters.md diff --git a/docs/docs/concepts/key-parameters.md b/docs/docs/concepts/key-parameters.md new file mode 100644 index 0000000000..f8d97d7159 --- /dev/null +++ b/docs/docs/concepts/key-parameters.md @@ -0,0 +1,85 @@ +# Key Parameters in Desired State Configuration + +PowerShell Desired State Configurations (DSC) are used to configure a system in a desired state. This is done by comparing the current state of the system with the desired state and applying the necessary changes to get to the desired state. The state is defined by the configuration. Every part of the configuration needs to be unique. Uniqueness is defined by the keys of the resource. The keys are the parameters that are used to identify a resource. If the keys are not unique, the configuration will not compile. + +This is a unique configuration for two users in a tenant: + +```powershell + +Configuration MyConfig { + + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost { + + # Create a new user 1 + AADUser User1 { + UserPrincipalName = "User1@tenant.onmicrosoft.com" + DisplayName = "User" + } + + # Create a new user 2 + AADUser User2 { + UserPrincipalName = "User2@tenant.onmicrosoft.com" + DisplayName = "User" + } + } +} + +``` + +Whereas this configuration is not unique and will not compile: + +```powershell + +Configuration MyConfig { + + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost { + + # Create a new user 1 + AADUser User1 { + UserPrincipalName = "User1@tenant.onmicrosoft.com" + DisplayName = "User1" + } + + # Create a new user 2 - with the same UPN as user 1 + AADUser User2 { + UserPrincipalName = "User1@tenant.onmicrosoft.com" + DisplayName = "User2" + } + } +} + +``` + +There are two resources with the same key combination. User1 and User2 do have the same UserPrincipalName and would configure different DisplayNames. This is not allowed and will not compile. The same is true for other resources. For example, if you would have two AADGroups with the same UserPrincipalName, the configuration would not compile. + +Within Microsoft365DSC there are many resources that are not backed by a configurable object in Microsoft 365. These objects will get unique identifiers that are created during the first creation. These identifiers are not configurable and are not exposed to the user. This is a big challenge for DSC, as we need to have a unique identifier prior to the creation of the objects in the tenant. + +## The hen and egg problem of having key parameters in Microsoft365DSC and objects in a tenant + +Over the last year we have seen various issues that were caused by duplicate keys in a Microsoft365DSC configuration. The root cause for these issues was caused by newly created configurations from M365DSC exports. + +To resolve this issue it is important to understand the difference between key parameters and immutable identifiers in Microsoft 365. The key parameters are the parameters that are used to identify a resource. The immutable identifiers are the unique identifiers that are created during the creation of the resource. These identifiers are not configurable and are not exposed to the user. The key parameters are used to identify the resource and the immutable identifiers are used to identify the resource within the platform. + +Changing the key parameters of those resource with duplicate keys is not an option as we would create a different configuration. In most cases the root cause is the fact, that we can have objects in Azure and Microsoft 365 with the same display name, but different immutable identifiers. + +We can differentiate between two types of resources: + +1. Those which have a unique immutable identifier and can be identified by the key parameters. Like the AADUser resource, which has a unique immutable identifier and can be identified by the UserPrincipalName. +2. Those which have a unique immutable identifier, but can not be identified by the key parameters. Like the AADApplication resource, which has a unique immutable identifier, but can not be uniquely identified by the DisplayName. + +For 1. we can change the key parameters and the configuration will compile. We can rely on the immutable identifier to identify the resource. For 2. we can not rely on the immutable identifier to identify the resource. This is a big challenge for DSC, as we need to have a unique identifier prior to the creation of the objects in the tenant. + +## The current implementation of key parameters in Microsoft365DSC + +With the April 2023 release of Microsoft365DSC we have many breaking changes that help to better identify the resources in the configuration. There were several changes to key parameters. This implementation a new way of handling key parameters. This new implementation is based on the following principles: + +1. The key parameters are the parameters that are used to identify a resource. +2. The immutable identifiers are the unique identifiers that are created during the creation of the resource. Fom some resources, these are now exposed through M365DSC. This offers two use cases: + 1. During the initial creation of the resource the display name would be used to identify the resource. This is the same as the current implementation. + 2. For updates of the resource, the immutable identifier would be used to identify the resource. This is a new implementation. + +The new implementation is kind of a heuristic approach to enable exports and imports of configurations. Besides that it is a good practice to better identify the resources in the configuration. diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 392dba6d60..ab3ef24cf5 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -62,6 +62,7 @@ nav: - 'Breaking Changes Policy': 'concepts/breaking-changes.md' - 'OneDrive & SharePoint Permissions': 'concepts/odsp-permissions.md' - 'Consent Flow': 'concepts/consent-flow.md' + - 'Key Parameters in DSC' : 'concepts/key-parameters.md' - Resources: - 'Overview': 'resources/overview.md' - 'Azure AD': 'resources/azure-ad' From fc89f4f370323aadab28ecf12477d26f6d9c250e Mon Sep 17 00:00:00 2001 From: Adrian von Buttlar Date: Thu, 6 Apr 2023 15:23:06 +0200 Subject: [PATCH 21/64] check for PowerShell Version before trying to generate a password using [System.Web] --- .../DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 index 358e3844f8..3094b6342a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 @@ -483,13 +483,12 @@ function Set-TargetResource } else { - try + if ($PSVersionTable.PSVersion.Major -eq 5) { - # This only works in PowerShell 5. Add-Type -AssemblyName System.Web $passwordValue = [System.Web.Security.Membership]::GeneratePassword(30, 2) } - catch + else { $TokenSet = @{ U = [Char[]]'ABCDEFGHIJKLMNOPQRSTUVWXYZ' From 10f3618046ef142fc40029831bcce15eeecaebd0 Mon Sep 17 00:00:00 2001 From: Adrian von Buttlar Date: Thu, 6 Apr 2023 15:25:19 +0200 Subject: [PATCH 22/64] add note on password property as well --- .../DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof index 5b4c2ad1c7..851d9385bf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof @@ -8,7 +8,7 @@ class MSFT_AADUser : OMI_BaseResource [Write, Description("The list of Azure Active Directory roles assigned to the user.")] String Roles[]; [Write, Description("The country code the user will be assigned to")] String UsageLocation; [Write, Description("The account SKU Id for the license to be assigned to the user")] String LicenseAssignment[]; - [Write, Description("The password for the account. The parameter is a PSCredential object, but only the Password component will be used"), EmbeddedInstance("MSFT_Credential")] String Password; + [Write, Description("The password for the account. The parameter is a PSCredential object, but only the Password component will be used. The password for the account. The parameter is a PSCredential object, but only the Password component will be used. If Password is not supplied for a new resource a new random password will be generated. Property will only be used when creating the user and not on subsequent updates."), EmbeddedInstance("MSFT_Credential")] String Password; [Write, Description("The City name of the user")] String City; [Write, Description("The Country name of the user")] String Country; [Write, Description("The Department name of the user")] String Department; From 781383069764793e1eb6a565bef091c465f6f15c Mon Sep 17 00:00:00 2001 From: William-francillette Date: Fri, 7 Apr 2023 19:09:42 +0100 Subject: [PATCH 23/64] fixed unit test --- CHANGELOG.md | 8 ++++++-- ...tuneDeviceConfigurationCustomPolicyWindows10.Tests.ps1 | 7 ------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a830f5ca5f..1684b90157 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneDeviceConfigurationCustomPolicyWindows10 + * Initial Release + FIXES [#3068](https://github.com/microsoft/Microsoft365DSC/issues/3068) + # 1.23.405.1 * AADAdministrativeUnit @@ -70,8 +76,6 @@ * [BREAKING CHANGE] Setting Identity as Key parameter and DisplayName as Required * IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager * [BREAKING CHANGE] Fix resource -* IntuneDeviceConfigurationCustomPolicyWindows10 - * Initial Release * IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 * Initial Release FIXES [#2830](https://github.com/microsoft/Microsoft365DSC/issues/2830) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationCustomPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationCustomPolicyWindows10.Tests.ps1 index 0eba77f4be..d628ad4aa6 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationCustomPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationCustomPolicyWindows10.Tests.ps1 @@ -65,7 +65,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { odataType = "#microsoft.graph.omaSettingBase64" secretReferenceValueId = "FakeStringValue" value = "FakeStringValue" - isReadOnly = $True isEncrypted = $True displayName = "FakeStringValue" } -ClientOnly) @@ -105,7 +104,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { odataType = "#microsoft.graph.omaSettingBase64" secretReferenceValueId = "FakeStringValue" value = "FakeStringValue" - isReadOnly = $True isEncrypted = $True displayName = "FakeStringValue" } -ClientOnly) @@ -127,7 +125,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { '@odata.type' = "#microsoft.graph.omaSettingBase64" secretReferenceValueId = "FakeStringValue" value = "FakeStringValue" - isReadOnly = $True isEncrypted = $True displayName = "FakeStringValue" } @@ -169,7 +166,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { odataType = "#microsoft.graph.omaSettingBase64" secretReferenceValueId = "FakeStringValue" value = "FakeStringValue" - isReadOnly = $True isEncrypted = $True displayName = "FakeStringValue" } -ClientOnly) @@ -191,7 +187,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { '@odata.type' = "#microsoft.graph.omaSettingBase64" secretReferenceValueId = "FakeStringValue" value = "FakeStringValue" - isReadOnly = $True isEncrypted = $True displayName = "FakeStringValue" } @@ -226,7 +221,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { odataType = "#microsoft.graph.omaSettingBase64" secretReferenceValueId = "FakeStringValue" value = "FakeStringValue" - isReadOnly = $True isEncrypted = $True displayName = "FakeStringValue" } -ClientOnly) @@ -293,7 +287,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { '@odata.type' = "#microsoft.graph.omaSettingBase64" secretReferenceValueId = "FakeStringValue" value = "FakeStringValue" - isReadOnly = $True isEncrypted = $True displayName = "FakeStringValue" } From be9ac1774365e8dbff0177e467c42516e89bcfc9 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 8 Apr 2023 18:46:08 +0100 Subject: [PATCH 24/64] Initial release --- CHANGELOG.md | 5 + ...AdministrativeTemplatePolicyWindows10.psm1 | 189 ++--- ...strativeTemplatePolicyWindows10.schema.mof | 2 + ...istrativeTemplatePolicyWindows10.Tests.ps1 | 461 ++++++++++-- Tests/Unit/Stubs/Microsoft365.psm1 | 704 ++++++++++++++++++ 5 files changed, 1175 insertions(+), 186 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2dbb95becd..985d0810f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Change log for Microsoft365DSC +# UNRELEASED + * IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 + * Initial release + FIXES [#2833](https://github.com/microsoft/Microsoft365DSC/issues/2833) + # 1.23.405.1 * IntuneDeviceEnrollmentPlatformRestriction diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index 087c7a18a1..fad5bc82f8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -112,7 +112,6 @@ function Get-TargetResource { $enumPolicyConfigurationIngestionType = $getValue.PolicyConfigurationIngestionType.ToString() } - #endregion #region @@ -160,9 +159,10 @@ function Get-TargetResource $definitionValue.Add('Definition', $complexDefinition) - $presentationValues = get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` + $presentationValues = Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` -GroupPolicyConfigurationId $Id ` - -GroupPolicyDefinitionValueId $setting.Id + -GroupPolicyDefinitionValueId $setting.Id ` + -ExpandProperty 'presentation' $complexPresentationValues = @() foreach ($presentationValue in $presentationValues) @@ -170,6 +170,8 @@ function Get-TargetResource $complexPresentationValue = @{} $complexPresentationValue.Add('odataType', $presentationValue.AdditionalProperties.'@odata.type') $complexPresentationValue.Add('Id', $presentationValue.Id) + $complexPresentationValue.Add('presentationDefinitionId', $presentationValue.Presentation.Id) + $complexPresentationValue.Add('presentationDefinitionLabel', $presentationValue.Presentation.Label) switch -Wildcard ($presentationValue.AdditionalProperties.'@odata.type') { '*.groupPolicyPresentationValueBoolean' @@ -212,8 +214,6 @@ function Get-TargetResource $definitionValue.Add('PresentationValues', $complexPresentationValues) $complexDefinitionValues += $definitionValue - - } #endregion @@ -388,17 +388,7 @@ function Set-TargetResource #Create DefinitionValues [Array]$targetDefinitionValues = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $DefinitionValues - #write-verbose ($targetDefinitionValues |convertto-json -depth 20) - - <#if($null -ne $targetDefinitionValues -and $targetDefinitionValues.count -gt 0) - { - #Removing Key Definition because it is Read-Only - foreach($definitionValue in $targetDefinitionValues) - { - $definitionValue.remove('Definition') - } - }#> - + $formattedDefinitionValuesToAdd = @() foreach ($definitionValue in $targetDefinitionValues) { $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue @@ -410,19 +400,26 @@ function Set-TargetResource $complexPresentationValues = @() if ($null -ne $definitionValue.PresentationValues) { - $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues + foreach ($presentationValue in [Hashtable[]]$definitionValue.PresentationValues) + { + $value = $presentationValue.clone() + $value.add('presentation@odata.bind', "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.remove('PresentationDefinitionId') + $complexPresentationValues += $value + } } $complexDefinitionValue = @{ - Definition = @{Id = $definitionValue.Definition.Id } - Enabled = $definitionValue.Enabled - ConfigurationType = $enumConfigurationType - PresentationValues = $complexPresentationValues + id = $definitionValue.Id + 'definition@odata.bind' = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + enabled = $definitionValue.Enabled + presentationValues = $complexPresentationValues } - - New-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` - -GroupPolicyConfigurationId $currentInstance.Id ` - -BodyParameter $complexDefinitionValue + $formattedDefinitionValuesToAdd += $complexDefinitionValue } + + Update-DeviceConfigurationGroupPolicyDefinitionValue ` + -DeviceConfigurationPolicyId $policy.Id ` + -DefinitionValueToAdd $formattedDefinitionValuesToAdd #endregion } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') @@ -465,8 +462,6 @@ function Set-TargetResource #Update DefinitionValues [Array]$currentDefinitionValues = $currentInstance.DefinitionValues [Array]$targetDefinitionValues = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $DefinitionValues - #write-verbose ($targetDefinitionValues |convertto-json -depth 20) - Write-Verbose ("currentDefinitionValues: $($currentDefinitionValues.Id.count) - targetDefinitionValues: $($targetDefinitionValues.Id.count)") $comparedDefinitionValues = Compare-Object ` -ReferenceObject ($currentDefinitionValues.Id) ` @@ -476,7 +471,7 @@ function Set-TargetResource $definitionValuesToAdd = ($comparedDefinitionValues | Where-Object -FilterScript { $_.SideIndicator -eq '=>' }).InputObject $definitionValuesToRemove = ($comparedDefinitionValues | Where-Object -FilterScript { $_.SideIndicator -eq '<=' }).InputObject $definitionValuesToCheck = ($comparedDefinitionValues | Where-Object -FilterScript { $_.SideIndicator -eq '==' }).InputObject - Write-Verbose ("Add: $($definitionValuesToAdd.count) - Remove: $($definitionValuesToRemove.count) - Check: $($definitionValuesToCheck.count)") + #Write-Verbose ("Add: $($definitionValuesToAdd.count) - Remove: $($definitionValuesToRemove.count) - Check: $($definitionValuesToCheck.count)") $formattedDefinitionValuesToAdd = @() foreach ($definitionValueId in $definitionValuesToAdd) @@ -491,13 +486,19 @@ function Set-TargetResource $complexPresentationValues = @() if ($null -ne $definitionValue.PresentationValues) { - $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues + foreach ($presentationValue in [Hashtable[]]$definitionValue.PresentationValues) + { + $value = $presentationValue.clone() + $value.add('presentation@odata.bind', "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.remove('PresentationDefinitionId') + $complexPresentationValues += $value + } } $complexDefinitionValue = @{ - Definition = @{Id = $definitionValue.Definition.Id } - Enabled = $definitionValue.Enabled - ConfigurationType = $enumConfigurationType - PresentationValues = $complexPresentationValues + id = $definitionValue.Id + 'definition@odata.bind' = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + enabled = $definitionValue.Enabled + presentationValues = $complexPresentationValues } $formattedDefinitionValuesToAdd += $complexDefinitionValue } @@ -515,75 +516,29 @@ function Set-TargetResource $complexPresentationValues = @() if ($null -ne $definitionValue.PresentationValues) { - $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues + foreach ($presentationValue in [Hashtable[]]$definitionValue.PresentationValues) + { + $value = $presentationValue.clone() + $value.add('presentation@odata.bind', "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.remove('PresentationDefinitionId') + $complexPresentationValues += $value + } } $complexDefinitionValue = @{ - Definition = @{Id = $definitionValue.Definition.Id } - Enabled = $definitionValue.Enabled - ConfigurationType = $enumConfigurationType - PresentationValues = $complexPresentationValues + id = $definitionValue.Id + 'definition@odata.bind' = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + enabled = $definitionValue.Enabled + presentationValues = $complexPresentationValues } $formattedDefinitionValuesToUpdate += $complexDefinitionValue } - Write-Verbose( $formattedDefinitionValuesToAdd | ConvertTo-Json) - Write-Verbose( $formattedDefinitionValuesToUpdate | ConvertTo-Json) Update-DeviceConfigurationGroupPolicyDefinitionValue ` -DeviceConfigurationPolicyId $currentInstance.Id ` -DefinitionValueToAdd $formattedDefinitionValuesToAdd ` -DefinitionValueToUpdate $formattedDefinitionValuesToUpdate ` -DefinitionValueToRemove $definitionValuesToRemove - <#foreach ($definitionValueId in $definitionValuesToCheck) - { - $currentDefinitionValue = $currentDefinitionValues | Where-Object -FilterScript { $_.Id -eq $definitionValueId } - $currentDefinitionValue.remove('Definition') - $currentDefinitionValue = Rename-M365DSCCimInstanceParameter -Properties $currentDefinitionValue - $definitionValue = $targetDefinitionValues | Where-Object -FilterScript { $_.Id -eq $definitionValueId } - $definitionValue.remove('Definition') - $definitionValue = Rename-M365DSCCimInstanceParameter -Properties $definitionValue - $enumConfigurationType = $null - if ($null -ne $definitionValue.ConfigurationType) - { - $enumConfigurationType = $definitionValue.ConfigurationType.toString() - } - $complexPresentationValues = @() - if ($null -ne $definitionValue.PresentationValues) - { - $complexPresentationValues = [Hashtable[]]$definitionValue.PresentationValues - } - $complexDefinitionValue = @{ - Id = $definitionValue.Id - Enabled = $definitionValue.Enabled - ConfigurationType = $enumConfigurationType - PresentationValues = $complexPresentationValues - } - - $toUpdate = Compare-M365DSCComplexObject ` - -Source $complexDefinitionValue ` - -Target $currentDefinitionValue - If (-not $toUpdate) - { - $complexDefinitionValue.Remove('Id') - $complexDefinitionValue.Remove('PresentationValues') - Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValue ` - -GroupPolicyConfigurationId $currentInstance.Id ` - -GroupPolicyDefinitionValueId $definitionValueId ` - -BodyParameter $complexDefinitionValue - - foreach ($presentationValue in $complexPresentationValues) - { - $presentationValueId = $presentationValue.Id - $presentationValue.remove('Id') - - Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue ` - -GroupPolicyConfigurationId $currentInstance.Id ` - -GroupPolicyDefinitionValueId $definitionValueId ` - -GroupPolicyPresentationValueId $presentationValueId ` - -BodyParameter $presentationValue - } - } - }#> } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -702,6 +657,19 @@ function Test-TargetResource } } + #Removing Key Definition because it is Read-Only + if ($key -eq 'PresentationValues') + { + foreach ($presentationValue in $source.PresentationValues) + { + $presentationValue.remove('presentationDefinitionLabel') + } + foreach ($presentationValue in $target.PresentationValues) + { + $presentationValue.remove('presentationDefinitionLabel') + } + } + $testResult = Compare-M365DSCComplexObject ` -Source ($source) ` -Target ($target) @@ -716,13 +684,14 @@ function Test-TargetResource } } + $ValuesToCheck.Remove('Id') | Out-Null $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - #Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - #Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" if ($testResult) { @@ -974,7 +943,6 @@ function Update-DeviceConfigurationPolicyAssignment $body = @{'assignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - } catch { @@ -986,8 +954,6 @@ function Update-DeviceConfigurationPolicyAssignment return $null } - - } function Update-DeviceConfigurationGroupPolicyDefinitionValue @@ -1001,31 +967,33 @@ function Update-DeviceConfigurationGroupPolicyDefinitionValue [Parameter()] [Array] - $DefinitionValueToAdd, + $DefinitionValueToAdd = @(), [Parameter()] [Array] - $DefinitionValueToUpdate, + $DefinitionValueToUpdate = @(), [Parameter()] [Array] - $DefinitionValueToRemove + $DefinitionValueToRemove = @() ) try { - $deviceManagementPolicyAssignments = @() - $Uri = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations/$DeviceConfigurationPolicyId/updateDefinitionValues" + $body = @{} + $DefinitionValueToRemoveIds = @() + if ($null -ne $DefinitionValueToRemove -and $DefinitionValueToRemove.count -gt 0) + { + $DefinitionValueToRemoveIds = $DefinitionValueToRemove + } $body = @{ - 'added' = $DefinitionValueToAdd - 'updated' = $DefinitionValueToUpdate - 'deletedIds' = $DefinitionValueToRemove.Id - } | ConvertTo-Json -Depth 20 - write-verbose -Message ("In update") - write-verbose -Message $body - Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - + 'added' = $DefinitionValueToAdd + 'updated' = $DefinitionValueToUpdate + 'deletedIds' = $DefinitionValueToRemoveIds + } + #Write-Verbose -Message ($body | ConvertTo-Json -Depth 20) + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body ($body | ConvertTo-Json -Depth 20) -ErrorAction Stop } catch { @@ -1037,8 +1005,6 @@ function Update-DeviceConfigurationGroupPolicyDefinitionValue return $null } - - } function Rename-M365DSCCimInstanceParameter @@ -1472,7 +1438,6 @@ Function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] $Space = ' ' - ) $returnValue = '' @@ -1700,7 +1665,6 @@ function Convert-M365DSCDRGComplexTypeToHashtable $ComplexObject ) - if ($ComplexObject.getType().Fullname -like '*[[\]]') { $results = @() @@ -1720,7 +1684,6 @@ function Convert-M365DSCDRGComplexTypeToHashtable if ($null -ne $hashComplexObject) { - $results = $hashComplexObject.clone() $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } foreach ($key in $keys) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof index 024ee6033c..1d5c053a54 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.schema.mof @@ -42,6 +42,8 @@ class MSFT_IntuneGroupPolicyDefinitionValuePresentationValue [Write, Description("A list of pairs for the associated presentation."), EmbeddedInstance("MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair")] String KeyValuePairValues[]; [Write, Description("A list of pairs for the associated presentation.")] String StringValues[]; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("The unique identifier for presentation definition. Read-only.")] String PresentationDefinitionId; + [Write, Description("The label of the presentation definition. Read-only.")] String PresentationDefinitionLabel; [Write, Description("A value for the associated presentation."), ValueMap{"#microsoft.graph.groupPolicyPresentationValueBoolean","#microsoft.graph.groupPolicyPresentationValueDecimal","#microsoft.graph.groupPolicyPresentationValueList","#microsoft.graph.groupPolicyPresentationValueLongDecimal","#microsoft.graph.groupPolicyPresentationValueMultiText","#microsoft.graph.groupPolicyPresentationValueText"}, Values{"#microsoft.graph.groupPolicyPresentationValueBoolean","#microsoft.graph.groupPolicyPresentationValueDecimal","#microsoft.graph.groupPolicyPresentationValueList","#microsoft.graph.groupPolicyPresentationValueLongDecimal","#microsoft.graph.groupPolicyPresentationValueMultiText","#microsoft.graph.groupPolicyPresentationValueText"}] String odataType; }; [ClassVersion("1.0.0.0")] diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 index daccdb85bf..6ecdf149f3 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 @@ -2,27 +2,27 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath "..\..\Unit" ` - -Resolve + -ChildPath '..\..\Unit' ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Microsoft365.psm1" ` - -Resolve) + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\Stubs\Generic.psm1" ` - -Resolve) + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath "\UnitTestHelper.psm1" ` + -ChildPath '\UnitTestHelper.psm1' ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10" -GenericStubModule $GenericStubPath + -DscResource 'IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) + $secpasswd = ConvertTo-SecureString 'f@kepassword1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } @@ -36,37 +36,86 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Update-MgDeviceManagementGroupPolicyConfiguration -MockWith { } - Mock -CommandName New-MgDeviceManagementGroupPolicyConfiguration -MockWith { - } - Mock -CommandName Remove-MgDeviceManagementGroupPolicyConfiguration -MockWith { } Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" + return 'Credentials' } Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationAssignment -MockWith { + return @(@{ + target = @{ + deviceAndAppManagementAssignmentFilterType = 'none' + AdditionalProperties = @{'@odata.type' = '#microsoft.graph.allDevicesAssignmentTarget' } + } + }) + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + Mock -CommandName Update-DeviceConfigurationGroupPolicyDefinitionValue -MockWith { } } # Test contexts - Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 should exist but it DOES NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 should exist but it DOES NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" - Ensure = "Present" - Credential = $Credential; + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + Ensure = 'Present' + Credential = $Credential + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } -ClientOnly) + ) + DefinitionValues = [CimInstance[]]@( + (N-ClientOnly) + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValue -Property @{ + ConfigurationType = 'policy' + PresentationValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValue -Property @{ + presentationDefinitionId = '98210829-af9b-4020-8d96-3e4108557a95' + presentationDefinitionLabel = 'Types of extensions/apps that are allowed to be installed' + KeyValuePairValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair -Property @{ + Name = 'hosted_app' + } -ClientOnly) + ) + Id = '7312a452-e087-4290-9b9f-3f14a304c18d' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } -ClientOnly) + ) + Id = 'f3047f6a-550e-4b5e-b3da-48fc951b72fc' + Definition = (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValueDefinition -Property @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } -ClientOnly) + Enabled = $True + } -ClientOnly) + ) } Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { return $null } + + Mock -CommandName New-MgDeviceManagementGroupPolicyConfiguration -MockWith { + return @{ + id = 'fakeNewId' + displayName = 'fakeNewDisplayName' + } + } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } It 'Should return false from the Test method' { @@ -75,35 +124,110 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should Create the group from the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName New-MgDeviceManagementGroupPolicyConfiguration -Exactly 1 + Should -Invoke -CommandName Update-DeviceConfigurationPolicyAssignment -Exactly 1 } } - Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 exists but it SHOULD NOT" -Fixture { + Context -Name 'The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 exists but it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" - Ensure = "Absent" - Credential = $Credential; + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + Ensure = 'Absent' + Credential = $Credential + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } -ClientOnly) + ) + DefinitionValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValue -Property @{ + ConfigurationType = 'policy' + PresentationValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValue -Property @{ + presentationDefinitionId = '98210829-af9b-4020-8d96-3e4108557a95' + presentationDefinitionLabel = 'Types of extensions/apps that are allowed to be installed' + KeyValuePairValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair -Property @{ + Name = 'hosted_app' + } -ClientOnly) + ) + Id = '7312a452-e087-4290-9b9f-3f14a304c18d' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } -ClientOnly) + ) + Id = 'f3047f6a-550e-4b5e-b3da-48fc951b72fc' + Definition = (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValueDefinition -Property @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } -ClientOnly) + Enabled = $True + } -ClientOnly) + ) } Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.GroupPolicyConfiguration" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.GroupPolicyConfiguration' + } + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + } + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue -MockWith { + return @( + @{ + ConfigurationType = 'fakeConfigurationType' + Enabled = $true + Id = 'fakeDefinitionValueId' + PolicyConfigurationIngestionType = 'unknown' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" + ) + } + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition -MockWith { + return @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.groupPolicyPresentationValueList' + values = @( + @{ + name = "`"hosted_app`"" + } + ) + } + Id = 'fakePresentationId' + Presentation = @{ + Id = 'fakePresentationDefinitionId' + Label = 'fakePresentationLabel' + } + PolicyConfigurationIngestionType = 'unknown' } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -116,59 +240,206 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Should -Invoke -CommandName Remove-MgDeviceManagementGroupPolicyConfiguration -Exactly 1 } } - Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 Exists and Values are already in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 Exists and Values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" - Ensure = "Present" - Credential = $Credential; + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + Ensure = 'Present' + Credential = $Credential + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } -ClientOnly) + ) + DefinitionValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValue -Property @{ + ConfigurationType = 'policy' + PresentationValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValue -Property @{ + presentationDefinitionId = 'fakePresentationDefinitionId' + presentationDefinitionLabel = 'fakePresentationDefinitionLabel' + KeyValuePairValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair -Property @{ + Name = 'hosted_app' + } -ClientOnly) + ) + Id = 'fakePresentationId' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } -ClientOnly) + ) + Id = 'fakeDefinitionValueId' + Definition = (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValueDefinition -Property @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } -ClientOnly) + Enabled = $True + } -ClientOnly) + ) } Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.GroupPolicyConfiguration" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.GroupPolicyConfiguration' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + } + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue -MockWith { + return @( + @{ + Enabled = $true + Id = 'fakeDefinitionValueId' + ConfigurationType = 'policy' + } + ) + } + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition -MockWith { + return @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' } } - } + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.groupPolicyPresentationValueList' + values = @( + @{ + name = "`"hosted_app`"" + } + ) + } + Id = 'fakePresentationId' + Presentation = @{ + Id = 'fakePresentationDefinitionId' + Label = 'fakePresentationDefinitionLabel' + } + } + } + } It 'Should return true from the Test method' { Test-TargetResource @testParams | Should -Be $true } } - Context -Name "The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 exists and values are NOT in the desired state" -Fixture { + Context -Name 'The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 exists and values are NOT in the desired state' -Fixture { BeforeAll { $testParams = @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" - Ensure = "Present" - Credential = $Credential; + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + Ensure = 'Present' + Credential = $Credential + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } -ClientOnly) + ) + DefinitionValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValue -Property @{ + ConfigurationType = 'policy' + PresentationValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValue -Property @{ + presentationDefinitionId = 'fakePresentationDefinitionId' + presentationDefinitionLabel = 'fakePresentationDefinitionLabel' + KeyValuePairValues = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair -Property @{ + Name = 'hosted_app' + } -ClientOnly) + ) + Id = 'fakePresentationId' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } -ClientOnly) + ) + Id = 'fakeDefinitionValueId' + Definition = (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValueDefinition -Property @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } -ClientOnly) + Enabled = $True + } -ClientOnly) + ) } Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { return @{ - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.GroupPolicyConfiguration' + } + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + } + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue -MockWith { + return @( + @{ + Enabled = $true + Id = 'fakeDefinitionValueId' + ConfigurationType = 'policy' + } + ) + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition -MockWith { + return @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.groupPolicyPresentationValueList' + values = @( + @{ + name = "`"user_script`"" + } + ) + } + Id = 'fakePresentationId' + Presentation = @{ + Id = 'fakePresentationDefinitionId' + Label = 'fakePresentationDefinitionLabel' + } } } } - It "Should return Values from the Get method" { + It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } @@ -176,13 +447,15 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It "Should call the Set method" { + It 'Should call the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgDeviceManagementGroupPolicyConfiguration -Exactly 1 + Should -Invoke -CommandName Update-DeviceConfigurationPolicyAssignment -Exactly 1 + Should -Invoke -CommandName Update-DeviceConfigurationGroupPolicyDefinitionValue -Exactly 1 } } - Context -Name "ReverseDSC Tests" -Fixture { + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $testParams = @{ @@ -190,20 +463,62 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName Get-MgDeviceManagementGroupPolicyConfiguration -MockWith { - return @{ - AdditionalProperties = @{ - '@odata.type' = "#microsoft.graph.GroupPolicyConfiguration" + return @(@{ + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.GroupPolicyConfiguration' + } + Description = 'FakeStringValue' + DisplayName = 'AdministrativeTemplatePolicyWindows10' + Id = 'FakeStringValue' + PolicyConfigurationIngestionType = 'unknown' + }) + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue -MockWith { + return @( + @{ + ConfigurationType = 'fakeConfigurationType' + Enabled = $true + Id = 'fakeDefinitionValueId' + PolicyConfigurationIngestionType = 'unknown' } - Description = "FakeStringValue" - DisplayName = "FakeStringValue" - Id = "FakeStringValue" - PolicyConfigurationIngestionType = "unknown" + ) + } + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition -MockWith { + return @{ + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } + } + + Mock -CommandName Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresentationValue -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.groupPolicyPresentationValueList' + values = @( + @{ + name = "`"hosted_app`"" + } + ) + } + Id = 'fakePresentationId' + Presentation = @{ + Id = 'fakePresentationDefinitionId' + Label = 'fakePresentationLabel' + } + PolicyConfigurationIngestionType = 'unknown' } } } - It "Should Reverse Engineer resource from the Export method" { - Export-TargetResource @testParams + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty } } } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 96ac41e9bc..1314465c6d 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -48876,6 +48876,710 @@ function Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValuePresent ) } +function Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValueDefinition +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials + ) +} + +function Get-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject] + $ConfigurationType, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $Definition, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Enabled, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject[]] + $PresentationValues, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementGroupPolicyConfigurationDefinitionValue +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [System.String] + $GroupPolicyDefinitionValueId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject] + $ConfigurationType, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject] + $Definition, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Enabled, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject[]] + $PresentationValues, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Get-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject[]] + $DefinitionValues, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $PolicyConfigurationIngestionType, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Set-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $Assignments, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementGroupPolicyConfiguration +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [PSObject[]] + $Assignments, + + [Parameter()] + [System.DateTime] + $CreatedDateTime, + + [Parameter()] + [PSObject[]] + $DefinitionValues, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $PolicyConfigurationIngestionType, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + + + #endregion #region MgDeviceManagementWindowFeatureUpdateProfile From dc80d962340566dc9412deb878641b1eafd5dac7 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Mon, 10 Apr 2023 17:22:30 +0100 Subject: [PATCH 25/64] Initial release --- CHANGELOG.md | 6 + ...ationFirmwareInterfacePolicyWindows10.psm1 | 1779 +++++++++++++++++ ...irmwareInterfacePolicyWindows10.schema.mof | 47 + .../readme.md | 6 + .../settings.json | 33 + ...rmwareInterfacePolicyWindows10-Example.ps1 | 53 + ResourceGenerator/Module.Template.psm1 | 35 +- ...FirmwareInterfacePolicyWindows10.Tests.ps1 | 388 ++++ 8 files changed, 2329 insertions(+), 18 deletions(-) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/1-IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10-Example.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 2dbb95becd..20c43f95c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED +* IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 + * Initial release +* DRG + * Fixed layout and display issues in module file + # 1.23.405.1 * IntuneDeviceEnrollmentPlatformRestriction diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 new file mode 100644 index 0000000000..16362309f4 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 @@ -0,0 +1,1779 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $Bluetooth, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $BootFromBuiltInNetworkAdapters, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $BootFromExternalMedia, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $Cameras, + + [Parameter()] + [ValidateSet('notConfiguredOnly','none')] + [System.String] + $ChangeUefiSettingsPermission, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $FrontCamera, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $InfraredCamera, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $Microphone, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $MicrophonesAndSpeakers, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $NearFieldCommunication, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $Radios, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $RearCamera, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $SdCard, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $SimultaneousMultiThreading, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $UsbTypeAPort, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $VirtualizationOfCpuAndIO, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WakeOnLAN, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WakeOnPower, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WiFi, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WindowsPlatformBinaryTable, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WirelessWideAreaNetwork, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Firmware Interface Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgDeviceManagementDeviceConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10DeviceFirmwareConfigurationInterface" ` + } + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Firmware Interface Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Device Configuration Firmware Interface Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." + + #region resource generator code + $enumBluetooth = $null + if ($null -ne $getValue.AdditionalProperties.bluetooth) + { + $enumBluetooth = $getValue.AdditionalProperties.bluetooth.ToString() + } + + $enumBootFromBuiltInNetworkAdapters = $null + if ($null -ne $getValue.AdditionalProperties.bootFromBuiltInNetworkAdapters) + { + $enumBootFromBuiltInNetworkAdapters = $getValue.AdditionalProperties.bootFromBuiltInNetworkAdapters.ToString() + } + + $enumBootFromExternalMedia = $null + if ($null -ne $getValue.AdditionalProperties.bootFromExternalMedia) + { + $enumBootFromExternalMedia = $getValue.AdditionalProperties.bootFromExternalMedia.ToString() + } + + $enumCameras = $null + if ($null -ne $getValue.AdditionalProperties.cameras) + { + $enumCameras = $getValue.AdditionalProperties.cameras.ToString() + } + + $enumChangeUefiSettingsPermission = $null + if ($null -ne $getValue.AdditionalProperties.changeUefiSettingsPermission) + { + $enumChangeUefiSettingsPermission = $getValue.AdditionalProperties.changeUefiSettingsPermission.ToString() + } + + $enumFrontCamera = $null + if ($null -ne $getValue.AdditionalProperties.frontCamera) + { + $enumFrontCamera = $getValue.AdditionalProperties.frontCamera.ToString() + } + + $enumInfraredCamera = $null + if ($null -ne $getValue.AdditionalProperties.infraredCamera) + { + $enumInfraredCamera = $getValue.AdditionalProperties.infraredCamera.ToString() + } + + $enumMicrophone = $null + if ($null -ne $getValue.AdditionalProperties.microphone) + { + $enumMicrophone = $getValue.AdditionalProperties.microphone.ToString() + } + + $enumMicrophonesAndSpeakers = $null + if ($null -ne $getValue.AdditionalProperties.microphonesAndSpeakers) + { + $enumMicrophonesAndSpeakers = $getValue.AdditionalProperties.microphonesAndSpeakers.ToString() + } + + $enumNearFieldCommunication = $null + if ($null -ne $getValue.AdditionalProperties.nearFieldCommunication) + { + $enumNearFieldCommunication = $getValue.AdditionalProperties.nearFieldCommunication.ToString() + } + + $enumRadios = $null + if ($null -ne $getValue.AdditionalProperties.radios) + { + $enumRadios = $getValue.AdditionalProperties.radios.ToString() + } + + $enumRearCamera = $null + if ($null -ne $getValue.AdditionalProperties.rearCamera) + { + $enumRearCamera = $getValue.AdditionalProperties.rearCamera.ToString() + } + + $enumSdCard = $null + if ($null -ne $getValue.AdditionalProperties.sdCard) + { + $enumSdCard = $getValue.AdditionalProperties.sdCard.ToString() + } + + $enumSimultaneousMultiThreading = $null + if ($null -ne $getValue.AdditionalProperties.simultaneousMultiThreading) + { + $enumSimultaneousMultiThreading = $getValue.AdditionalProperties.simultaneousMultiThreading.ToString() + } + + $enumUsbTypeAPort = $null + if ($null -ne $getValue.AdditionalProperties.usbTypeAPort) + { + $enumUsbTypeAPort = $getValue.AdditionalProperties.usbTypeAPort.ToString() + } + + $enumVirtualizationOfCpuAndIO = $null + if ($null -ne $getValue.AdditionalProperties.virtualizationOfCpuAndIO) + { + $enumVirtualizationOfCpuAndIO = $getValue.AdditionalProperties.virtualizationOfCpuAndIO.ToString() + } + + $enumWakeOnLAN = $null + if ($null -ne $getValue.AdditionalProperties.wakeOnLAN) + { + $enumWakeOnLAN = $getValue.AdditionalProperties.wakeOnLAN.ToString() + } + + $enumWakeOnPower = $null + if ($null -ne $getValue.AdditionalProperties.wakeOnPower) + { + $enumWakeOnPower = $getValue.AdditionalProperties.wakeOnPower.ToString() + } + + $enumWiFi = $null + if ($null -ne $getValue.AdditionalProperties.wiFi) + { + $enumWiFi = $getValue.AdditionalProperties.wiFi.ToString() + } + + $enumWindowsPlatformBinaryTable = $null + if ($null -ne $getValue.AdditionalProperties.windowsPlatformBinaryTable) + { + $enumWindowsPlatformBinaryTable = $getValue.AdditionalProperties.windowsPlatformBinaryTable.ToString() + } + + $enumWirelessWideAreaNetwork = $null + if ($null -ne $getValue.AdditionalProperties.wirelessWideAreaNetwork) + { + $enumWirelessWideAreaNetwork = $getValue.AdditionalProperties.wirelessWideAreaNetwork.ToString() + } + #endregion + + $results = @{ + #region resource generator code + Bluetooth = $enumBluetooth + BootFromBuiltInNetworkAdapters = $enumBootFromBuiltInNetworkAdapters + BootFromExternalMedia = $enumBootFromExternalMedia + Cameras = $enumCameras + ChangeUefiSettingsPermission = $enumChangeUefiSettingsPermission + FrontCamera = $enumFrontCamera + InfraredCamera = $enumInfraredCamera + Microphone = $enumMicrophone + MicrophonesAndSpeakers = $enumMicrophonesAndSpeakers + NearFieldCommunication = $enumNearFieldCommunication + Radios = $enumRadios + RearCamera = $enumRearCamera + SdCard = $enumSdCard + SimultaneousMultiThreading = $enumSimultaneousMultiThreading + UsbTypeAPort = $enumUsbTypeAPort + VirtualizationOfCpuAndIO = $enumVirtualizationOfCpuAndIO + WakeOnLAN = $enumWakeOnLAN + WakeOnPower = $enumWakeOnPower + WiFi = $enumWiFi + WindowsPlatformBinaryTable = $enumWindowsPlatformBinaryTable + WirelessWideAreaNetwork = $enumWirelessWideAreaNetwork + Description = $getValue.Description + DisplayName = $getValue.DisplayName + SupportsScopeTags = $getValue.SupportsScopeTags + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + $assignmentsValues = Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $Bluetooth, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $BootFromBuiltInNetworkAdapters, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $BootFromExternalMedia, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $Cameras, + + [Parameter()] + [ValidateSet('notConfiguredOnly','none')] + [System.String] + $ChangeUefiSettingsPermission, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $FrontCamera, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $InfraredCamera, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $Microphone, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $MicrophonesAndSpeakers, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $NearFieldCommunication, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $Radios, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $RearCamera, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $SdCard, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $SimultaneousMultiThreading, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $UsbTypeAPort, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $VirtualizationOfCpuAndIO, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WakeOnLAN, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WakeOnPower, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WiFi, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WindowsPlatformBinaryTable, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WirelessWideAreaNetwork, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Device Configuration Firmware Interface Policy for Windows10 with DisplayName {$DisplayName}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $CreateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') + { + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + } + } + #region resource generator code + $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10DeviceFirmwareConfigurationInterface") + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Device Configuration Firmware Interface Policy for Windows10 with Id {$($currentInstance.Id)}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') + { + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + } + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10DeviceFirmwareConfigurationInterface") + Update-MgDeviceManagementDeviceConfiguration ` + -DeviceConfigurationId $currentInstance.Id ` + -BodyParameter $UpdateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Device Configuration Firmware Interface Policy for Windows10 with Id {$($currentInstance.Id)}" + #region resource generator code +Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $Bluetooth, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $BootFromBuiltInNetworkAdapters, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $BootFromExternalMedia, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $Cameras, + + [Parameter()] + [ValidateSet('notConfiguredOnly','none')] + [System.String] + $ChangeUefiSettingsPermission, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $FrontCamera, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $InfraredCamera, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $Microphone, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $MicrophonesAndSpeakers, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $NearFieldCommunication, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $Radios, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $RearCamera, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $SdCard, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $SimultaneousMultiThreading, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $UsbTypeAPort, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $VirtualizationOfCpuAndIO, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WakeOnLAN, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WakeOnPower, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WiFi, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WindowsPlatformBinaryTable, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $WirelessWideAreaNetwork, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Device Configuration Firmware Interface Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + $testResult = $false + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.remove('Id') | Out-Null + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10DeviceFirmwareConfigurationInterface' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function Update-DeviceConfigurationPolicyAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $Targets, + + [Parameter()] + [System.String] + $Repository = 'deviceManagement/configurationPolicies', + + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion = 'beta' + ) + try + { + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + + foreach ($target in $targets) + { + $formattedTarget = @{"@odata.type" = $target.dataType} + if ($target.groupId) + { + $formattedTarget.Add('groupId',$target.groupId) + } + if ($target.collectionId) + { + $formattedTarget.Add('collectionId',$target.collectionId) + } + if ($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + } + if ($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + } + $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $null + } +} + +function Rename-M365DSCCimInstanceParameter +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $Properties + ) + + $keyToRename = @{ + 'odataType' = '@odata.type' + } + + $result = $Properties + + $type = $Properties.getType().FullName + + #region Array + if ($type -like '*[[\]]') + { + $values = @() + foreach ($item in $Properties) + { + $values += Rename-M365DSCCimInstanceParameter $item + } + $result = $values + + return , $result + } + #endregion + + #region Single + if ($type -like '*Hashtable') + { + $result = ([Hashtable]$Properties).clone() + } + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') + { + $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) + { + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) + if ($key -in $keyToRename.Keys) + { + $keyName = $keyToRename.$key + } + + $property = $hashProperties.$key + if ($null -ne $property) + { + $hashProperties.Remove($key) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) + } + } + $result = $hashProperties + } + return $result + #endregion +} + +function Get-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable], [hashtable[]])] + param( + [Parameter()] + $ComplexObject + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + if ($ComplexObject.gettype().fullname -like '*[[\]]') + { + $results = @() + + foreach ($item in $ComplexObject) + { + if ($item) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash + } + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return , [hashtable[]]$results + } + + if ($ComplexObject.getType().fullname -like '*Dictionary*') + { + $results = @{} + + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys + foreach ($key in $keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyName = $key + + $keyType = $ComplexObject.$key.gettype().fullname + + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$key) + } + } + } + return [hashtable]$results + } + + $results = @{} + + if ($ComplexObject.getType().Fullname -like '*hashtable') + { + $keys = $ComplexObject.keys + } + else + { + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } + } + + foreach ($key in $keys) + { + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') + { + $keyName = $key.Name + } + + if ($null -ne $ComplexObject.$keyName) + { + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$keyName) + } + } + } + return [hashtable]$results +} + +<# + Use ComplexTypeMapping to overwrite the type of nested CIM + Example + $complexMapping=@( + @{ + Name="ApprovalStages" + CimInstanceName="MSFT_MicrosoftGraphapprovalstage1" + IsRequired=$false + } + @{ + Name="PrimaryApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + @{ + Name="EscalationApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + ) + With + Name: the name of the parameter to be overwritten + CimInstanceName: The type of the CIM instance (can include or not the prefix MSFT_) + IsRequired: If isRequired equals true, an empty hashtable or array will be returned. Some of the Graph parameters are required even though they are empty +#> +function Get-M365DSCDRGComplexTypeToString +{ + [CmdletBinding()] + param( + [Parameter()] + $ComplexObject, + + [Parameter(Mandatory = $true)] + [System.String] + $CIMInstanceName, + + [Parameter()] + [Array] + $ComplexTypeMapping, + + [Parameter()] + [System.String] + $Whitespace = '', + + [Parameter()] + [System.uint32] + $IndentLevel = 3, + + [Parameter()] + [switch] + $isArray = $false + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' + } + #If ComplexObject is an Array + if ($ComplexObject.GetType().FullName -like '*[[\]]') + { + $currentProperty = @() + $IndentLevel++ + foreach ($item in $ComplexObject) + { + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel + } + if ($ComplexTypeMapping) + { + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) + } + + $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return , $currentProperty + } + + $currentProperty = '' + if ($isArray) + { + $currentProperty += "`r`n" + $currentProperty += $indent + } + + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') + $currentProperty += "MSFT_$CIMInstanceName{`r`n" + $IndentLevel++ + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' + } + $keyNotNull = 0 + + if ($ComplexObject.Keys.count -eq 0) + { + return $null + } + + foreach ($key in $ComplexObject.Keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyNotNull++ + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) + { + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() + + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') + { + $isArray = $true + } + #overwrite type if object defined in mapping complextypemapping + if ($key -in $ComplexTypeMapping.Name) + { + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] + } + else + { + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + } + + if (-not $isArray) + { + $currentProperty += $indent + $key + ' = ' + } + + if ($isArray -and $key -in $ComplexTypeMapping.Name) + { + if ($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $key + ' = ' + $currentProperty += '@(' + } + } + + if ($isArray) + { + $IndentLevel++ + foreach ($item in $ComplexObject[$key]) + { + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') + { + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "@()`r`n" + } + $currentProperty += $nestedPropertyString + } + $IndentLevel-- + } + else + { + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "`$null`r`n" + } + $currentProperty += $nestedPropertyString + } + if ($isArray) + { + if ($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $currentProperty += ')' + $currentProperty += "`r`n" + } + } + $isArray = $PSBoundParameters.IsArray + } + else + { + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($indent) + } + } + else + { + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } + + if ($mappedKey -and $mappedKey.isRequired) + { + if ($mappedKey.isArray) + { + $currentProperty += "$indent$key = @()`r`n" + } + else + { + $currentProperty += "$indent$key = `$null`r`n" + } + } + } + } + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) + { + $indent += ' ' + } + $currentProperty += "$indent}" + if ($isArray -or $IndentLevel -gt 4) + { + $currentProperty += "`r`n" + } + + #Indenting last parenthese when the cim instance is an array + if ($IndentLevel -eq 5) + { + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) + { + $indent += ' ' + } + $currentProperty += $indent + } + + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") + { + $currentProperty = $null + } + return $currentProperty +} + +Function Get-M365DSCDRGSimpleObjectTypeToString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory = 'true')] + [System.String] + $Key, + + [Parameter(Mandatory = 'true')] + $Value, + + [Parameter()] + [System.String] + $Space = ' ' + + ) + + $returnValue = '' + switch -Wildcard ($Value.GetType().Fullname ) + { + '*.Boolean' + { + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + } + '*.String' + { + if ($key -eq '@odata.type') + { + $key = 'odataType' + } + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" + } + '*.DateTime' + { + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" + } + '*[[\]]' + { + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) + { + $returnValue += "`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" + } + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) + { + switch -Wildcard ($item.GetType().Fullname) + { + '*.String' + { + $returnValue += "$whitespace'$item'$newline" + } + '*.DateTime' + { + $returnValue += "$whitespace'$item'$newline" + } + Default + { + $returnValue += "$whitespace$item$newline" + } + } + } + if ($Value.count -gt 1) + { + $returnValue += "$Space)`r`n" + } + else + { + $returnValue += ")`r`n" + + } + } + Default + { + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" + } + } + return $returnValue +} + +function Compare-M365DSCComplexObject +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param( + [Parameter()] + $Source, + [Parameter()] + $Target + ) + + #Comparing full objects + if ($null -eq $Source -and $null -eq $Target) + { + return $true + } + + $sourceValue = '' + $targetValue = '' + if (($null -eq $Source) -xor ($null -eq $Target)) + { + if ($null -eq $Source) + { + $sourceValue = 'Source is null' + } + + if ($null -eq $Target) + { + $targetValue = 'Target is null' + } + Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" + return $false + } + + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') + { + if ($source.count -ne $target.count) + { + Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" + return $false + } + if ($source.count -eq 0) + { + return $true + } + + foreach ($item in $Source) + { + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) + { + $compareResult = Compare-M365DSCComplexObject ` + -Source $hashSource ` + -Target $targetItem + + if ($compareResult) + { + break + } + } + + if (-not $compareResult) + { + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' + return $false + } + } + return $true + } + + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } + foreach ($key in $keys) + { + #Matching possible key names between Source and Target + $skey = $key + $tkey = $key + + $sourceValue = $Source.$key + $targetValue = $Target.$tkey + #One of the item is null and not the other + if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) + { + + if ($null -eq $Source.$key) + { + $sourceValue = 'null' + } + + if ($null -eq $Target.$tkey) + { + $targetValue = 'null' + } + + #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + + #Both keys aren't null or empty + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + { + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*') + { + #Recursive call for complex object + $compareResult = Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` + -Target $Target.$tkey + + if (-not $compareResult) + { + #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + else + { + #Simple object comparison + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key + + #Identifying date from the current values + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') + { + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) + { + $compareResult = $null + } + } + else + { + $compareResult = Compare-Object ` + -ReferenceObject ($referenceObject) ` + -DifferenceObject ($differenceObject) + } + + if ($null -ne $compareResult) + { + #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + } + } + return $true +} + +function Convert-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable], [hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $ComplexObject + ) + + if ($ComplexObject.getType().Fullname -like '*[[\]]') + { + $results = @() + foreach ($item in $ComplexObject) + { + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash + } + + #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return , [hashtable[]]$results + } + $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject + + if ($null -ne $hashComplexObject) + { + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } + foreach ($key in $keys) + { + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') + { + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + } + else + { + $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) + } + } + } + return [hashtable]$results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.schema.mof new file mode 100644 index 0000000000..33d68523f1 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.schema.mof @@ -0,0 +1,47 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10")] +class MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 : OMI_BaseResource +{ + [Write, Description("Defines whether a user is allowed to enable Bluetooth. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String Bluetooth; + [Write, Description("Defines whether a user is allowed to boot from built-in network adapters. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String BootFromBuiltInNetworkAdapters; + [Write, Description("Defines whether a user is allowed to boot from external media. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String BootFromExternalMedia; + [Write, Description("Defines whether built-in cameras are enabled. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String Cameras; + [Write, Description("Defines the permission level granted to users to change UEFI settings. Possible values are: notConfiguredOnly, none."), ValueMap{"notConfiguredOnly","none"}, Values{"notConfiguredOnly","none"}] String ChangeUefiSettingsPermission; + [Write, Description("Defines whether a user is allowed to enable Front Camera. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String FrontCamera; + [Write, Description("Defines whether a user is allowed to enable Infrared camera. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String InfraredCamera; + [Write, Description("Defines whether a user is allowed to enable Microphone. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String Microphone; + [Write, Description("Defines whether built-in microphones or speakers are enabled. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String MicrophonesAndSpeakers; + [Write, Description("Defines whether a user is allowed to enable Near Field Communication. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String NearFieldCommunication; + [Write, Description("Defines whether built-in radios e.g. WIFI, NFC, Bluetooth, are enabled. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String Radios; + [Write, Description("Defines whether a user is allowed to enable rear camera. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String RearCamera; + [Write, Description("Defines whether a user is allowed to enable SD Card Port. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String SdCard; + [Write, Description("Defines whether a user is allowed to enable Simultaneous MultiThreading. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String SimultaneousMultiThreading; + [Write, Description("Defines whether a user is allowed to enable USB Type A Port. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String UsbTypeAPort; + [Write, Description("Defines whether CPU and IO virtualization is enabled. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String VirtualizationOfCpuAndIO; + [Write, Description("Defines whether a user is allowed to enable Wake on LAN. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String WakeOnLAN; + [Write, Description("Defines whether a user is allowed to enable Wake On Power. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String WakeOnPower; + [Write, Description("Defines whether a user is allowed to enable WiFi. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String WiFi; + [Write, Description("Defines whether a user is allowed to enable Windows Platform Binary Table. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String WindowsPlatformBinaryTable; + [Write, Description("Defines whether a user is allowed to enable Wireless Wide Area Network. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String WirelessWideAreaNetwork; + [Write, Description("Admin provided description of the Device Configuration.")] String Description; + [Required, Description("Admin provided name of the device configuration.")] String DisplayName; + [Write, Description("Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.")] Boolean SupportsScopeTags; + [Key, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/readme.md new file mode 100644 index 0000000000..12e8f7bfe2 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/readme.md @@ -0,0 +1,6 @@ + +# IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 + +## Description + +Intune Device Configuration Firmware Interface Policy for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/settings.json new file mode 100644 index 0000000000..0ff407f836 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10", + "description": "This resource configures an Intune Device Configuration Firmware Interface Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } +} + +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/1-IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/1-IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10-Example.ps1 new file mode 100644 index 0000000000..81129a3aa2 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/1-IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10-Example.ps1 @@ -0,0 +1,53 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Bluetooth = "notConfigured"; + BootFromBuiltInNetworkAdapters = "notConfigured"; + BootFromExternalMedia = "notConfigured"; + Cameras = "enabled"; + ChangeUefiSettingsPermission = "notConfiguredOnly"; + Credential = $Credscredential; + DisplayName = "firmware"; + Ensure = "Present"; + FrontCamera = "enabled"; + Id = "16599412-1827-4837-b2c1-da2c8260d16e"; + InfraredCamera = "enabled"; + Microphone = "enabled"; + MicrophonesAndSpeakers = "enabled"; + NearFieldCommunication = "notConfigured"; + Radios = "enabled"; + RearCamera = "enabled"; + SdCard = "notConfigured"; + SimultaneousMultiThreading = "enabled"; + SupportsScopeTags = $True; + UsbTypeAPort = "notConfigured"; + VirtualizationOfCpuAndIO = "enabled"; + WakeOnLAN = "notConfigured"; + WakeOnPower = "notConfigured"; + WiFi = "notConfigured"; + WindowsPlatformBinaryTable = "enabled"; + WirelessWideAreaNetwork = "notConfigured"; + } + } +} diff --git a/ResourceGenerator/Module.Template.psm1 b/ResourceGenerator/Module.Template.psm1 index f4616d5ebf..e26f58365b 100644 --- a/ResourceGenerator/Module.Template.psm1 +++ b/ResourceGenerator/Module.Template.psm1 @@ -5,7 +5,7 @@ function Get-TargetResource param ( #region resource generator code - #endregion + #endregion [Parameter()] [System.String] @@ -75,17 +75,17 @@ function Get-TargetResource #endregionResourceGenerator#> if ($null -eq $getValue) { - Write-Verbose -Message 'Could not find an with {$}' + Write-Verbose -Message "Could not find an with {$}" return $nullResult } $ = $getValue. - Write-Verbose -Message 'An with {$} and {$} was found.'<#ResourceGenerator + Write-Verbose -Message "An with {$} and {$} was found."<#ResourceGenerator ResourceGenerator#> $results = @{<#ResourceGenerator #region resource generator code #endregionResourceGenerator#> } - <#ComplexTypeContent#><#AssignmentsGet#> +<#ComplexTypeContent#><#AssignmentsGet#> return [System.Collections.Hashtable] $results } catch @@ -106,7 +106,7 @@ function Set-TargetResource param ( #region resource generator code - #endregion + #endregion [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] @@ -156,8 +156,8 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an with {$DisplayName}" - <#AssignmentsRemove#> - $CreateParameters = ([Hashtable]$BoundParameters).clone() +<#AssignmentsRemove#> + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null @@ -171,13 +171,13 @@ function Set-TargetResource }<#ResourceGenerator #region resource generator code $policy = <#NewKeyIdentifier#> - <#AssignmentsNew#> #endregionResourceGenerator#> +<#AssignmentsNew#> #endregionResourceGenerator#> } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the with {$($currentInstance.)}" - <#AssignmentsRemove#> - $UpdateParameters = ([Hashtable]$BoundParameters).clone() +<#AssignmentsRemove#> + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters $UpdateParameters.Remove('Id') | Out-Null @@ -192,13 +192,13 @@ function Set-TargetResource }<#ResourceGenerator #region resource generator code <#UpdateKeyIdentifier#> - <#AssignmentsUpdate#> #endregionResourceGenerator#> +<#AssignmentsUpdate#> #endregionResourceGenerator#> } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing the with {$($currentInstance.)}" <#ResourceGenerator #region resource generator code - <#removeKeyIdentifier#> + <#removeKeyIdentifier#> #endregionResourceGenerator#> } } @@ -210,7 +210,7 @@ function Test-TargetResource param ( #region resource generator code - #endregion + #endregion [Parameter()] [System.String] @@ -254,7 +254,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message 'Testing configuration of the with {$} and {$}' + Write-Verbose -Message "Testing configuration of the with {$} and {$}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -359,8 +359,7 @@ function Export-TargetResource #endregion try - { - <#ResourceGenerator + {<#ResourceGenerator #region resource generator code #endregionResourceGenerator#> @@ -396,13 +395,13 @@ function Export-TargetResource $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - <#ConvertComplexToString#><#AssignmentsConvertComplexToString#> +<#ConvertComplexToString#><#AssignmentsConvertComplexToString#> $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential - <#ConvertComplexToVariable#><#AssignmentsConvertComplexToVariable#><#TrailingCharRemoval#> +<#ConvertComplexToVariable#><#AssignmentsConvertComplexToVariable#><#TrailingCharRemoval#> $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.Tests.ps1 new file mode 100644 index 0000000000..7a712e5495 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.Tests.ps1 @@ -0,0 +1,388 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { + } + + } + # Test contexts + Context -Name "The IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Bluetooth = "notConfigured" + BootFromBuiltInNetworkAdapters = "notConfigured" + BootFromExternalMedia = "notConfigured" + Cameras = "notConfigured" + ChangeUefiSettingsPermission = "notConfiguredOnly" + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + FrontCamera = "notConfigured" + Id = "FakeStringValue" + InfraredCamera = "notConfigured" + Microphone = "notConfigured" + MicrophonesAndSpeakers = "notConfigured" + NearFieldCommunication = "notConfigured" + Radios = "notConfigured" + RearCamera = "notConfigured" + SdCard = "notConfigured" + SimultaneousMultiThreading = "notConfigured" + SupportsScopeTags = $True + UsbTypeAPort = "notConfigured" + VirtualizationOfCpuAndIO = "notConfigured" + WakeOnLAN = "notConfigured" + WakeOnPower = "notConfigured" + WiFi = "notConfigured" + WindowsPlatformBinaryTable = "notConfigured" + WirelessWideAreaNetwork = "notConfigured" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name "The IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Bluetooth = "notConfigured" + BootFromBuiltInNetworkAdapters = "notConfigured" + BootFromExternalMedia = "notConfigured" + Cameras = "notConfigured" + ChangeUefiSettingsPermission = "notConfiguredOnly" + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + FrontCamera = "notConfigured" + Id = "FakeStringValue" + InfraredCamera = "notConfigured" + Microphone = "notConfigured" + MicrophonesAndSpeakers = "notConfigured" + NearFieldCommunication = "notConfigured" + Radios = "notConfigured" + RearCamera = "notConfigured" + SdCard = "notConfigured" + SimultaneousMultiThreading = "notConfigured" + SupportsScopeTags = $True + UsbTypeAPort = "notConfigured" + VirtualizationOfCpuAndIO = "notConfigured" + WakeOnLAN = "notConfigured" + WakeOnPower = "notConfigured" + WiFi = "notConfigured" + WindowsPlatformBinaryTable = "notConfigured" + WirelessWideAreaNetwork = "notConfigured" + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + wakeOnPower = "notConfigured" + microphone = "notConfigured" + bootFromBuiltInNetworkAdapters = "notConfigured" + radios = "notConfigured" + simultaneousMultiThreading = "notConfigured" + usbTypeAPort = "notConfigured" + microphonesAndSpeakers = "notConfigured" + rearCamera = "notConfigured" + infraredCamera = "notConfigured" + changeUefiSettingsPermission = "notConfiguredOnly" + sdCard = "notConfigured" + bootFromExternalMedia = "notConfigured" + frontCamera = "notConfigured" + windowsPlatformBinaryTable = "notConfigured" + '@odata.type' = "#microsoft.graph.windows10DeviceFirmwareConfigurationInterface" + wakeOnLAN = "notConfigured" + virtualizationOfCpuAndIO = "notConfigured" + wirelessWideAreaNetwork = "notConfigured" + nearFieldCommunication = "notConfigured" + wiFi = "notConfigured" + bluetooth = "notConfigured" + cameras = "notConfigured" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + Context -Name "The IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Bluetooth = "notConfigured" + BootFromBuiltInNetworkAdapters = "notConfigured" + BootFromExternalMedia = "notConfigured" + Cameras = "notConfigured" + ChangeUefiSettingsPermission = "notConfiguredOnly" + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + FrontCamera = "notConfigured" + Id = "FakeStringValue" + InfraredCamera = "notConfigured" + Microphone = "notConfigured" + MicrophonesAndSpeakers = "notConfigured" + NearFieldCommunication = "notConfigured" + Radios = "notConfigured" + RearCamera = "notConfigured" + SdCard = "notConfigured" + SimultaneousMultiThreading = "notConfigured" + SupportsScopeTags = $True + UsbTypeAPort = "notConfigured" + VirtualizationOfCpuAndIO = "notConfigured" + WakeOnLAN = "notConfigured" + WakeOnPower = "notConfigured" + WiFi = "notConfigured" + WindowsPlatformBinaryTable = "notConfigured" + WirelessWideAreaNetwork = "notConfigured" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + wakeOnPower = "notConfigured" + microphone = "notConfigured" + bootFromBuiltInNetworkAdapters = "notConfigured" + radios = "notConfigured" + simultaneousMultiThreading = "notConfigured" + usbTypeAPort = "notConfigured" + microphonesAndSpeakers = "notConfigured" + rearCamera = "notConfigured" + infraredCamera = "notConfigured" + changeUefiSettingsPermission = "notConfiguredOnly" + sdCard = "notConfigured" + bootFromExternalMedia = "notConfigured" + frontCamera = "notConfigured" + windowsPlatformBinaryTable = "notConfigured" + '@odata.type' = "#microsoft.graph.windows10DeviceFirmwareConfigurationInterface" + wakeOnLAN = "notConfigured" + virtualizationOfCpuAndIO = "notConfigured" + wirelessWideAreaNetwork = "notConfigured" + nearFieldCommunication = "notConfigured" + wiFi = "notConfigured" + bluetooth = "notConfigured" + cameras = "notConfigured" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Bluetooth = "notConfigured" + BootFromBuiltInNetworkAdapters = "notConfigured" + BootFromExternalMedia = "notConfigured" + Cameras = "notConfigured" + ChangeUefiSettingsPermission = "notConfiguredOnly" + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + FrontCamera = "notConfigured" + Id = "FakeStringValue" + InfraredCamera = "notConfigured" + Microphone = "notConfigured" + MicrophonesAndSpeakers = "notConfigured" + NearFieldCommunication = "notConfigured" + Radios = "notConfigured" + RearCamera = "notConfigured" + SdCard = "notConfigured" + SimultaneousMultiThreading = "notConfigured" + SupportsScopeTags = $True + UsbTypeAPort = "notConfigured" + VirtualizationOfCpuAndIO = "notConfigured" + WakeOnLAN = "notConfigured" + WakeOnPower = "notConfigured" + WiFi = "notConfigured" + WindowsPlatformBinaryTable = "notConfigured" + WirelessWideAreaNetwork = "notConfigured" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + wakeOnPower = "notConfigured" + microphone = "notConfigured" + bootFromBuiltInNetworkAdapters = "notConfigured" + radios = "notConfigured" + simultaneousMultiThreading = "notConfigured" + usbTypeAPort = "notConfigured" + microphonesAndSpeakers = "notConfigured" + rearCamera = "notConfigured" + infraredCamera = "notConfigured" + changeUefiSettingsPermission = "notConfiguredOnly" + sdCard = "notConfigured" + bootFromExternalMedia = "notConfigured" + frontCamera = "notConfigured" + windowsPlatformBinaryTable = "notConfigured" + '@odata.type' = "#microsoft.graph.windows10DeviceFirmwareConfigurationInterface" + wakeOnLAN = "notConfigured" + virtualizationOfCpuAndIO = "notConfigured" + wirelessWideAreaNetwork = "notConfigured" + nearFieldCommunication = "notConfigured" + wiFi = "notConfigured" + bluetooth = "notConfigured" + cameras = "notConfigured" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + wakeOnPower = "notConfigured" + microphone = "notConfigured" + bootFromBuiltInNetworkAdapters = "notConfigured" + radios = "notConfigured" + simultaneousMultiThreading = "notConfigured" + usbTypeAPort = "notConfigured" + microphonesAndSpeakers = "notConfigured" + rearCamera = "notConfigured" + infraredCamera = "notConfigured" + changeUefiSettingsPermission = "notConfiguredOnly" + sdCard = "notConfigured" + bootFromExternalMedia = "notConfigured" + frontCamera = "notConfigured" + windowsPlatformBinaryTable = "notConfigured" + '@odata.type' = "#microsoft.graph.windows10DeviceFirmwareConfigurationInterface" + wakeOnLAN = "notConfigured" + virtualizationOfCpuAndIO = "notConfigured" + wirelessWideAreaNetwork = "notConfigured" + nearFieldCommunication = "notConfigured" + wiFi = "notConfigured" + bluetooth = "notConfigured" + cameras = "notConfigured" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From af4f6814068ddb86d985670db1d82a5d0b2b71c6 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Mon, 10 Apr 2023 17:28:16 +0100 Subject: [PATCH 26/64] Added example --- ...trativeTemplatePolicyWindows10-Example.ps1 | 144 ++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/1-IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10-Example.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/1-IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/1-IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10-Example.ps1 new file mode 100644 index 0000000000..158c7db433 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/1-IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10-Example.ps1 @@ -0,0 +1,144 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' + { + Credential = $Credscredential + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + DefinitionValues = @( + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + Id = 'f41bbbec-0807-4ae3-8a61-5580a2f310f0' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '50b2626d-f092-4e71-8983-12a5c741ebe0' + DisplayName = 'Do not display the lock screen' + CategoryPath = '\Control Panel\Personalization' + PolicyType = 'admxBacked' + SupportedOn = 'At least Windows Server 2012, Windows 8 or Windows RT' + ClassType = 'machine' + } + Enabled = $False + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + PresentationValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '98210829-af9b-4020-8d96-3e4108557a95' + presentationDefinitionLabel = 'Types of extensions/apps that are allowed to be installed' + KeyValuePairValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + { + Name = 'hosted_app' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + { + Name = 'user_script' + } + ) + Id = '7312a452-e087-4290-9b9f-3f14a304c18d' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } + ) + Id = 'f3047f6a-550e-4b5e-b3da-48fc951b72fc' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } + Enabled = $True + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + PresentationValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = 'a8a0ae11-58d9-41d5-b258-1c16d9f1e328' + presentationDefinitionLabel = 'Password Length' + DecimalValue = 15 + Id = '14c48993-35af-4b77-a4f8-12de917b1bb9' + odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '98998e7f-cc2a-4d96-8c47-35dd4b2ce56b' + presentationDefinitionLabel = 'Password Age (Days)' + DecimalValue = 30 + Id = '4d654df9-6826-470f-af4e-d37491663c76' + odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '6900e752-4bc3-463b-9fc8-36d78c77bc3e' + presentationDefinitionLabel = 'Password Complexity' + StringValue = '4' + Id = '17e2ff15-8573-4e7e-a6f9-64baebcb5312' + odataType = '#microsoft.graph.groupPolicyPresentationValueText' + } + ) + Id = '426c9e99-0084-443a-ae07-b8f40c11910f' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = 'c4df131a-d415-44fc-9254-a717ff7dbee3' + DisplayName = 'Password Settings' + CategoryPath = '\LAPS' + PolicyType = 'admxBacked' + SupportedOn = 'At least Microsoft Windows Vista or Windows Server 2003 family' + ClassType = 'machine' + } + Enabled = $True + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + Id = 'a3577119-b240-4093-842c-d8e959dfe317' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '986073b6-e149-495f-a131-aa0e3c697225' + DisplayName = 'Ability to change properties of an all user remote access connection' + CategoryPath = '\Network\Network Connections' + PolicyType = 'admxBacked' + SupportedOn = 'At least Windows 2000 Service Pack 1' + ClassType = 'user' + } + Enabled = $True + } + ) + Description = '' + DisplayName = 'admin template' + Ensure = 'Present' + Id = '2e72acda-30a8-4955-a4ca-c5e28527c81c' + PolicyConfigurationIngestionType = 'unknown' + } + } +} From 2cee0296162d8ef93a82c6272aed03c3f365f8ec Mon Sep 17 00:00:00 2001 From: William-francillette Date: Mon, 10 Apr 2023 18:12:13 +0100 Subject: [PATCH 27/64] initial release --- CHANGELOG.md | 5 + ...nfigurationWindowsTeamPolicyWindows10.psm1 | 1603 +++++++++++++++++ ...ationWindowsTeamPolicyWindows10.schema.mof | 46 + .../readme.md | 6 + .../settings.json | 33 + ...tionWindowsTeamPolicyWindows10-Example.ps1 | 45 + ...rationWindowsTeamPolicyWindows10.Tests.ps1 | 371 ++++ 7 files changed, 2109 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/1-IntuneDeviceConfigurationWindowsTeamPolicyWindows10-Example.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWindowsTeamPolicyWindows10.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 2dbb95becd..1e3181ee1c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneDeviceConfigurationWindowsTeamPolicyWindows10 + * Initial release + # 1.23.405.1 * IntuneDeviceEnrollmentPlatformRestriction diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 new file mode 100644 index 0000000000..b6f2da778a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 @@ -0,0 +1,1603 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.Boolean] + $AzureOperationalInsightsBlockTelemetry, + + [Parameter()] + [System.String] + $AzureOperationalInsightsWorkspaceId, + + [Parameter()] + [System.String] + $AzureOperationalInsightsWorkspaceKey, + + [Parameter()] + [System.Boolean] + $ConnectAppBlockAutoLaunch, + + [Parameter()] + [System.Boolean] + $MaintenanceWindowBlocked, + + [Parameter()] + [System.Int32] + $MaintenanceWindowDurationInHours, + + [Parameter()] + [System.TimeSpan] + $MaintenanceWindowStartTime, + + [Parameter()] + [System.Boolean] + $MiracastBlocked, + + [Parameter()] + [ValidateSet('userDefined','one','two','three','four','five','six','seven','eight','nine','ten','eleven','thirtySix','forty','fortyFour','fortyEight','oneHundredFortyNine','oneHundredFiftyThree','oneHundredFiftySeven','oneHundredSixtyOne','oneHundredSixtyFive')] + [System.String] + $MiracastChannel, + + [Parameter()] + [System.Boolean] + $MiracastRequirePin, + + [Parameter()] + [System.Boolean] + $SettingsBlockMyMeetingsAndFiles, + + [Parameter()] + [System.Boolean] + $SettingsBlockSessionResume, + + [Parameter()] + [System.Boolean] + $SettingsBlockSigninSuggestions, + + [Parameter()] + [System.Int32] + $SettingsDefaultVolume, + + [Parameter()] + [System.Int32] + $SettingsScreenTimeoutInMinutes, + + [Parameter()] + [System.Int32] + $SettingsSessionTimeoutInMinutes, + + [Parameter()] + [System.Int32] + $SettingsSleepTimeoutInMinutes, + + [Parameter()] + [System.String] + $WelcomeScreenBackgroundImageUrl, + + [Parameter()] + [System.Boolean] + $WelcomeScreenBlockAutomaticWakeUp, + + [Parameter()] + [ValidateSet('userDefined','showOrganizerAndTimeOnly','showOrganizerAndTimeAndSubject')] + [System.String] + $WelcomeScreenMeetingInformation, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Windows Team Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgDeviceManagementDeviceConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10TeamGeneralConfiguration" ` + } + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Windows Team Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Device Configuration Windows Team Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." + + #region resource generator code + $enumMiracastChannel = $null + if ($null -ne $getValue.AdditionalProperties.miracastChannel) + { + $enumMiracastChannel = $getValue.AdditionalProperties.miracastChannel.ToString() + } + + $enumWelcomeScreenMeetingInformation = $null + if ($null -ne $getValue.AdditionalProperties.welcomeScreenMeetingInformation) + { + $enumWelcomeScreenMeetingInformation = $getValue.AdditionalProperties.welcomeScreenMeetingInformation.ToString() + } + #endregion + + #region resource generator code + $timeMaintenanceWindowStartTime = $null + if ($null -ne $getValue.AdditionalProperties.maintenanceWindowStartTime) + { + $timeMaintenanceWindowStartTime = ([TimeSpan]$getValue.AdditionalProperties.maintenanceWindowStartTime).ToString() + } + #endregion + + $results = @{ + #region resource generator code + AzureOperationalInsightsBlockTelemetry = $getValue.AdditionalProperties.azureOperationalInsightsBlockTelemetry + AzureOperationalInsightsWorkspaceId = $getValue.AdditionalProperties.azureOperationalInsightsWorkspaceId + AzureOperationalInsightsWorkspaceKey = $getValue.AdditionalProperties.azureOperationalInsightsWorkspaceKey + ConnectAppBlockAutoLaunch = $getValue.AdditionalProperties.connectAppBlockAutoLaunch + MaintenanceWindowBlocked = $getValue.AdditionalProperties.maintenanceWindowBlocked + MaintenanceWindowDurationInHours = $getValue.AdditionalProperties.maintenanceWindowDurationInHours + MaintenanceWindowStartTime = $timeMaintenanceWindowStartTime + MiracastBlocked = $getValue.AdditionalProperties.miracastBlocked + MiracastChannel = $enumMiracastChannel + MiracastRequirePin = $getValue.AdditionalProperties.miracastRequirePin + SettingsBlockMyMeetingsAndFiles = $getValue.AdditionalProperties.settingsBlockMyMeetingsAndFiles + SettingsBlockSessionResume = $getValue.AdditionalProperties.settingsBlockSessionResume + SettingsBlockSigninSuggestions = $getValue.AdditionalProperties.settingsBlockSigninSuggestions + SettingsDefaultVolume = $getValue.AdditionalProperties.settingsDefaultVolume + SettingsScreenTimeoutInMinutes = $getValue.AdditionalProperties.settingsScreenTimeoutInMinutes + SettingsSessionTimeoutInMinutes = $getValue.AdditionalProperties.settingsSessionTimeoutInMinutes + SettingsSleepTimeoutInMinutes = $getValue.AdditionalProperties.settingsSleepTimeoutInMinutes + WelcomeScreenBackgroundImageUrl = $getValue.AdditionalProperties.welcomeScreenBackgroundImageUrl + WelcomeScreenBlockAutomaticWakeUp = $getValue.AdditionalProperties.welcomeScreenBlockAutomaticWakeUp + WelcomeScreenMeetingInformation = $enumWelcomeScreenMeetingInformation + Description = $getValue.Description + DisplayName = $getValue.DisplayName + SupportsScopeTags = $getValue.SupportsScopeTags + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + $assignmentsValues = Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.Boolean] + $AzureOperationalInsightsBlockTelemetry, + + [Parameter()] + [System.String] + $AzureOperationalInsightsWorkspaceId, + + [Parameter()] + [System.String] + $AzureOperationalInsightsWorkspaceKey, + + [Parameter()] + [System.Boolean] + $ConnectAppBlockAutoLaunch, + + [Parameter()] + [System.Boolean] + $MaintenanceWindowBlocked, + + [Parameter()] + [System.Int32] + $MaintenanceWindowDurationInHours, + + [Parameter()] + [System.TimeSpan] + $MaintenanceWindowStartTime, + + [Parameter()] + [System.Boolean] + $MiracastBlocked, + + [Parameter()] + [ValidateSet('userDefined','one','two','three','four','five','six','seven','eight','nine','ten','eleven','thirtySix','forty','fortyFour','fortyEight','oneHundredFortyNine','oneHundredFiftyThree','oneHundredFiftySeven','oneHundredSixtyOne','oneHundredSixtyFive')] + [System.String] + $MiracastChannel, + + [Parameter()] + [System.Boolean] + $MiracastRequirePin, + + [Parameter()] + [System.Boolean] + $SettingsBlockMyMeetingsAndFiles, + + [Parameter()] + [System.Boolean] + $SettingsBlockSessionResume, + + [Parameter()] + [System.Boolean] + $SettingsBlockSigninSuggestions, + + [Parameter()] + [System.Int32] + $SettingsDefaultVolume, + + [Parameter()] + [System.Int32] + $SettingsScreenTimeoutInMinutes, + + [Parameter()] + [System.Int32] + $SettingsSessionTimeoutInMinutes, + + [Parameter()] + [System.Int32] + $SettingsSleepTimeoutInMinutes, + + [Parameter()] + [System.String] + $WelcomeScreenBackgroundImageUrl, + + [Parameter()] + [System.Boolean] + $WelcomeScreenBlockAutomaticWakeUp, + + [Parameter()] + [ValidateSet('userDefined','showOrganizerAndTimeOnly','showOrganizerAndTimeAndSubject')] + [System.String] + $WelcomeScreenMeetingInformation, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Device Configuration Windows Team Policy for Windows10 with DisplayName {$DisplayName}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $CreateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') + { + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + } + } + #region resource generator code + $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10TeamGeneralConfiguration") + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Device Configuration Windows Team Policy for Windows10 with Id {$($currentInstance.Id)}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') + { + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + } + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10TeamGeneralConfiguration") + Update-MgDeviceManagementDeviceConfiguration ` + -DeviceConfigurationId $currentInstance.Id ` + -BodyParameter $UpdateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Device Configuration Windows Team Policy for Windows10 with Id {$($currentInstance.Id)}" + #region resource generator code +Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.Boolean] + $AzureOperationalInsightsBlockTelemetry, + + [Parameter()] + [System.String] + $AzureOperationalInsightsWorkspaceId, + + [Parameter()] + [System.String] + $AzureOperationalInsightsWorkspaceKey, + + [Parameter()] + [System.Boolean] + $ConnectAppBlockAutoLaunch, + + [Parameter()] + [System.Boolean] + $MaintenanceWindowBlocked, + + [Parameter()] + [System.Int32] + $MaintenanceWindowDurationInHours, + + [Parameter()] + [System.TimeSpan] + $MaintenanceWindowStartTime, + + [Parameter()] + [System.Boolean] + $MiracastBlocked, + + [Parameter()] + [ValidateSet('userDefined','one','two','three','four','five','six','seven','eight','nine','ten','eleven','thirtySix','forty','fortyFour','fortyEight','oneHundredFortyNine','oneHundredFiftyThree','oneHundredFiftySeven','oneHundredSixtyOne','oneHundredSixtyFive')] + [System.String] + $MiracastChannel, + + [Parameter()] + [System.Boolean] + $MiracastRequirePin, + + [Parameter()] + [System.Boolean] + $SettingsBlockMyMeetingsAndFiles, + + [Parameter()] + [System.Boolean] + $SettingsBlockSessionResume, + + [Parameter()] + [System.Boolean] + $SettingsBlockSigninSuggestions, + + [Parameter()] + [System.Int32] + $SettingsDefaultVolume, + + [Parameter()] + [System.Int32] + $SettingsScreenTimeoutInMinutes, + + [Parameter()] + [System.Int32] + $SettingsSessionTimeoutInMinutes, + + [Parameter()] + [System.Int32] + $SettingsSleepTimeoutInMinutes, + + [Parameter()] + [System.String] + $WelcomeScreenBackgroundImageUrl, + + [Parameter()] + [System.Boolean] + $WelcomeScreenBlockAutomaticWakeUp, + + [Parameter()] + [ValidateSet('userDefined','showOrganizerAndTimeOnly','showOrganizerAndTimeAndSubject')] + [System.String] + $WelcomeScreenMeetingInformation, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Device Configuration Windows Team Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + $testResult = $false + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.remove('Id') | Out-Null + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10TeamGeneralConfiguration' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function Update-DeviceConfigurationPolicyAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $Targets, + + [Parameter()] + [System.String] + $Repository = 'deviceManagement/configurationPolicies', + + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion = 'beta' + ) + try + { + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + + foreach ($target in $targets) + { + $formattedTarget = @{"@odata.type" = $target.dataType} + if ($target.groupId) + { + $formattedTarget.Add('groupId',$target.groupId) + } + if ($target.collectionId) + { + $formattedTarget.Add('collectionId',$target.collectionId) + } + if ($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + } + if ($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + } + $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $null + } +} + +function Rename-M365DSCCimInstanceParameter +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $Properties + ) + + $keyToRename = @{ + 'odataType' = '@odata.type' + } + + $result = $Properties + + $type = $Properties.getType().FullName + + #region Array + if ($type -like '*[[\]]') + { + $values = @() + foreach ($item in $Properties) + { + $values += Rename-M365DSCCimInstanceParameter $item + } + $result = $values + + return , $result + } + #endregion + + #region Single + if ($type -like '*Hashtable') + { + $result = ([Hashtable]$Properties).clone() + } + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') + { + $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) + { + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) + if ($key -in $keyToRename.Keys) + { + $keyName = $keyToRename.$key + } + + $property = $hashProperties.$key + if ($null -ne $property) + { + $hashProperties.Remove($key) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) + } + } + $result = $hashProperties + } + return $result + #endregion +} + +function Get-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable], [hashtable[]])] + param( + [Parameter()] + $ComplexObject + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + if ($ComplexObject.gettype().fullname -like '*[[\]]') + { + $results = @() + + foreach ($item in $ComplexObject) + { + if ($item) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash + } + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return , [hashtable[]]$results + } + + if ($ComplexObject.getType().fullname -like '*Dictionary*') + { + $results = @{} + + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys + foreach ($key in $keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyName = $key + + $keyType = $ComplexObject.$key.gettype().fullname + + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$key) + } + } + } + return [hashtable]$results + } + + $results = @{} + + if ($ComplexObject.getType().Fullname -like '*hashtable') + { + $keys = $ComplexObject.keys + } + else + { + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } + } + + foreach ($key in $keys) + { + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') + { + $keyName = $key.Name + } + + if ($null -ne $ComplexObject.$keyName) + { + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$keyName) + } + } + } + return [hashtable]$results +} + +<# + Use ComplexTypeMapping to overwrite the type of nested CIM + Example + $complexMapping=@( + @{ + Name="ApprovalStages" + CimInstanceName="MSFT_MicrosoftGraphapprovalstage1" + IsRequired=$false + } + @{ + Name="PrimaryApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + @{ + Name="EscalationApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + ) + With + Name: the name of the parameter to be overwritten + CimInstanceName: The type of the CIM instance (can include or not the prefix MSFT_) + IsRequired: If isRequired equals true, an empty hashtable or array will be returned. Some of the Graph parameters are required even though they are empty +#> +function Get-M365DSCDRGComplexTypeToString +{ + [CmdletBinding()] + param( + [Parameter()] + $ComplexObject, + + [Parameter(Mandatory = $true)] + [System.String] + $CIMInstanceName, + + [Parameter()] + [Array] + $ComplexTypeMapping, + + [Parameter()] + [System.String] + $Whitespace = '', + + [Parameter()] + [System.uint32] + $IndentLevel = 3, + + [Parameter()] + [switch] + $isArray = $false + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' + } + #If ComplexObject is an Array + if ($ComplexObject.GetType().FullName -like '*[[\]]') + { + $currentProperty = @() + $IndentLevel++ + foreach ($item in $ComplexObject) + { + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel + } + if ($ComplexTypeMapping) + { + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) + } + + $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return , $currentProperty + } + + $currentProperty = '' + if ($isArray) + { + $currentProperty += "`r`n" + $currentProperty += $indent + } + + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') + $currentProperty += "MSFT_$CIMInstanceName{`r`n" + $IndentLevel++ + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' + } + $keyNotNull = 0 + + if ($ComplexObject.Keys.count -eq 0) + { + return $null + } + + foreach ($key in $ComplexObject.Keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyNotNull++ + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) + { + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() + + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') + { + $isArray = $true + } + #overwrite type if object defined in mapping complextypemapping + if ($key -in $ComplexTypeMapping.Name) + { + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] + } + else + { + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + } + + if (-not $isArray) + { + $currentProperty += $indent + $key + ' = ' + } + + if ($isArray -and $key -in $ComplexTypeMapping.Name) + { + if ($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $key + ' = ' + $currentProperty += '@(' + } + } + + if ($isArray) + { + $IndentLevel++ + foreach ($item in $ComplexObject[$key]) + { + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') + { + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "@()`r`n" + } + $currentProperty += $nestedPropertyString + } + $IndentLevel-- + } + else + { + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "`$null`r`n" + } + $currentProperty += $nestedPropertyString + } + if ($isArray) + { + if ($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $currentProperty += ')' + $currentProperty += "`r`n" + } + } + $isArray = $PSBoundParameters.IsArray + } + else + { + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($indent) + } + } + else + { + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } + + if ($mappedKey -and $mappedKey.isRequired) + { + if ($mappedKey.isArray) + { + $currentProperty += "$indent$key = @()`r`n" + } + else + { + $currentProperty += "$indent$key = `$null`r`n" + } + } + } + } + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) + { + $indent += ' ' + } + $currentProperty += "$indent}" + if ($isArray -or $IndentLevel -gt 4) + { + $currentProperty += "`r`n" + } + + #Indenting last parenthese when the cim instance is an array + if ($IndentLevel -eq 5) + { + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) + { + $indent += ' ' + } + $currentProperty += $indent + } + + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") + { + $currentProperty = $null + } + return $currentProperty +} + +Function Get-M365DSCDRGSimpleObjectTypeToString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory = 'true')] + [System.String] + $Key, + + [Parameter(Mandatory = 'true')] + $Value, + + [Parameter()] + [System.String] + $Space = ' ' + + ) + + $returnValue = '' + switch -Wildcard ($Value.GetType().Fullname ) + { + '*.Boolean' + { + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + } + '*.String' + { + if ($key -eq '@odata.type') + { + $key = 'odataType' + } + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" + } + '*.DateTime' + { + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" + } + '*[[\]]' + { + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) + { + $returnValue += "`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" + } + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) + { + switch -Wildcard ($item.GetType().Fullname) + { + '*.String' + { + $returnValue += "$whitespace'$item'$newline" + } + '*.DateTime' + { + $returnValue += "$whitespace'$item'$newline" + } + Default + { + $returnValue += "$whitespace$item$newline" + } + } + } + if ($Value.count -gt 1) + { + $returnValue += "$Space)`r`n" + } + else + { + $returnValue += ")`r`n" + + } + } + Default + { + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" + } + } + return $returnValue +} + +function Compare-M365DSCComplexObject +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param( + [Parameter()] + $Source, + [Parameter()] + $Target + ) + + #Comparing full objects + if ($null -eq $Source -and $null -eq $Target) + { + return $true + } + + $sourceValue = '' + $targetValue = '' + if (($null -eq $Source) -xor ($null -eq $Target)) + { + if ($null -eq $Source) + { + $sourceValue = 'Source is null' + } + + if ($null -eq $Target) + { + $targetValue = 'Target is null' + } + Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" + return $false + } + + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') + { + if ($source.count -ne $target.count) + { + Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" + return $false + } + if ($source.count -eq 0) + { + return $true + } + + foreach ($item in $Source) + { + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) + { + $compareResult = Compare-M365DSCComplexObject ` + -Source $hashSource ` + -Target $targetItem + + if ($compareResult) + { + break + } + } + + if (-not $compareResult) + { + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' + return $false + } + } + return $true + } + + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } + foreach ($key in $keys) + { + #Matching possible key names between Source and Target + $skey = $key + $tkey = $key + + $sourceValue = $Source.$key + $targetValue = $Target.$tkey + #One of the item is null and not the other + if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) + { + + if ($null -eq $Source.$key) + { + $sourceValue = 'null' + } + + if ($null -eq $Target.$tkey) + { + $targetValue = 'null' + } + + #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + + #Both keys aren't null or empty + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + { + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*') + { + #Recursive call for complex object + $compareResult = Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` + -Target $Target.$tkey + + if (-not $compareResult) + { + #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + else + { + #Simple object comparison + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key + + #Identifying date from the current values + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') + { + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) + { + $compareResult = $null + } + } + else + { + $compareResult = Compare-Object ` + -ReferenceObject ($referenceObject) ` + -DifferenceObject ($differenceObject) + } + + if ($null -ne $compareResult) + { + #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + } + } + return $true +} + +function Convert-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable], [hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $ComplexObject + ) + + if ($ComplexObject.getType().Fullname -like '*[[\]]') + { + $results = @() + foreach ($item in $ComplexObject) + { + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash + } + + #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return , [hashtable[]]$results + } + $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject + + if ($null -ne $hashComplexObject) + { + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } + foreach ($key in $keys) + { + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') + { + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + } + else + { + $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) + } + } + } + return [hashtable]$results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.schema.mof new file mode 100644 index 0000000000..432650eb4d --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.schema.mof @@ -0,0 +1,46 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationWindowsTeamPolicyWindows10")] +class MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10 : OMI_BaseResource +{ + [Write, Description("Indicates whether or not to Block Azure Operational Insights.")] Boolean AzureOperationalInsightsBlockTelemetry; + [Write, Description("The Azure Operational Insights workspace id.")] String AzureOperationalInsightsWorkspaceId; + [Write, Description("The Azure Operational Insights Workspace key.")] String AzureOperationalInsightsWorkspaceKey; + [Write, Description("Specifies whether to automatically launch the Connect app whenever a projection is initiated.")] Boolean ConnectAppBlockAutoLaunch; + [Write, Description("Indicates whether or not to Block setting a maintenance window for device updates.")] Boolean MaintenanceWindowBlocked; + [Write, Description("Maintenance window duration for device updates. Valid values 0 to 5")] UInt32 MaintenanceWindowDurationInHours; + [Write, Description("Maintenance window start time for device updates.")] String MaintenanceWindowStartTime; + [Write, Description("Indicates whether or not to Block wireless projection.")] Boolean MiracastBlocked; + [Write, Description("The channel. Possible values are: userDefined, one, two, three, four, five, six, seven, eight, nine, ten, eleven, thirtySix, forty, fortyFour, fortyEight, oneHundredFortyNine, oneHundredFiftyThree, oneHundredFiftySeven, oneHundredSixtyOne, oneHundredSixtyFive."), ValueMap{"userDefined","one","two","three","four","five","six","seven","eight","nine","ten","eleven","thirtySix","forty","fortyFour","fortyEight","oneHundredFortyNine","oneHundredFiftyThree","oneHundredFiftySeven","oneHundredSixtyOne","oneHundredSixtyFive"}, Values{"userDefined","one","two","three","four","five","six","seven","eight","nine","ten","eleven","thirtySix","forty","fortyFour","fortyEight","oneHundredFortyNine","oneHundredFiftyThree","oneHundredFiftySeven","oneHundredSixtyOne","oneHundredSixtyFive"}] String MiracastChannel; + [Write, Description("Indicates whether or not to require a pin for wireless projection.")] Boolean MiracastRequirePin; + [Write, Description("Specifies whether to disable the 'My meetings and files' feature in the Start menu, which shows the signed-in user's meetings and files from Office 365.")] Boolean SettingsBlockMyMeetingsAndFiles; + [Write, Description("Specifies whether to allow the ability to resume a session when the session times out.")] Boolean SettingsBlockSessionResume; + [Write, Description("Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings.")] Boolean SettingsBlockSigninSuggestions; + [Write, Description("Specifies the default volume value for a new session. Permitted values are 0-100. The default is 45. Valid values 0 to 100")] UInt32 SettingsDefaultVolume; + [Write, Description("Specifies the number of minutes until the Hub screen turns off.")] UInt32 SettingsScreenTimeoutInMinutes; + [Write, Description("Specifies the number of minutes until the session times out.")] UInt32 SettingsSessionTimeoutInMinutes; + [Write, Description("Specifies the number of minutes until the Hub enters sleep mode.")] UInt32 SettingsSleepTimeoutInMinutes; + [Write, Description("The welcome screen background image URL. The URL must use the HTTPS protocol and return a PNG image.")] String WelcomeScreenBackgroundImageUrl; + [Write, Description("Indicates whether or not to Block the welcome screen from waking up automatically when someone enters the room.")] Boolean WelcomeScreenBlockAutomaticWakeUp; + [Write, Description("The welcome screen meeting information shown. Possible values are: userDefined, showOrganizerAndTimeOnly, showOrganizerAndTimeAndSubject."), ValueMap{"userDefined","showOrganizerAndTimeOnly","showOrganizerAndTimeAndSubject"}, Values{"userDefined","showOrganizerAndTimeOnly","showOrganizerAndTimeAndSubject"}] String WelcomeScreenMeetingInformation; + [Write, Description("Admin provided description of the Device Configuration.")] String Description; + [Required, Description("Admin provided name of the device configuration.")] String DisplayName; + [Write, Description("Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.")] Boolean SupportsScopeTags; + [Key, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/readme.md new file mode 100644 index 0000000000..db322df2bb --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/readme.md @@ -0,0 +1,6 @@ + +# IntuneDeviceConfigurationWindowsTeamPolicyWindows10 + +## Description + +Intune Device Configuration Windows Team Policy for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/settings.json new file mode 100644 index 0000000000..bc61bbaa65 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "IntuneDeviceConfigurationWindowsTeamPolicyWindows10", + "description": "This resource configures an Intune Device Configuration Windows Team Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } +} + +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/1-IntuneDeviceConfigurationWindowsTeamPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/1-IntuneDeviceConfigurationWindowsTeamPolicyWindows10-Example.ps1 new file mode 100644 index 0000000000..eb204fd2d1 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/1-IntuneDeviceConfigurationWindowsTeamPolicyWindows10-Example.ps1 @@ -0,0 +1,45 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationWindowsTeamPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + AzureOperationalInsightsBlockTelemetry = $True; + ConnectAppBlockAutoLaunch = $True; + Credential = $Credscredential; + DisplayName = "Device restrictions (Windows 10 Team)"; + Ensure = "Present"; + Id = "55308358-a4b9-4e26-bc75-7a6871836436"; + MaintenanceWindowBlocked = $False; + MaintenanceWindowDurationInHours = 1; + MaintenanceWindowStartTime = "00:00:00"; + MiracastBlocked = $True; + MiracastChannel = "oneHundredFortyNine"; + MiracastRequirePin = $True; + SettingsBlockMyMeetingsAndFiles = $True; + SettingsBlockSessionResume = $True; + SettingsBlockSigninSuggestions = $True; + SupportsScopeTags = $True; + WelcomeScreenBlockAutomaticWakeUp = $True; + WelcomeScreenMeetingInformation = "showOrganizerAndTimeOnly"; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWindowsTeamPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWindowsTeamPolicyWindows10.Tests.ps1 new file mode 100644 index 0000000000..3ae395f2bd --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWindowsTeamPolicyWindows10.Tests.ps1 @@ -0,0 +1,371 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneDeviceConfigurationWindowsTeamPolicyWindows10" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { + } + + } + # Test contexts + Context -Name "The IntuneDeviceConfigurationWindowsTeamPolicyWindows10 should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + AzureOperationalInsightsBlockTelemetry = $True + AzureOperationalInsightsWorkspaceId = "FakeStringValue" + AzureOperationalInsightsWorkspaceKey = "FakeStringValue" + ConnectAppBlockAutoLaunch = $True + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + MaintenanceWindowBlocked = $True + MaintenanceWindowDurationInHours = 25 + MaintenanceWindowStartTime = "00:00:00" + MiracastBlocked = $True + MiracastChannel = "userDefined" + MiracastRequirePin = $True + SettingsBlockMyMeetingsAndFiles = $True + SettingsBlockSessionResume = $True + SettingsBlockSigninSuggestions = $True + SettingsDefaultVolume = 25 + SettingsScreenTimeoutInMinutes = 25 + SettingsSessionTimeoutInMinutes = 25 + SettingsSleepTimeoutInMinutes = 25 + SupportsScopeTags = $True + WelcomeScreenBackgroundImageUrl = "FakeStringValue" + WelcomeScreenBlockAutomaticWakeUp = $True + WelcomeScreenMeetingInformation = "userDefined" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name "The IntuneDeviceConfigurationWindowsTeamPolicyWindows10 exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + AzureOperationalInsightsBlockTelemetry = $True + AzureOperationalInsightsWorkspaceId = "FakeStringValue" + AzureOperationalInsightsWorkspaceKey = "FakeStringValue" + ConnectAppBlockAutoLaunch = $True + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + MaintenanceWindowBlocked = $True + MaintenanceWindowDurationInHours = 25 + MaintenanceWindowStartTime = "00:00:00" + MiracastBlocked = $True + MiracastChannel = "userDefined" + MiracastRequirePin = $True + SettingsBlockMyMeetingsAndFiles = $True + SettingsBlockSessionResume = $True + SettingsBlockSigninSuggestions = $True + SettingsDefaultVolume = 25 + SettingsScreenTimeoutInMinutes = 25 + SettingsSessionTimeoutInMinutes = 25 + SettingsSleepTimeoutInMinutes = 25 + SupportsScopeTags = $True + WelcomeScreenBackgroundImageUrl = "FakeStringValue" + WelcomeScreenBlockAutomaticWakeUp = $True + WelcomeScreenMeetingInformation = "userDefined" + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + settingsDefaultVolume = 25 + welcomeScreenMeetingInformation = "userDefined" + settingsScreenTimeoutInMinutes = 25 + settingsBlockMyMeetingsAndFiles = $True + '@odata.type' = "#microsoft.graph.windows10TeamGeneralConfiguration" + maintenanceWindowDurationInHours = 25 + azureOperationalInsightsBlockTelemetry = $True + miracastChannel = "userDefined" + welcomeScreenBackgroundImageUrl = "FakeStringValue" + settingsBlockSessionResume = $True + settingsSessionTimeoutInMinutes = 25 + azureOperationalInsightsWorkspaceKey = "FakeStringValue" + welcomeScreenBlockAutomaticWakeUp = $True + miracastRequirePin = $True + maintenanceWindowStartTime = "00:00:00" + settingsBlockSigninSuggestions = $True + maintenanceWindowBlocked = $True + miracastBlocked = $True + settingsSleepTimeoutInMinutes = 25 + azureOperationalInsightsWorkspaceId = "FakeStringValue" + connectAppBlockAutoLaunch = $True + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + Context -Name "The IntuneDeviceConfigurationWindowsTeamPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AzureOperationalInsightsBlockTelemetry = $True + AzureOperationalInsightsWorkspaceId = "FakeStringValue" + AzureOperationalInsightsWorkspaceKey = "FakeStringValue" + ConnectAppBlockAutoLaunch = $True + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + MaintenanceWindowBlocked = $True + MaintenanceWindowDurationInHours = 25 + MaintenanceWindowStartTime = "00:00:00" + MiracastBlocked = $True + MiracastChannel = "userDefined" + MiracastRequirePin = $True + SettingsBlockMyMeetingsAndFiles = $True + SettingsBlockSessionResume = $True + SettingsBlockSigninSuggestions = $True + SettingsDefaultVolume = 25 + SettingsScreenTimeoutInMinutes = 25 + SettingsSessionTimeoutInMinutes = 25 + SettingsSleepTimeoutInMinutes = 25 + SupportsScopeTags = $True + WelcomeScreenBackgroundImageUrl = "FakeStringValue" + WelcomeScreenBlockAutomaticWakeUp = $True + WelcomeScreenMeetingInformation = "userDefined" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + settingsDefaultVolume = 25 + welcomeScreenMeetingInformation = "userDefined" + settingsScreenTimeoutInMinutes = 25 + settingsBlockMyMeetingsAndFiles = $True + '@odata.type' = "#microsoft.graph.windows10TeamGeneralConfiguration" + maintenanceWindowDurationInHours = 25 + azureOperationalInsightsBlockTelemetry = $True + miracastChannel = "userDefined" + welcomeScreenBackgroundImageUrl = "FakeStringValue" + settingsBlockSessionResume = $True + settingsSessionTimeoutInMinutes = 25 + azureOperationalInsightsWorkspaceKey = "FakeStringValue" + welcomeScreenBlockAutomaticWakeUp = $True + miracastRequirePin = $True + maintenanceWindowStartTime = "00:00:00" + settingsBlockSigninSuggestions = $True + maintenanceWindowBlocked = $True + miracastBlocked = $True + settingsSleepTimeoutInMinutes = 25 + azureOperationalInsightsWorkspaceId = "FakeStringValue" + connectAppBlockAutoLaunch = $True + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneDeviceConfigurationWindowsTeamPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AzureOperationalInsightsBlockTelemetry = $True + AzureOperationalInsightsWorkspaceId = "FakeStringValue" + AzureOperationalInsightsWorkspaceKey = "FakeStringValue" + ConnectAppBlockAutoLaunch = $True + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + MaintenanceWindowBlocked = $True + MaintenanceWindowDurationInHours = 25 + MaintenanceWindowStartTime = "00:00:00" + MiracastBlocked = $True + MiracastChannel = "userDefined" + MiracastRequirePin = $True + SettingsBlockMyMeetingsAndFiles = $True + SettingsBlockSessionResume = $True + SettingsBlockSigninSuggestions = $True + SettingsDefaultVolume = 25 + SettingsScreenTimeoutInMinutes = 25 + SettingsSessionTimeoutInMinutes = 25 + SettingsSleepTimeoutInMinutes = 25 + SupportsScopeTags = $True + WelcomeScreenBackgroundImageUrl = "FakeStringValue" + WelcomeScreenBlockAutomaticWakeUp = $True + WelcomeScreenMeetingInformation = "userDefined" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + maintenanceWindowDurationInHours = 7 + settingsScreenTimeoutInMinutes = 7 + welcomeScreenMeetingInformation = "userDefined" + settingsDefaultVolume = 7 + azureOperationalInsightsWorkspaceId = "FakeStringValue" + miracastChannel = "userDefined" + azureOperationalInsightsWorkspaceKey = "FakeStringValue" + settingsSessionTimeoutInMinutes = 7 + maintenanceWindowStartTime = "00:00:00" + '@odata.type' = "#microsoft.graph.windows10TeamGeneralConfiguration" + welcomeScreenBackgroundImageUrl = "FakeStringValue" + settingsSleepTimeoutInMinutes = 7 + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + settingsDefaultVolume = 25 + welcomeScreenMeetingInformation = "userDefined" + settingsScreenTimeoutInMinutes = 25 + settingsBlockMyMeetingsAndFiles = $True + '@odata.type' = "#microsoft.graph.windows10TeamGeneralConfiguration" + maintenanceWindowDurationInHours = 25 + azureOperationalInsightsBlockTelemetry = $True + miracastChannel = "userDefined" + welcomeScreenBackgroundImageUrl = "FakeStringValue" + settingsBlockSessionResume = $True + settingsSessionTimeoutInMinutes = 25 + azureOperationalInsightsWorkspaceKey = "FakeStringValue" + welcomeScreenBlockAutomaticWakeUp = $True + miracastRequirePin = $True + maintenanceWindowStartTime = "00:00:00" + settingsBlockSigninSuggestions = $True + maintenanceWindowBlocked = $True + miracastBlocked = $True + settingsSleepTimeoutInMinutes = 25 + azureOperationalInsightsWorkspaceId = "FakeStringValue" + connectAppBlockAutoLaunch = $True + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From 551d3af28343d8b8e0e1360f98697c976031058b Mon Sep 17 00:00:00 2001 From: William-francillette Date: Mon, 10 Apr 2023 18:20:19 +0100 Subject: [PATCH 28/64] Initial release --- CHANGELOG.md | 5 + ...onfigurationDomainJoinPolicyWindows10.psm1 | 1367 +++++++++++++++++ ...rationDomainJoinPolicyWindows10.schema.mof | 30 + .../readme.md | 6 + .../settings.json | 33 + ...ationDomainJoinPolicyWindows10-Example.ps1 | 36 + ...urationDomainJoinPolicyWindows10.Tests.ps1 | 252 +++ 7 files changed, 1729 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/1-IntuneDeviceConfigurationDomainJoinPolicyWindows10-Example.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDomainJoinPolicyWindows10.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 2dbb95becd..5430e9df61 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneDeviceConfigurationDomainJoinPolicyWindows10 + * Initial release + # 1.23.405.1 * IntuneDeviceEnrollmentPlatformRestriction diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 new file mode 100644 index 0000000000..b5521b58fd --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 @@ -0,0 +1,1367 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $ActiveDirectoryDomainName, + + [Parameter()] + [System.String] + $ComputerNameStaticPrefix, + + [Parameter()] + [System.Int32] + $ComputerNameSuffixRandomCharCount, + + [Parameter()] + [System.String] + $OrganizationalUnit, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Domain Join Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgDeviceManagementDeviceConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windowsDomainJoinConfiguration" ` + } + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Domain Join Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Device Configuration Domain Join Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." + + $results = @{ + #region resource generator code + ActiveDirectoryDomainName = $getValue.AdditionalProperties.activeDirectoryDomainName + ComputerNameStaticPrefix = $getValue.AdditionalProperties.computerNameStaticPrefix + ComputerNameSuffixRandomCharCount = $getValue.AdditionalProperties.computerNameSuffixRandomCharCount + OrganizationalUnit = $getValue.AdditionalProperties.organizationalUnit + Description = $getValue.Description + DisplayName = $getValue.DisplayName + SupportsScopeTags = $getValue.SupportsScopeTags + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + $assignmentsValues = Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $ActiveDirectoryDomainName, + + [Parameter()] + [System.String] + $ComputerNameStaticPrefix, + + [Parameter()] + [System.Int32] + $ComputerNameSuffixRandomCharCount, + + [Parameter()] + [System.String] + $OrganizationalUnit, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Device Configuration Domain Join Policy for Windows10 with DisplayName {$DisplayName}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $CreateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') + { + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + } + } + #region resource generator code + $CreateParameters.Add("@odata.type", "#microsoft.graph.windowsDomainJoinConfiguration") + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Device Configuration Domain Join Policy for Windows10 with Id {$($currentInstance.Id)}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') + { + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + } + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.windowsDomainJoinConfiguration") + Update-MgDeviceManagementDeviceConfiguration ` + -DeviceConfigurationId $currentInstance.Id ` + -BodyParameter $UpdateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Device Configuration Domain Join Policy for Windows10 with Id {$($currentInstance.Id)}" + #region resource generator code +Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $ActiveDirectoryDomainName, + + [Parameter()] + [System.String] + $ComputerNameStaticPrefix, + + [Parameter()] + [System.Int32] + $ComputerNameSuffixRandomCharCount, + + [Parameter()] + [System.String] + $OrganizationalUnit, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Device Configuration Domain Join Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) + { + $testResult = $false + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.remove('Id') | Out-Null + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsDomainJoinConfiguration' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +function Update-DeviceConfigurationPolicyAssignment +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + [Parameter(Mandatory = 'true')] + [System.String] + $DeviceConfigurationPolicyId, + + [Parameter()] + [Array] + $Targets, + + [Parameter()] + [System.String] + $Repository = 'deviceManagement/configurationPolicies', + + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion = 'beta' + ) + try + { + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + + foreach ($target in $targets) + { + $formattedTarget = @{"@odata.type" = $target.dataType} + if ($target.groupId) + { + $formattedTarget.Add('groupId',$target.groupId) + } + if ($target.collectionId) + { + $formattedTarget.Add('collectionId',$target.collectionId) + } + if ($target.deviceAndAppManagementAssignmentFilterType) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) + } + if ($target.deviceAndAppManagementAssignmentFilterId) + { + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) + } + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} + } + $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 + #write-verbose -Message $body + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop + } + catch + { + New-M365DSCLogEntry -Message 'Error updating data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $null + } +} + +function Rename-M365DSCCimInstanceParameter +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable], [System.Collections.Hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $Properties + ) + + $keyToRename = @{ + 'odataType' = '@odata.type' + } + + $result = $Properties + + $type = $Properties.getType().FullName + + #region Array + if ($type -like '*[[\]]') + { + $values = @() + foreach ($item in $Properties) + { + $values += Rename-M365DSCCimInstanceParameter $item + } + $result = $values + + return , $result + } + #endregion + + #region Single + if ($type -like '*Hashtable') + { + $result = ([Hashtable]$Properties).clone() + } + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*' -or $type -like '*Object*') + { + $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) + { + $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) + if ($key -in $keyToRename.Keys) + { + $keyName = $keyToRename.$key + } + + $property = $hashProperties.$key + if ($null -ne $property) + { + $hashProperties.Remove($key) + $hashProperties.add($keyName, (Rename-M365DSCCimInstanceParameter $property)) + } + } + $result = $hashProperties + } + return $result + #endregion +} + +function Get-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable], [hashtable[]])] + param( + [Parameter()] + $ComplexObject + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + if ($ComplexObject.gettype().fullname -like '*[[\]]') + { + $results = @() + + foreach ($item in $ComplexObject) + { + if ($item) + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash + } + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return , [hashtable[]]$results + } + + if ($ComplexObject.getType().fullname -like '*Dictionary*') + { + $results = @{} + + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys + foreach ($key in $keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyName = $key + + $keyType = $ComplexObject.$key.gettype().fullname + + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*' -or $keyType -like '*[[\]]') + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$key) + } + } + } + return [hashtable]$results + } + + $results = @{} + + if ($ComplexObject.getType().Fullname -like '*hashtable') + { + $keys = $ComplexObject.keys + } + else + { + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' } + } + + foreach ($key in $keys) + { + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike '*hashtable') + { + $keyName = $key.Name + } + + if ($null -ne $ComplexObject.$keyName) + { + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like '*CimInstance*' -or $keyType -like '*Dictionary*' -or $keyType -like 'Microsoft.Graph.PowerShell.Models.*') + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$keyName) + } + } + } + return [hashtable]$results +} + +<# + Use ComplexTypeMapping to overwrite the type of nested CIM + Example + $complexMapping=@( + @{ + Name="ApprovalStages" + CimInstanceName="MSFT_MicrosoftGraphapprovalstage1" + IsRequired=$false + } + @{ + Name="PrimaryApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + @{ + Name="EscalationApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + ) + With + Name: the name of the parameter to be overwritten + CimInstanceName: The type of the CIM instance (can include or not the prefix MSFT_) + IsRequired: If isRequired equals true, an empty hashtable or array will be returned. Some of the Graph parameters are required even though they are empty +#> +function Get-M365DSCDRGComplexTypeToString +{ + [CmdletBinding()] + param( + [Parameter()] + $ComplexObject, + + [Parameter(Mandatory = $true)] + [System.String] + $CIMInstanceName, + + [Parameter()] + [Array] + $ComplexTypeMapping, + + [Parameter()] + [System.String] + $Whitespace = '', + + [Parameter()] + [System.uint32] + $IndentLevel = 3, + + [Parameter()] + [switch] + $isArray = $false + ) + + if ($null -eq $ComplexObject) + { + return $null + } + + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' + } + #If ComplexObject is an Array + if ($ComplexObject.GetType().FullName -like '*[[\]]') + { + $currentProperty = @() + $IndentLevel++ + foreach ($item in $ComplexObject) + { + $splat = @{ + 'ComplexObject' = $item + 'CIMInstanceName' = $CIMInstanceName + 'IndentLevel' = $IndentLevel + } + if ($ComplexTypeMapping) + { + $splat.add('ComplexTypeMapping', $ComplexTypeMapping) + } + + $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat + } + + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return , $currentProperty + } + + $currentProperty = '' + if ($isArray) + { + $currentProperty += "`r`n" + $currentProperty += $indent + } + + $CIMInstanceName = $CIMInstanceName.replace('MSFT_', '') + $currentProperty += "MSFT_$CIMInstanceName{`r`n" + $IndentLevel++ + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' + } + $keyNotNull = 0 + + if ($ComplexObject.Keys.count -eq 0) + { + return $null + } + + foreach ($key in $ComplexObject.Keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyNotNull++ + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) + { + $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() + + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') + { + $isArray = $true + } + #overwrite type if object defined in mapping complextypemapping + if ($key -in $ComplexTypeMapping.Name) + { + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName)[0] + $hashProperty = $ComplexObject[$key] + } + else + { + $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] + } + + if (-not $isArray) + { + $currentProperty += $indent + $key + ' = ' + } + + if ($isArray -and $key -in $ComplexTypeMapping.Name) + { + if ($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $key + ' = ' + $currentProperty += '@(' + } + } + + if ($isArray) + { + $IndentLevel++ + foreach ($item in $ComplexObject[$key]) + { + if ($ComplexObject.$key.GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*') + { + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "@()`r`n" + } + $currentProperty += $nestedPropertyString + } + $IndentLevel-- + } + else + { + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "`$null`r`n" + } + $currentProperty += $nestedPropertyString + } + if ($isArray) + { + if ($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $currentProperty += ')' + $currentProperty += "`r`n" + } + } + $isArray = $PSBoundParameters.IsArray + } + else + { + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($indent) + } + } + else + { + $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } + + if ($mappedKey -and $mappedKey.isRequired) + { + if ($mappedKey.isArray) + { + $currentProperty += "$indent$key = @()`r`n" + } + else + { + $currentProperty += "$indent$key = `$null`r`n" + } + } + } + } + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 1 ; $i++) + { + $indent += ' ' + } + $currentProperty += "$indent}" + if ($isArray -or $IndentLevel -gt 4) + { + $currentProperty += "`r`n" + } + + #Indenting last parenthese when the cim instance is an array + if ($IndentLevel -eq 5) + { + $indent = '' + for ($i = 0; $i -lt $IndentLevel - 2 ; $i++) + { + $indent += ' ' + } + $currentProperty += $indent + } + + $emptyCIM = $currentProperty.replace(' ', '').replace("`r`n", '') + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") + { + $currentProperty = $null + } + return $currentProperty +} + +Function Get-M365DSCDRGSimpleObjectTypeToString +{ + [CmdletBinding()] + [OutputType([System.String])] + param( + [Parameter(Mandatory = 'true')] + [System.String] + $Key, + + [Parameter(Mandatory = 'true')] + $Value, + + [Parameter()] + [System.String] + $Space = ' ' + + ) + + $returnValue = '' + switch -Wildcard ($Value.GetType().Fullname ) + { + '*.Boolean' + { + $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" + } + '*.String' + { + if ($key -eq '@odata.type') + { + $key = 'odataType' + } + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" + } + '*.DateTime' + { + $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" + } + '*[[\]]' + { + $returnValue = $Space + $key + ' = @(' + $whitespace = '' + $newline = '' + if ($Value.count -gt 1) + { + $returnValue += "`r`n" + $whitespace = $Space + ' ' + $newline = "`r`n" + } + foreach ($item in ($Value | Where-Object -FilterScript { $null -ne $_ })) + { + switch -Wildcard ($item.GetType().Fullname) + { + '*.String' + { + $returnValue += "$whitespace'$item'$newline" + } + '*.DateTime' + { + $returnValue += "$whitespace'$item'$newline" + } + Default + { + $returnValue += "$whitespace$item$newline" + } + } + } + if ($Value.count -gt 1) + { + $returnValue += "$Space)`r`n" + } + else + { + $returnValue += ")`r`n" + + } + } + Default + { + $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" + } + } + return $returnValue +} + +function Compare-M365DSCComplexObject +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param( + [Parameter()] + $Source, + [Parameter()] + $Target + ) + + #Comparing full objects + if ($null -eq $Source -and $null -eq $Target) + { + return $true + } + + $sourceValue = '' + $targetValue = '' + if (($null -eq $Source) -xor ($null -eq $Target)) + { + if ($null -eq $Source) + { + $sourceValue = 'Source is null' + } + + if ($null -eq $Target) + { + $targetValue = 'Target is null' + } + Write-Verbose -Message "Configuration drift - Complex object: {$sourceValue$targetValue}" + return $false + } + + if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') + { + if ($source.count -ne $target.count) + { + Write-Verbose -Message "Configuration drift - The complex array have different number of items: Source {$($source.count)} Target {$($target.count)}" + return $false + } + if ($source.count -eq 0) + { + return $true + } + + foreach ($item in $Source) + { + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) + { + $compareResult = Compare-M365DSCComplexObject ` + -Source $hashSource ` + -Target $targetItem + + if ($compareResult) + { + break + } + } + + if (-not $compareResult) + { + Write-Verbose -Message 'Configuration drift - The complex array items are not identical' + return $false + } + } + return $true + } + + $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } + foreach ($key in $keys) + { + #Matching possible key names between Source and Target + $skey = $key + $tkey = $key + + $sourceValue = $Source.$key + $targetValue = $Target.$tkey + #One of the item is null and not the other + if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) + { + + if ($null -eq $Source.$key) + { + $sourceValue = 'null' + } + + if ($null -eq $Target.$tkey) + { + $targetValue = 'null' + } + + #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + + #Both keys aren't null or empty + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) + { + if ($Source.$key.getType().FullName -like '*CimInstance*' -or $Source.$key.getType().FullName -like '*hashtable*') + { + #Recursive call for complex object + $compareResult = Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` + -Target $Target.$tkey + + if (-not $compareResult) + { + #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + else + { + #Simple object comparison + $referenceObject = $Target.$tkey + $differenceObject = $Source.$key + + #Identifying date from the current values + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like '*Date*') + { + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) + { + $compareResult = $null + } + } + else + { + $compareResult = Compare-Object ` + -ReferenceObject ($referenceObject) ` + -DifferenceObject ($differenceObject) + } + + if ($null -ne $compareResult) + { + #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + return $false + } + } + } + } + return $true +} + +function Convert-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable], [hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $ComplexObject + ) + + if ($ComplexObject.getType().Fullname -like '*[[\]]') + { + $results = @() + foreach ($item in $ComplexObject) + { + $hash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + $results += $hash + } + + #Write-Verbose -Message ("Convert-M365DSCDRGComplexTypeToHashtable >>> results: "+(convertTo-JSON $results -Depth 20)) + # PowerShell returns all non-captured stream output, not just the argument of the return statement. + #An empty array is mangled into $null in the process. + #However, an array can be preserved on return by prepending it with the array construction operator (,) + return , [hashtable[]]$results + } + $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject + + if ($null -ne $hashComplexObject) + { + $results = $hashComplexObject.clone() + $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } + foreach ($key in $keys) + { + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') + { + $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] + } + else + { + $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) + $propertyValue = $results[$key] + $results.remove($key) | Out-Null + $results.add($propertyName, $propertyValue) + } + } + } + return [hashtable]$results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.schema.mof new file mode 100644 index 0000000000..bcc8e6fd70 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.schema.mof @@ -0,0 +1,30 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationDomainJoinPolicyWindows10")] +class MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10 : OMI_BaseResource +{ + [Write, Description("Active Directory domain name to join.")] String ActiveDirectoryDomainName; + [Write, Description("Fixed prefix to be used for computer name.")] String ComputerNameStaticPrefix; + [Write, Description("Dynamically generated characters used as suffix for computer name. Valid values 3 to 14")] UInt32 ComputerNameSuffixRandomCharCount; + [Write, Description("Organizational unit (OU) where the computer account will be created. If this parameter is NULL, the well known computer object container will be used as published in the domain.")] String OrganizationalUnit; + [Write, Description("Admin provided description of the Device Configuration.")] String Description; + [Required, Description("Admin provided name of the device configuration.")] String DisplayName; + [Write, Description("Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.")] Boolean SupportsScopeTags; + [Key, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/readme.md new file mode 100644 index 0000000000..2f4cc69358 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/readme.md @@ -0,0 +1,6 @@ + +# IntuneDeviceConfigurationDomainJoinPolicyWindows10 + +## Description + +Intune Device Configuration Domain Join Policy for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/settings.json new file mode 100644 index 0000000000..283b168e60 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/settings.json @@ -0,0 +1,33 @@ +{ + "resourceName": "IntuneDeviceConfigurationDomainJoinPolicyWindows10", + "description": "This resource configures an Intune Device Configuration Domain Join Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } +} + +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/1-IntuneDeviceConfigurationDomainJoinPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/1-IntuneDeviceConfigurationDomainJoinPolicyWindows10-Example.ps1 new file mode 100644 index 0000000000..304e90a0b8 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/1-IntuneDeviceConfigurationDomainJoinPolicyWindows10-Example.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationDomainJoinPolicyWindows10 'Example' + { + ActiveDirectoryDomainName = "domain.com"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ComputerNameStaticPrefix = "WK-"; + ComputerNameSuffixRandomCharCount = 12; + Credential = $Credscredential; + DisplayName = "Domain Join"; + Ensure = "Present"; + Id = "1ab2945b-36b5-4b34-bbf5-717885c15654"; + OrganizationalUnit = "OU=workstation,CN=domain,CN=com"; + SupportsScopeTags = $True; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDomainJoinPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDomainJoinPolicyWindows10.Tests.ps1 new file mode 100644 index 0000000000..e80bfcb79b --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationDomainJoinPolicyWindows10.Tests.ps1 @@ -0,0 +1,252 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneDeviceConfigurationDomainJoinPolicyWindows10" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { + } + + } + # Test contexts + Context -Name "The IntuneDeviceConfigurationDomainJoinPolicyWindows10 should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + ActiveDirectoryDomainName = "FakeStringValue" + ComputerNameStaticPrefix = "FakeStringValue" + ComputerNameSuffixRandomCharCount = 25 + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + OrganizationalUnit = "FakeStringValue" + SupportsScopeTags = $True + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name "The IntuneDeviceConfigurationDomainJoinPolicyWindows10 exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + ActiveDirectoryDomainName = "FakeStringValue" + ComputerNameStaticPrefix = "FakeStringValue" + ComputerNameSuffixRandomCharCount = 25 + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + OrganizationalUnit = "FakeStringValue" + SupportsScopeTags = $True + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + computerNameStaticPrefix = "FakeStringValue" + computerNameSuffixRandomCharCount = 25 + activeDirectoryDomainName = "FakeStringValue" + '@odata.type' = "#microsoft.graph.windowsDomainJoinConfiguration" + organizationalUnit = "FakeStringValue" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + Context -Name "The IntuneDeviceConfigurationDomainJoinPolicyWindows10 Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + ActiveDirectoryDomainName = "FakeStringValue" + ComputerNameStaticPrefix = "FakeStringValue" + ComputerNameSuffixRandomCharCount = 25 + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + OrganizationalUnit = "FakeStringValue" + SupportsScopeTags = $True + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + computerNameStaticPrefix = "FakeStringValue" + computerNameSuffixRandomCharCount = 25 + activeDirectoryDomainName = "FakeStringValue" + '@odata.type' = "#microsoft.graph.windowsDomainJoinConfiguration" + organizationalUnit = "FakeStringValue" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneDeviceConfigurationDomainJoinPolicyWindows10 exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + ActiveDirectoryDomainName = "FakeStringValue" + ComputerNameStaticPrefix = "FakeStringValue" + ComputerNameSuffixRandomCharCount = 25 + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + OrganizationalUnit = "FakeStringValue" + SupportsScopeTags = $True + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + computerNameStaticPrefix = "FakeStringValue" + computerNameSuffixRandomCharCount = 7 + activeDirectoryDomainName = "FakeStringValue" + '@odata.type' = "#microsoft.graph.windowsDomainJoinConfiguration" + organizationalUnit = "FakeStringValue" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { + return @{ + AdditionalProperties = @{ + computerNameStaticPrefix = "FakeStringValue" + computerNameSuffixRandomCharCount = 25 + activeDirectoryDomainName = "FakeStringValue" + '@odata.type' = "#microsoft.graph.windowsDomainJoinConfiguration" + organizationalUnit = "FakeStringValue" + } + Description = "FakeStringValue" + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SupportsScopeTags = $True + + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From 96da4dce10f1a94aa3443b2777feb38d1ea03114 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Mon, 10 Apr 2023 18:54:01 +0100 Subject: [PATCH 29/64] Fixed issue with assignments --- ...viceConfigurationFirmwareInterfacePolicyWindows10.psm1 | 8 ++++---- ...figurationFirmwareInterfacePolicyWindows10-Example.ps1 | 2 +- ResourceGenerator/M365DSCResourceGenerator.psm1 | 2 +- ResourceGenerator/Module.Template.psm1 | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 index 16362309f4..5259f9e67a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 @@ -582,9 +582,9 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Firmware Interface Policy for Windows10 with DisplayName {$DisplayName}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove("Assignments") | Out-Null - $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = ([Hashtable]$BoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null @@ -616,9 +616,9 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Firmware Interface Policy for Windows10 with Id {$($currentInstance.Id)}" - $PSBoundParameters.Remove("Assignments") | Out-Null + $BoundParameters.Remove("Assignments") | Out-Null - $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters $UpdateParameters.Remove('Id') | Out-Null diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/1-IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/1-IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10-Example.ps1 index 81129a3aa2..8da4847d58 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/1-IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/1-IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10-Example.ps1 @@ -33,7 +33,7 @@ Configuration Example FrontCamera = "enabled"; Id = "16599412-1827-4837-b2c1-da2c8260d16e"; InfraredCamera = "enabled"; - Microphone = "enabled"; + Microphone = "notConfigured"; MicrophonesAndSpeakers = "enabled"; NearFieldCommunication = "notConfigured"; Radios = "enabled"; diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index 414fce925c..0e35be02c6 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -582,7 +582,7 @@ function New-M365DSCResource $AssignmentsGet += " }`r`n" $AssignmentsGet += " `$results.Add('Assignments', `$assignmentResult)`r`n" - $AssignmentsRemove += " `$PSBoundParameters.Remove(`"Assignments`") | Out-Null`r`n" + $AssignmentsRemove += " `$BoundParameters.Remove(`"Assignments`") | Out-Null`r`n" $AssignmentsNew += " `$assignmentsHash = @()`r`n" $AssignmentsNew += " foreach (`$assignment in `$Assignments)`r`n" diff --git a/ResourceGenerator/Module.Template.psm1 b/ResourceGenerator/Module.Template.psm1 index e26f58365b..771e57ba79 100644 --- a/ResourceGenerator/Module.Template.psm1 +++ b/ResourceGenerator/Module.Template.psm1 @@ -157,7 +157,7 @@ function Set-TargetResource { Write-Verbose -Message "Creating an with {$DisplayName}" <#AssignmentsRemove#> - $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = ([Hashtable]$BoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null @@ -177,7 +177,7 @@ function Set-TargetResource { Write-Verbose -Message "Updating the with {$($currentInstance.)}" <#AssignmentsRemove#> - $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = ([Hashtable]$BoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters $UpdateParameters.Remove('Id') | Out-Null From 975e395f7a6ed9a581991031ea47ccbb7538989a Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 11 Apr 2023 10:11:31 +0000 Subject: [PATCH 30/64] Updated Resources and Cmdlet documentation pages --- ...eviceConfigurationCustomPolicyWindows10.md | 136 ++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 docs/docs/resources/intune/IntuneDeviceConfigurationCustomPolicyWindows10.md diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationCustomPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationCustomPolicyWindows10.md new file mode 100644 index 0000000000..b5b21b3657 --- /dev/null +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationCustomPolicyWindows10.md @@ -0,0 +1,136 @@ +# IntuneDeviceConfigurationCustomPolicyWindows10 + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **OmaSettings** | Write | MSFT_MicrosoftGraphomaSetting[] | OMA settings. This collection can contain a maximum of 1000 elements. | | +| **Description** | Write | String | Admin provided description of the Device Configuration. | | +| **DisplayName** | Required | String | Admin provided name of the device configuration. | | +| **SupportsScopeTags** | Write | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. | | +| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + +### MSFT_MicrosoftGraphOmaSetting + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Description** | Write | String | Description. | | +| **DisplayName** | Write | String | Display Name. | | +| **IsEncrypted** | Write | Boolean | Indicates whether the value field is encrypted. This property is read-only. | | +| **OmaUri** | Write | String | OMA. | | +| **SecretReferenceValueId** | Write | String | ReferenceId for looking up secret for decryption. This property is read-only. | | +| **FileName** | Write | String | File name associated with the Value property (.cer | | +| **Value** | Write | String | Value. (Base64 encoded string) | | +| **IsReadOnly** | Write | Boolean | By setting to true, the CSP (configuration service provider) specified in the OMA-URI will perform a get, instead of set | | +| **odataType** | Write | String | The type of the entity. | `#microsoft.graph.omaSettingBase64`, `#microsoft.graph.omaSettingBoolean`, `#microsoft.graph.omaSettingDateTime`, `#microsoft.graph.omaSettingFloatingPoint`, `#microsoft.graph.omaSettingInteger`, `#microsoft.graph.omaSettingString`, `#microsoft.graph.omaSettingStringXml` | + + +## Description + +Intune Device Configuration Custom Policy for Windows10 + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationCustomPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "custom"; + Ensure = "Present"; + Id = "e072d616-12bc-4ea3-9171-ab080e4c120d"; + OmaSettings = @( + MSFT_MicrosoftGraphomaSetting{ + Description = 'custom' + OmaUri = '/oma/custom' + odataType = '#microsoft.graph.omaSettingString' + SecretReferenceValueId = '5b0e1dba-4523-455e-9fdd-e36c833b57bf_e072d616-12bc-4ea3-9171-ab080e4c120d_1f958162-15d4-42ba-92c4-17c2544b2179' + Value = '****' + IsEncrypted = $True + DisplayName = 'oma' + } + MSFT_MicrosoftGraphomaSetting{ + Description = 'custom 2' + OmaUri = '/oma/custom2' + odataType = '#microsoft.graph.omaSettingInteger' + Value = 2 + IsReadOnly = $False + IsEncrypted = $False + DisplayName = 'custom 2' + } + ); + SupportsScopeTags = $True; + } + } +} +``` + From 621eff8258ff69e328d3c9fc9c9aeb5a0a104b99 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Tue, 11 Apr 2023 11:15:02 +0100 Subject: [PATCH 31/64] Adding missing stubs --- Tests/Unit/Stubs/Microsoft365.psm1 | 265 +++++++++++++++++++++++++++++ 1 file changed, 265 insertions(+) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 1314465c6d..c3c3487b00 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -49578,8 +49578,273 @@ function Update-MgDeviceManagementGroupPolicyConfiguration ) } +function Get-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationAssignmentId, + + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Target, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationAssignmentId, + + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementGroupPolicyConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $GroupPolicyConfigurationAssignmentId, + + [Parameter()] + [System.String] + $GroupPolicyConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.DateTime] + $LastModifiedDateTime, + + [Parameter()] + [PSObject] + $Target, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} #endregion #region MgDeviceManagementWindowFeatureUpdateProfile From ec64f28ab1c2442834cb13f5bcf26add7d99fb7e Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 11 Apr 2023 08:03:28 -0400 Subject: [PATCH 32/64] TeamsUpdateManagementPolicy Supported Values for AllowPublicPreview Now Include Forces --- CHANGELOG.md | 2 ++ .../MSFT_TeamsUpdateManagementPolicy.psm1 | 6 +++--- .../MSFT_TeamsUpdateManagementPolicy.schema.mof | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1684b90157..6a72595687 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ * IntuneDeviceConfigurationCustomPolicyWindows10 * Initial Release FIXES [#3068](https://github.com/microsoft/Microsoft365DSC/issues/3068) +* TeamsUpdateManagementPolicy + * Added support for the Forced value for the AllowPublicPreview property. # 1.23.405.1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 index 92533de6d2..b56edd8882 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.psm1 @@ -22,7 +22,7 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet('Disabled', 'Enabled', 'FollowOfficePreview')] + [ValidateSet('Disabled', 'Enabled', 'Forced', 'FollowOfficePreview')] $AllowPublicPreview, [Parameter()] @@ -152,7 +152,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet('Disabled', 'Enabled', 'FollowOfficePreview')] + [ValidateSet('Disabled', 'Enabled', 'Forced', 'FollowOfficePreview')] $AllowPublicPreview, [Parameter()] @@ -269,7 +269,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet('Disabled', 'Enabled', 'FollowOfficePreview')] + [ValidateSet('Disabled', 'Enabled', 'Forced', 'FollowOfficePreview')] $AllowPublicPreview, [Parameter()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.schema.mof index 7151244bb1..957ee607b1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpdateManagementPolicy/MSFT_TeamsUpdateManagementPolicy.schema.mof @@ -5,7 +5,7 @@ class MSFT_TeamsUpdateManagementPolicy : OMI_BaseResource [Write, Description("The description of the Teams Update Management Policy.")] String Description; [Write, Description("Determines if managed updates should be allowed or not.")] Boolean AllowManagedUpdates; [Write, Description("Determines if preview builds should be allowed or not.")] Boolean AllowPreview; - [Write, Description("Determines the ring of public previews to subscribes to."), ValueMap{"Disabled","Enabled","FollowOfficePreview"}, Values{"Disabled","Enabled","FollowOfficePreview"}] String AllowPublicPreview; + [Write, Description("Determines the ring of public previews to subscribes to."), ValueMap{"Disabled","Enabled","Forced","FollowOfficePreview"}, Values{"Disabled","Enabled","Forced","FollowOfficePreview"}] String AllowPublicPreview; [Write, Description("Determines the day of week to perform the updates. Value shoud be between 0 and 6.")] UInt32 UpdateDayOfWeek; [Write, Description("Determines the time of day to perform the updates. Must be a valid HH:MM format string with leading 0. For instance 08:30.")] String UpdateTime; [Write, Description("Determines the time of day to perform the updates. Accepts a DateTime as string. Only the time will be considered.")] String UpdateTimeOfDay; From ade9359835d2d873b10a94afbd681d91f56b83ac Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 11 Apr 2023 12:21:36 +0000 Subject: [PATCH 33/64] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/teams/TeamsUpdateManagementPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/resources/teams/TeamsUpdateManagementPolicy.md b/docs/docs/resources/teams/TeamsUpdateManagementPolicy.md index 5ee42b00c9..7517cd1663 100644 --- a/docs/docs/resources/teams/TeamsUpdateManagementPolicy.md +++ b/docs/docs/resources/teams/TeamsUpdateManagementPolicy.md @@ -8,7 +8,7 @@ | **Description** | Write | String | The description of the Teams Update Management Policy. | | | **AllowManagedUpdates** | Write | Boolean | Determines if managed updates should be allowed or not. | | | **AllowPreview** | Write | Boolean | Determines if preview builds should be allowed or not. | | -| **AllowPublicPreview** | Write | String | Determines the ring of public previews to subscribes to. | `Disabled`, `Enabled`, `FollowOfficePreview` | +| **AllowPublicPreview** | Write | String | Determines the ring of public previews to subscribes to. | `Disabled`, `Enabled`, `Forced`, `FollowOfficePreview` | | **UpdateDayOfWeek** | Write | UInt32 | Determines the day of week to perform the updates. Value shoud be between 0 and 6. | | | **UpdateTime** | Write | String | Determines the time of day to perform the updates. Must be a valid HH:MM format string with leading 0. For instance 08:30. | | | **UpdateTimeOfDay** | Write | String | Determines the time of day to perform the updates. Accepts a DateTime as string. Only the time will be considered. | | From 5c6b33841a41065fddc33fc43e3a1681ff9b27eb Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Tue, 11 Apr 2023 14:56:26 +0100 Subject: [PATCH 34/64] Remove ValidateScript from param Credential Remove ValidateScript from param Credential since it may be null, when using App creds, and validation will throw an error, instead do the validation afterwards in the function itself. --- .../Microsoft365DSC/Modules/M365DSCUtil.psm1 | 23 ++++++++----------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 8d97b8f2b1..fc9fed50ab 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -1095,7 +1095,7 @@ function Export-M365DSCConfiguration } else { - Write-Warning -Message "We recommend providing the TenantId property in the format of .onmicrosoft.*" + Write-Host -Object "[WARNING] We recommend providing the TenantId property in the format of .onmicrosoft.*" -ForegroundColor Yellow } } return $true @@ -1112,18 +1112,6 @@ function Export-M365DSCConfiguration $CertificateThumbprint, [Parameter(ParameterSetName = 'Export')] - [ValidateScript({ - $invalid = $_.Username -notmatch ".onmicrosoft." - if (-not $invalid) - { - return $true - } - else - { - Write-Warning -Message "We recommend providing the username in the format of .onmicrosoft.* for the Credential property." - } - return $true - })] [System.Management.Automation.PSCredential] $Credential, @@ -1155,6 +1143,15 @@ function Export-M365DSCConfiguration $Global:WarningPreference = 'SilentlyContinue' ##### FIRST CHECK AUTH PARAMETERS + if ($PSBoundParameters.ContainsKey('Credential') -eq $true -and ` + -not [System.String]::IsNullOrEmpty($Credential)) + { + if ($Credential.Username -notmatch ".onmicrosoft.") + { + Write-Host -Object "[WARNING] We recommend providing the username in the format of .onmicrosoft.* for the Credential property." -ForegroundColor Yellow + } + } + if ($PSBoundParameters.ContainsKey('CertificatePath') -eq $true -and ` $PSBoundParameters.ContainsKey('CertificatePassword') -eq $false) { From 774a2d280931f1ffa605bf15d7924d2de8d6d4ed Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Tue, 11 Apr 2023 16:26:27 +0100 Subject: [PATCH 35/64] Update CHANGELOG.md --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a72595687..f109797d9a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ FIXES [#3068](https://github.com/microsoft/Microsoft365DSC/issues/3068) * TeamsUpdateManagementPolicy * Added support for the Forced value for the AllowPublicPreview property. +* MODULES + * M365DSCUtil: Fixed an issue when calling Assert-M365DSCBlueprint with App credentials + FIXES [#3153](https://github.com/microsoft/Microsoft365DSC/issues/3153) # 1.23.405.1 From 38afeb2e5c86d1645718602552cf3e12eb3e3fc8 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 11 Apr 2023 15:34:30 +0000 Subject: [PATCH 36/64] Updated Resources and Cmdlet documentation pages --- ...urationFirmwareInterfacePolicyWindows10.md | 141 ++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 docs/docs/resources/intune/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.md diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.md new file mode 100644 index 0000000000..7da9d7ea4e --- /dev/null +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.md @@ -0,0 +1,141 @@ +# IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Bluetooth** | Write | String | Defines whether a user is allowed to enable Bluetooth. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **BootFromBuiltInNetworkAdapters** | Write | String | Defines whether a user is allowed to boot from built-in network adapters. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **BootFromExternalMedia** | Write | String | Defines whether a user is allowed to boot from external media. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **Cameras** | Write | String | Defines whether built-in cameras are enabled. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **ChangeUefiSettingsPermission** | Write | String | Defines the permission level granted to users to change UEFI settings. Possible values are: notConfiguredOnly, none. | `notConfiguredOnly`, `none` | +| **FrontCamera** | Write | String | Defines whether a user is allowed to enable Front Camera. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **InfraredCamera** | Write | String | Defines whether a user is allowed to enable Infrared camera. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **Microphone** | Write | String | Defines whether a user is allowed to enable Microphone. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **MicrophonesAndSpeakers** | Write | String | Defines whether built-in microphones or speakers are enabled. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **NearFieldCommunication** | Write | String | Defines whether a user is allowed to enable Near Field Communication. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **Radios** | Write | String | Defines whether built-in radios e.g. WIFI, NFC, Bluetooth, are enabled. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **RearCamera** | Write | String | Defines whether a user is allowed to enable rear camera. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **SdCard** | Write | String | Defines whether a user is allowed to enable SD Card Port. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **SimultaneousMultiThreading** | Write | String | Defines whether a user is allowed to enable Simultaneous MultiThreading. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **UsbTypeAPort** | Write | String | Defines whether a user is allowed to enable USB Type A Port. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **VirtualizationOfCpuAndIO** | Write | String | Defines whether CPU and IO virtualization is enabled. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **WakeOnLAN** | Write | String | Defines whether a user is allowed to enable Wake on LAN. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **WakeOnPower** | Write | String | Defines whether a user is allowed to enable Wake On Power. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **WiFi** | Write | String | Defines whether a user is allowed to enable WiFi. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **WindowsPlatformBinaryTable** | Write | String | Defines whether a user is allowed to enable Windows Platform Binary Table. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **WirelessWideAreaNetwork** | Write | String | Defines whether a user is allowed to enable Wireless Wide Area Network. Possible values are: notConfigured, enabled, disabled. | `notConfigured`, `enabled`, `disabled` | +| **Description** | Write | String | Admin provided description of the Device Configuration. | | +| **DisplayName** | Required | String | Admin provided name of the device configuration. | | +| **SupportsScopeTags** | Write | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. | | +| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + + +## Description + +Intune Device Configuration Firmware Interface Policy for Windows10 + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Bluetooth = "notConfigured"; + BootFromBuiltInNetworkAdapters = "notConfigured"; + BootFromExternalMedia = "notConfigured"; + Cameras = "enabled"; + ChangeUefiSettingsPermission = "notConfiguredOnly"; + Credential = $Credscredential; + DisplayName = "firmware"; + Ensure = "Present"; + FrontCamera = "enabled"; + Id = "16599412-1827-4837-b2c1-da2c8260d16e"; + InfraredCamera = "enabled"; + Microphone = "notConfigured"; + MicrophonesAndSpeakers = "enabled"; + NearFieldCommunication = "notConfigured"; + Radios = "enabled"; + RearCamera = "enabled"; + SdCard = "notConfigured"; + SimultaneousMultiThreading = "enabled"; + SupportsScopeTags = $True; + UsbTypeAPort = "notConfigured"; + VirtualizationOfCpuAndIO = "enabled"; + WakeOnLAN = "notConfigured"; + WakeOnPower = "notConfigured"; + WiFi = "notConfigured"; + WindowsPlatformBinaryTable = "enabled"; + WirelessWideAreaNetwork = "notConfigured"; + } + } +} +``` + From c5c392a84013226c7df6cb48f9c8a19451da9ae8 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Tue, 11 Apr 2023 16:55:45 +0100 Subject: [PATCH 37/64] removed comments --- ...ceConfigurationAdministrativeTemplatePolicyWindows10.psm1 | 5 ----- 1 file changed, 5 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index fad5bc82f8..bd6d0c4060 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -147,11 +147,6 @@ function Get-TargetResource CategoryPath = $definition.CategoryPath ClassType = $enumClassType DisplayName = $definition.DisplayName - #ExplainText = $definition.ExplainText - #GroupPolicyCategoryId = $definition.GroupPolicyCategoryId - #HasRelatedDefinitions = $definition.HasRelatedDefinitions - #MinDeviceCspVersion = $definition.MinDeviceCspVersion - #MinUserCspVersion = $definition.MinUserCspVersion PolicyType = $enumPolicyType SupportedOn = $definition.SupportedOn Id = $definition.Id From ac25621eec991704e4af6acc8c3f1d9f781056ac Mon Sep 17 00:00:00 2001 From: menswearUK <98314167+menswearUK@users.noreply.github.com> Date: Tue, 11 Apr 2023 17:24:29 +0100 Subject: [PATCH 38/64] Fixed configs which were causing errors and corrected test file to add a missing variable --- CHANGELOG.md | 6 ++++++ ...neDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 | 1 + .../MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 | 1 + .../MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 | 1 + ...iceConfigurationPolicyAndroidOpenSourceProject.Tests.ps1 | 2 ++ 5 files changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2dbb95becd..ef52f24823 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* MISC + * Changed Get-MgDeviceManagementDeviceConfiguration to use the cmdlet switches rather than filtering output once returned. + Fixes #3082 + # 1.23.405.1 * IntuneDeviceEnrollmentPlatformRestriction diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 index 47ea8120de..e03f25cfc9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -145,6 +145,7 @@ function Get-TargetResource -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.aospDeviceOwnerDeviceConfiguration' ` } + } if (-not $getValue) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 index 5450508193..7ad236435b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 @@ -109,6 +109,7 @@ function Get-TargetResource -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidForWorkWiFiConfiguration' ` } + } if (-not $getValue) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 index d3533c15ae..ab30a8927e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 @@ -142,6 +142,7 @@ function Get-TargetResource $getValue = Get-MgDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsWifiConfiguration' ` + } } if (-not $getValue) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.Tests.ps1 index c70dd813bf..ebeb2619b3 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.Tests.ps1 @@ -276,6 +276,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" $testParams = @{ Credential = $Credential } From 9f7c2f027506fa107c55ba5abe80c404a275866b Mon Sep 17 00:00:00 2001 From: menswearUK <98314167+menswearUK@users.noreply.github.com> Date: Tue, 11 Apr 2023 17:32:16 +0100 Subject: [PATCH 39/64] fixed further conflicts to changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 012e3abf74..1abf4f346d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ * Initial release * DRG * Fixed layout and display issues in module file +* MISC + * Changed Get-MgDeviceManagementDeviceConfiguration to use the cmdlet switches rather than filtering output once returned. + Fixes #3082 # 1.23.405.1 From 0416db4d861530a737e865c424c4ea56a0313549 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 11 Apr 2023 14:38:04 -0400 Subject: [PATCH 40/64] Initial --- CHANGELOG.md | 4 +- ...65SearchAndIntelligenceConfigurations.psm1 | 366 ++++++++++++++++++ ...chAndIntelligenceConfigurations.schema.mof | 14 + .../readme.md | 5 + .../settings.json | 20 + .../1-ConfigureSearchAndIntelligences.ps1 | 26 ++ ...rchAndIntelligenceConfigurations.Tests.ps1 | 123 ++++++ 7 files changed, 557 insertions(+), 1 deletion(-) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligences.ps1 create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365SearchAndIntelligenceConfigurations.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 012e3abf74..26d72b4be2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,9 @@ # UNRELEASED * IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 - * Initial release + * Initial release. +* O365SearchAndIntelligenceConfigurations + * Initial release. * DRG * Fixed layout and display issues in module file diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 new file mode 100644 index 0000000000..731c653ce2 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 @@ -0,0 +1,366 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [String] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $ItemInsightsIsEnabledInOrganization, + + [Parameter()] + [System.String] + $ItemInsightsDisabledForGroup, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + if ($PSBoundParameters.ContainsKey('Ensure') -and $Ensure -eq 'Absent') + { + throw 'This resource is not able to remove Org Settings settings and therefore only accepts Ensure=Present.' + } + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'v1.0' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = @{ + IsSingleInstance = $IsSingleInstance + Ensure = 'Absent' + } + + try + { + $OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e' + $ItemInsights + + return @{ + IsSingleInstance = 'Yes' + CortanaEnabled = $CortanaEnabledValue.AccountEnabled + M365WebEnableUsersToOpenFilesFrom3PStorage = $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullReturn + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [String] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $ItemInsightsIsEnabledInOrganization, + + [Parameter()] + [System.String] + $ItemInsightsDisabledForGroup, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + if ($PSBoundParameters.ContainsKey('Ensure') -and $Ensure -eq 'Absent') + { + throw 'This resource is not able to remove the Org settings and therefore only accepts Ensure=Present.' + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message 'Setting configuration of Office 365 Settings' + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'v1.0' + + $OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e' + $M365WebEnableUsersToOpenFilesFrom3PStorageValue = Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled, Id' + if ($M365WebEnableUsersToOpenFilesFrom3PStorage -ne $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled) + { + Write-Verbose -Message "Setting the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}" + Update-MgServicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) ` + -AccountEnabled:$M365WebEnableUsersToOpenFilesFrom3PStorage + } + + $CortanaId = '0a0a29f9-0a25-49c7-94bf-c53c3f8fa69d' + $CortanaEnabledValue = Get-MgServicePrincipal -Filter "appId eq '$CortanaId'" -Property 'AccountEnabled, Id' + if ($CortanaEnabled -ne $CortanaEnabledValue.AccountEnabled) + { + Write-Verbose -Message "Setting the Cortana setting to {$CortanaEnabled}" + Update-MgServicePrincipal -ServicePrincipalId $($CortanaEnabledValue.Id) ` + -AccountEnabled:$CortanaEnabled + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + [Parameter(Mandatory = $true)] + [ValidateSet('Yes')] + [String] + $IsSingleInstance, + + [Parameter()] + [System.Boolean] + $ItemInsightsIsEnabledInOrganization, + + [Parameter()] + [System.String] + $ItemInsightsDisabledForGroup, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message 'Testing configuration for Org Settings.' + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $TestResult" + + return $TestResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'v1.0' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Params = @{ + IsSingleInstance = 'Yes' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + + $dscContent = '' + if ($Results.Ensure -eq 'Present') + { + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + } + Write-Host $Global:M365DSCEmojiGreenCheckMark + + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof new file mode 100644 index 0000000000..ebec69934e --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof @@ -0,0 +1,14 @@ +[ClassVersion("1.0.0.0"), FriendlyName("O365OrgSettings")] +class MSFT_O365OrgSettings : OMI_BaseResource +{ + [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; + [Write, Description("Allow Cortana in windows 10 (version 1909 and earlier), and the Cortana app on iOS and Android, to access Microsoft-hosted data on behalf of people in your organization.")] Boolean CortanaEnabled; + [Write, Description("Let users open files stored in third-party storage services in Microsoft 365 on the Web.")] Boolean M365WebEnableUsersToOpenFilesFrom3PStorage; + [Write, Description("Since there is only one setting availble, this must be set to 'Present'"), ValueMap{"Present"}, Values{"Present"}] String Ensure; + [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/readme.md new file mode 100644 index 0000000000..4638ea15a0 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/readme.md @@ -0,0 +1,5 @@ +# O365SearchAndIntelligenceConfigurations + +## Description + +This resource configures the Search And Intelligence configuration settings. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json new file mode 100644 index 0000000000..c0115e73e3 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json @@ -0,0 +1,20 @@ +{ + "resourceName": "O365SearchAndIntelligenceConfigurations", + "description": "", + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [], + "requiredrolegroups": [] + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligences.ps1 b/Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligences.ps1 new file mode 100644 index 0000000000..2dc5aa8956 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligences.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + O365OrgSettings 'O365OrgSettings' + { + Credential = $Credscredential; + Ensure = "Present"; + IsSingleInstance = "Yes"; + M365WebEnableUsersToOpenFilesFrom3PStorage = $False; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365SearchAndIntelligenceConfigurations.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365SearchAndIntelligenceConfigurations.Tests.ps1 new file mode 100644 index 0000000000..f51be24747 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365SearchAndIntelligenceConfigurations.Tests.ps1 @@ -0,0 +1,123 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'O365OrgSettings' -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + + BeforeAll { + $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + + Mock -CommandName Get-MgServicePrincipal -MockWith { + } + } + + # Test contexts + Context -Name 'When Org Settings are already in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = 'Yes' + M365WebEnableUsersToOpenFilesFrom3PStorage = $False; + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgServicePrincipal -MockWith { + return @{ + AccountEnabled = $False + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + (Get-TargetResource @testParams).M365WebEnableUsersToOpenFilesFrom3PStorage | Should -Be $False + } + + It 'Should return false from the Test method' { + (Test-TargetResource @testParams) | Should -Be $true + } + } + + # Test contexts + Context -Name 'When Org Settings NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + IsSingleInstance = 'Yes' + M365WebEnableUsersToOpenFilesFrom3PStorage = $True; + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgServicePrincipal -MockWith { + return @{ + AccountEnabled = $False + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + (Get-TargetResource @testParams).M365WebEnableUsersToOpenFilesFrom3PStorage | Should -Be $False + } + + It 'Should return false from the Test method' { + (Test-TargetResource @testParams) | Should -Be $false + } + + It 'Should update values from the SET method' { + Set-TargetResource @testParams + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + } + + It 'Should Reverse Engineer resource from the Export method' { + Mock -CommandName Get-MgServicePrincipal -MockWith { + return @{ + AccountEnabled = $False + } + } + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From bc237e6b4d197ab81776383ceb24814cd50a9a39 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 11 Apr 2023 18:53:37 +0000 Subject: [PATCH 41/64] Updated Resources and Cmdlet documentation pages --- ...ConfigurationWindowsTeamPolicyWindows10.md | 132 ++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 docs/docs/resources/intune/IntuneDeviceConfigurationWindowsTeamPolicyWindows10.md diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationWindowsTeamPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationWindowsTeamPolicyWindows10.md new file mode 100644 index 0000000000..439e4cd9f0 --- /dev/null +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationWindowsTeamPolicyWindows10.md @@ -0,0 +1,132 @@ +# IntuneDeviceConfigurationWindowsTeamPolicyWindows10 + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **AzureOperationalInsightsBlockTelemetry** | Write | Boolean | Indicates whether or not to Block Azure Operational Insights. | | +| **AzureOperationalInsightsWorkspaceId** | Write | String | The Azure Operational Insights workspace id. | | +| **AzureOperationalInsightsWorkspaceKey** | Write | String | The Azure Operational Insights Workspace key. | | +| **ConnectAppBlockAutoLaunch** | Write | Boolean | Specifies whether to automatically launch the Connect app whenever a projection is initiated. | | +| **MaintenanceWindowBlocked** | Write | Boolean | Indicates whether or not to Block setting a maintenance window for device updates. | | +| **MaintenanceWindowDurationInHours** | Write | UInt32 | Maintenance window duration for device updates. Valid values 0 to 5 | | +| **MaintenanceWindowStartTime** | Write | String | Maintenance window start time for device updates. | | +| **MiracastBlocked** | Write | Boolean | Indicates whether or not to Block wireless projection. | | +| **MiracastChannel** | Write | String | The channel. Possible values are: userDefined, one, two, three, four, five, six, seven, eight, nine, ten, eleven, thirtySix, forty, fortyFour, fortyEight, oneHundredFortyNine, oneHundredFiftyThree, oneHundredFiftySeven, oneHundredSixtyOne, oneHundredSixtyFive. | `userDefined`, `one`, `two`, `three`, `four`, `five`, `six`, `seven`, `eight`, `nine`, `ten`, `eleven`, `thirtySix`, `forty`, `fortyFour`, `fortyEight`, `oneHundredFortyNine`, `oneHundredFiftyThree`, `oneHundredFiftySeven`, `oneHundredSixtyOne`, `oneHundredSixtyFive` | +| **MiracastRequirePin** | Write | Boolean | Indicates whether or not to require a pin for wireless projection. | | +| **SettingsBlockMyMeetingsAndFiles** | Write | Boolean | Specifies whether to disable the 'My meetings and files' feature in the Start menu, which shows the signed-in user's meetings and files from Office 365. | | +| **SettingsBlockSessionResume** | Write | Boolean | Specifies whether to allow the ability to resume a session when the session times out. | | +| **SettingsBlockSigninSuggestions** | Write | Boolean | Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings. | | +| **SettingsDefaultVolume** | Write | UInt32 | Specifies the default volume value for a new session. Permitted values are 0-100. The default is 45. Valid values 0 to 100 | | +| **SettingsScreenTimeoutInMinutes** | Write | UInt32 | Specifies the number of minutes until the Hub screen turns off. | | +| **SettingsSessionTimeoutInMinutes** | Write | UInt32 | Specifies the number of minutes until the session times out. | | +| **SettingsSleepTimeoutInMinutes** | Write | UInt32 | Specifies the number of minutes until the Hub enters sleep mode. | | +| **WelcomeScreenBackgroundImageUrl** | Write | String | The welcome screen background image URL. The URL must use the HTTPS protocol and return a PNG image. | | +| **WelcomeScreenBlockAutomaticWakeUp** | Write | Boolean | Indicates whether or not to Block the welcome screen from waking up automatically when someone enters the room. | | +| **WelcomeScreenMeetingInformation** | Write | String | The welcome screen meeting information shown. Possible values are: userDefined, showOrganizerAndTimeOnly, showOrganizerAndTimeAndSubject. | `userDefined`, `showOrganizerAndTimeOnly`, `showOrganizerAndTimeAndSubject` | +| **Description** | Write | String | Admin provided description of the Device Configuration. | | +| **DisplayName** | Required | String | Admin provided name of the device configuration. | | +| **SupportsScopeTags** | Write | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. | | +| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + + +## Description + +Intune Device Configuration Windows Team Policy for Windows10 + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationWindowsTeamPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + AzureOperationalInsightsBlockTelemetry = $True; + ConnectAppBlockAutoLaunch = $True; + Credential = $Credscredential; + DisplayName = "Device restrictions (Windows 10 Team)"; + Ensure = "Present"; + Id = "55308358-a4b9-4e26-bc75-7a6871836436"; + MaintenanceWindowBlocked = $False; + MaintenanceWindowDurationInHours = 1; + MaintenanceWindowStartTime = "00:00:00"; + MiracastBlocked = $True; + MiracastChannel = "oneHundredFortyNine"; + MiracastRequirePin = $True; + SettingsBlockMyMeetingsAndFiles = $True; + SettingsBlockSessionResume = $True; + SettingsBlockSigninSuggestions = $True; + SupportsScopeTags = $True; + WelcomeScreenBlockAutomaticWakeUp = $True; + WelcomeScreenMeetingInformation = "showOrganizerAndTimeOnly"; + } + } +} +``` + From 86810ede63dd829532739085b09710df8e4d6ae8 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 11 Apr 2023 19:16:24 +0000 Subject: [PATCH 42/64] Updated Resources and Cmdlet documentation pages --- ...eConfigurationDomainJoinPolicyWindows10.md | 107 ++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 docs/docs/resources/intune/IntuneDeviceConfigurationDomainJoinPolicyWindows10.md diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationDomainJoinPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationDomainJoinPolicyWindows10.md new file mode 100644 index 0000000000..60197fcc77 --- /dev/null +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationDomainJoinPolicyWindows10.md @@ -0,0 +1,107 @@ +# IntuneDeviceConfigurationDomainJoinPolicyWindows10 + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **ActiveDirectoryDomainName** | Write | String | Active Directory domain name to join. | | +| **ComputerNameStaticPrefix** | Write | String | Fixed prefix to be used for computer name. | | +| **ComputerNameSuffixRandomCharCount** | Write | UInt32 | Dynamically generated characters used as suffix for computer name. Valid values 3 to 14 | | +| **OrganizationalUnit** | Write | String | Organizational unit (OU) where the computer account will be created. If this parameter is NULL, the well known computer object container will be used as published in the domain. | | +| **Description** | Write | String | Admin provided description of the Device Configuration. | | +| **DisplayName** | Required | String | Admin provided name of the device configuration. | | +| **SupportsScopeTags** | Write | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. | | +| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + + +## Description + +Intune Device Configuration Domain Join Policy for Windows10 + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationDomainJoinPolicyWindows10 'Example' + { + ActiveDirectoryDomainName = "domain.com"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ComputerNameStaticPrefix = "WK-"; + ComputerNameSuffixRandomCharCount = 12; + Credential = $Credscredential; + DisplayName = "Domain Join"; + Ensure = "Present"; + Id = "1ab2945b-36b5-4b34-bbf5-717885c15654"; + OrganizationalUnit = "OU=workstation,CN=domain,CN=com"; + SupportsScopeTags = $True; + } + } +} +``` + From cef7c868eafd1936afda38b7cec168777a732ebc Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 11 Apr 2023 16:34:01 -0400 Subject: [PATCH 43/64] Initial --- .../MSFT_O365OrgSettings.schema.mof | 2 +- ...65SearchAndIntelligenceConfigurations.psm1 | 142 +++- ...chAndIntelligenceConfigurations.schema.mof | 12 +- .../settings.json | 4 +- .../1-ConfigureSearchAndIntelligence.ps1 | 28 + .../1-ConfigureSearchAndIntelligences.ps1 | 26 - ...rchAndIntelligenceConfigurations.Tests.ps1 | 87 ++- Tests/Unit/Stubs/Microsoft365.psm1 | 612 ++++++++---------- 8 files changed, 486 insertions(+), 427 deletions(-) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligence.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligences.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof index ebec69934e..e9d87c48a7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof @@ -4,7 +4,7 @@ class MSFT_O365OrgSettings : OMI_BaseResource [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; [Write, Description("Allow Cortana in windows 10 (version 1909 and earlier), and the Cortana app on iOS and Android, to access Microsoft-hosted data on behalf of people in your organization.")] Boolean CortanaEnabled; [Write, Description("Let users open files stored in third-party storage services in Microsoft 365 on the Web.")] Boolean M365WebEnableUsersToOpenFilesFrom3PStorage; - [Write, Description("Since there is only one setting availble, this must be set to 'Present'"), ValueMap{"Present"}, Values{"Present"}] String Ensure; + [Write, Description("Since there is only one setting available, this must be set to 'Present'"), ValueMap{"Present"}, Values{"Present"}] String Ensure; [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 index 731c653ce2..6b31b0c276 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 @@ -17,6 +17,14 @@ function Get-TargetResource [System.String] $ItemInsightsDisabledForGroup, + [Parameter()] + [System.Boolean] + $PersonInsightsIsEnabledInOrganization, + + [Parameter()] + [System.String] + $PersonInsightsDisabledForGroup, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -49,12 +57,12 @@ function Get-TargetResource if ($PSBoundParameters.ContainsKey('Ensure') -and $Ensure -eq 'Absent') { - throw 'This resource is not able to remove Org Settings settings and therefore only accepts Ensure=Present.' + throw 'This resource is not able to remove Search and Intelligence configuration settings and therefore only accepts Ensure=Present.' } $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` - -ProfileName 'v1.0' + -ProfileName 'beta' #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -75,20 +83,40 @@ function Get-TargetResource try { - $OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e' - $ItemInsights + if ($ConnectionMode -eq 'Credentials') + { + $TenantId = $Credential.UserName.Split('@')[1] + } + + $ItemInsights = Get-MgOrganizationSettingItemInsight -OrganizationId $TenantId + $itemInsightsDisabledForGroupValue = $null + if (-not [System.String]::IsNullOrEmpty($ItemInsights.DisabledForGroup)) + { + $group = Get-MgGroup -GroupId ($ItemInsights.DisabledForGroup) + $itemInsightsDisabledForGroupValue = $group.DisplayName + } + + $PersonInsights = Get-MgOrganizationSettingPersonInsight -OrganizationId $TenantId + $PersonInsightsDisabledForGroupValue = $null + if (-not [System.String]::IsNullOrEmpty($PersonInsights.DisabledForGroup)) + { + $group = Get-MgGroup -GroupId ($PersonInsights.DisabledForGroup) + $PersonInsightsDisabledForGroupValue = $group.DisplayName + } return @{ - IsSingleInstance = 'Yes' - CortanaEnabled = $CortanaEnabledValue.AccountEnabled - M365WebEnableUsersToOpenFilesFrom3PStorage = $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent + IsSingleInstance = 'Yes' + ItemInsightsIsEnabledInOrganization = $ItemInsights.IsEnabledInOrganization + ItemInsightsDisabledForGroup = $itemInsightsDisabledForGroupValue + PersonInsightsIsEnabledInOrganization = $PersonInsights.IsEnabledInOrganization + PersonInsightsDisabledForGroup = $PersonInsightsDisabledForGroupValue + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent } } catch @@ -121,6 +149,14 @@ function Set-TargetResource [System.String] $ItemInsightsDisabledForGroup, + [Parameter()] + [System.Boolean] + $PersonInsightsIsEnabledInOrganization, + + [Parameter()] + [System.String] + $PersonInsightsDisabledForGroup, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -153,7 +189,7 @@ function Set-TargetResource if ($PSBoundParameters.ContainsKey('Ensure') -and $Ensure -eq 'Absent') { - throw 'This resource is not able to remove the Org settings and therefore only accepts Ensure=Present.' + throw 'This resource is not able to remove the Search And Intelligence Configuration settings and therefore only accepts Ensure=Present.' } #Ensure the proper dependencies are installed in the current environment. @@ -168,28 +204,62 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message 'Setting configuration of Office 365 Settings' + Write-Verbose -Message 'Setting configuration of Search and Intelligence' $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` - -ProfileName 'v1.0' + -ProfileName 'beta' + + if ($ConnectionMode -eq 'Credentials') + { + $TenantId = $Credential.UserName.Split('@')[1] + } - $OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e' - $M365WebEnableUsersToOpenFilesFrom3PStorageValue = Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled, Id' - if ($M365WebEnableUsersToOpenFilesFrom3PStorage -ne $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled) + #region Item Insights + $ItemInsightsUpdateParams = @{ + OrganizationId = $TenantId + IsEnabledInOrganization = $ItemInsightsIsEnabledInOrganization + } + if ($PSBoundParameters.ContainsKey("ItemInsightsDisabledForGroup")) { - Write-Verbose -Message "Setting the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}" - Update-MgServicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) ` - -AccountEnabled:$M365WebEnableUsersToOpenFilesFrom3PStorage + $disabledForGroupValue = $null + try + { + $group = Get-MgGroup -Filter "DisplayName eq '$ItemInsightsDisabledForGroup'" + $disabledForGroupValue = $group.Id + } + catch + { + Write-Verbose -Message $_ + } + $ItemInsightsUpdateParams.Add("DisabledForGroup", $disabledForGroupValue) } + Write-Verbose -Message "Updating settings for Item Insights" + Update-MgOrganizationSettingItemInsight @ItemInsightsUpdateParams | Out-Null + #endregion - $CortanaId = '0a0a29f9-0a25-49c7-94bf-c53c3f8fa69d' - $CortanaEnabledValue = Get-MgServicePrincipal -Filter "appId eq '$CortanaId'" -Property 'AccountEnabled, Id' - if ($CortanaEnabled -ne $CortanaEnabledValue.AccountEnabled) + #region Person Insights + $PersonInsightsUpdateParams = @{ + OrganizationId = $TenantId + IsEnabledInOrganization = $ItemInsightsIsEnabledInOrganization + } + if ($PSBoundParameters.ContainsKey("PersonInsightsDisabledForGroup")) { - Write-Verbose -Message "Setting the Cortana setting to {$CortanaEnabled}" - Update-MgServicePrincipal -ServicePrincipalId $($CortanaEnabledValue.Id) ` - -AccountEnabled:$CortanaEnabled + $disabledForGroupValue = $null + try + { + $group = Get-MgGroup -Filter "DisplayName eq '$PersonInsightsDisabledForGroup'" + $disabledForGroupValue = $group.Id + } + catch + { + Write-Verbose -Message $_ + } + $PersonInsightsUpdateParams.Add("DisabledForGroup", $disabledForGroupValue) } + + Write-Verbose -Message "Updating settings for Person Insights" + Update-MgOrganizationSettingPersonInsight @PersonInsightsUpdateParams | Out-Null + #endregion } function Test-TargetResource @@ -211,6 +281,14 @@ function Test-TargetResource [System.String] $ItemInsightsDisabledForGroup, + [Parameter()] + [System.Boolean] + $PersonInsightsIsEnabledInOrganization, + + [Parameter()] + [System.String] + $PersonInsightsDisabledForGroup, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -252,10 +330,10 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message 'Testing configuration for Org Settings.' + Write-Verbose -Message 'Testing configuration for Search And Intelligence Configuration Settings.' $CurrentValues = Get-TargetResource @PSBoundParameters - $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" @@ -302,7 +380,7 @@ function Export-TargetResource ) $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` - -ProfileName 'v1.0' + -ProfileName 'beta' #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof index ebec69934e..d5b8af8f2a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof @@ -1,10 +1,12 @@ -[ClassVersion("1.0.0.0"), FriendlyName("O365OrgSettings")] -class MSFT_O365OrgSettings : OMI_BaseResource +[ClassVersion("1.0.0.0"), FriendlyName("O365SearchAndIntelligenceConfigurations")] +class MSFT_O365SearchAndIntelligenceConfigurations : OMI_BaseResource { [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; - [Write, Description("Allow Cortana in windows 10 (version 1909 and earlier), and the Cortana app on iOS and Android, to access Microsoft-hosted data on behalf of people in your organization.")] Boolean CortanaEnabled; - [Write, Description("Let users open files stored in third-party storage services in Microsoft 365 on the Web.")] Boolean M365WebEnableUsersToOpenFilesFrom3PStorage; - [Write, Description("Since there is only one setting availble, this must be set to 'Present'"), ValueMap{"Present"}, Values{"Present"}] String Ensure; + [Write, Description("Specifies whether or not Item Insights should be available for the organization.")] Boolean ItemInsightsIsEnabledInOrganization; + [Write, Description("Specifies a single Azure AD Group for which Item Insights needs to be disabled.")] String ItemInsightsDisabledForGroup; + [Write, Description("Specifies whether or not Person Insights should be available for the organization.")] Boolean PersonInsightsIsEnabledInOrganization; + [Write, Description("Specifies a single Azure AD Group for which Person Insights needs to be disabled.")] String PersonInsightsDisabledForGroup; + [Write, Description("Since there is only one setting available, this must be set to 'Present'"), ValueMap{"Present"}, Values{"Present"}] String Ensure; [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json index c0115e73e3..73f7c66926 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json @@ -9,7 +9,9 @@ }, "application": { "read": [], - "update": [] + "update": [ + "User.ReadWrite" + ] } }, "exchange": { diff --git a/Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligence.ps1 b/Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligence.ps1 new file mode 100644 index 0000000000..f4ebb50ee9 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligence.ps1 @@ -0,0 +1,28 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + O365SearchAndIntelligenceConfigurations 'SearchAndIntelligenceConfigurations' + { + Credential = $Credscredential; + Ensure = "Present"; + IsSingleInstance = "Yes"; + ItemInsightsIsEnabledInOrganization = $False; + ItemInsightsDisabledForGroup = "TestGroup" + PersonInsightsIsEnabledInOrganization = $True; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligences.ps1 b/Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligences.ps1 deleted file mode 100644 index 2dc5aa8956..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligences.ps1 +++ /dev/null @@ -1,26 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - O365OrgSettings 'O365OrgSettings' - { - Credential = $Credscredential; - Ensure = "Present"; - IsSingleInstance = "Yes"; - M365WebEnableUsersToOpenFilesFrom3PStorage = $False; - } - } -} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365SearchAndIntelligenceConfigurations.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365SearchAndIntelligenceConfigurations.Tests.ps1 index f51be24747..c406a2b49f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365SearchAndIntelligenceConfigurations.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365SearchAndIntelligenceConfigurations.Tests.ps1 @@ -15,7 +15,7 @@ Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource 'O365OrgSettings' -GenericStubModule $GenericStubPath + -DscResource 'O365SearchAndIntelligenceConfigurations' -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { @@ -36,7 +36,17 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Write-Host -MockWith { } - Mock -CommandName Get-MgServicePrincipal -MockWith { + Mock -CommandName Update-MgOrganizationSettingItemInsight -MockWith { + } + + Mock -CommandName Update-MgOrganizationSettingPersonInsight -MockWith { + } + + Mock -CommandName Get-MGGroup -MockWith { + return @{ + Id = "12345-12345-12345-12345-12345" + DisplayName = "TestGroup" + } } } @@ -44,73 +54,100 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'When Org Settings are already in the Desired State' -Fixture { BeforeAll { $testParams = @{ - IsSingleInstance = 'Yes' - M365WebEnableUsersToOpenFilesFrom3PStorage = $False; - Ensure = 'Present' - Credential = $Credential + IsSingleInstance = 'Yes' + ItemInsightsIsEnabledInOrganization = $True; + ItemInsightsDisabledForGroup = "TestGroup" + PersonInsightsIsEnabledInOrganization = $True; + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgOrganizationSettingItemInsight -MockWith { + return @{ + IsEnabledInOrganization = $True + DisabledForGroup = "12345-12345-12345-12345-12345" + } } - Mock -CommandName Get-MgServicePrincipal -MockWith { + Mock -CommandName Get-MgOrganizationSettingPersonInsight -MockWith { return @{ - AccountEnabled = $False + IsEnabledInOrganization = $True + DisabledForGroup = $null } } } It 'Should return Present from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - (Get-TargetResource @testParams).M365WebEnableUsersToOpenFilesFrom3PStorage | Should -Be $False + (Get-TargetResource @testParams).ItemInsightsIsEnabledInOrganization | Should -Be $True } - It 'Should return false from the Test method' { + It 'Should return true from the Test method' { (Test-TargetResource @testParams) | Should -Be $true } } # Test contexts - Context -Name 'When Org Settings NOT in the Desired State' -Fixture { + Context -Name 'When Org Settings are NOT in the Desired State' -Fixture { BeforeAll { $testParams = @{ - IsSingleInstance = 'Yes' - M365WebEnableUsersToOpenFilesFrom3PStorage = $True; - Ensure = 'Present' - Credential = $Credential + IsSingleInstance = 'Yes' + ItemInsightsIsEnabledInOrganization = $False; + ItemInsightsDisabledForGroup = "TestGroup" + PersonInsightsIsEnabledInOrganization = $True; + Ensure = 'Present' + Credential = $Credential } - Mock -CommandName Get-MgServicePrincipal -MockWith { + Mock -CommandName Get-MgOrganizationSettingItemInsight -MockWith { return @{ - AccountEnabled = $False + IsEnabledInOrganization = $True + DisabledForGroup = "12345-12345-12345-12345-12345" + } + } + + Mock -CommandName Get-MgOrganizationSettingPersonInsight -MockWith { + return @{ + IsEnabledInOrganization = $True + DisabledForGroup = $null } } } It 'Should return Present from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - (Get-TargetResource @testParams).M365WebEnableUsersToOpenFilesFrom3PStorage | Should -Be $False + (Get-TargetResource @testParams).ItemInsightsIsEnabledInOrganization | Should -Be $True } It 'Should return false from the Test method' { (Test-TargetResource @testParams) | Should -Be $false } - - It 'Should update values from the SET method' { - Set-TargetResource @testParams - } } + Context -Name 'ReverseDSC Tests' -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ - Credential = $Credential + Credential = $Credential } } It 'Should Reverse Engineer resource from the Export method' { - Mock -CommandName Get-MgServicePrincipal -MockWith { + + Mock -CommandName Get-MgOrganizationSettingItemInsight -MockWith { + return @{ + IsEnabledInOrganization = $True + DisabledForGroup = "12345-12345-12345-12345-12345" + } + } + + Mock -CommandName Get-MgOrganizationSettingPersonInsight -MockWith { return @{ - AccountEnabled = $False + IsEnabledInOrganization = $True + DisabledForGroup = $null } } $result = Export-TargetResource @testParams diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 78989ae899..6171e85257 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -24744,87 +24744,6 @@ function Get-MgDirectoryAdministrativeUnit $HttpPipelineAppend ) } -function Get-MgDirectoryAdministrativeUnitExtension -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $AdministrativeUnitId, - - [Parameter()] - [System.String[]] - $Property, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Int32] - $PageSize, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Int32] - $Skip, - - [Parameter()] - [System.Int32] - $Top, - - [Parameter()] - [System.String] - $CountVariable, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.String[]] - $Sort, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $All, - - [Parameter()] - [System.String] - $Filter, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.String] - $ExtensionId, - - [Parameter()] - [System.String] - $Search, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [System.String[]] - $ExpandProperty, - - [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} function Get-MgDirectoryAdministrativeUnitMember { [CmdletBinding()] @@ -25516,14 +25435,6 @@ function New-MgDirectoryAdministrativeUnit [System.Management.Automation.SwitchParameter] $IsMemberManagementRestricted, - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.String] - $Visibility, - [Parameter()] [PSObject] $ScopedRoleMembers, @@ -25552,70 +25463,25 @@ function New-MgDirectoryAdministrativeUnit [PSObject] $Extensions, - [Parameter()] - [System.DateTime] - $DeletedDateTime, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, - - [Parameter()] - [PSObject] - $HttpPipelineAppend - ) -} -function New-MgDirectoryAdministrativeUnitExtension -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $Id, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Collections.Hashtable] - $BodyParameter, - - [Parameter()] - [System.Uri] - $Proxy, - [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, [Parameter()] [System.String] - $AdministrativeUnitId, + $Visibility, [Parameter()] - [PSObject] - $InputObject, + [System.DateTime] + $DeletedDateTime, [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm, + $Break, [Parameter()] [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + $HttpPipelineAppend ) } function New-MgDirectoryAdministrativeUnitMemberByRef @@ -25964,59 +25830,6 @@ function Remove-MgDirectoryAdministrativeUnit $Break ) } -function Remove-MgDirectoryAdministrativeUnitExtension -{ - [CmdletBinding()] - param( - [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.Uri] - $Proxy, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [System.String] - $IfMatch, - - [Parameter()] - [System.String] - $AdministrativeUnitId, - - [Parameter()] - [System.String] - $ExtensionId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break - ) -} function Remove-MgDirectoryAdministrativeUnitMemberByRef { [CmdletBinding()] @@ -26652,53 +26465,45 @@ function Update-MgDirectoryAdministrativeUnit $HttpPipelineAppend ) } -function Update-MgDirectoryAdministrativeUnitExtension +function Update-MgOrganization { [CmdletBinding()] param( [Parameter()] [System.String] - $Id, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, + $PostalCode, [Parameter()] - [System.Collections.Hashtable] - $BodyParameter, + [System.String[]] + $TechnicalNotificationMails, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $DefaultUsageLocation, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [PSObject] + $CertificateConnectorSetting, [Parameter()] - [System.String] - $AdministrativeUnitId, + [System.DateTime] + $CreatedDateTime, [Parameter()] [System.String] - $ExtensionId, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + $DisplayName, [Parameter()] [PSObject] $HttpPipelineAppend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [PSObject] + $Settings, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String[]] + $BusinessPhones, [Parameter()] [PSObject] @@ -26710,72 +26515,27 @@ function Update-MgDirectoryAdministrativeUnitExtension [Parameter()] [System.Management.Automation.SwitchParameter] - $Break - ) -} -function Update-MgOrganization -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $PostalCode, + $PassThru, [Parameter()] [System.String[]] - $TechnicalNotificationMails, + $SecurityComplianceNotificationMails, [Parameter()] - [System.String] - $DefaultUsageLocation, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [PSObject] - $CertificateConnectorSetting, + [System.String] + $PreferredLanguage, [Parameter()] - [System.DateTime] - $CreatedDateTime, + [System.String] + $State, [Parameter()] [System.String] - $DisplayName, - - [Parameter()] - [PSObject] - $Settings, - - [Parameter()] - [System.String[]] - $BusinessPhones, - - [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, - - [Parameter()] - [PSObject] - $HttpPipelinePrepend, - - [Parameter()] - [System.String] - $PreferredLanguage, - - [Parameter()] - [System.String] - $State, - - [Parameter()] - [System.String] - $City, + $City, [Parameter()] [PSObject] @@ -26791,15 +26551,15 @@ function Update-MgOrganization [Parameter()] [PSObject] - $AssignedPlans, + $VerifiedDomains, [Parameter()] [PSObject] - $MobileDeviceManagementAuthority, + $AssignedPlans, [Parameter()] - [System.String[]] - $SecurityComplianceNotificationPhones, + [PSObject] + $MobileDeviceManagementAuthority, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -26818,17 +26578,13 @@ function Update-MgOrganization $BodyParameter, [Parameter()] - [System.String[]] - $SecurityComplianceNotificationMails, + [System.String] + $Id, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [PSObject] - $CertificateBasedAuthConfiguration, - [Parameter()] [System.String] $TenantType, @@ -26837,10 +26593,6 @@ function Update-MgOrganization [PSObject] $PrivacyProfile, - [Parameter()] - [System.String] - $Id, - [Parameter()] [System.Management.Automation.PSCredential] $ProxyCredential, @@ -26849,6 +26601,10 @@ function Update-MgOrganization [System.DateTime] $OnPremisesLastSyncDateTime, + [Parameter()] + [System.DateTime] + $DeletedDateTime, + [Parameter()] [PSObject] $ProvisionedPlans, @@ -26858,8 +26614,8 @@ function Update-MgOrganization $DirectorySizeQuota, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [PSObject] + $CertificateBasedAuthConfiguration, [Parameter()] [PSObject] @@ -26886,12 +26642,12 @@ function Update-MgOrganization $ProxyUseDefaultCredentials, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.String[]] + $SecurityComplianceNotificationPhones, [Parameter()] - [PSObject] - $VerifiedDomains + [System.String] + $PartnerTenantType ) } function Get-MgAdministrativeUnit @@ -27048,33 +26804,62 @@ function Get-MgDirectorySetting $HttpPipelineAppend ) } -function New-MgAdministrativeUnit +function Get-MgOrganizationSetting { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $DisplayName, + $OrganizationId, [Parameter()] - [System.Collections.Hashtable] - $AdditionalProperties, + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Get-MgOrganizationSettingItemInsight +{ + [CmdletBinding()] + param( [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsMemberManagementRestricted, + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.PSCredential] @@ -27082,47 +26867,76 @@ function New-MgAdministrativeUnit [Parameter()] [System.String] - $Visibility, + $OrganizationId, [Parameter()] [PSObject] - $ScopedRoleMembers, + $InputObject, [Parameter()] [PSObject] - $Members, + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Get-MgOrganizationSettingPersonInsight +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] [System.Uri] $Proxy, [Parameter()] - [PSObject] - $BodyParameter, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.String] - $Id, + $OrganizationId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [PSObject] + $InputObject, [Parameter()] [PSObject] - $Extensions, + $HttpPipelineAppend, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String[]] + $ExpandProperty, [Parameter()] - [PSObject] - $HttpPipelineAppend + [System.String[]] + $Property, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break ) } function New-MgDirectorySetting @@ -27183,25 +26997,30 @@ function Remove-MgDirectorySetting $HttpPipelineAppend ) } -function Update-MgAdministrativeUnit +function Update-MgDirectorySetting { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, - + [PSObject] + $Values + ) +} +function Update-MgOrganizationSetting +{ + [CmdletBinding()] + param( [Parameter()] - [System.String] - $AdministrativeUnitId, + [PSObject] + $PeopleInsights, [Parameter()] - [System.String] - $DisplayName, + [PSObject] + $ProfileCardProperties, [Parameter()] [PSObject] - $InputObject, + $MicrosoftApplicationDataAccess, [Parameter()] [System.Collections.Hashtable] @@ -27211,17 +27030,13 @@ function Update-MgAdministrativeUnit [PSObject] $HttpPipelinePrepend, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $IsMemberManagementRestricted, - [Parameter()] [PSObject] - $ScopedRoleMembers, + $ContactInsights, [Parameter()] [PSObject] - $Members, + $ItemInsights, [Parameter()] [System.Uri] @@ -27235,6 +27050,10 @@ function Update-MgAdministrativeUnit [System.String] $Id, + [Parameter()] + [PSObject] + $Pronouns, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, @@ -27243,45 +27062,164 @@ function Update-MgAdministrativeUnit [System.Management.Automation.SwitchParameter] $PassThru, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + [Parameter()] [PSObject] - $Extensions, + $InputObject, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.SwitchParameter] + $Break, [Parameter()] [System.String] - $Visibility, + $OrganizationId, [Parameter()] - [System.DateTime] - $DeletedDateTime, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [PSObject] + $HttpPipelineAppend + ) +} +function Update-MgOrganizationSettingItemInsight +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, [Parameter()] [System.Management.Automation.SwitchParameter] $ProxyUseDefaultCredentials, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsEnabledInOrganization, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String] + $DisabledForGroup, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String] + $OrganizationId, + [Parameter()] [PSObject] $HttpPipelineAppend ) } -function Update-MgDirectorySetting +function Update-MgOrganizationSettingPersonInsight { [CmdletBinding()] param( + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IsEnabledInOrganization, + [Parameter()] [PSObject] - $Values + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String] + $DisabledForGroup, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String] + $OrganizationId, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } #endregion + + #region MicrosoftGraph function Get-MgAgreement { From 49e1e544240412c434a0d759012d27a98bf0f66f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andi=20Kr=C3=BCger?= <15608729+andikrueger@users.noreply.github.com> Date: Tue, 11 Apr 2023 22:53:01 +0200 Subject: [PATCH 44/64] refinements --- docs/docs/concepts/key-parameters.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/docs/docs/concepts/key-parameters.md b/docs/docs/concepts/key-parameters.md index f8d97d7159..0be4235611 100644 --- a/docs/docs/concepts/key-parameters.md +++ b/docs/docs/concepts/key-parameters.md @@ -54,7 +54,11 @@ Configuration MyConfig { ``` -There are two resources with the same key combination. User1 and User2 do have the same UserPrincipalName and would configure different DisplayNames. This is not allowed and will not compile. The same is true for other resources. For example, if you would have two AADGroups with the same UserPrincipalName, the configuration would not compile. +There are two resources with the same key combination. + +User1 and User2 do have the same UserPrincipalName and would configure different DisplayNames. This is not allowed and will not compile. The same is true for other resources. For example, if you would have two AADGroups with the same UserPrincipalName, the configuration would not compile. + +There might also be other resources with multiple key parameters. In this case the combination of these key parameters needs to be unique. Within Microsoft365DSC there are many resources that are not backed by a configurable object in Microsoft 365. These objects will get unique identifiers that are created during the first creation. These identifiers are not configurable and are not exposed to the user. This is a big challenge for DSC, as we need to have a unique identifier prior to the creation of the objects in the tenant. @@ -69,16 +73,18 @@ Changing the key parameters of those resource with duplicate keys is not an opti We can differentiate between two types of resources: 1. Those which have a unique immutable identifier and can be identified by the key parameters. Like the AADUser resource, which has a unique immutable identifier and can be identified by the UserPrincipalName. -2. Those which have a unique immutable identifier, but can not be identified by the key parameters. Like the AADApplication resource, which has a unique immutable identifier, but can not be uniquely identified by the DisplayName. +2. Those which have a unique immutable identifier, but can not be identified by the key parameters. Like the AADApplication resource, which has a unique immutable identifier, but can not be uniquely identified by the DisplayName. With this knowledge we can conclude that it's recommended to not use duplicate display names for any resource within M365 that should be managed through M365DSC. For 1. we can change the key parameters and the configuration will compile. We can rely on the immutable identifier to identify the resource. For 2. we can not rely on the immutable identifier to identify the resource. This is a big challenge for DSC, as we need to have a unique identifier prior to the creation of the objects in the tenant. ## The current implementation of key parameters in Microsoft365DSC -With the April 2023 release of Microsoft365DSC we have many breaking changes that help to better identify the resources in the configuration. There were several changes to key parameters. This implementation a new way of handling key parameters. This new implementation is based on the following principles: +With the [April 2023 release](../blog/april-2023-major-release/index.html) of Microsoft365DSC we have many breaking changes that help to better identify the resources in the configuration. There were several changes to key parameters. This implementation a new way of handling key parameters. This new implementation is based on the following principles: 1. The key parameters are the parameters that are used to identify a resource. -2. The immutable identifiers are the unique identifiers that are created during the creation of the resource. Fom some resources, these are now exposed through M365DSC. This offers two use cases: + There is [more information](https://docs.microsoft.com/en-us/powershell/dsc/authoringresourcekey) available on how to define key parameters in DSC resources: + >The type qualifier, [Key], on a property indicates that this property will uniquely identify the resource instance. At least one [Key] property is required. +2. The immutable identifiers are the unique identifiers that are created during the creation of the resource. For some resources, these are now exposed through M365DSC. This offers two use cases: 1. During the initial creation of the resource the display name would be used to identify the resource. This is the same as the current implementation. 2. For updates of the resource, the immutable identifier would be used to identify the resource. This is a new implementation. From 87077a247c1b4af19824b7ea179e4f4cbc2ad11d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 11 Apr 2023 18:03:14 -0400 Subject: [PATCH 45/64] Fixes --- CHANGELOG.md | 12 ++---- ...65SearchAndIntelligenceConfigurations.psm1 | 37 +++++-------------- ...chAndIntelligenceConfigurations.schema.mof | 1 - .../settings.json | 14 +++++-- .../1-ConfigureSearchAndIntelligence.ps1 | 1 - 5 files changed, 24 insertions(+), 41 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 26d72b4be2..c7d975a9d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,14 +11,6 @@ # 1.23.405.1 -* IntuneDeviceConfigurationCustomPolicyWindows10 - * Initial Release - FIXES [#3068](https://github.com/microsoft/Microsoft365DSC/issues/3068) -* TeamsUpdateManagementPolicy - * Added support for the Forced value for the AllowPublicPreview property. - -# 1.23.405.1 - * AADAdministrativeUnit * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required * Fixes extraction of the Members property. @@ -87,6 +79,9 @@ * [BREAKING CHANGE] Setting Identity as Key parameter and DisplayName as Required * IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager * [BREAKING CHANGE] Fix resource +* IntuneDeviceConfigurationCustomPolicyWindows10 + * Initial Release + FIXES [#3068](https://github.com/microsoft/Microsoft365DSC/issues/3068) * IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 * Initial Release FIXES [#2830](https://github.com/microsoft/Microsoft365DSC/issues/2830) @@ -160,6 +155,7 @@ * TeamsUpdateManagementPolicy * Added support for the new UseNewTeamsClient parameter. FIXES [#3062](https://github.com/microsoft/Microsoft365DSC/issues/3062) + * Added support for the Forced value for the AllowPublicPreview property. * DRG * Various fixes * Cleanup generated code diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 index 6b31b0c276..54911c095e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 @@ -25,11 +25,6 @@ function Get-TargetResource [System.String] $PersonInsightsDisabledForGroup, - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -55,11 +50,6 @@ function Get-TargetResource $ManagedIdentity ) - if ($PSBoundParameters.ContainsKey('Ensure') -and $Ensure -eq 'Absent') - { - throw 'This resource is not able to remove Search and Intelligence configuration settings and therefore only accepts Ensure=Present.' - } - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters ` -ProfileName 'beta' @@ -157,11 +147,6 @@ function Set-TargetResource [System.String] $PersonInsightsDisabledForGroup, - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -187,11 +172,6 @@ function Set-TargetResource $ManagedIdentity ) - if ($PSBoundParameters.ContainsKey('Ensure') -and $Ensure -eq 'Absent') - { - throw 'This resource is not able to remove the Search And Intelligence Configuration settings and therefore only accepts Ensure=Present.' - } - #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -229,7 +209,11 @@ function Set-TargetResource } catch { - Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data getting group' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential } $ItemInsightsUpdateParams.Add("DisabledForGroup", $disabledForGroupValue) } @@ -252,7 +236,11 @@ function Set-TargetResource } catch { - Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data getting group' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential } $PersonInsightsUpdateParams.Add("DisabledForGroup", $disabledForGroupValue) } @@ -289,11 +277,6 @@ function Test-TargetResource [System.String] $PersonInsightsDisabledForGroup, - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure = 'Present', - [Parameter()] [System.Management.Automation.PSCredential] $Credential, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof index d5b8af8f2a..6520f152aa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.schema.mof @@ -6,7 +6,6 @@ class MSFT_O365SearchAndIntelligenceConfigurations : OMI_BaseResource [Write, Description("Specifies a single Azure AD Group for which Item Insights needs to be disabled.")] String ItemInsightsDisabledForGroup; [Write, Description("Specifies whether or not Person Insights should be available for the organization.")] Boolean PersonInsightsIsEnabledInOrganization; [Write, Description("Specifies a single Azure AD Group for which Person Insights needs to be disabled.")] String PersonInsightsDisabledForGroup; - [Write, Description("Since there is only one setting available, this must be set to 'Present'"), ValueMap{"Present"}, Values{"Present"}] String Ensure; [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json index 73f7c66926..24d5ee19a5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json @@ -1,14 +1,20 @@ { "resourceName": "O365SearchAndIntelligenceConfigurations", - "description": "", + "description": "This resource configures the Search And Intelligence configuration settings.", "permissions": { "graph": { "delegated": { - "read": [], - "update": [] + "read": [ + "User.Read" + ], + "update": [ + "User.ReadWrite" + ] }, "application": { - "read": [], + "read": [ + "User.Read" + ], "update": [ "User.ReadWrite" ] diff --git a/Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligence.ps1 b/Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligence.ps1 index f4ebb50ee9..506b0ab492 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligence.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/O365SearchAndIntelligenceConfigurations/1-ConfigureSearchAndIntelligence.ps1 @@ -18,7 +18,6 @@ Configuration Example O365SearchAndIntelligenceConfigurations 'SearchAndIntelligenceConfigurations' { Credential = $Credscredential; - Ensure = "Present"; IsSingleInstance = "Yes"; ItemInsightsIsEnabledInOrganization = $False; ItemInsightsDisabledForGroup = "TestGroup" From 640692073ac3a54d3bd2052444e2d3ed9d9df4f1 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 11 Apr 2023 18:10:17 -0400 Subject: [PATCH 46/64] Update Microsoft365DSC.O365SearchAndIntelligenceConfigurations.Tests.ps1 --- ...ft365DSC.O365SearchAndIntelligenceConfigurations.Tests.ps1 | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365SearchAndIntelligenceConfigurations.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365SearchAndIntelligenceConfigurations.Tests.ps1 index c406a2b49f..a063191c9b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365SearchAndIntelligenceConfigurations.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365SearchAndIntelligenceConfigurations.Tests.ps1 @@ -58,7 +58,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ItemInsightsIsEnabledInOrganization = $True; ItemInsightsDisabledForGroup = "TestGroup" PersonInsightsIsEnabledInOrganization = $True; - Ensure = 'Present' Credential = $Credential } @@ -78,7 +77,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should return Present from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' (Get-TargetResource @testParams).ItemInsightsIsEnabledInOrganization | Should -Be $True } @@ -95,7 +93,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ItemInsightsIsEnabledInOrganization = $False; ItemInsightsDisabledForGroup = "TestGroup" PersonInsightsIsEnabledInOrganization = $True; - Ensure = 'Present' Credential = $Credential } @@ -115,7 +112,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should return Present from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' (Get-TargetResource @testParams).ItemInsightsIsEnabledInOrganization | Should -Be $True } From 908752f23f63b1e2cc679105d00ac4312a7d275b Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 11 Apr 2023 18:57:08 -0400 Subject: [PATCH 47/64] Update settings.json --- .../settings.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json index 24d5ee19a5..bec9d459b9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json @@ -5,7 +5,7 @@ "graph": { "delegated": { "read": [ - "User.Read" + "User.Read.All" ], "update": [ "User.ReadWrite" @@ -13,7 +13,7 @@ }, "application": { "read": [ - "User.Read" + "User.Read.All" ], "update": [ "User.ReadWrite" From 63623af781fbb38ef46b8211166e19301263ed3f Mon Sep 17 00:00:00 2001 From: William-francillette Date: Wed, 12 Apr 2023 05:45:14 +0100 Subject: [PATCH 48/64] Fix Unit test --- ...nfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 index 6ecdf149f3..016c96b78e 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 @@ -33,6 +33,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Remove-PSSession -MockWith { } + Mock -CommandName Write-Host -MockWith { + } + Mock -CommandName Update-MgDeviceManagementGroupPolicyConfiguration -MockWith { } @@ -74,7 +77,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } -ClientOnly) ) DefinitionValues = [CimInstance[]]@( - (N-ClientOnly) (New-CimInstance -ClassName MSFT_IntuneGroupPolicyDefinitionValue -Property @{ ConfigurationType = 'policy' PresentationValues = [CimInstance[]]@( From 054fd03715183dee7c4138843eaffb06400d2c3d Mon Sep 17 00:00:00 2001 From: Adrian von Buttlar Date: Wed, 12 Apr 2023 08:28:22 +0200 Subject: [PATCH 49/64] removed duplicate sentence --- .../DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof index 851d9385bf..22f7dab03e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.schema.mof @@ -8,7 +8,7 @@ class MSFT_AADUser : OMI_BaseResource [Write, Description("The list of Azure Active Directory roles assigned to the user.")] String Roles[]; [Write, Description("The country code the user will be assigned to")] String UsageLocation; [Write, Description("The account SKU Id for the license to be assigned to the user")] String LicenseAssignment[]; - [Write, Description("The password for the account. The parameter is a PSCredential object, but only the Password component will be used. The password for the account. The parameter is a PSCredential object, but only the Password component will be used. If Password is not supplied for a new resource a new random password will be generated. Property will only be used when creating the user and not on subsequent updates."), EmbeddedInstance("MSFT_Credential")] String Password; + [Write, Description("The password for the account. The parameter is a PSCredential object, but only the Password component will be used. If Password is not supplied for a new resource a new random password will be generated. Property will only be used when creating the user and not on subsequent updates."), EmbeddedInstance("MSFT_Credential")] String Password; [Write, Description("The City name of the user")] String City; [Write, Description("The Country name of the user")] String Country; [Write, Description("The Department name of the user")] String Department; From 26c9df4f62e172a6ecf86291b8d77e3c50b61858 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 12 Apr 2023 06:42:43 +0000 Subject: [PATCH 50/64] Updated Resources and Cmdlet documentation pages --- ...onAdministrativeTemplatePolicyWindows10.md | 267 ++++++++++++++++++ 1 file changed, 267 insertions(+) create mode 100644 docs/docs/resources/intune/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.md diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.md new file mode 100644 index 0000000000..a68318ca52 --- /dev/null +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.md @@ -0,0 +1,267 @@ +# IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Description** | Write | String | User provided description for the resource object. | | +| **DisplayName** | Required | String | User provided name for the resource object. | | +| **PolicyConfigurationIngestionType** | Write | String | Type of definitions configured for this policy. Possible values are: unknown, custom, builtIn, mixed, unknownFutureValue. | `unknown`, `custom`, `builtIn`, `mixed`, `unknownFutureValue` | +| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **DefinitionValues** | Write | MSFT_IntuneGroupPolicyDefinitionValue[] | The list of enabled or disabled group policy definition values for the configuration. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + +### MSFT_IntuneGroupPolicyDefinitionValueDefinition + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **CategoryPath** | Write | String | The localized full category path for the policy. | | +| **ClassType** | Write | String | Identifies the type of groups the policy can be applied to. Possible values are: user, machine. | `user`, `machine` | +| **DisplayName** | Write | String | The localized policy name. | | +| **ExplainText** | Write | String | The localized explanation or help text associated with the policy. The default value is empty. | | +| **GroupPolicyCategoryId** | Write | String | The category id of the parent category | | +| **HasRelatedDefinitions** | Write | Boolean | Signifies whether or not there are related definitions to this definition | | +| **MinDeviceCspVersion** | Write | String | Minimum required CSP version for device configuration in this definition | | +| **MinUserCspVersion** | Write | String | Minimum required CSP version for user configuration in this definition | | +| **PolicyType** | Write | String | Specifies the type of group policy. Possible values are: admxBacked, admxIngested. | `admxBacked`, `admxIngested` | +| **SupportedOn** | Write | String | Localized string used to specify what operating system or application version is affected by the policy. | | +| **Id** | Write | String | The unique identifier for an entity. Read-only. | | + +### MSFT_IntuneGroupPolicyDefinitionValue + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **ConfigurationType** | Write | String | Specifies how the value should be configured. This can be either as a Policy or as a Preference. Possible values are: policy, preference. | `policy`, `preference` | +| **Enabled** | Write | Boolean | Enables or disables the associated group policy definition. | | +| **Id** | Write | String | The unique identifier for an entity. Read-only. | | +| **Definition** | Write | MSFT_IntuneGroupPolicyDefinitionValueDefinition | The associated group policy definition with the value. Read-Only. | | +| **PresentationValues** | Write | MSFT_IntuneGroupPolicyDefinitionValuePresentationValue[] | The associated group policy presentation values with the definition value. | | + +### MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **BooleanValue** | Write | Boolean | A value for the associated presentation. | | +| **DecimalValue** | Write | UInt64 | A value for the associated presentation. | | +| **StringValue** | Write | String | A value for the associated presentation. | | +| **KeyValuePairValues** | Write | MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair[] | A list of pairs for the associated presentation. | | +| **StringValues** | Write | StringArray[] | A list of pairs for the associated presentation. | | +| **Id** | Write | String | The unique identifier for an entity. Read-only. | | +| **PresentationDefinitionId** | Write | String | The unique identifier for presentation definition. Read-only. | | +| **PresentationDefinitionLabel** | Write | String | The label of the presentation definition. Read-only. | | +| **odataType** | Write | String | A value for the associated presentation. | `#microsoft.graph.groupPolicyPresentationValueBoolean`, `#microsoft.graph.groupPolicyPresentationValueDecimal`, `#microsoft.graph.groupPolicyPresentationValueList`, `#microsoft.graph.groupPolicyPresentationValueLongDecimal`, `#microsoft.graph.groupPolicyPresentationValueMultiText`, `#microsoft.graph.groupPolicyPresentationValueText` | + +### MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Value** | Write | String | Value for this key-value pair. | | +| **Name** | Write | String | Name for this key-value pair. | | + + +## Description + +Intune Device Configuration Administrative Template Policy for Windows10 + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' + { + Credential = $Credscredential + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + DefinitionValues = @( + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + Id = 'f41bbbec-0807-4ae3-8a61-5580a2f310f0' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '50b2626d-f092-4e71-8983-12a5c741ebe0' + DisplayName = 'Do not display the lock screen' + CategoryPath = '\Control Panel\Personalization' + PolicyType = 'admxBacked' + SupportedOn = 'At least Windows Server 2012, Windows 8 or Windows RT' + ClassType = 'machine' + } + Enabled = $False + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + PresentationValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '98210829-af9b-4020-8d96-3e4108557a95' + presentationDefinitionLabel = 'Types of extensions/apps that are allowed to be installed' + KeyValuePairValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + { + Name = 'hosted_app' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + { + Name = 'user_script' + } + ) + Id = '7312a452-e087-4290-9b9f-3f14a304c18d' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } + ) + Id = 'f3047f6a-550e-4b5e-b3da-48fc951b72fc' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } + Enabled = $True + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + PresentationValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = 'a8a0ae11-58d9-41d5-b258-1c16d9f1e328' + presentationDefinitionLabel = 'Password Length' + DecimalValue = 15 + Id = '14c48993-35af-4b77-a4f8-12de917b1bb9' + odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '98998e7f-cc2a-4d96-8c47-35dd4b2ce56b' + presentationDefinitionLabel = 'Password Age (Days)' + DecimalValue = 30 + Id = '4d654df9-6826-470f-af4e-d37491663c76' + odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '6900e752-4bc3-463b-9fc8-36d78c77bc3e' + presentationDefinitionLabel = 'Password Complexity' + StringValue = '4' + Id = '17e2ff15-8573-4e7e-a6f9-64baebcb5312' + odataType = '#microsoft.graph.groupPolicyPresentationValueText' + } + ) + Id = '426c9e99-0084-443a-ae07-b8f40c11910f' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = 'c4df131a-d415-44fc-9254-a717ff7dbee3' + DisplayName = 'Password Settings' + CategoryPath = '\LAPS' + PolicyType = 'admxBacked' + SupportedOn = 'At least Microsoft Windows Vista or Windows Server 2003 family' + ClassType = 'machine' + } + Enabled = $True + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + Id = 'a3577119-b240-4093-842c-d8e959dfe317' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '986073b6-e149-495f-a131-aa0e3c697225' + DisplayName = 'Ability to change properties of an all user remote access connection' + CategoryPath = '\Network\Network Connections' + PolicyType = 'admxBacked' + SupportedOn = 'At least Windows 2000 Service Pack 1' + ClassType = 'user' + } + Enabled = $True + } + ) + Description = '' + DisplayName = 'admin template' + Ensure = 'Present' + Id = '2e72acda-30a8-4955-a4ca-c5e28527c81c' + PolicyConfigurationIngestionType = 'unknown' + } + } +} +``` + From 2b248eda053e1ae619cfde7b8a5915f0f5727a1d Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 12 Apr 2023 12:41:13 +0200 Subject: [PATCH 51/64] Added Release Notes test --- CHANGELOG.md | 12 ++++++------ Tests/QA/Microsoft365DSC.ModuleManifest.Tests.ps1 | 10 ++++++++++ 2 files changed, 16 insertions(+), 6 deletions(-) create mode 100644 Tests/QA/Microsoft365DSC.ModuleManifest.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index d25176e4a4..cdda8120a3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,12 +2,12 @@ # UNRELEASED - * IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 +* AADUser + * Password property will only used with New-MgUser and ignored for updates + FIXES [#3093](https://github.com/microsoft/Microsoft365DSC/issues/3093) +* IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 * Initial release FIXES [#2833](https://github.com/microsoft/Microsoft365DSC/issues/2833) - -# 1.23.405.1 - * IntuneDeviceConfigurationCustomPolicyWindows10 * Initial Release FIXES [#3068](https://github.com/microsoft/Microsoft365DSC/issues/3068) @@ -26,6 +26,8 @@ Fixes #3082 * M365DSCUtil: Fixed an issue when calling Assert-M365DSCBlueprint with App credentials FIXES [#3153](https://github.com/microsoft/Microsoft365DSC/issues/3153) + * Added check to validate that the Release Notes in the module manifest are not longer than + 10,000 characters, which will prevent publishing the module to the PowerShell Gallery # 1.23.405.1 @@ -57,8 +59,6 @@ * [BREAKING CHANGE] Remove deprecated parameter PreferredDataLocation* EXOAntiPhishPolicy * [BREAKING CHANGE] Remove deprecated parameters EnableAntispoofEnforcement and TargetedDomainProtectionAction - * Password property will only used with New-MgUser and ignored for updates - FIXES [#3093](https://github.com/microsoft/Microsoft365DSC/issues/3093) * EXOGroupSettings * Initial Release FIXES [#3089](https://github.com/microsoft/Microsoft365DSC/issues/3089) diff --git a/Tests/QA/Microsoft365DSC.ModuleManifest.Tests.ps1 b/Tests/QA/Microsoft365DSC.ModuleManifest.Tests.ps1 new file mode 100644 index 0000000000..94cf2715d2 --- /dev/null +++ b/Tests/QA/Microsoft365DSC.ModuleManifest.Tests.ps1 @@ -0,0 +1,10 @@ +Describe -Name 'Checking Module Manifest' { + BeforeAll { + $manifestPath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\Modules\Microsoft365DSC\Microsoft365DSC.psd1' + $manifest = Import-PowerShellDataFile -Path $manifestPath + } + + It 'Release Notes property is less than 10.000 characters' { + $manifest.PrivateData.PSData.ReleaseNotes.Length | Should -BeLessThan 10000 + } +} From 85b9ec5cfa625a69b1bf64bbe80c1b241a8b2e7b Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 12 Apr 2023 12:41:13 +0200 Subject: [PATCH 52/64] Added Release Notes test --- CHANGELOG.md | 12 ++++++------ Tests/QA/Microsoft365DSC.ModuleManifest.Tests.ps1 | 10 ++++++++++ 2 files changed, 16 insertions(+), 6 deletions(-) create mode 100644 Tests/QA/Microsoft365DSC.ModuleManifest.Tests.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index d25176e4a4..cdda8120a3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,12 +2,12 @@ # UNRELEASED - * IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 +* AADUser + * Password property will only used with New-MgUser and ignored for updates + FIXES [#3093](https://github.com/microsoft/Microsoft365DSC/issues/3093) +* IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 * Initial release FIXES [#2833](https://github.com/microsoft/Microsoft365DSC/issues/2833) - -# 1.23.405.1 - * IntuneDeviceConfigurationCustomPolicyWindows10 * Initial Release FIXES [#3068](https://github.com/microsoft/Microsoft365DSC/issues/3068) @@ -26,6 +26,8 @@ Fixes #3082 * M365DSCUtil: Fixed an issue when calling Assert-M365DSCBlueprint with App credentials FIXES [#3153](https://github.com/microsoft/Microsoft365DSC/issues/3153) + * Added check to validate that the Release Notes in the module manifest are not longer than + 10,000 characters, which will prevent publishing the module to the PowerShell Gallery # 1.23.405.1 @@ -57,8 +59,6 @@ * [BREAKING CHANGE] Remove deprecated parameter PreferredDataLocation* EXOAntiPhishPolicy * [BREAKING CHANGE] Remove deprecated parameters EnableAntispoofEnforcement and TargetedDomainProtectionAction - * Password property will only used with New-MgUser and ignored for updates - FIXES [#3093](https://github.com/microsoft/Microsoft365DSC/issues/3093) * EXOGroupSettings * Initial Release FIXES [#3089](https://github.com/microsoft/Microsoft365DSC/issues/3089) diff --git a/Tests/QA/Microsoft365DSC.ModuleManifest.Tests.ps1 b/Tests/QA/Microsoft365DSC.ModuleManifest.Tests.ps1 new file mode 100644 index 0000000000..94cf2715d2 --- /dev/null +++ b/Tests/QA/Microsoft365DSC.ModuleManifest.Tests.ps1 @@ -0,0 +1,10 @@ +Describe -Name 'Checking Module Manifest' { + BeforeAll { + $manifestPath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\Modules\Microsoft365DSC\Microsoft365DSC.psd1' + $manifest = Import-PowerShellDataFile -Path $manifestPath + } + + It 'Release Notes property is less than 10.000 characters' { + $manifest.PrivateData.PSData.ReleaseNotes.Length | Should -BeLessThan 10000 + } +} From 6fa717446617781fe39134cc37306e9ba212d894 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 12 Apr 2023 12:51:05 +0200 Subject: [PATCH 53/64] Corrected documentation issues --- docs/docs/concepts/key-parameters.md | 6 +++--- docs/mkdocs.yml | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/docs/concepts/key-parameters.md b/docs/docs/concepts/key-parameters.md index 0be4235611..eadd8102c2 100644 --- a/docs/docs/concepts/key-parameters.md +++ b/docs/docs/concepts/key-parameters.md @@ -79,13 +79,13 @@ For 1. we can change the key parameters and the configuration will compile. We c ## The current implementation of key parameters in Microsoft365DSC -With the [April 2023 release](../blog/april-2023-major-release/index.html) of Microsoft365DSC we have many breaking changes that help to better identify the resources in the configuration. There were several changes to key parameters. This implementation a new way of handling key parameters. This new implementation is based on the following principles: +With the [April 2023 release](../../blog/april-2023-major-release/index.html) of Microsoft365DSC we have many breaking changes that help to better identify the resources in the configuration. There were several changes to key parameters. This implementation a new way of handling key parameters. This new implementation is based on the following principles: 1. The key parameters are the parameters that are used to identify a resource. There is [more information](https://docs.microsoft.com/en-us/powershell/dsc/authoringresourcekey) available on how to define key parameters in DSC resources: >The type qualifier, [Key], on a property indicates that this property will uniquely identify the resource instance. At least one [Key] property is required. 2. The immutable identifiers are the unique identifiers that are created during the creation of the resource. For some resources, these are now exposed through M365DSC. This offers two use cases: - 1. During the initial creation of the resource the display name would be used to identify the resource. This is the same as the current implementation. - 2. For updates of the resource, the immutable identifier would be used to identify the resource. This is a new implementation. + - During the initial creation of the resource the display name would be used to identify the resource. This is the same as the current implementation. + - For updates of the resource, the immutable identifier would be used to identify the resource. This is a new implementation. The new implementation is kind of a heuristic approach to enable exports and imports of configurations. Besides that it is a good practice to better identify the resources in the configuration. diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index ab3ef24cf5..02ff2ea108 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -35,6 +35,7 @@ nav: - 'Compare-M365DSCConfigurations': 'user-guide/cmdlets/Compare-M365DSCConfigurations.md' - 'Get-M365DSCAllResources': 'user-guide/cmdlets/Get-M365DSCAllResources.md' - 'Get-M365DSCCompiledPermissionList': 'user-guide/cmdlets/Get-M365DSCCompiledPermissionList.md' + - 'Get-M365DSCLoggingOption': 'user-guide/cmdlets/Get-M365DSCLoggingOption.md' - 'Get-M365DSCNotificationEndPointRegistration': 'user-guide/cmdlets/Get-M365DSCNotificationEndpointRegistration.md' - 'Get-M365DSCTelemetryOption': 'user-guide/cmdlets/Get-M365DSCTelemetryOption.md' - 'Get-M365DSCWorkloadsListFromResourceNames': 'user-guide/cmdlets/Get-M365DSCWorkloadsListFromResourceNames.md' @@ -45,6 +46,7 @@ nav: - 'New-M365DSCReportFromConfiguration': 'user-guide/cmdlets/New-M365DSCReportFromConfiguration.md' - 'Remove-M365DSCNotificationEndPointRegistration': 'user-guide/cmdlets/Remove-M365DSCNotificationEndpointRegistration.md' - 'Set-M365DSCAgentCertificateConfiguration': 'user-guide/cmdlets/Set-M365DSCAgentCertificateConfiguration.md' + - 'Set-M365DSCLoggingOption': 'user-guide/cmdlets/Set-M365DSCLoggingOption.md' - 'Set-M365DSCTelemetryOption': 'user-guide/cmdlets/Set-M365DSCTelemetryOption.md' - 'Test-M365DSCAgent': 'user-guide/cmdlets/Test-M365DSCAgent.md' - 'Test-M365DSCDependenciesForNewVersions': 'user-guide/cmdlets/Test-M365DSCDependenciesForNewVersions.md' @@ -62,7 +64,7 @@ nav: - 'Breaking Changes Policy': 'concepts/breaking-changes.md' - 'OneDrive & SharePoint Permissions': 'concepts/odsp-permissions.md' - 'Consent Flow': 'concepts/consent-flow.md' - - 'Key Parameters in DSC' : 'concepts/key-parameters.md' + - 'Key Parameters in DSC': 'concepts/key-parameters.md' - Resources: - 'Overview': 'resources/overview.md' - 'Azure AD': 'resources/azure-ad' From badb10f36a5e5278418187c8b0e4772cd44117eb Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 12 Apr 2023 07:18:17 -0400 Subject: [PATCH 54/64] Update settings.json --- .../MSFT_O365SearchAndIntelligenceConfigurations/settings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json index bec9d459b9..a5cd11149b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json @@ -16,7 +16,7 @@ "User.Read.All" ], "update": [ - "User.ReadWrite" + "User.ReadWrite.All" ] } }, From 1b744ff7aee5dec2607c142f1f6e3bc75efa6768 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 12 Apr 2023 07:45:59 -0400 Subject: [PATCH 55/64] Update MSFT_O365SearchAndIntelligenceConfigurations.psm1 --- .../MSFT_O365SearchAndIntelligenceConfigurations.psm1 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 index 54911c095e..b2cdc58dec 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/MSFT_O365SearchAndIntelligenceConfigurations.psm1 @@ -68,7 +68,6 @@ function Get-TargetResource $nullReturn = @{ IsSingleInstance = $IsSingleInstance - Ensure = 'Absent' } try @@ -100,7 +99,6 @@ function Get-TargetResource ItemInsightsDisabledForGroup = $itemInsightsDisabledForGroupValue PersonInsightsIsEnabledInOrganization = $PersonInsights.IsEnabledInOrganization PersonInsightsDisabledForGroup = $PersonInsightsDisabledForGroupValue - Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId @@ -392,7 +390,7 @@ function Export-TargetResource $Results = Get-TargetResource @Params $dscContent = '' - if ($Results.Ensure -eq 'Present') + if ($Results -is [System.Collections.Hashtable] -and $Results.Count -gt 1) { $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results From 8cf76531c0882fc7e6160e1e48ed44a47edeef8f Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 12 Apr 2023 08:01:11 -0400 Subject: [PATCH 56/64] Updated Dependencies and Unit Tests --- .github/workflows/Unit Tests.yml | 24 ------------------- CHANGELOG.md | 2 ++ .../Dependencies/Manifest.psd1 | 2 +- 3 files changed, 3 insertions(+), 25 deletions(-) diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml index b300becfad..8c4294a1ff 100644 --- a/.github/workflows/Unit Tests.yml +++ b/.github/workflows/Unit Tests.yml @@ -19,30 +19,6 @@ jobs: - name: Install Modules shell: pwsh run: | - $Manifest = Import-PowerShellDataFile './Modules/Microsoft365DSC/Dependencies/Manifest.psd1' - - foreach ($module in $Manifest.Dependencies) - { - Write-Verbose -Message "Installing module: $($module.ModuleName)" - if ($module.AllowPreRelease) - { - try - { - Install-Module $module.ModuleName -AllowPreRelease -Force -Scope AllUsers - } - catch - {} - } - else - { - try - { - Install-Module $module.ModuleName -RequiredVersion $module.RequiredVersion -Force -Scope AllUsers - } - catch - {} - } - } Install-Module PSDesiredStateConfiguration -Force -Scope AllUsers Install-Module Pester -Force -SkipPublisherCheck -RequiredVersion 5.4.0 -Scope AllUsers [System.Environment]::SetEnvironmentVariable('M365DSCTelemetryEnabled', $false, [System.EnvironmentVariableTarget]::Machine); diff --git a/CHANGELOG.md b/CHANGELOG.md index cdda8120a3..83e2b53fee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,8 @@ FIXES [#3153](https://github.com/microsoft/Microsoft365DSC/issues/3153) * Added check to validate that the Release Notes in the module manifest are not longer than 10,000 characters, which will prevent publishing the module to the PowerShell Gallery +* DEPENDENCIES + * Updated Microsoft.PowerApps.Administration.PowerShell dependencies to version 2.0.159. # 1.23.405.1 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index a4a859e57d..13ecc4f187 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -66,7 +66,7 @@ }, @{ ModuleName = 'Microsoft.PowerApps.Administration.PowerShell' - RequiredVersion = '2.0.156' + RequiredVersion = '2.0.159' }, @{ ModuleName = 'MicrosoftTeams' From d9f20044ffa8a23611a3d043bba3d485ea914cf7 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 12 Apr 2023 08:03:33 -0400 Subject: [PATCH 57/64] Update settings.json --- .../settings.json | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json index a5cd11149b..aa136ef545 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365SearchAndIntelligenceConfigurations/settings.json @@ -5,18 +5,26 @@ "graph": { "delegated": { "read": [ - "User.Read.All" + { + "name": "User.Read.All" + } ], "update": [ - "User.ReadWrite" + { + "name": "User.ReadWrite" + } ] }, "application": { "read": [ - "User.Read.All" + { + "name": "User.Read.All" + } ], "update": [ - "User.ReadWrite.All" + { + "name": "User.ReadWrite" + } ] } }, From b979ff6ddb577fead45eb898f712463adcd1a85a Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 12 Apr 2023 08:09:29 -0400 Subject: [PATCH 58/64] Update Unit Tests.yml --- .github/workflows/Unit Tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml index 8c4294a1ff..ca65cf4dcf 100644 --- a/.github/workflows/Unit Tests.yml +++ b/.github/workflows/Unit Tests.yml @@ -19,6 +19,7 @@ jobs: - name: Install Modules shell: pwsh run: | + Install-Module ReverseDSC -Force -Scope AllUsers Install-Module PSDesiredStateConfiguration -Force -Scope AllUsers Install-Module Pester -Force -SkipPublisherCheck -RequiredVersion 5.4.0 -Scope AllUsers [System.Environment]::SetEnvironmentVariable('M365DSCTelemetryEnabled', $false, [System.EnvironmentVariableTarget]::Machine); From 0d35f1693f03574df4602cd662e6dab30bf4d3ec Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 12 Apr 2023 09:00:32 -0400 Subject: [PATCH 59/64] Fixes --- ...istrativeTemplatePolicyWindows10.Tests.ps1 | 1 - ...nfigurationCustomPolicyWindows10.Tests.ps1 | 3 +- .../Microsoft365DSC.ODSettings.Tests.ps1 | 6 - ...t365DSC.SPOAccessControlSettings.Tests.ps1 | 6 - .../Microsoft365DSC.SPOApp.Tests.ps1 | 5 - ...soft365DSC.SPOBrowserIdleSignout.Tests.ps1 | 6 - .../Microsoft365DSC.SPOBrowserIdleSignout.ps1 | 5 - .../Microsoft365DSC.SPOHomeSite.Tests.ps1 | 6 - .../Microsoft365DSC.SPOHubSite.Tests.ps1 | 6 - ...rosoft365DSC.SPOOrgAssetsLibrary.Tests.ps1 | 6 - .../Microsoft365DSC.SPOPropertyBag.Tests.ps1 | 6 - ...t365DSC.SPOSearchManagedProperty.Tests.ps1 | 6 - ...soft365DSC.SPOSearchResultSource.Tests.ps1 | 6 - ...crosoft365DSC.SPOSharingSettings.Tests.ps1 | 6 - .../Microsoft365DSC.SPOSite.Tests.ps1 | 6 - ...osoft365DSC.SPOSiteAuditSettings.Tests.ps1 | 6 - .../Microsoft365DSC.SPOSiteDesign.Tests.ps1 | 6 - ...rosoft365DSC.SPOSiteDesignRights.Tests.ps1 | 6 - .../Microsoft365DSC.SPOSiteGroup.Tests.ps1 | 6 - .../Microsoft365DSC.SPOSiteScript.Tests.ps1 | 6 - ...Microsoft365DSC.SPOStorageEntity.Tests.ps1 | 6 - ...crosoft365DSC.SPOTenantCDNPolicy.Tests.ps1 | 6 - ...rosoft365DSC.SPOTenantCdnEnabled.Tests.ps1 | 6 - ...icrosoft365DSC.SPOTenantSettings.Tests.ps1 | 6 - .../Microsoft365DSC.SPOTheme.Tests.ps1 | 6 - ...oft365DSC.SPOUserProfileProperty.Tests.ps1 | 6 - Tests/Unit/Stubs/Microsoft365.psm1 | 2959 +++++++++++++---- 27 files changed, 2371 insertions(+), 734 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 index 016c96b78e..4204e9809c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 @@ -58,7 +58,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName Update-DeviceConfigurationGroupPolicyDefinitionValue -MockWith { } - } # Test contexts Context -Name 'The IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 should exist but it DOES NOT' -Fixture { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationCustomPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationCustomPolicyWindows10.Tests.ps1 index d628ad4aa6..ad36cdda51 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationCustomPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationCustomPolicyWindows10.Tests.ps1 @@ -48,7 +48,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } - + Mock -CommandName Write-Host -MockWith { + } } # Test contexts Context -Name "The IntuneDeviceConfigurationCustomPolicyWindows10 should exist but it DOES NOT" -Fixture { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ODSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ODSettings.Tests.ps1 index 0679c6109d..898d88d14e 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ODSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.ODSettings.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'Pass@word1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOAccessControlSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOAccessControlSettings.Tests.ps1 index 3fdee76c08..345d7f8f16 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOAccessControlSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOAccessControlSettings.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOApp.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOApp.Tests.ps1 index ebad74aca9..31a599cbe3 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOApp.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOApp.Tests.ps1 @@ -21,11 +21,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOBrowserIdleSignout.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOBrowserIdleSignout.Tests.ps1 index b937f734e6..ca67f9bf94 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOBrowserIdleSignout.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOBrowserIdleSignout.Tests.ps1 @@ -21,12 +21,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOBrowserIdleSignout.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOBrowserIdleSignout.ps1 index 8de39ee5a6..603248851c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOBrowserIdleSignout.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOBrowserIdleSignout.ps1 @@ -22,11 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOHomeSite.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOHomeSite.Tests.ps1 index 4cc00d6c16..7291883335 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOHomeSite.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOHomeSite.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOHubSite.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOHubSite.Tests.ps1 index 4936fa5407..a99791d62f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOHubSite.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOHubSite.Tests.ps1 @@ -21,12 +21,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOOrgAssetsLibrary.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOOrgAssetsLibrary.Tests.ps1 index 6c34d9eecb..c5710112ff 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOOrgAssetsLibrary.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOOrgAssetsLibrary.Tests.ps1 @@ -21,12 +21,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@contoso.com', $secpasswd) $global:tenantName = $Credential.UserName.Split('@')[1].Split('.')[0] diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOPropertyBag.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOPropertyBag.Tests.ps1 index 26f8112f5a..c139c85db2 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOPropertyBag.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOPropertyBag.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSearchManagedProperty.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSearchManagedProperty.Tests.ps1 index 2ac1ccdd6e..2539c5ee79 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSearchManagedProperty.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSearchManagedProperty.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSearchResultSource.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSearchResultSource.Tests.ps1 index 2c3c873382..1b27a9a339 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSearchResultSource.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSearchResultSource.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSharingSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSharingSettings.Tests.ps1 index d32a1bb372..d39260eaea 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSharingSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSharingSettings.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSite.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSite.Tests.ps1 index 0f17c825bb..a12cab5743 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSite.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSite.Tests.ps1 @@ -21,12 +21,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@contoso.onmicrosoft.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteAuditSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteAuditSettings.Tests.ps1 index 5a12e8988c..07638380b9 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteAuditSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteAuditSettings.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'Pass@word1)' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteDesign.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteDesign.Tests.ps1 index bb91ad590f..3742d92b90 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteDesign.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteDesign.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'Pass@word1)' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteDesignRights.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteDesignRights.Tests.ps1 index 63091b4075..b56d9ec7c2 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteDesignRights.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteDesignRights.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'Pass@word1)' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteGroup.Tests.ps1 index d6ab7d04fb..5bf8ccafd1 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteGroup.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteGroup.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'Pass@word1)' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 index be55929918..1b34af81ce 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOSiteScript.Tests.ps1 @@ -39,12 +39,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOStorageEntity.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOStorageEntity.Tests.ps1 index 0e0b136677..acd4bb5b45 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOStorageEntity.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOStorageEntity.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'Pass@word1)' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantCDNPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantCDNPolicy.Tests.ps1 index 447b337582..98bd7a7460 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantCDNPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantCDNPolicy.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'Pass@word1)' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantCdnEnabled.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantCdnEnabled.Tests.ps1 index 6f7847f823..8985d566f8 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantCdnEnabled.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantCdnEnabled.Tests.ps1 @@ -21,12 +21,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@contoso.com', $secpasswd) $global:tenantName = $Credential.UserName.Split('@')[1].Split('.')[0] diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1 index b3083cb4df..e26f89e3d0 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTheme.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTheme.Tests.ps1 index 90178809c8..d9932f7730 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTheme.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTheme.Tests.ps1 @@ -21,12 +21,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOUserProfileProperty.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOUserProfileProperty.Tests.ps1 index 42ec86756e..0a80cde6f9 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOUserProfileProperty.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOUserProfileProperty.Tests.ps1 @@ -22,12 +22,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope BeforeAll { - if ($null -eq (Get-Module PnP.PowerShell)) - { - Import-Module PnP.PowerShell - - } - $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index c3c3487b00..5b121111f5 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -43505,6 +43505,19 @@ function Get-CsOnlineVoicemailPolicy $Identity ) } +function Get-CsTeamsCallHoldPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Identity + ) +} function Get-CsTeamsChannelsPolicy { [CmdletBinding()] @@ -43518,6 +43531,32 @@ function Get-CsTeamsChannelsPolicy $Identity ) } +function Get-CsTeamsComplianceRecordingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Identity + ) +} +function Get-CsTeamsEmergencyCallingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Identity + ) +} function Get-CsTeamsFeedbackPolicy { [CmdletBinding()] @@ -43694,6 +43733,39 @@ function New-CsOnlineVoicemailPolicy $EnableTranscriptionTranslation ) } +function New-CsTeamsCallHoldPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $StreamingSourceUrl, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $AudioFileId, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $StreamingSourceAuthType, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force + ) +} function New-CsTeamsChannelsPolicy { [CmdletBinding()] @@ -43739,6 +43811,92 @@ function New-CsTeamsChannelsPolicy $Force ) } +function New-CsTeamsComplianceRecordingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Boolean] + $RecordReroutedCalls, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $DisableComplianceRecordingAudioNotificationForCalls, + + [Parameter()] + [System.Management.Automation.PSListModifier`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.ComplianceRecordingApplication]] + $ComplianceRecordingApplications, + + [Parameter()] + [System.Boolean] + $WarnUserOnRemoval, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force + ) +} +function New-CsTeamsEmergencyCallingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $NotificationGroup, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $NotificationDialOutNumber, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $EnhancedEmergencyServiceDisclaimer, + + [Parameter()] + [System.Nullable`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.NotificationMode]] + $NotificationMode, + + [Parameter()] + [System.Management.Automation.PSListModifier`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.TeamsEmergencyCallingExtendedNotification]] + $ExtendedNotifications, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Nullable`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.ExternalLocationLookupMode]] + $ExternalLocationLookupMode + ) +} function New-CsTeamsFeedbackPolicy { [CmdletBinding()] @@ -43821,17 +43979,29 @@ function New-CsTeamsMeetingPolicy $ExplicitRecordingConsent, [Parameter()] - [System.Boolean] - $AllowNetworkConfigurationSettingsLookup, + [System.Nullable`1[System.Int64]] + $WatermarkForCameraVideoOpacity, [Parameter()] [System.Boolean] $AllowTranscription, + [Parameter()] + [System.Boolean] + $AllowWatermarkCustomizationForCameraVideo, + [Parameter()] [System.String] $ForceStreamingAttendeeMode, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.String] + $WatermarkForScreenSharingPattern, + [Parameter()] [System.String] $RoomAttributeUserOverride, @@ -43840,6 +44010,10 @@ function New-CsTeamsMeetingPolicy [System.String] $RoomPeopleNameUserOverride, + [Parameter()] + [System.Boolean] + $AllowNetworkConfigurationSettingsLookup, + [Parameter()] [System.String] $AllowUserToJoinExternalMeeting, @@ -43884,6 +44058,10 @@ function New-CsTeamsMeetingPolicy [System.Boolean] $AllowPrivateMeetNow, + [Parameter()] + [System.Boolean] + $AllowExternalNonTrustedMeetingChat, + [Parameter()] [System.String] $AllowEngagementReport, @@ -43892,6 +44070,10 @@ function New-CsTeamsMeetingPolicy [System.Boolean] $AllowWatermarkForCameraVideo, + [Parameter()] + [System.Nullable`1[System.Int64]] + $WatermarkForScreenSharingOpacity, + [Parameter()] [System.Boolean] $AllowWatermarkForScreenSharing, @@ -43904,6 +44086,10 @@ function New-CsTeamsMeetingPolicy [System.Boolean] $AllowOrganizersToOverrideLobbySettings, + [Parameter()] + [System.Boolean] + $AllowWatermarkCustomizationForScreenSharing, + [Parameter()] [System.String] $LiveCaptionsEnabledType, @@ -44008,10 +44194,6 @@ function New-CsTeamsMeetingPolicy [System.Boolean] $AllowSharedNotes, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, - [Parameter()] [System.Boolean] $AllowParticipantGiveRequestControl, @@ -44068,6 +44250,10 @@ function New-CsTeamsMeetingPolicy [System.Boolean] $AllowPSTNUsersToBypassLobby, + [Parameter()] + [System.String] + $WatermarkForCameraVideoPattern, + [Parameter()] [System.Boolean] $AllowCarbonSummary, @@ -44205,6 +44391,10 @@ function New-CsTeamsMessagingPolicy [System.String] $GiphyRatingType, + [Parameter()] + [System.String] + $InOrganizationChatControl, + [Parameter()] [System.Boolean] $AllowUserDeleteChat @@ -44414,6 +44604,23 @@ function Remove-CsOnlineVoicemailPolicy $Identity ) } +function Remove-CsTeamsCallHoldPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity + ) +} function Remove-CsTeamsChannelsPolicy { [CmdletBinding()] @@ -44431,6 +44638,40 @@ function Remove-CsTeamsChannelsPolicy $Identity ) } +function Remove-CsTeamsComplianceRecordingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity + ) +} +function Remove-CsTeamsEmergencyCallingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity + ) +} function Remove-CsTeamsFeedbackPolicy { [CmdletBinding()] @@ -44603,6 +44844,39 @@ function Set-CsOnlineVoicemailPolicy $EnableTranscriptionTranslation ) } +function Set-CsTeamsCallHoldPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $StreamingSourceUrl, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $AudioFileId, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $StreamingSourceAuthType, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force + ) +} function Set-CsTeamsChannelsPolicy { [CmdletBinding()] @@ -44648,6 +44922,92 @@ function Set-CsTeamsChannelsPolicy $Force ) } +function Set-CsTeamsComplianceRecordingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Boolean] + $RecordReroutedCalls, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $DisableComplianceRecordingAudioNotificationForCalls, + + [Parameter()] + [System.Management.Automation.PSListModifier`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.ComplianceRecordingApplication]] + $ComplianceRecordingApplications, + + [Parameter()] + [System.Boolean] + $WarnUserOnRemoval, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $Enabled, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force + ) +} +function Set-CsTeamsEmergencyCallingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $NotificationGroup, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $NotificationDialOutNumber, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $EnhancedEmergencyServiceDisclaimer, + + [Parameter()] + [System.Nullable`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.NotificationMode]] + $NotificationMode, + + [Parameter()] + [System.Management.Automation.PSListModifier`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.TeamsEmergencyCallingExtendedNotification]] + $ExtendedNotifications, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Nullable`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.ExternalLocationLookupMode]] + $ExternalLocationLookupMode + ) +} function Set-CsTeamsFeedbackPolicy { [CmdletBinding()] @@ -44730,17 +45090,29 @@ function Set-CsTeamsMeetingPolicy $ExplicitRecordingConsent, [Parameter()] - [System.Boolean] - $AllowNetworkConfigurationSettingsLookup, + [System.Nullable`1[System.Int64]] + $WatermarkForCameraVideoOpacity, [Parameter()] [System.Boolean] $AllowTranscription, + [Parameter()] + [System.Boolean] + $AllowWatermarkCustomizationForCameraVideo, + [Parameter()] [System.String] $ForceStreamingAttendeeMode, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.String] + $WatermarkForScreenSharingPattern, + [Parameter()] [System.String] $RoomAttributeUserOverride, @@ -44749,6 +45121,10 @@ function Set-CsTeamsMeetingPolicy [System.String] $RoomPeopleNameUserOverride, + [Parameter()] + [System.Boolean] + $AllowNetworkConfigurationSettingsLookup, + [Parameter()] [System.String] $AllowUserToJoinExternalMeeting, @@ -44793,6 +45169,10 @@ function Set-CsTeamsMeetingPolicy [System.Boolean] $AllowPrivateMeetNow, + [Parameter()] + [System.Boolean] + $AllowExternalNonTrustedMeetingChat, + [Parameter()] [System.String] $AllowEngagementReport, @@ -44801,6 +45181,10 @@ function Set-CsTeamsMeetingPolicy [System.Boolean] $AllowWatermarkForCameraVideo, + [Parameter()] + [System.Nullable`1[System.Int64]] + $WatermarkForScreenSharingOpacity, + [Parameter()] [System.Boolean] $AllowWatermarkForScreenSharing, @@ -44813,6 +45197,10 @@ function Set-CsTeamsMeetingPolicy [System.Boolean] $AllowOrganizersToOverrideLobbySettings, + [Parameter()] + [System.Boolean] + $AllowWatermarkCustomizationForScreenSharing, + [Parameter()] [System.String] $LiveCaptionsEnabledType, @@ -44917,10 +45305,6 @@ function Set-CsTeamsMeetingPolicy [System.Boolean] $AllowSharedNotes, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Force, - [Parameter()] [System.Boolean] $AllowParticipantGiveRequestControl, @@ -44977,6 +45361,10 @@ function Set-CsTeamsMeetingPolicy [System.Boolean] $AllowPSTNUsersToBypassLobby, + [Parameter()] + [System.String] + $WatermarkForCameraVideoPattern, + [Parameter()] [System.Boolean] $AllowCarbonSummary, @@ -45114,6 +45502,10 @@ function Set-CsTeamsMessagingPolicy [System.String] $GiphyRatingType, + [Parameter()] + [System.String] + $InOrganizationChatControl, + [Parameter()] [System.Boolean] $AllowUserDeleteChat @@ -45356,6 +45748,39 @@ function Get-CsGroupPolicyAssignment $HttpPipelineAppend ) } +function Get-CsOnlineApplicationInstance +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode, + + [Parameter()] + [System.Int32] + $ResultSize, + + [Parameter()] + [System.String[]] + $Identities + ) +} function Get-CsOnlineDialInConferencingTenantSettings { [CmdletBinding()] @@ -45472,6 +45897,10 @@ function Get-CsOnlineUser { [CmdletBinding()] param( + [Parameter()] + [System.String] + $OrderBy, + [Parameter()] [System.Management.Automation.SwitchParameter] $SkipUserPolicies, @@ -45576,72 +46005,96 @@ function Get-CsOnlineVoiceRoutingPolicy $MsftInternalProcessingMode ) } -function Get-CsOnlineVoiceUser +function Get-CsPhoneNumberAssignment { [CmdletBinding()] param( [Parameter()] - [System.Nullable`1[System.Int32]] - $First, + [System.String] + $NumberType, [Parameter()] - [System.Management.Automation.SwitchParameter] - $NumberAssigned, + [System.String] + $IsoCountryCode, [Parameter()] [System.Management.Automation.SwitchParameter] - $GetFromAAD, + $ProxyUseDefaultCredentials, [Parameter()] - [System.Object] - $EnterpriseVoiceStatus, + [System.String] + $TelephoneNumberLessThan, [Parameter()] [System.String] - $SearchQuery, + $CapabilitiesContain, [Parameter()] - [System.Nullable`1[System.Guid]] - $CivicAddressId, + [System.String] + $ActivationState, [Parameter()] - [System.Object] - $PSTNConnectivity, + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $NumberNotAssigned, + [System.String] + $TelephoneNumber, [Parameter()] - [System.Management.Automation.SwitchParameter] - $ExpandLocation, + [System.String] + $TelephoneNumberStartsWith, [Parameter()] [System.String] - $Identity, + $TelephoneNumberContain, [Parameter()] - [System.Nullable`1[System.Guid]] + [System.Int32] + $Skip, + + [Parameter()] + [System.String] + $CivicAddressId, + + [Parameter()] + [System.String] $LocationId, + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.Uri] + $Proxy, + [Parameter()] [System.String] - $MsftInternalProcessingMode, + $AssignedPstnTargetId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $GetPendingUsers, + [System.String] + $TelephoneNumberGreaterThan, [Parameter()] - [System.Nullable`1[System.Int32]] - $Skip, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] [System.Management.Automation.SwitchParameter] - $Force + $Break, + + [Parameter()] + [System.String] + $PstnAssignmentStatus, + + [Parameter()] + [PSObject] + $HttpPipelineAppend ) } -function Get-CsTeamsCallingPolicy +function Get-CsTeamsAudioConferencingPolicy { [CmdletBinding()] param( @@ -45658,7 +46111,7 @@ function Get-CsTeamsCallingPolicy $MsftInternalProcessingMode ) } -function Get-CsTeamsClientConfiguration +function Get-CsTeamsCallingPolicy { [CmdletBinding()] param( @@ -45675,7 +46128,7 @@ function Get-CsTeamsClientConfiguration $MsftInternalProcessingMode ) } -function Get-CsTeamsEmergencyCallingPolicy +function Get-CsTeamsCallParkPolicy { [CmdletBinding()] param( @@ -45692,7 +46145,7 @@ function Get-CsTeamsEmergencyCallingPolicy $MsftInternalProcessingMode ) } -function Get-CsTeamsEmergencyCallRoutingPolicy +function Get-CsTeamsClientConfiguration { [CmdletBinding()] param( @@ -45709,7 +46162,7 @@ function Get-CsTeamsEmergencyCallRoutingPolicy $MsftInternalProcessingMode ) } -function Get-CsTeamsEventsPolicy +function Get-CsTeamsCortanaPolicy { [CmdletBinding()] param( @@ -45726,7 +46179,7 @@ function Get-CsTeamsEventsPolicy $MsftInternalProcessingMode ) } -function Get-CsTeamsFilesPolicy +function Get-CsTeamsEmergencyCallRoutingPolicy { [CmdletBinding()] param( @@ -45743,7 +46196,7 @@ function Get-CsTeamsFilesPolicy $MsftInternalProcessingMode ) } -function Get-CsTeamsGuestCallingConfiguration +function Get-CsTeamsEnhancedEncryptionPolicy { [CmdletBinding()] param( @@ -45760,7 +46213,7 @@ function Get-CsTeamsGuestCallingConfiguration $MsftInternalProcessingMode ) } -function Get-CsTeamsGuestMeetingConfiguration +function Get-CsTeamsEventsPolicy { [CmdletBinding()] param( @@ -45777,7 +46230,7 @@ function Get-CsTeamsGuestMeetingConfiguration $MsftInternalProcessingMode ) } -function Get-CsTeamsGuestMessagingConfiguration +function Get-CsTeamsFilesPolicy { [CmdletBinding()] param( @@ -45794,7 +46247,7 @@ function Get-CsTeamsGuestMessagingConfiguration $MsftInternalProcessingMode ) } -function Get-CsTeamsIPPhonePolicy +function Get-CsTeamsGuestCallingConfiguration { [CmdletBinding()] param( @@ -45811,14 +46264,10 @@ function Get-CsTeamsIPPhonePolicy $MsftInternalProcessingMode ) } -function Get-CsTeamsMeetingBroadcastConfiguration +function Get-CsTeamsGuestMeetingConfiguration { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ExposeSDNConfigurationJsonBlob, - [Parameter()] [System.String] $Filter, @@ -45832,7 +46281,7 @@ function Get-CsTeamsMeetingBroadcastConfiguration $MsftInternalProcessingMode ) } -function Get-CsTeamsMeetingBroadcastPolicy +function Get-CsTeamsGuestMessagingConfiguration { [CmdletBinding()] param( @@ -45849,7 +46298,7 @@ function Get-CsTeamsMeetingBroadcastPolicy $MsftInternalProcessingMode ) } -function Get-CsTeamsMeetingConfiguration +function Get-CsTeamsIPPhonePolicy { [CmdletBinding()] param( @@ -45866,10 +46315,14 @@ function Get-CsTeamsMeetingConfiguration $MsftInternalProcessingMode ) } -function Get-CsTeamsShiftsPolicy +function Get-CsTeamsMeetingBroadcastConfiguration { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ExposeSDNConfigurationJsonBlob, + [Parameter()] [System.String] $Filter, @@ -45883,7 +46336,7 @@ function Get-CsTeamsShiftsPolicy $MsftInternalProcessingMode ) } -function Get-CsTeamsUpgradeConfiguration +function Get-CsTeamsMeetingBroadcastPolicy { [CmdletBinding()] param( @@ -45900,7 +46353,7 @@ function Get-CsTeamsUpgradeConfiguration $MsftInternalProcessingMode ) } -function Get-CsTeamsUpgradePolicy +function Get-CsTeamsMeetingConfiguration { [CmdletBinding()] param( @@ -45917,7 +46370,7 @@ function Get-CsTeamsUpgradePolicy $MsftInternalProcessingMode ) } -function Get-CsTenant +function Get-CsTeamsMobilityPolicy { [CmdletBinding()] param( @@ -45925,20 +46378,16 @@ function Get-CsTenant [System.String] $Filter, - [Parameter()] - [System.UInt32] - $ResultSize, - [Parameter()] [System.String] - $MsftInternalProcessingMode, + $Identity, [Parameter()] - [System.Object] - $Identity + [System.String] + $MsftInternalProcessingMode ) } -function Get-CsTenantDialPlan +function Get-CsTeamsNetworkRoamingPolicy { [CmdletBinding()] param( @@ -45955,7 +46404,7 @@ function Get-CsTenantDialPlan $MsftInternalProcessingMode ) } -function Get-CsTenantFederationConfiguration +function Get-CsTeamsShiftsPolicy { [CmdletBinding()] param( @@ -45972,17 +46421,242 @@ function Get-CsTenantFederationConfiguration $MsftInternalProcessingMode ) } -function Get-CsUserCallingSettings +function Get-CsTeamsTranslationRule { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Filter, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Get-CsTeamsUnassignedNumberTreatment +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Get-CsTeamsUpgradeConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Get-CsTeamsUpgradePolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Get-CsTeamsVdiPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Get-CsTeamsWorkLoadPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Get-CsTenant +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.UInt32] + $ResultSize, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode, + + [Parameter()] + [System.Object] + $Identity + ) +} +function Get-CsTenantDialPlan +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Get-CsTenantFederationConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Get-CsTenantNetworkRegion +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Get-CsTenantNetworkSite +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Get-CsTenantNetworkSubnet +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Get-CsTenantTrustedIPAddress +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Get-CsUserCallingSettings +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, [Parameter()] [System.Management.Automation.PSCredential] @@ -46047,7 +46721,36 @@ function Grant-CsTeamsUpgradePolicy [Parameter()] [System.String] - $MsftInternalProcessingMode + $MsftInternalProcessingMode, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force + ) +} +function Import-CsOnlineAudioFile +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.Byte[]] + $Content, + + [Parameter()] + [System.String] + $FileName, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force ) } function New-CsEdgeAllowAllKnownDomains @@ -46186,18 +46889,43 @@ function New-CsOnlineVoiceRoutingPolicy $MsftInternalProcessingMode ) } -function New-CsTeamsCallingPolicy +function New-CsTeamsAudioConferencingPolicy { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $AllowWebPSTNCalling, + [System.Object] + $MeetingInvitePhoneNumbers, [Parameter()] - [System.String] - $Description, - + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $AllowTollFreeDialin, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function New-CsTeamsCallingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $AllowWebPSTNCalling, + + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.String] $Identity, @@ -46287,7 +47015,7 @@ function New-CsTeamsCallingPolicy $AllowTranscriptionForCalling ) } -function New-CsTeamsEmergencyCallingPolicy +function New-CsTeamsCallParkPolicy { [CmdletBinding()] param( @@ -46296,8 +47024,16 @@ function New-CsTeamsEmergencyCallingPolicy $Description, [Parameter()] - [System.String] - $NotificationGroup, + [System.Int64] + $ParkTimeoutSeconds, + + [Parameter()] + [System.Boolean] + $AllowCallPark, + + [Parameter()] + [System.Int64] + $PickupRangeEnd, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -46305,27 +47041,52 @@ function New-CsTeamsEmergencyCallingPolicy [Parameter()] [System.String] - $NotificationDialOutNumber, + $Identity, [Parameter()] [System.String] - $Identity, + $MsftInternalProcessingMode, + [Parameter()] + [System.Int64] + $PickupRangeStart + ) +} +function New-CsTeamsCortanaPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $EnhancedEmergencyServiceDisclaimer, + $Description, [Parameter()] - [System.Object] - $NotificationMode, + [System.Boolean] + $AllowCortanaInContextSuggestions, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $MsftInternalProcessingMode, + $CortanaVoiceInvocationMode, + + [Parameter()] + [System.Boolean] + $AllowCortanaVoiceInvocation, [Parameter()] [System.String] - $ExternalLocationLookupMode + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode, + + [Parameter()] + [System.Boolean] + $AllowCortanaAmbientListening ) } function New-CsTeamsEmergencyCallRoutingPolicy @@ -46378,6 +47139,35 @@ function New-CsTeamsEmergencyNumber $MsftInternalProcessingMode ) } +function New-CsTeamsEnhancedEncryptionPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $CallingEndtoEndEncryptionEnabledType, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $MeetingEndToEndEncryption, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} function New-CsTeamsEventsPolicy { [CmdletBinding()] @@ -46518,21 +47308,21 @@ function New-CsTeamsMeetingBroadcastPolicy $Confirm ) } -function New-CsTeamsShiftsPolicy +function New-CsTeamsMobilityPolicy { [CmdletBinding()] param( [Parameter()] [System.String] - $ShiftNoticeMessageType, + $IPVideoMobileMode, [Parameter()] [System.String] - $ShiftNoticeFrequency, + $Description, [Parameter()] - [System.Int64] - $AccessGracePeriodMinutes, + [System.String] + $IPAudioMobileMode, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -46544,15 +47334,32 @@ function New-CsTeamsShiftsPolicy [Parameter()] [System.String] - $ShiftNoticeMessageCustom, + $MsftInternalProcessingMode, [Parameter()] - [System.Boolean] - $EnableScheduleOwnerPermissions, + [System.String] + $MobileDialerPreference + ) +} +function New-CsTeamsNetworkRoamingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $AccessType, + $Identity, + + [Parameter()] + [System.Int64] + $MediaBitRateKb, [Parameter()] [System.String] @@ -46560,28 +47367,28 @@ function New-CsTeamsShiftsPolicy [Parameter()] [System.Boolean] - $EnableShiftPresence + $AllowIPVideo ) } -function New-CsTenantDialPlan +function New-CsTeamsShiftsPolicy { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $OptimizeDeviceDialing, + [System.String] + $ShiftNoticeMessageType, [Parameter()] [System.String] - $Description, + $ShiftNoticeFrequency, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Int64] + $AccessGracePeriodMinutes, [Parameter()] - [System.Object] - $NormalizationRules, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] @@ -46589,18 +47396,26 @@ function New-CsTenantDialPlan [Parameter()] [System.String] - $ExternalAccessPrefix, + $ShiftNoticeMessageCustom, + + [Parameter()] + [System.Boolean] + $EnableScheduleOwnerPermissions, [Parameter()] [System.String] - $SimpleName, + $AccessType, [Parameter()] [System.String] - $MsftInternalProcessingMode + $MsftInternalProcessingMode, + + [Parameter()] + [System.Boolean] + $EnableShiftPresence ) } -function New-CsVoiceNormalizationRule +function New-CsTeamsTranslationRule { [CmdletBinding()] param( @@ -46608,10 +47423,6 @@ function New-CsVoiceNormalizationRule [System.String] $Description, - [Parameter()] - [System.Int32] - $Priority, - [Parameter()] [System.String] $Name, @@ -46626,7 +47437,7 @@ function New-CsVoiceNormalizationRule [Parameter()] [System.String] - $Parent, + $Identity, [Parameter()] [System.String] @@ -46634,73 +47445,57 @@ function New-CsVoiceNormalizationRule [Parameter()] [System.String] - $Identity, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $InMemory, - - [Parameter()] - [System.String] - $MsftInternalProcessingMode, - - [Parameter()] - [System.Boolean] - $IsInternalExtension + $MsftInternalProcessingMode ) } -function Remove-CsGroupPolicyAssignment +function New-CsTeamsUnassignedNumberTreatment { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Int32] + $TreatmentPriority, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.String] + $TreatmentId, [Parameter()] - [System.Uri] - $Proxy, + [System.String] + $Pattern, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PassThru, + [System.String] + $Description, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [PSObject] - $HttpPipelineAppend, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, + [System.String] + $Identity, [Parameter()] [System.String] - $GroupId, + $TargetType, [Parameter()] [System.String] - $PolicyType, + $Target, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break + [System.String] + $MsftInternalProcessingMode ) } -function Remove-CsOnlineVoiceRoute +function New-CsTeamsVdiPolicy { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $DisableCallsAndMeetings, [Parameter()] [System.String] @@ -46708,55 +47503,37 @@ function Remove-CsOnlineVoiceRoute [Parameter()] [System.String] - $MsftInternalProcessingMode - ) -} -function Remove-CsOnlineVoiceRoutingPolicy -{ - [CmdletBinding()] - param( + $MsftInternalProcessingMode, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.String] - $Identity, - - [Parameter()] - [System.String] - $MsftInternalProcessingMode + [System.Boolean] + $DisableAudioVideoInCallsAndMeetings ) } -function Remove-CsPhoneNumberAssignment +function New-CsTeamsWorkLoadPolicy { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $RemoveAll, + [System.String] + $Description, [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.Boolean] + $AllowMeetingPinned, [Parameter()] - [System.String] - $PhoneNumberType, + [System.Boolean] + $AllowCalling, [Parameter()] - [System.String] - $Identity, + [System.Boolean] + $AllowCallingPinned, - [Parameter()] - [System.String] - $PhoneNumber - ) -} -function Remove-CsTeamsCallingPolicy -{ - [CmdletBinding()] - param( [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, @@ -46767,68 +47544,82 @@ function Remove-CsTeamsCallingPolicy [Parameter()] [System.String] - $MsftInternalProcessingMode - ) -} -function Remove-CsTeamsEmergencyCallingPolicy -{ - [CmdletBinding()] - param( + $MsftInternalProcessingMode, + [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Boolean] + $AllowMeeting, [Parameter()] - [System.String] - $Identity, + [System.Boolean] + $AllowMessagingPinned, [Parameter()] - [System.String] - $MsftInternalProcessingMode + [System.Boolean] + $AllowMessaging ) } -function Remove-CsTeamsEmergencyCallRoutingPolicy +function New-CsTenantDialPlan { [CmdletBinding()] param( + [Parameter()] + [System.Boolean] + $OptimizeDeviceDialing, + + [Parameter()] + [System.String] + $Description, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.Object] + $NormalizationRules, + [Parameter()] [System.String] $Identity, + [Parameter()] + [System.String] + $ExternalAccessPrefix, + + [Parameter()] + [System.String] + $SimpleName, + [Parameter()] [System.String] $MsftInternalProcessingMode ) } -function Remove-CsTeamsEventsPolicy +function New-CsTenantNetworkRegion { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $BypassID, [Parameter()] [System.String] - $Identity, + $Description, [Parameter()] [System.String] - $MsftInternalProcessingMode - ) -} -function Remove-CsTeamsFilesPolicy -{ - [CmdletBinding()] - param( + $CentralSite, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.String] + $NetworkRegionID, + [Parameter()] [System.String] $Identity, @@ -46838,31 +47629,50 @@ function Remove-CsTeamsFilesPolicy $MsftInternalProcessingMode ) } -function Remove-CsTeamsIPPhonePolicy +function New-CsTenantNetworkSite { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Description, [Parameter()] [System.String] - $Identity, + $EmergencyCallRoutingPolicy, [Parameter()] [System.String] - $MsftInternalProcessingMode - ) -} -function Remove-CsTeamsMeetingBroadcastPolicy -{ - [CmdletBinding()] - param( + $LocationPolicy, + + [Parameter()] + [System.Boolean] + $EnableLocationBasedRouting, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.String] + $NetworkRegionID, + + [Parameter()] + [System.String] + $SiteAddress, + + [Parameter()] + [System.String] + $NetworkRoamingPolicy, + + [Parameter()] + [System.String] + $EmergencyCallingPolicy, + + [Parameter()] + [System.String] + $NetworkSiteID, + [Parameter()] [System.String] $Identity, @@ -46872,10 +47682,18 @@ function Remove-CsTeamsMeetingBroadcastPolicy $MsftInternalProcessingMode ) } -function Remove-CsTeamsShiftsPolicy +function New-CsTenantNetworkSubnet { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $SubnetID, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, @@ -46884,15 +47702,31 @@ function Remove-CsTeamsShiftsPolicy [System.String] $Identity, + [Parameter()] + [System.String] + $NetworkSiteID, + + [Parameter()] + [System.Int32] + $MaskBits, + [Parameter()] [System.String] $MsftInternalProcessingMode ) } -function Remove-CsTenantDialPlan +function New-CsTenantTrustedIPAddress { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $IPAddress, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, @@ -46901,105 +47735,127 @@ function Remove-CsTenantDialPlan [System.String] $Identity, + [Parameter()] + [System.Nullable`1[System.Int32]] + $MaskBits, + [Parameter()] [System.String] $MsftInternalProcessingMode ) } -function Set-CsOnlineDialInConferencingTenantSettings +function New-CsVoiceNormalizationRule { [CmdletBinding()] param( [Parameter()] [System.String] - $Identity, + $Description, [Parameter()] - [System.Boolean] - $IncludeTollFreeNumberInMeetingInvites, + [System.Int32] + $Priority, [Parameter()] [System.String] - $EntryExitAnnouncementsType, + $Name, [Parameter()] - [System.Boolean] - $MigrateServiceNumbersOnCrossForestMove, + [System.String] + $Pattern, [Parameter()] - [System.Object] - $AllowedDialOutExternalDomains, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Boolean] - $AutomaticallyReplaceAcpProvider, + [System.String] + $Parent, [Parameter()] [System.String] - $AllowFederatedUsersToDialOutToSelf, + $Translation, [Parameter()] [System.String] - $SendEmailFromAddress, + $Identity, [Parameter()] - [System.Boolean] - $SendEmailFromOverride, + [System.Management.Automation.SwitchParameter] + $InMemory, [Parameter()] - [System.Boolean] - $EnableNameRecording, + [System.String] + $MsftInternalProcessingMode, [Parameter()] [System.Boolean] - $AutomaticallyMigrateUserMeetings, + $IsInternalExtension + ) +} +function Remove-CsGroupPolicyAssignment +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.Management.Automation.PSCredential] + $ProxyCredential, [Parameter()] - [System.UInt32] - $PinLength, + [System.Uri] + $Proxy, [Parameter()] - [System.Boolean] - $UseUniqueConferenceIds, + [System.Management.Automation.SwitchParameter] + $PassThru, [Parameter()] - [System.Boolean] - $AutomaticallySendEmailsToUsers, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Boolean] - $AllowPSTNOnlyMeetingsByDefault, + [PSObject] + $HttpPipelineAppend, [Parameter()] - [System.Boolean] - $EnableEntryExitNotifications, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $MsftInternalProcessingMode, + $GroupId, [Parameter()] - [System.Boolean] - $EnableDialOutJoinConfirmation, + [System.String] + $PolicyType, [Parameter()] - [System.String] - $AllowFederatedUsersToDialOutToThirdParty, + [System.Management.Automation.SwitchParameter] + $Break + ) +} +function Remove-CsOnlineVoiceRoute +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $SendEmailFromDisplayName, + $Identity, [Parameter()] [System.String] - $MaskPstnNumbersType + $MsftInternalProcessingMode ) } -function Set-CsOnlinePstnUsage +function Remove-CsOnlineVoiceRoutingPolicy { [CmdletBinding()] param( @@ -47007,10 +47863,6 @@ function Set-CsOnlinePstnUsage [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [System.Object] - $Usage, - [Parameter()] [System.String] $Identity, @@ -47020,57 +47872,570 @@ function Set-CsOnlinePstnUsage $MsftInternalProcessingMode ) } -function Set-CsOnlineVoicemailUserSettings +function Remove-CsPhoneNumberAssignment { [CmdletBinding()] param( [Parameter()] [System.Management.Automation.SwitchParameter] - $Force, + $RemoveAll, [Parameter()] [PSObject] $HttpPipelinePrepend, [Parameter()] - [System.Boolean] - $OofGreetingEnabled, + [System.String] + $PhoneNumberType, [Parameter()] [System.String] - $PromptLanguage, + $Identity, [Parameter()] - [System.Boolean] - $ShareData, - + [System.String] + $PhoneNumber + ) +} +function Remove-CsTeamsAudioConferencingPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] [System.String] - $DefaultOofGreetingPromptOverwrite, + $Identity, [Parameter()] [System.String] - $TransferTarget, + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsCallingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] $Identity, [Parameter()] - [System.Boolean] - $VoicemailEnabled, - + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsCallParkPolicy +{ + [CmdletBinding()] + param( [Parameter()] - [System.Boolean] - $OofGreetingFollowCalendarEnabled, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $DefaultGreetingPromptOverwrite, + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsCortanaPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsEmergencyCallRoutingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsEnhancedEncryptionPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsEventsPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsFilesPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsIPPhonePolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsMeetingBroadcastPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsMobilityPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsNetworkRoamingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsShiftsPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsTranslationRule +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsUnassignedNumberTreatment +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsVdiPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTeamsWorkLoadPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTenantDialPlan +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTenantNetworkRegion +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTenantNetworkSite +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTenantNetworkSubnet +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Remove-CsTenantTrustedIPAddress +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Set-CsOnlineDialInConferencingTenantSettings +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $IncludeTollFreeNumberInMeetingInvites, + + [Parameter()] + [System.String] + $EntryExitAnnouncementsType, + + [Parameter()] + [System.Boolean] + $MigrateServiceNumbersOnCrossForestMove, + + [Parameter()] + [System.Object] + $AllowedDialOutExternalDomains, + + [Parameter()] + [System.Boolean] + $AutomaticallyReplaceAcpProvider, + + [Parameter()] + [System.String] + $AllowFederatedUsersToDialOutToSelf, + + [Parameter()] + [System.String] + $SendEmailFromAddress, + + [Parameter()] + [System.Boolean] + $SendEmailFromOverride, + + [Parameter()] + [System.Boolean] + $EnableNameRecording, + + [Parameter()] + [System.Boolean] + $AutomaticallyMigrateUserMeetings, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.UInt32] + $PinLength, + + [Parameter()] + [System.Boolean] + $UseUniqueConferenceIds, + + [Parameter()] + [System.Boolean] + $AutomaticallySendEmailsToUsers, + + [Parameter()] + [System.Boolean] + $AllowPSTNOnlyMeetingsByDefault, + + [Parameter()] + [System.Boolean] + $EnableEntryExitNotifications, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode, + + [Parameter()] + [System.Boolean] + $EnableDialOutJoinConfirmation, + + [Parameter()] + [System.String] + $AllowFederatedUsersToDialOutToThirdParty, + + [Parameter()] + [System.String] + $SendEmailFromDisplayName, + + [Parameter()] + [System.String] + $MaskPstnNumbersType + ) +} +function Set-CsOnlinePstnUsage +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Usage, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Set-CsOnlineVoicemailUserSettings +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Force, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Boolean] + $OofGreetingEnabled, + + [Parameter()] + [System.String] + $PromptLanguage, + + [Parameter()] + [System.Boolean] + $ShareData, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $DefaultOofGreetingPromptOverwrite, + + [Parameter()] + [System.String] + $TransferTarget, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $VoicemailEnabled, + + [Parameter()] + [System.Boolean] + $OofGreetingFollowCalendarEnabled, + + [Parameter()] + [System.String] + $DefaultGreetingPromptOverwrite, [Parameter()] [System.Boolean] @@ -47081,25 +48446,250 @@ function Set-CsOnlineVoicemailUserSettings $CallAnswerRule ) } -function Set-CsOnlineVoiceRoute +function Set-CsOnlineVoiceRoute +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $BridgeSourcePhoneNumber, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Int32] + $Priority, + + [Parameter()] + [System.Object] + $OnlinePstnGatewayList, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $NumberPattern, + + [Parameter()] + [System.Object] + $OnlinePstnUsages, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Set-CsOnlineVoiceRoutingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $RouteType, + + [Parameter()] + [System.Object] + $OnlinePstnUsages, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Set-CsPhoneNumberAssignment +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Boolean] + $EnterpriseVoiceEnabled, + + [Parameter()] + [System.String] + $PhoneNumberType, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $LocationId, + + [Parameter()] + [System.String] + $PhoneNumber + ) +} +function Set-CsTeamsAudioConferencingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $MeetingInvitePhoneNumbers, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $AllowTollFreeDialin, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Set-CsTeamsCallingPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Boolean] + $AllowWebPSTNCalling, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.Boolean] + $PreventTollBypass, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $AllowCloudRecordingForCalls, + + [Parameter()] + [System.String] + $AllowCallRedirect, + + [Parameter()] + [System.Boolean] + $AllowCallGroups, + + [Parameter()] + [System.String] + $SpamFilteringEnabledType, + + [Parameter()] + [System.Boolean] + $AllowSIPDevicesCalling, + + [Parameter()] + [System.String] + $PopoutAppPathForIncomingPstnCalls, + + [Parameter()] + [System.String] + $BusyOnBusyEnabledType, + + [Parameter()] + [System.String] + $AllowVoicemail, + + [Parameter()] + [System.String] + $PopoutForIncomingPstnCalls, + + [Parameter()] + [System.String] + $MusicOnHoldEnabledType, + + [Parameter()] + [System.Boolean] + $AllowCallForwardingToUser, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode, + + [Parameter()] + [System.Boolean] + $AllowCallForwardingToPhone, + + [Parameter()] + [System.Boolean] + $AllowPrivateCalling, + + [Parameter()] + [System.String] + $LiveCaptionsEnabledTypeForCalling, + + [Parameter()] + [System.Boolean] + $AllowDelegation, + + [Parameter()] + [System.Int64] + $CallRecordingExpirationDays, + + [Parameter()] + [System.String] + $AutoAnswerEnabledType, + + [Parameter()] + [System.Boolean] + $AllowTranscriptionForCalling + ) +} +function Set-CsTeamsCallParkPolicy { [CmdletBinding()] param( [Parameter()] [System.String] - $BridgeSourcePhoneNumber, + $Description, [Parameter()] - [System.String] - $Description, + [System.Int64] + $ParkTimeoutSeconds, [Parameter()] - [System.Int32] - $Priority, + [System.Boolean] + $AllowCallPark, [Parameter()] - [System.Object] - $OnlinePstnGatewayList, + [System.Int64] + $PickupRangeEnd, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -47111,61 +48701,113 @@ function Set-CsOnlineVoiceRoute [Parameter()] [System.String] - $NumberPattern, - - [Parameter()] - [System.Object] - $OnlinePstnUsages, + $MsftInternalProcessingMode, [Parameter()] - [System.String] - $MsftInternalProcessingMode + [System.Int64] + $PickupRangeStart ) } -function Set-CsOnlineVoiceRoutingPolicy +function Set-CsTeamsClientConfiguration { [CmdletBinding()] param( + [Parameter()] + [System.Boolean] + $AllowEmailIntoChannel, + [Parameter()] [System.String] - $RouteType, + $RestrictedSenderList, [Parameter()] - [System.Object] - $OnlinePstnUsages, + [System.String] + $Identity, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [System.Boolean] + $AllowGoogleDrive, + + [Parameter()] + [System.Boolean] + $AllowSkypeBusinessInterop, + + [Parameter()] + [System.Boolean] + $AllowScopedPeopleSearchandAccess, + + [Parameter()] + [System.Boolean] + $AllowGuestUser, + + [Parameter()] + [System.Boolean] + $AllowShareFile, + + [Parameter()] + [System.Boolean] + $AllowDropBox, + + [Parameter()] + [System.Boolean] + $AllowOrganizationTab, + [Parameter()] [System.String] - $Identity, + $ResourceAccountContentAccess, + + [Parameter()] + [System.Boolean] + $AllowRoleBasedChatPermissions, + + [Parameter()] + [System.Boolean] + $AllowEgnyte, + + [Parameter()] + [System.Boolean] + $AllowBox, + + [Parameter()] + [System.Boolean] + $AllowResourceAccountSendMessage, [Parameter()] [System.String] - $Description, + $ContentPin, [Parameter()] [System.String] $MsftInternalProcessingMode ) } -function Set-CsPhoneNumberAssignment +function Set-CsTeamsCortanaPolicy { [CmdletBinding()] param( [Parameter()] - [PSObject] - $HttpPipelinePrepend, + [System.String] + $Description, [Parameter()] [System.Boolean] - $EnterpriseVoiceEnabled, + $AllowCortanaInContextSuggestions, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $PhoneNumberType, + $CortanaVoiceInvocationMode, + + [Parameter()] + [System.Boolean] + $AllowCortanaVoiceInvocation, [Parameter()] [System.String] @@ -47173,202 +48815,300 @@ function Set-CsPhoneNumberAssignment [Parameter()] [System.String] - $LocationId, + $MsftInternalProcessingMode, [Parameter()] - [System.String] - $PhoneNumber + [System.Boolean] + $AllowCortanaAmbientListening ) } -function Set-CsTeamsCallingPolicy +function Set-CsTeamsEmergencyCallRoutingPolicy { [CmdletBinding()] param( + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $EmergencyNumbers, + [Parameter()] [System.Boolean] - $AllowWebPSTNCalling, + $AllowEnhancedEmergencyServices, + + [Parameter()] + [System.String] + $Identity, + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Set-CsTeamsEnhancedEncryptionPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.String] $Description, + [Parameter()] + [System.String] + $CallingEndtoEndEncryptionEnabledType, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.String] + $MeetingEndToEndEncryption, + [Parameter()] [System.String] $Identity, [Parameter()] - [System.Boolean] - $PreventTollBypass, + [System.String] + $MsftInternalProcessingMode + ) +} +function Set-CsTeamsEventsPolicy +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Boolean] - $AllowCloudRecordingForCalls, + [System.String] + $ForceStreamingAttendeeMode, [Parameter()] [System.String] - $AllowCallRedirect, + $Identity, [Parameter()] - [System.Boolean] - $AllowCallGroups, + [System.String] + $EventAccessType, [Parameter()] [System.String] - $SpamFilteringEnabledType, + $AllowWebinars, [Parameter()] - [System.Boolean] - $AllowSIPDevicesCalling, - + [System.String] + $MsftInternalProcessingMode + ) +} +function Set-CsTeamsFilesPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.String] - $PopoutAppPathForIncomingPstnCalls, + $SPChannelFilesTab, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $BusyOnBusyEnabledType, + $NativeFileEntryPoints, [Parameter()] [System.String] - $AllowVoicemail, + $Identity, [Parameter()] [System.String] - $PopoutForIncomingPstnCalls, + $MsftInternalProcessingMode + ) +} +function Set-CsTeamsGuestCallingConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $MusicOnHoldEnabledType, + $Identity, [Parameter()] [System.Boolean] - $AllowCallForwardingToUser, + $AllowPrivateCalling, [Parameter()] [System.String] - $MsftInternalProcessingMode, + $MsftInternalProcessingMode + ) +} +function Set-CsTeamsGuestMeetingConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $ScreenSharingMode, [Parameter()] - [System.Boolean] - $AllowCallForwardingToPhone, + [System.String] + $LiveCaptionsEnabledType, [Parameter()] [System.Boolean] - $AllowPrivateCalling, + $AllowMeetNow, [Parameter()] - [System.String] - $LiveCaptionsEnabledTypeForCalling, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Boolean] - $AllowDelegation, + $AllowTranscription, [Parameter()] - [System.Int64] - $CallRecordingExpirationDays, + [System.String] + $Identity, [Parameter()] [System.String] - $AutoAnswerEnabledType, + $MsftInternalProcessingMode, [Parameter()] [System.Boolean] - $AllowTranscriptionForCalling + $AllowIPVideo ) } -function Set-CsTeamsClientConfiguration +function Set-CsTeamsGuestMessagingConfiguration { [CmdletBinding()] param( + [Parameter()] + [System.String] + $GiphyRatingType, + [Parameter()] [System.Boolean] - $AllowEmailIntoChannel, + $AllowUserChat, + + [Parameter()] + [System.Boolean] + $AllowUserDeleteChat, + + [Parameter()] + [System.Boolean] + $AllowUserDeleteMessage, + + [Parameter()] + [System.Boolean] + $AllowGiphy, + + [Parameter()] + [System.Boolean] + $AllowStickers, [Parameter()] - [System.String] - $RestrictedSenderList, + [System.Boolean] + $AllowUserEditMessage, [Parameter()] [System.String] $Identity, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] [System.Boolean] - $AllowGoogleDrive, + $AllowImmersiveReader, [Parameter()] - [System.Boolean] - $AllowSkypeBusinessInterop, + [System.String] + $MsftInternalProcessingMode, [Parameter()] - [System.Boolean] - $AllowScopedPeopleSearchandAccess, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Boolean] - $AllowGuestUser, - + $AllowMemes + ) +} +function Set-CsTeamsIPPhonePolicy +{ + [CmdletBinding()] + param( [Parameter()] - [System.Boolean] - $AllowShareFile, + [System.String] + $Description, [Parameter()] - [System.Boolean] - $AllowDropBox, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Boolean] - $AllowOrganizationTab, + $AllowHotDesking, [Parameter()] [System.String] - $ResourceAccountContentAccess, + $SearchOnCommonAreaPhoneMode, [Parameter()] - [System.Boolean] - $AllowRoleBasedChatPermissions, + [System.Int64] + $HotDeskingIdleTimeoutInMinutes, [Parameter()] - [System.Boolean] - $AllowEgnyte, + [System.String] + $SignInMode, [Parameter()] - [System.Boolean] - $AllowBox, + [System.String] + $MsftInternalProcessingMode, [Parameter()] - [System.Boolean] - $AllowResourceAccountSendMessage, + [System.String] + $AllowBetterTogether, [Parameter()] [System.String] - $ContentPin, + $AllowHomeScreen, [Parameter()] [System.String] - $MsftInternalProcessingMode + $Identity ) } -function Set-CsTeamsEmergencyCallingPolicy +function Set-CsTeamsMeetingBroadcastConfiguration { [CmdletBinding()] param( + [Parameter()] + [System.Boolean] + $AllowSdnProviderForBroadcastMeeting, + [Parameter()] [System.String] - $Description, + $SdnRuntimeConfiguration, [Parameter()] [System.String] - $NotificationGroup, + $SdnProviderName, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -47376,30 +49116,30 @@ function Set-CsTeamsEmergencyCallingPolicy [Parameter()] [System.String] - $NotificationDialOutNumber, + $Identity, [Parameter()] [System.String] - $Identity, + $SdnLicenseId, [Parameter()] [System.String] - $EnhancedEmergencyServiceDisclaimer, + $SupportURL, [Parameter()] - [System.Object] - $NotificationMode, + [System.String] + $MsftInternalProcessingMode, [Parameter()] [System.String] - $MsftInternalProcessingMode, + $SdnApiToken, [Parameter()] [System.String] - $ExternalLocationLookupMode + $SdnApiTemplateUrl ) } -function Set-CsTeamsEmergencyCallRoutingPolicy +function Set-CsTeamsMeetingBroadcastPolicy { [CmdletBinding()] param( @@ -47408,16 +49148,12 @@ function Set-CsTeamsEmergencyCallRoutingPolicy $Description, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object] - $EmergencyNumbers, + [System.String] + $BroadcastAttendeeVisibilityMode, [Parameter()] [System.Boolean] - $AllowEnhancedEmergencyServices, + $AllowBroadcastTranscription, [Parameter()] [System.String] @@ -47425,16 +49161,36 @@ function Set-CsTeamsEmergencyCallRoutingPolicy [Parameter()] [System.String] - $MsftInternalProcessingMode + $BroadcastRecordingMode, + + [Parameter()] + [System.Boolean] + $AllowBroadcastScheduling, + + [Parameter()] + [System.String] + $MsftInternalProcessingMode, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm ) } -function Set-CsTeamsEventsPolicy +function Set-CsTeamsMeetingConfiguration { [CmdletBinding()] param( + [Parameter()] + [System.UInt32] + $ClientVideoPortRange, + + [Parameter()] + [System.Boolean] + $DisableAnonymousJoin, + [Parameter()] [System.String] - $Description, + $Identity, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -47442,54 +49198,73 @@ function Set-CsTeamsEventsPolicy [Parameter()] [System.String] - $ForceStreamingAttendeeMode, + $HelpURL, [Parameter()] - [System.String] - $Identity, + [System.Boolean] + $EnableQoS, [Parameter()] - [System.String] - $EventAccessType, + [System.UInt32] + $ClientAppSharingPortRange, [Parameter()] - [System.String] - $AllowWebinars, + [System.Boolean] + $DisableAppInteractionForAnonymousUsers, [Parameter()] [System.String] - $MsftInternalProcessingMode - ) -} -function Set-CsTeamsFilesPolicy -{ - [CmdletBinding()] - param( + $LogoURL, + + [Parameter()] + [System.UInt32] + $ClientAppSharingPort, + [Parameter()] [System.String] - $SPChannelFilesTab, + $CustomFooterText, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.UInt32] + $ClientVideoPort, [Parameter()] - [System.String] - $NativeFileEntryPoints, + [System.UInt32] + $ClientAudioPortRange, + + [Parameter()] + [System.Boolean] + $ClientMediaPortRangeEnabled, + + [Parameter()] + [System.UInt32] + $ClientAudioPort, [Parameter()] [System.String] - $Identity, + $MsftInternalProcessingMode, [Parameter()] [System.String] - $MsftInternalProcessingMode + $LegalURL ) } -function Set-CsTeamsGuestCallingConfiguration +function Set-CsTeamsMobilityPolicy { [CmdletBinding()] param( + [Parameter()] + [System.String] + $IPVideoMobileMode, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [System.String] + $IPAudioMobileMode, + [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, @@ -47499,42 +49274,34 @@ function Set-CsTeamsGuestCallingConfiguration $Identity, [Parameter()] - [System.Boolean] - $AllowPrivateCalling, + [System.String] + $MsftInternalProcessingMode, [Parameter()] [System.String] - $MsftInternalProcessingMode + $MobileDialerPreference ) } -function Set-CsTeamsGuestMeetingConfiguration +function Set-CsTeamsNetworkRoamingPolicy { [CmdletBinding()] param( [Parameter()] [System.String] - $ScreenSharingMode, - - [Parameter()] - [System.String] - $LiveCaptionsEnabledType, - - [Parameter()] - [System.Boolean] - $AllowMeetNow, + $Description, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, - [Parameter()] - [System.Boolean] - $AllowTranscription, - [Parameter()] [System.String] $Identity, + [Parameter()] + [System.Int64] + $MediaBitRateKb, + [Parameter()] [System.String] $MsftInternalProcessingMode, @@ -47544,119 +49311,95 @@ function Set-CsTeamsGuestMeetingConfiguration $AllowIPVideo ) } -function Set-CsTeamsGuestMessagingConfiguration +function Set-CsTeamsShiftsPolicy { [CmdletBinding()] param( [Parameter()] [System.String] - $GiphyRatingType, + $ShiftNoticeMessageType, [Parameter()] - [System.Boolean] - $AllowUserChat, + [System.String] + $ShiftNoticeFrequency, [Parameter()] - [System.Boolean] - $AllowUserDeleteChat, + [System.Int64] + $AccessGracePeriodMinutes, [Parameter()] - [System.Boolean] - $AllowUserDeleteMessage, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Boolean] - $AllowGiphy, + [System.String] + $Identity, [Parameter()] - [System.Boolean] - $AllowStickers, + [System.String] + $ShiftNoticeMessageCustom, [Parameter()] [System.Boolean] - $AllowUserEditMessage, + $EnableScheduleOwnerPermissions, [Parameter()] [System.String] - $Identity, - - [Parameter()] - [System.Boolean] - $AllowImmersiveReader, + $AccessType, [Parameter()] [System.String] $MsftInternalProcessingMode, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] [System.Boolean] - $AllowMemes + $EnableShiftPresence ) } -function Set-CsTeamsIPPhonePolicy +function Set-CsTeamsTranslationRule { [CmdletBinding()] param( [Parameter()] [System.String] - $Description, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Boolean] - $AllowHotDesking, - - [Parameter()] - [System.String] - $SearchOnCommonAreaPhoneMode, - - [Parameter()] - [System.Int64] - $HotDeskingIdleTimeoutInMinutes, + $Description, [Parameter()] [System.String] - $SignInMode, + $Pattern, [Parameter()] - [System.String] - $MsftInternalProcessingMode, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $AllowBetterTogether, + $Identity, [Parameter()] [System.String] - $AllowHomeScreen, + $Translation, [Parameter()] [System.String] - $Identity + $MsftInternalProcessingMode ) } -function Set-CsTeamsMeetingBroadcastConfiguration +function Set-CsTeamsUnassignedNumberTreatment { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $AllowSdnProviderForBroadcastMeeting, + [System.Int32] + $TreatmentPriority, [Parameter()] [System.String] - $SdnRuntimeConfiguration, + $Pattern, [Parameter()] [System.String] - $SdnProviderName, + $Description, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -47668,40 +49411,28 @@ function Set-CsTeamsMeetingBroadcastConfiguration [Parameter()] [System.String] - $SdnLicenseId, - - [Parameter()] - [System.String] - $SupportURL, - - [Parameter()] - [System.String] - $MsftInternalProcessingMode, + $TargetType, [Parameter()] [System.String] - $SdnApiToken, + $Target, [Parameter()] [System.String] - $SdnApiTemplateUrl + $MsftInternalProcessingMode ) } -function Set-CsTeamsMeetingBroadcastPolicy +function Set-CsTeamsUpgradeConfiguration { [CmdletBinding()] param( [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $BroadcastAttendeeVisibilityMode, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.Boolean] - $AllowBroadcastTranscription, + $DownloadTeams, [Parameter()] [System.String] @@ -47709,11 +49440,24 @@ function Set-CsTeamsMeetingBroadcastPolicy [Parameter()] [System.String] - $BroadcastRecordingMode, + $SfBMeetingJoinUx, + [Parameter()] + [System.String] + $MsftInternalProcessingMode + ) +} +function Set-CsTeamsVdiPolicy +{ + [CmdletBinding()] + param( [Parameter()] [System.Boolean] - $AllowBroadcastScheduling, + $DisableCallsAndMeetings, + + [Parameter()] + [System.String] + $Identity, [Parameter()] [System.String] @@ -47721,24 +49465,32 @@ function Set-CsTeamsMeetingBroadcastPolicy [Parameter()] [System.Management.Automation.SwitchParameter] - $Confirm + $Confirm, + + [Parameter()] + [System.Boolean] + $DisableAudioVideoInCallsAndMeetings ) } -function Set-CsTeamsMeetingConfiguration +function Set-CsTeamsWorkLoadPolicy { [CmdletBinding()] param( [Parameter()] - [System.UInt32] - $ClientVideoPortRange, + [System.String] + $Description, [Parameter()] [System.Boolean] - $DisableAnonymousJoin, + $AllowMeetingPinned, [Parameter()] - [System.String] - $Identity, + [System.Boolean] + $AllowCalling, + + [Parameter()] + [System.Boolean] + $AllowCallingPinned, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -47746,92 +49498,105 @@ function Set-CsTeamsMeetingConfiguration [Parameter()] [System.String] - $HelpURL, + $Identity, [Parameter()] - [System.Boolean] - $EnableQoS, + [System.String] + $MsftInternalProcessingMode, [Parameter()] - [System.UInt32] - $ClientAppSharingPortRange, + [System.Boolean] + $AllowMeeting, [Parameter()] [System.Boolean] - $DisableAppInteractionForAnonymousUsers, + $AllowMessagingPinned, [Parameter()] - [System.String] - $LogoURL, - + [System.Boolean] + $AllowMessaging + ) +} +function Set-CsTenantDialPlan +{ + [CmdletBinding()] + param( [Parameter()] - [System.UInt32] - $ClientAppSharingPort, + [System.Boolean] + $OptimizeDeviceDialing, [Parameter()] [System.String] - $CustomFooterText, + $Description, [Parameter()] - [System.UInt32] - $ClientVideoPort, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.UInt32] - $ClientAudioPortRange, + [System.Object] + $NormalizationRules, [Parameter()] - [System.Boolean] - $ClientMediaPortRangeEnabled, + [System.String] + $Identity, [Parameter()] - [System.UInt32] - $ClientAudioPort, + [System.String] + $ExternalAccessPrefix, [Parameter()] [System.String] - $MsftInternalProcessingMode, + $SimpleName, [Parameter()] [System.String] - $LegalURL + $MsftInternalProcessingMode ) } -function Set-CsTeamsShiftsPolicy +function Set-CsTenantFederationConfiguration { [CmdletBinding()] param( [Parameter()] - [System.String] - $ShiftNoticeMessageType, + [System.Boolean] + $AllowTeamsConsumerInbound, [Parameter()] - [System.String] - $ShiftNoticeFrequency, + [System.Boolean] + $SharedSipAddressSpace, [Parameter()] - [System.Int64] - $AccessGracePeriodMinutes, + [System.Object] + $BlockedDomains, + + [Parameter()] + [System.Boolean] + $TreatDiscoveredPartnersAsUnverified, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.String] - $Identity, + [System.Boolean] + $AllowTeamsConsumer, [Parameter()] - [System.String] - $ShiftNoticeMessageCustom, + [System.Object] + $AllowedDomainsAsAList, [Parameter()] - [System.Boolean] - $EnableScheduleOwnerPermissions, + [System.Object] + $AllowedDomains, [Parameter()] [System.String] - $AccessType, + $Identity, + + [Parameter()] + [System.Boolean] + $AllowPublicUsers, [Parameter()] [System.String] @@ -47839,126 +49604,139 @@ function Set-CsTeamsShiftsPolicy [Parameter()] [System.Boolean] - $EnableShiftPresence + $AllowFederatedUsers, + + [Parameter()] + [System.Boolean] + $RestrictTeamsConsumerToExternalUserProfiles ) } -function Set-CsTeamsUpgradeConfiguration +function Set-CsTenantNetworkRegion { [CmdletBinding()] param( [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, + [System.String] + $Description, [Parameter()] - [System.Boolean] - $DownloadTeams, + [System.String] + $CentralSite, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $Identity, + $NetworkRegionID, [Parameter()] [System.String] - $SfBMeetingJoinUx, + $Identity, [Parameter()] [System.String] $MsftInternalProcessingMode ) } -function Set-CsTenantDialPlan +function Set-CsTenantNetworkSite { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $OptimizeDeviceDialing, + [System.String] + $Description, [Parameter()] [System.String] - $Description, + $EmergencyCallRoutingPolicy, + + [Parameter()] + [System.Boolean] + $EnableLocationBasedRouting, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Object] - $NormalizationRules, + [System.String] + $NetworkRegionID, [Parameter()] [System.String] - $Identity, + $NetworkRoamingPolicy, [Parameter()] [System.String] - $ExternalAccessPrefix, + $EmergencyCallingPolicy, [Parameter()] [System.String] - $SimpleName, + $LocationPolicy, + + [Parameter()] + [System.String] + $Identity, [Parameter()] [System.String] $MsftInternalProcessingMode ) } -function Set-CsTenantFederationConfiguration +function Set-CsTenantNetworkSubnet { [CmdletBinding()] param( [Parameter()] - [System.Boolean] - $AllowTeamsConsumerInbound, - - [Parameter()] - [System.Boolean] - $SharedSipAddressSpace, - - [Parameter()] - [System.Object] - $BlockedDomains, - - [Parameter()] - [System.Boolean] - $TreatDiscoveredPartnersAsUnverified, + [System.String] + $Description, [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, [Parameter()] - [System.Boolean] - $AllowTeamsConsumer, + [System.String] + $Identity, [Parameter()] - [System.Object] - $AllowedDomainsAsAList, + [System.String] + $NetworkSiteID, [Parameter()] - [System.Object] - $AllowedDomains, + [System.Int32] + $MaskBits, [Parameter()] [System.String] - $Identity, + $MsftInternalProcessingMode + ) +} +function Set-CsTenantTrustedIPAddress +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Description, [Parameter()] - [System.Boolean] - $AllowPublicUsers, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] - $MsftInternalProcessingMode, + $Identity, [Parameter()] - [System.Boolean] - $AllowFederatedUsers, + [System.Nullable`1[System.Int32]] + $MaskBits, [Parameter()] - [System.Boolean] - $RestrictTeamsConsumerToExternalUserProfiles + [System.String] + $MsftInternalProcessingMode ) } function Set-CsUser @@ -48092,6 +49870,7 @@ function Set-CsUserCallingSettings ) } #endregion + #region MgDeviceAppMgtMdmWindowInformationProtectionPolicy function Get-MgDeviceAppMgtMdmWindowInformationProtectionPolicy { From 40555115f7fc40c7fac4a9a671b3fe9b1782ca0d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 12 Apr 2023 13:52:27 +0000 Subject: [PATCH 60/64] Updated Resources and Cmdlet documentation pages --- .../resources/office365/O365OrgSettings.md | 2 +- ...O365SearchAndIntelligenceConfigurations.md | 68 +++++++++++++++++++ 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 docs/docs/resources/office365/O365SearchAndIntelligenceConfigurations.md diff --git a/docs/docs/resources/office365/O365OrgSettings.md b/docs/docs/resources/office365/O365OrgSettings.md index 833d81197e..c6266ceebd 100644 --- a/docs/docs/resources/office365/O365OrgSettings.md +++ b/docs/docs/resources/office365/O365OrgSettings.md @@ -7,7 +7,7 @@ | **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes' | `Yes` | | **CortanaEnabled** | Write | Boolean | Allow Cortana in windows 10 (version 1909 and earlier), and the Cortana app on iOS and Android, to access Microsoft-hosted data on behalf of people in your organization. | | | **M365WebEnableUsersToOpenFilesFrom3PStorage** | Write | Boolean | Let users open files stored in third-party storage services in Microsoft 365 on the Web. | | -| **Ensure** | Write | String | Since there is only one setting availble, this must be set to 'Present' | `Present` | +| **Ensure** | Write | String | Since there is only one setting available, this must be set to 'Present' | `Present` | | **Credential** | Write | PSCredential | Credentials of the Global Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | diff --git a/docs/docs/resources/office365/O365SearchAndIntelligenceConfigurations.md b/docs/docs/resources/office365/O365SearchAndIntelligenceConfigurations.md new file mode 100644 index 0000000000..28218ac986 --- /dev/null +++ b/docs/docs/resources/office365/O365SearchAndIntelligenceConfigurations.md @@ -0,0 +1,68 @@ +# O365SearchAndIntelligenceConfigurations + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes' | `Yes` | +| **ItemInsightsIsEnabledInOrganization** | Write | Boolean | Specifies whether or not Item Insights should be available for the organization. | | +| **ItemInsightsDisabledForGroup** | Write | String | Specifies a single Azure AD Group for which Item Insights needs to be disabled. | | +| **PersonInsightsIsEnabledInOrganization** | Write | Boolean | Specifies whether or not Person Insights should be available for the organization. | | +| **PersonInsightsDisabledForGroup** | Write | String | Specifies a single Azure AD Group for which Person Insights needs to be disabled. | | +| **Credential** | Write | PSCredential | Credentials of the Global Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +## Description + +This resource configures the Search And Intelligence configuration settings. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- + +#### Role Groups + +- None + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + O365SearchAndIntelligenceConfigurations 'SearchAndIntelligenceConfigurations' + { + Credential = $Credscredential; + IsSingleInstance = "Yes"; + ItemInsightsIsEnabledInOrganization = $False; + ItemInsightsDisabledForGroup = "TestGroup" + PersonInsightsIsEnabledInOrganization = $True; + } + } +} +``` + From 13b0f86a94427076fd82749ec69cb2acfac70efd Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 12 Apr 2023 10:25:42 -0400 Subject: [PATCH 61/64] Fixes --- .github/workflows/Unit Tests.yml | 2 +- .../Modules/M365DSCStubsUtility.psm1 | 12 +- Tests/Unit/Stubs/Microsoft365.psm1 | 380 ++++++++++-------- 3 files changed, 214 insertions(+), 180 deletions(-) diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml index ca65cf4dcf..21ba42fd4b 100644 --- a/.github/workflows/Unit Tests.yml +++ b/.github/workflows/Unit Tests.yml @@ -21,7 +21,7 @@ jobs: run: | Install-Module ReverseDSC -Force -Scope AllUsers Install-Module PSDesiredStateConfiguration -Force -Scope AllUsers - Install-Module Pester -Force -SkipPublisherCheck -RequiredVersion 5.4.0 -Scope AllUsers + Install-Module Pester -Force -SkipPublisherCheck -Scope AllUsers [System.Environment]::SetEnvironmentVariable('M365DSCTelemetryEnabled', $false, [System.EnvironmentVariableTarget]::Machine); - name: Run Quality Checks shell: pwsh diff --git a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 index adce696327..80f6067159 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 @@ -191,7 +191,7 @@ function New-M365DSCStubFiles { $StubContent += " [Parameter()]`r`n" $ParamType = $param.ParameterType.ToString() - if ($ParamType -eq 'System.Collections.Generic.List`1[System.String]') + if ($ParamType -eq "System.Collections.Generic.List``1[System.String]") { $ParamType = 'System.String[]' } @@ -207,7 +207,8 @@ function New-M365DSCStubFiles { $ParamType = 'PSObject' } - elseif ($ParamType.StartsWith('Microsoft.Teams.')) + elseif ($ParamType.StartsWith('Microsoft.Teams.') -or ` + $ParamType.StartsWith("System.Management.Automation.PSListModifier``1[Microsoft.")) { $ParamType = 'PSObject' } @@ -215,6 +216,13 @@ function New-M365DSCStubFiles { $ParamType = 'PSObject' } + elseif ($ParamType.StartsWith('Microsoft.SharePoint.') -or ` + $ParamType.StartsWith('Microsoft.Online') -or ` + $ParamType.StartsWith('PnP.PowerShell') -or ` + $ParamType.StartsWith("System.Nullable``1[Microsoft.")) + { + $ParamType = 'PSObject' + } $StubContent += " [$ParamType]`r`n" $StubContent += " `$$($param.Name),`r`n`r`n" } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 5b121111f5..bdc63f202a 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -41081,7 +41081,7 @@ function Add-PnPApp $Scope, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41094,15 +41094,15 @@ function Add-PnPHubSiteAssociation [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.SitePipeBind] + [PSObject] $HubSite, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.SitePipeBind] + [PSObject] $Site, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41115,7 +41115,7 @@ function Add-PnPOrgAssetsLibrary $ThumbnailUrl, [Parameter()] - [Microsoft.SharePoint.Administration.OrgAssetType] + [PSObject] $OrgAssetType, [Parameter()] @@ -41123,11 +41123,11 @@ function Add-PnPOrgAssetsLibrary $LibraryUrl, [Parameter()] - [Microsoft.Online.SharePoint.TenantAdministration.SPOTenantCdnType] + [PSObject] $CdnType, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41144,7 +41144,7 @@ function Add-PnPSiteDesign $Description, [Parameter()] - [PnP.PowerShell.Commands.Enums.SiteWebTemplate] + [PSObject] $WebTemplate, [Parameter()] @@ -41160,7 +41160,7 @@ function Add-PnPSiteDesign $PreviewImageUrl, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41193,7 +41193,7 @@ function Add-PnPSiteScript $Content, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41206,7 +41206,7 @@ function Add-PnPTenantTheme $Overwrite, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.ThemePipeBind] + [PSObject] $Identity, [Parameter()] @@ -41214,11 +41214,11 @@ function Add-PnPTenantTheme $IsInverted, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.ThemePalettePipeBind] + [PSObject] $Palette ) } @@ -41227,7 +41227,7 @@ function Get-PnPApp [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.AppMetadataPipeBind] + [PSObject] $Identity, [Parameter()] @@ -41235,7 +41235,7 @@ function Get-PnPApp $Scope, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41244,7 +41244,7 @@ function Get-PnPAuditing [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41253,7 +41253,7 @@ function Get-PnPAvailableLanguage [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41262,7 +41262,7 @@ function Get-PnPBrowserIdleSignout [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41271,7 +41271,7 @@ function Get-PnPContext [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41296,7 +41296,7 @@ function Get-PnPFile $AsMemoryStream, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind] + [PSObject] $Web, [Parameter()] @@ -41304,7 +41304,7 @@ function Get-PnPFile $ThrowExceptionIfFileNotFound, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41349,15 +41349,15 @@ function Get-PnPGroup $AssociatedVisitorGroup, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind] + [PSObject] $Web, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.GroupPipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41366,15 +41366,15 @@ function Get-PnPGroupPermissions [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind] + [PSObject] $Web, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.GroupPipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41383,7 +41383,7 @@ function Get-PnPHomeSite [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41392,11 +41392,11 @@ function Get-PnPHubSite [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.HubSitePipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41405,7 +41405,7 @@ function Get-PnPOrgAssetsLibrary [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41414,11 +41414,11 @@ function Get-PnPProperty [CmdletBinding()] param( [Parameter()] - [Microsoft.SharePoint.Client.ClientObject] + [PSObject] $ClientObject, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41435,7 +41435,7 @@ function Get-PnPPropertyBag $Folder, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind] + [PSObject] $Web, [Parameter()] @@ -41443,7 +41443,7 @@ function Get-PnPPropertyBag $Key, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41452,19 +41452,19 @@ function Get-PnPSearchConfiguration [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Search.BookmarkStatus] + [PSObject] $BookmarkStatus, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind] + [PSObject] $Web, [Parameter()] - [PnP.PowerShell.Commands.Enums.SearchConfigurationScope] + [PSObject] $Scope, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41472,7 +41472,7 @@ function Get-PnPSearchConfiguration $ExcludeVisualPromotedResults, [Parameter()] - [PnP.PowerShell.Commands.Search.OutputFormat] + [PSObject] $OutputFormat, [Parameter()] @@ -41489,7 +41489,7 @@ function Get-PnPSite [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41502,11 +41502,11 @@ function Get-PnPSiteDesign [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.TenantSiteDesignPipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41515,11 +41515,11 @@ function Get-PnPSiteDesignRights [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.TenantSiteDesignPipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41528,15 +41528,15 @@ function Get-PnPSiteScript [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.TenantSiteDesignPipeBind] + [PSObject] $SiteDesign, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.TenantSiteScriptPipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41545,7 +41545,7 @@ function Get-PnPStorageEntity [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Enums.StorageEntityScope] + [PSObject] $Scope, [Parameter()] @@ -41553,7 +41553,7 @@ function Get-PnPStorageEntity $Key, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41562,7 +41562,7 @@ function Get-PnPTenant [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41571,7 +41571,7 @@ function Get-PnPTenantAppCatalogUrl [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41580,11 +41580,11 @@ function Get-PnPTenantCdnEnabled [CmdletBinding()] param( [Parameter()] - [Microsoft.Online.SharePoint.TenantAdministration.SPOTenantCdnType] + [PSObject] $CdnType, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41593,11 +41593,11 @@ function Get-PnPTenantCdnPolicies [CmdletBinding()] param( [Parameter()] - [Microsoft.Online.SharePoint.TenantAdministration.SPOTenantCdnType] + [PSObject] $CdnType, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41622,11 +41622,11 @@ function Get-PnPTenantSite $Template, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.SPOSitePipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41643,7 +41643,7 @@ function Get-PnPTenantSyncClientRestriction [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41656,7 +41656,7 @@ function Get-PnPTenantTheme $Name, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41673,7 +41673,7 @@ function Get-PnPUser $WithRightsAssigned, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind] + [PSObject] $Web, [Parameter()] @@ -41681,11 +41681,11 @@ function Get-PnPUser $WithRightsAssignedDetailed, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.UserPipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41702,7 +41702,7 @@ function Get-PnPUserProfileProperty $Account, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41711,11 +41711,11 @@ function Get-PnPWeb [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41732,11 +41732,11 @@ function Grant-PnPHubSiteRights $Principals, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.HubSitePipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41749,15 +41749,15 @@ function Grant-PnPSiteDesignRights $Principals, [Parameter()] - [Microsoft.Online.SharePoint.TenantAdministration.TenantSiteDesignPrincipalRights] + [PSObject] $Rights, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.TenantSiteDesignPipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41770,11 +41770,11 @@ function New-PnPGroup $Description, [Parameter()] - [PnP.PowerShell.Commands.Enums.AssociatedGroupType] + [PSObject] $SetAssociatedGroup, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind] + [PSObject] $Web, [Parameter()] @@ -41802,7 +41802,7 @@ function New-PnPGroup $AllowMembersEditMembership, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41823,7 +41823,7 @@ function New-PnPTenantSite $Template, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantManagement.SharingCapabilities]] + [PSObject] $SharingCapability, [Parameter()] @@ -41851,7 +41851,7 @@ function New-PnPTenantSite $TimeZone, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41888,11 +41888,11 @@ function Register-PnPHubSite $Principals, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.SitePipeBind] + [PSObject] $Site, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41901,7 +41901,7 @@ function Remove-PnPApp [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.AppMetadataPipeBind] + [PSObject] $Identity, [Parameter()] @@ -41909,7 +41909,7 @@ function Remove-PnPApp $Scope, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41918,15 +41918,15 @@ function Remove-PnPGroup [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind] + [PSObject] $Web, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.GroupPipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41939,7 +41939,7 @@ function Remove-PnPHomeSite [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41952,11 +41952,11 @@ function Remove-PnPHubSiteAssociation [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.SitePipeBind] + [PSObject] $Site, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -41965,7 +41965,7 @@ function Remove-PnPOrgAssetsLibrary [CmdletBinding()] param( [Parameter()] - [Microsoft.Online.SharePoint.TenantAdministration.SPOTenantCdnType] + [PSObject] $CdnType, [Parameter()] @@ -41973,7 +41973,7 @@ function Remove-PnPOrgAssetsLibrary $LibraryUrl, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -41990,7 +41990,7 @@ function Remove-PnPPropertyBagValue $Folder, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind] + [PSObject] $Web, [Parameter()] @@ -41998,7 +41998,7 @@ function Remove-PnPPropertyBagValue $Key, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -42006,16 +42006,41 @@ function Remove-PnPPropertyBagValue $Force ) } +function Remove-PnPSearchConfiguration +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $Configuration, + + [Parameter()] + [PSObject] + $Web, + + [Parameter()] + [PSObject] + $Scope, + + [Parameter()] + [PSObject] + $Connection, + + [Parameter()] + [System.String] + $Path + ) +} function Remove-PnPSiteDesign { [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.TenantSiteDesignPipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -42028,7 +42053,7 @@ function Remove-PnPStorageEntity [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Enums.StorageEntityScope] + [PSObject] $Scope, [Parameter()] @@ -42036,7 +42061,7 @@ function Remove-PnPStorageEntity $Key, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -42053,7 +42078,7 @@ function Remove-PnPTenantSite $SkipRecycleBin, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -42070,11 +42095,11 @@ function Remove-PnPTenantTheme [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.ThemePipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -42087,11 +42112,11 @@ function Revoke-PnPSiteDesignRights $Principals, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.TenantSiteDesignPipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -42132,7 +42157,7 @@ function Set-PnPAuditing $EditUsersPermissions, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -42161,7 +42186,7 @@ function Set-PnPBrowserIdleSignout $SignoutAfter, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -42178,7 +42203,7 @@ function Set-PnPGroup $Description, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind] + [PSObject] $Web, [Parameter()] @@ -42202,7 +42227,7 @@ function Set-PnPGroup $RemoveRole, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.GroupPipeBind] + [PSObject] $Identity, [Parameter()] @@ -42210,7 +42235,7 @@ function Set-PnPGroup $AllowMembersEditMembership, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -42222,7 +42247,7 @@ function Set-PnPGroup $RequestToJoinEmail, [Parameter()] - [PnP.PowerShell.Commands.Enums.AssociatedGroupType] + [PSObject] $SetAssociatedGroup, [Parameter()] @@ -42239,11 +42264,11 @@ function Set-PnPGroupPermissions $AddRole, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind] + [PSObject] $Web, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.GroupPipeBind] + [PSObject] $Identity, [Parameter()] @@ -42251,11 +42276,11 @@ function Set-PnPGroupPermissions $RemoveRole, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.ListPipeBind] + [PSObject] $List ) } @@ -42268,7 +42293,7 @@ function Set-PnPHomeSite $HomeSiteUrl, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -42301,11 +42326,11 @@ function Set-PnPHubSite $Title, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.HubSitePipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -42334,11 +42359,11 @@ function Set-PnPPropertyBagValue $Indexed, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind] + [PSObject] $Web, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -42355,15 +42380,15 @@ function Set-PnPSearchConfiguration $Configuration, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.WebPipeBind] + [PSObject] $Web, [Parameter()] - [PnP.PowerShell.Commands.Enums.SearchConfigurationScope] + [PSObject] $Scope, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -42380,11 +42405,11 @@ function Set-PnPSite $RestrictedAccessControl, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantManagement.SharingCapabilities]] + [PSObject] $SharingCapability, [Parameter()] @@ -42392,7 +42417,7 @@ function Set-PnPSite $DisableFlows, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantManagement.MediaTranscriptionPolicyType]] + [PSObject] $MediaTranscription, [Parameter()] @@ -42424,7 +42449,7 @@ function Set-PnPSite $SensitivityLabel, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantManagement.SharingPermissionType]] + [PSObject] $DefaultLinkPermission, [Parameter()] @@ -42444,7 +42469,7 @@ function Set-PnPSite $CommentsOnSitePagesDisabled, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantAdministration.RestrictedToRegion]] + [PSObject] $RestrictedToGeo, [Parameter()] @@ -42452,7 +42477,7 @@ function Set-PnPSite $LockState, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantAdministration.AppViewsPolicy]] + [PSObject] $DisableAppViews, [Parameter()] @@ -42472,7 +42497,7 @@ function Set-PnPSite $AnonymousLinkExpirationInDays, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantAdministration.CompanyWideSharingLinksPolicy]] + [PSObject] $DisableCompanyWideSharingLinks, [Parameter()] @@ -42492,7 +42517,7 @@ function Set-PnPSite $LocaleId, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantManagement.SharingLinkType]] + [PSObject] $DefaultSharingLinkType, [Parameter()] @@ -42513,7 +42538,7 @@ function Set-PnPSiteDesign $Description, [Parameter()] - [PnP.PowerShell.Commands.Enums.SiteWebTemplate] + [PSObject] $WebTemplate, [Parameter()] @@ -42533,11 +42558,11 @@ function Set-PnPSiteDesign $PreviewImageUrl, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.TenantSiteDesignPipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -42574,11 +42599,11 @@ function Set-PnPSiteScript $Title, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.TenantSiteScriptPipeBind] + [PSObject] $Identity, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } @@ -42599,11 +42624,11 @@ function Set-PnPStorageEntity $Comment, [Parameter()] - [PnP.PowerShell.Commands.Enums.StorageEntityScope] + [PSObject] $Scope, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -42632,7 +42657,7 @@ function Set-PnPTenant $RequireAnonymousLinksExpireInDays, [Parameter()] - [System.Nullable`1[Microsoft.SharePoint.Client.AnonymousLinkType]] + [PSObject] $FolderAnonymousLinkType, [Parameter()] @@ -42648,7 +42673,7 @@ function Set-PnPTenant $OwnerAnonymousNotification, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantManagement.SPOConditionalAccessPolicyType]] + [PSObject] $ConditionalAccessPolicy, [Parameter()] @@ -42676,7 +42701,7 @@ function Set-PnPTenant $EnableRestrictedAccessControl, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantManagement.SharingPermissionType]] + [PSObject] $DefaultLinkPermission, [Parameter()] @@ -42728,11 +42753,11 @@ function Set-PnPTenant $ExternalUserExpirationRequired, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantManagement.SpecialCharactersState]] + [PSObject] $SpecialCharactersStateInFileFolderNames, [Parameter()] - [System.Nullable`1[Microsoft.SharePoint.Client.SharingState]] + [PSObject] $ODBAccessRequests, [Parameter()] @@ -42756,7 +42781,7 @@ function Set-PnPTenant $PublicCdnEnabled, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantManagement.SensitiveByDefaultState]] + [PSObject] $MarkNewFilesSensitiveByDefault, [Parameter()] @@ -42772,7 +42797,7 @@ function Set-PnPTenant $SharingAllowedDomainList, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantManagement.SharingLinkType]] + [PSObject] $DefaultSharingLinkType, [Parameter()] @@ -42788,7 +42813,7 @@ function Set-PnPTenant $ProvisionSharedWithEveryoneFolder, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantManagement.SharingDomainRestrictionModes]] + [PSObject] $SharingDomainRestrictionMode, [Parameter()] @@ -42852,7 +42877,7 @@ function Set-PnPTenant $IPAddressEnforcement, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantManagement.SharingCapabilities]] + [PSObject] $SharingCapability, [Parameter()] @@ -42900,7 +42925,7 @@ function Set-PnPTenant $DisablePersonalListCreation, [Parameter()] - [System.Nullable`1[Microsoft.SharePoint.Client.SharingState]] + [PSObject] $ODBMembersCanShare, [Parameter()] @@ -42912,11 +42937,11 @@ function Set-PnPTenant $LegacyAuthProtocolsEnabled, [Parameter()] - [System.Nullable`1[Microsoft.SharePoint.Client.AnonymousLinkType]] + [PSObject] $FileAnonymousLinkType, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -42969,11 +42994,11 @@ function Set-PnPTenantCdnEnabled $NoDefaultOrigins, [Parameter()] - [PnP.PowerShell.Commands.Enums.CdnType] + [PSObject] $CdnType, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -42986,7 +43011,7 @@ function Set-PnPTenantCdnPolicy [CmdletBinding()] param( [Parameter()] - [Microsoft.Online.SharePoint.TenantAdministration.SPOTenantCdnType] + [PSObject] $CdnType, [Parameter()] @@ -42994,11 +43019,11 @@ function Set-PnPTenantCdnPolicy $PolicyValue, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] - [Microsoft.Online.SharePoint.TenantAdministration.SPOTenantCdnPolicyType] + [PSObject] $PolicyType ) } @@ -43011,15 +43036,15 @@ function Set-PnPTenantSite $ExternalUserExpirationInDays, [Parameter()] - [Microsoft.Online.SharePoint.TenantManagement.SharingCapabilities] + [PSObject] $SharingCapability, [Parameter()] - [Microsoft.Online.SharePoint.TenantAdministration.FlowsPolicy] + [PSObject] $DisableFlows, [Parameter()] - [System.Nullable`1[Microsoft.Online.SharePoint.TenantManagement.MediaTranscriptionPolicyType]] + [PSObject] $MediaTranscription, [Parameter()] @@ -43047,7 +43072,7 @@ function Set-PnPTenantSite $ResourceQuotaWarningLevel, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -43055,7 +43080,7 @@ function Set-PnPTenantSite $StorageQuotaWarningLevel, [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.SPOSitePipeBind] + [PSObject] $Identity, [Parameter()] @@ -43075,7 +43100,7 @@ function Set-PnPTenantSite $RemoveLabel, [Parameter()] - [Microsoft.Online.SharePoint.TenantManagement.SharingPermissionType] + [PSObject] $DefaultLinkPermission, [Parameter()] @@ -43115,7 +43140,7 @@ function Set-PnPTenantSite $DefaultLinkToExistingAccess, [Parameter()] - [Microsoft.Online.SharePoint.TenantAdministration.RestrictedToRegion] + [PSObject] $RestrictedToGeo, [Parameter()] @@ -43127,7 +43152,7 @@ function Set-PnPTenantSite $DenyAddAndCustomizePages, [Parameter()] - [Microsoft.Online.SharePoint.TenantAdministration.AppViewsPolicy] + [PSObject] $DisableAppViews, [Parameter()] @@ -43143,27 +43168,27 @@ function Set-PnPTenantSite $Owners, [Parameter()] - [PnP.PowerShell.Commands.Enums.InformationBarriersMode] + [PSObject] $InformationBarriersMode, [Parameter()] - [Microsoft.Online.SharePoint.TenantManagement.SPOLimitedAccessFileType] + [PSObject] $LimitedAccessFileType, [Parameter()] - [Microsoft.Online.SharePoint.TenantManagement.BlockDownloadLinksFileTypes] + [PSObject] $BlockDownloadLinksFileType, [Parameter()] - [Microsoft.Online.SharePoint.TenantAdministration.SiteUserInfoVisibilityPolicyValue] + [PSObject] $OverrideBlockUserInfoVisibility, [Parameter()] - [Microsoft.Online.SharePoint.TenantManagement.SharingDomainRestrictionModes] + [PSObject] $SharingDomainRestrictionMode, [Parameter()] - [PnP.PowerShell.Commands.Enums.PnPConditionalAccessPolicyType] + [PSObject] $ConditionalAccessPolicy, [Parameter()] @@ -43191,7 +43216,7 @@ function Set-PnPTenantSite $ShowPeoplePickerSuggestionsForGuestUsers, [Parameter()] - [Microsoft.Online.SharePoint.TenantManagement.SharingLinkType] + [PSObject] $DefaultSharingLinkType, [Parameter()] @@ -43199,7 +43224,7 @@ function Set-PnPTenantSite $EnablePWA, [Parameter()] - [Microsoft.Online.SharePoint.TenantAdministration.CompanyWideSharingLinksPolicy] + [PSObject] $DisableCompanyWideSharingLinks ) } @@ -43220,11 +43245,11 @@ function Set-PnPTenantSyncClientRestriction $Enable, [Parameter()] - [PnP.PowerShell.Commands.Enums.GrooveBlockOption] + [PSObject] $GrooveBlockOption, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection, [Parameter()] @@ -43250,15 +43275,16 @@ function Unregister-PnPHubSite [CmdletBinding()] param( [Parameter()] - [PnP.PowerShell.Commands.Base.PipeBinds.SitePipeBind] + [PSObject] $Site, [Parameter()] - [PnP.PowerShell.Commands.Base.PnPConnection] + [PSObject] $Connection ) } #endregion + #region PowerPlatforms function Get-AdminPowerApp { @@ -43832,7 +43858,7 @@ function New-CsTeamsComplianceRecordingPolicy $DisableComplianceRecordingAudioNotificationForCalls, [Parameter()] - [System.Management.Automation.PSListModifier`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.ComplianceRecordingApplication]] + [PSObject] $ComplianceRecordingApplications, [Parameter()] @@ -43881,11 +43907,11 @@ function New-CsTeamsEmergencyCallingPolicy $EnhancedEmergencyServiceDisclaimer, [Parameter()] - [System.Nullable`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.NotificationMode]] + [PSObject] $NotificationMode, [Parameter()] - [System.Management.Automation.PSListModifier`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.TeamsEmergencyCallingExtendedNotification]] + [PSObject] $ExtendedNotifications, [Parameter()] @@ -43893,7 +43919,7 @@ function New-CsTeamsEmergencyCallingPolicy $Force, [Parameter()] - [System.Nullable`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.ExternalLocationLookupMode]] + [PSObject] $ExternalLocationLookupMode ) } @@ -44943,7 +44969,7 @@ function Set-CsTeamsComplianceRecordingPolicy $DisableComplianceRecordingAudioNotificationForCalls, [Parameter()] - [System.Management.Automation.PSListModifier`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.ComplianceRecordingApplication]] + [PSObject] $ComplianceRecordingApplications, [Parameter()] @@ -44992,11 +45018,11 @@ function Set-CsTeamsEmergencyCallingPolicy $EnhancedEmergencyServiceDisclaimer, [Parameter()] - [System.Nullable`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.NotificationMode]] + [PSObject] $NotificationMode, [Parameter()] - [System.Management.Automation.PSListModifier`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.TeamsEmergencyCallingExtendedNotification]] + [PSObject] $ExtendedNotifications, [Parameter()] @@ -45004,7 +45030,7 @@ function Set-CsTeamsEmergencyCallingPolicy $Force, [Parameter()] - [System.Nullable`1[Microsoft.Teams.Policy.Administration.Cmdlets.Core.ExternalLocationLookupMode]] + [PSObject] $ExternalLocationLookupMode ) } From f1c952e5f1c6fed920dcec0207ec87d915ba0545 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 12 Apr 2023 10:59:47 -0400 Subject: [PATCH 62/64] Fixes --- Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 | 2 +- Tests/Unit/Stubs/Microsoft365.psm1 | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 index 80f6067159..a098d61b09 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 @@ -218,7 +218,7 @@ function New-M365DSCStubFiles } elseif ($ParamType.StartsWith('Microsoft.SharePoint.') -or ` $ParamType.StartsWith('Microsoft.Online') -or ` - $ParamType.StartsWith('PnP.PowerShell') -or ` + $ParamType.StartsWith('PnP.') -or ` $ParamType.StartsWith("System.Nullable``1[Microsoft.")) { $ParamType = 'PSObject' diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index bdc63f202a..9834b7d546 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -41077,7 +41077,7 @@ function Add-PnPApp $Overwrite, [Parameter()] - [PnP.Framework.Enums.AppCatalogScope] + [PSObject] $Scope, [Parameter()] @@ -41231,7 +41231,7 @@ function Get-PnPApp $Identity, [Parameter()] - [PnP.Framework.Enums.AppCatalogScope] + [PSObject] $Scope, [Parameter()] @@ -41905,7 +41905,7 @@ function Remove-PnPApp $Identity, [Parameter()] - [PnP.Framework.Enums.AppCatalogScope] + [PSObject] $Scope, [Parameter()] From 642d62fb5fca367af4997e063e42b10094616a64 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 12 Apr 2023 11:30:03 -0400 Subject: [PATCH 63/64] Fixes --- Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 | 3 ++- Tests/Unit/Stubs/Microsoft365.psm1 | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 index a098d61b09..238b81d440 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCStubsUtility.psm1 @@ -219,7 +219,8 @@ function New-M365DSCStubFiles elseif ($ParamType.StartsWith('Microsoft.SharePoint.') -or ` $ParamType.StartsWith('Microsoft.Online') -or ` $ParamType.StartsWith('PnP.') -or ` - $ParamType.StartsWith("System.Nullable``1[Microsoft.")) + $ParamType.StartsWith("System.Nullable``1[Microsoft.") -or ` + $ParamType.StartsWith("System.Nullable``1[PnP.")) { $ParamType = 'PSObject' } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 9834b7d546..af73b58019 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -42473,7 +42473,7 @@ function Set-PnPSite $RestrictedToGeo, [Parameter()] - [System.Nullable`1[PnP.Framework.SiteLockState]] + [PSObject] $LockState, [Parameter()] @@ -43144,7 +43144,7 @@ function Set-PnPTenantSite $RestrictedToGeo, [Parameter()] - [System.Nullable`1[PnP.Framework.SiteLockState]] + [PSObject] $LockState, [Parameter()] @@ -43285,6 +43285,8 @@ function Unregister-PnPHubSite } #endregion + + #region PowerPlatforms function Get-AdminPowerApp { From d309091da08f7d8261e6f1fb9442b7562f59cbb4 Mon Sep 17 00:00:00 2001 From: Yorick Kuijs Date: Wed, 12 Apr 2023 18:34:35 +0200 Subject: [PATCH 64/64] Release 1.23.412.1 --- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 153 +++---------------- 2 files changed, 25 insertions(+), 130 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 66a93d9384..3635ee4980 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.23.412.1 * AADUser * Password property will only used with New-MgUser and ignored for updates diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 7339200be3..a47f71a880 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2023-04-05 +# Generated on: 2023-04-12 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.23.405.1' + ModuleVersion = '1.23.412.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -139,141 +139,36 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* IntuneDeviceEnrollmentPlatformRestriction - * [BREAKING CHANGE] Updated resource to manage single and default platform restriction policies - * IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 + ReleaseNotes = '* AADUser + * Password property will only used with New-MgUser and ignored for updates + FIXES [#3093](https://github.com/microsoft/Microsoft365DSC/issues/3093) + * IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 + * Initial release + FIXES [#2833](https://github.com/microsoft/Microsoft365DSC/issues/2833) + * IntuneDeviceConfigurationCustomPolicyWindows10 * Initial Release - * IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 + FIXES [#3068](https://github.com/microsoft/Microsoft365DSC/issues/3068) + * IntuneDeviceConfigurationDomainJoinPolicyWindows10 * Initial release - * IntuneDeviceConfigurationPolicyWindows10 - * [BREAKING CHANGE] Added complex parameters as embedded CIM (DefenderDetectedMalwareActions, EdgeHomeButtonConfiguration, EdgeSearchEngine, NetworkProxyServer, Windows10AppsForceUpdateSchedule) - * Resource regenerated with DRG - * IntuneDeviceEnrollmentStatusPageWindows10 - * [BREAKING CHANGE] Renamed resource IntuneDeviceEnrollmentConfigurationWindows10 to IntuneDeviceEnrollmentStatusPageWindows10 - * Added support for property Assignments. - * Added support for property Priority - * AADAdministrativeUnit - * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required - * Fixes extraction of the Members property. - * Fixes extraction of the ScopedRoleMembers property. - * AADApplication - * [BREAKING CHANGE] Remove deprecated parameter Oauth2RequirePostResponse - * AADAuthorizationPolicy - * Fixes an error where the authentication method was not recognized when doing an export using app secret. - * AADConditionalAccessPolicy - * Add condition for empty External Guest/User include/exclude - * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required - * [BREAKING CHANGE] Remove deprecated parameters IncludeDevices and ExcludeDevices - * AADEntitlementManagementAccessPackage, AADEntitlementManagementAccessPackageAssignmentPolicy, - AADEntitlementManagementAccessPackageCatalog, AADEntitlementManagementAccessPackageCatalogResource, - AADEntitlementManagementAccessPackageCatalogResource, AADEntitlementManagementConnectedOrganization, - AADRoleSetting - * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required - * AADGroup - * Changed the SecurityEnabled and MailEnabled parameters to become mandatory. - * Stopped GroupTypes defaulting to "Unified" to allow creation of Security groups. - * AADUser - * [BREAKING CHANGE] Remove deprecated parameter PreferredDataLocation* EXOAntiPhishPolicy - * [BREAKING CHANGE] Remove deprecated parameters EnableAntispoofEnforcement and - TargetedDomainProtectionAction - * EXOGroupSettings - * Initial Release - * EXOHostedContentFilterPolicy - * [BREAKING CHANGE] Remove deprecated parameters EndUserSpamNotificationCustomFromAddress - and EndUserSpamNotificationCustomFromName - * EXOIRMConfiguration - * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance - * EXOMalwareFilterPolicy - * [BREAKING CHANGE] Remove deprecated parameters Action, CustomAlertText, - EnableExternalSenderNotifications and EnableInternalSenderNotifications - * EXOManagementRoleAssignment - * Use Microsoft Graph to retrieve administrative units. This fixes the issue where a soft - deleted AU was present while a new one got created with the same name. - * EXOOrganizationConfig - * [BREAKING CHANGE] Remove deprecated parameters AllowPlusAddressInRecipients - * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance - * EXOPerimeterConfiguration - * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance - * EXOResourceConfiguration - * [BREAKING CHANGE] Renamed unused Identity parameter to IsSingleInstance - * EXOSaveLinksPolicy - * [BREAKING CHANGE] Remove deprecated parameters DoNotAllowClickThrough, - DoNotTrackUserClicks and IsEnabled - * EXOSharedMailbox - * [BREAKING CHANGE] Remove deprecated parameter Aliases - * EXOTransportRule - * [BREAKING CHANGE] Remove deprecated parameter ExceptIfMessageContainsAllDataClassifications, - IncidentReportOriginalMail and MessageContainsAllDataClassifications - * IntuneAntivirusPolicyWindows10SettingCatalog, IntuneASRRulesPolicyWindows10, - IntuneAppProtectionPolicyiOS, IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager, - IntuneSettingCatalogASRRulesPolicyWindows10 - * [BREAKING CHANGE] Setting Identity as Key parameter and DisplayName as Required - * IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager - * [BREAKING CHANGE] Fix resource - * IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator, IntuneDeviceConfigurationPolicyAndroidDeviceOwner, - IntuneDeviceConfigurationPolicyAndroidOpenSourceProject, IntuneDeviceConfigurationPolicyMacOS, - IntuneDeviceConfigurationPolicyiOS, IntuneExploitProtectionPolicyWindows10SettingCatalog, - IntuneWifiConfigurationPolicyAndroidDeviceAdministrator, IntuneWifiConfigurationPolicyAndroidForWork, - IntuneWifiConfigurationPolicyAndroidOpenSourceProject, IntuneWifiConfigurationPolicyIOS, - IntuneWifiConfigurationPolicyMacOS, IntuneWifiConfigurationPolicyWindows10, - IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled, IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 - * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required - * Properly escapes single quotes from CIMInstances string values. - * IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner - * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required - * [BREAKING CHANGE] Corrected typo in resource name (Entreprise to Enterprise) - * IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile - * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required - * [BREAKING CHANGE] Corrected typo in resource name (Entreprise to Enterprise) - * IntuneWindowsAutopilotDeploymentProfileAzureADJoined + * IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 * Initial release - * IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined + * IntuneDeviceConfigurationWindowsTeamPolicyWindows10 * Initial release - * IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 - * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required - * [BREAKING CHANGE] Corrected typo in resource name (Window to Windows) - * SCAuditConfigurationPolicy, SCAutoSensitivityLabelPolicy, SCCaseHoldPolicy, SCCaseHoldRule, - SCComplianceCase, SCComplianceSearch, SCComplianceSearchAction, SCComplianceTag, - SCDeviceConditionalAccessPolicy, SCDeviceConfigurationPolicy, SCDLPComplianceRule, - SCFilePlanPropertyAuthority, SCFilePlanPropertyCategory, SCFilePlanPropertyCitation, - SCFilePlanPropertyDepartment, SCFilePlanPropertyReferenceId, SCFilePlanPropertySubCategory, - SCLabelPolicy, SCProtectionAlert, SCRetentionCompliancePolicy, SCRetentionComplianceRule, - SCRetentionEventType, SCSupervisoryReviewPolicy, SCSupervisoryReviewRule - * Fixed the collection of new and set parameters to ensure the correct values are passed to the New/Set cmdlets. - * SCSensitivityLabel - * [BREAKING CHANGE] Remove deprecated parameters Disabled, ApplyContentMarkingFooterFontName, - ApplyContentMarkingHeaderFontName, ApplyWaterMarkingFontName and EncryptionAipTemplateScopes - * SPOApp - * Fixed issue in the Export where an error was displayed in Verbose mode when Credentials were specified - and the apps were not exported. - * SPOTenantSettings - * [BREAKING CHANGE] Remove deprecated parameter RequireAcceptingAccountMatchInvitedAccount - * Fixes how we are extracting the DisabledWebPartIds parameter. - * TeamsGroupPolicyAssignment change of key and required parameters - * [BREAKING CHANGE] Setting GroupId and PolicyType as Key parameters - * TeamsMeetingPolicy - * [BREAKING CHANGE] Remove deprecated parameter RecordingStorageMode + * O365SearchAndIntelligenceConfigurations + * Initial release. * TeamsUpdateManagementPolicy - * Added support for the new UseNewTeamsClient parameter. + * Added support for the Forced value for the AllowPublicPreview property. * DRG - * Various fixes - * Cleanup generated code - * Fix AdditionalProperties complex constructor - * Fix Read privileges in settings file + * Fixed layout and display issues in module file * MISC - * Fixed an issue `New-M365DSCReportFromConfiguration` where a non existing parameter was used to retrieve the configuration. - * Improved unit test performance - * Added a QA check to test for the presence of a Key parameter and fixes - resources where this was not the case. - * Major changes to the export process where resource instances will now be assigned a meaningful nam - that will follow the ResourceName-PrimaryKey convention. - * Added a fix making sure that the progress bar "Scanning dependencies" is no longer displayed after the operation is completed. - * Added a new Set-M365DSCLoggingOption function to enable logging information about non-drifted resources in Event Viewer. - * Updated the Update-M365DSCModule to unload dependencies before updating them and then to reload the new versions. - * Added a new internal function to remove the authentication parameters from the bound paramters. `Remove-M365DSCAuthenticationParameter` + * Changed Get-MgDeviceManagementDeviceConfiguration to use the cmdlet switches rather than filtering output once returned. + Fixes #3082 + * M365DSCUtil: Fixed an issue when calling Assert-M365DSCBlueprint with App credentials + FIXES [#3153](https://github.com/microsoft/Microsoft365DSC/issues/3153) + * Added check to validate that the Release Notes in the module manifest are not longer than + 10,000 characters, which will prevent publishing the module to the PowerShell Gallery * DEPENDENCIES - * Updated Microsoft.Graph dependencies to version 1.25.0. - * Updated MicrosoftTeams dependency to version 5.1.0.' + * Updated Microsoft.PowerApps.Administration.PowerShell dependencies to version 2.0.159.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false