From cb41b06b3c920a26c03843edd3949834be94fda7 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Mon, 4 Nov 2024 13:50:28 +0100 Subject: [PATCH 01/17] IntuneDeviceManagementComplianceManagementPartner initial release --- ...ManagementComplianceManagementPartner.psm1 | 785 ++++++++++++++++++ ...mentComplianceManagementPartner.schema.mof | 37 + .../readme.md | 6 + .../settings.json | 57 ++ ...ementComplianceManagementPartner.Tests.ps1 | 501 +++++++++++ 5 files changed, 1386 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/settings.json create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceManagementPartner.Tests.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 new file mode 100644 index 0000000000..10cc855353 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 @@ -0,0 +1,785 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $AndroidEnrollmentAssignments, + + [Parameter()] + [System.Boolean] + $AndroidOnboarded, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $IosEnrollmentAssignments, + + [Parameter()] + [System.Boolean] + $IosOnboarded, + + [Parameter()] + [System.String] + $LastHeartbeatDateTime, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $MacOsEnrollmentAssignments, + + [Parameter()] + [System.Boolean] + $MacOsOnboarded, + + [Parameter()] + [ValidateSet('unknown','unavailable','enabled','terminated','rejected','unresponsive')] + [System.String] + $PartnerState, + + [Parameter()] + [System.String] + $Id, + + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'Intune' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgBetaDeviceManagementComplianceManagementPartner ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue <# | Where-Object ` + -FilterScript { + $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.ComplianceManagementPartner" + } #> + + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Management Compliance Management Partner with DisplayName {$DisplayName}." + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Device Management Compliance Management Partner with Id {$Id} and DisplayName {$DisplayName} was found" + + #region resource generator code + $complexAndroidEnrollmentAssignments = @() + foreach ($currentAndroidEnrollmentAssignments in $getValue.androidEnrollmentAssignments) + { + $myAndroidEnrollmentAssignments = @{} + $complexTarget = @{} + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentAndroidEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterId) + if ($null -ne $currentAndroidEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType) + { + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentAndroidEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType.ToString()) + } + $complexTarget.Add('GroupId', $currentAndroidEnrollmentAssignments.target.groupId) + $complexTarget.Add('CollectionId', $currentAndroidEnrollmentAssignments.target.collectionId) + if ($null -ne $currentAndroidEnrollmentAssignments.target.'@odata.type') + { + $complexTarget.Add('odataType', $currentAndroidEnrollmentAssignments.target.'@odata.type'.ToString()) + } + if ($complexTarget.values.Where({$null -ne $_}).Count -eq 0) + { + $complexTarget = $null + } + $myAndroidEnrollmentAssignments.Add('Target',$complexTarget) + if ($myAndroidEnrollmentAssignments.values.Where({$null -ne $_}).Count -gt 0) + { + $complexAndroidEnrollmentAssignments += $myAndroidEnrollmentAssignments + } + } + + $complexIosEnrollmentAssignments = @() + foreach ($currentIosEnrollmentAssignments in $getValue.iosEnrollmentAssignments) + { + $myIosEnrollmentAssignments = @{} + $complexTarget = @{} + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentIosEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterId) + if ($null -ne $currentIosEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType) + { + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentIosEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType.ToString()) + } + $complexTarget.Add('GroupId', $currentIosEnrollmentAssignments.target.groupId) + $complexTarget.Add('CollectionId', $currentIosEnrollmentAssignments.target.collectionId) + if ($null -ne $currentIosEnrollmentAssignments.target.'@odata.type') + { + $complexTarget.Add('odataType', $currentIosEnrollmentAssignments.target.'@odata.type'.ToString()) + } + if ($complexTarget.values.Where({$null -ne $_}).Count -eq 0) + { + $complexTarget = $null + } + $myIosEnrollmentAssignments.Add('Target',$complexTarget) + if ($myIosEnrollmentAssignments.values.Where({$null -ne $_}).Count -gt 0) + { + $complexIosEnrollmentAssignments += $myIosEnrollmentAssignments + } + } + + $complexMacOsEnrollmentAssignments = @() + foreach ($currentMacOsEnrollmentAssignments in $getValue.macOsEnrollmentAssignments) + { + $myMacOsEnrollmentAssignments = @{} + $complexTarget = @{} + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentMacOsEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterId) + if ($null -ne $currentMacOsEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType) + { + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentMacOsEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType.ToString()) + } + $complexTarget.Add('GroupId', $currentMacOsEnrollmentAssignments.target.groupId) + $complexTarget.Add('CollectionId', $currentMacOsEnrollmentAssignments.target.collectionId) + if ($null -ne $currentMacOsEnrollmentAssignments.target.'@odata.type') + { + $complexTarget.Add('odataType', $currentMacOsEnrollmentAssignments.target.'@odata.type'.ToString()) + } + if ($complexTarget.values.Where({$null -ne $_}).Count -eq 0) + { + $complexTarget = $null + } + $myMacOsEnrollmentAssignments.Add('Target',$complexTarget) + if ($myMacOsEnrollmentAssignments.values.Where({$null -ne $_}).Count -gt 0) + { + $complexMacOsEnrollmentAssignments += $myMacOsEnrollmentAssignments + } + } + #endregion + + #region resource generator code + $enumPartnerState = $null + if ($null -ne $getValue.PartnerState) + { + $enumPartnerState = $getValue.PartnerState.ToString() + } + #endregion + + #region resource generator code + $dateLastHeartbeatDateTime = $null + if ($null -ne $getValue.LastHeartbeatDateTime) + { + $dateLastHeartbeatDateTime = ([DateTimeOffset]$getValue.LastHeartbeatDateTime).ToString('o') + } + #endregion + + $results = @{ + #region resource generator code + AndroidEnrollmentAssignments = $complexAndroidEnrollmentAssignments + AndroidOnboarded = $getValue.AndroidOnboarded + DisplayName = $getValue.DisplayName + IosEnrollmentAssignments = $complexIosEnrollmentAssignments + IosOnboarded = $getValue.IosOnboarded + LastHeartbeatDateTime = $dateLastHeartbeatDateTime + MacOsEnrollmentAssignments = $complexMacOsEnrollmentAssignments + MacOsOnboarded = $getValue.MacOsOnboarded + PartnerState = $enumPartnerState + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + #endregion + } + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $AndroidEnrollmentAssignments, + + [Parameter()] + [System.Boolean] + $AndroidOnboarded, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $IosEnrollmentAssignments, + + [Parameter()] + [System.Boolean] + $IosOnboarded, + + [Parameter()] + [System.String] + $LastHeartbeatDateTime, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $MacOsEnrollmentAssignments, + + [Parameter()] + [System.Boolean] + $MacOsOnboarded, + + [Parameter()] + [ValidateSet('unknown','unavailable','enabled','terminated','rejected','unresponsive')] + [System.String] + $PartnerState, + + [Parameter()] + [System.String] + $Id, + + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Device Management Compliance Management Partner with DisplayName {$DisplayName}" + + $createParameters = ([Hashtable]$BoundParameters).Clone() + $createParameters = Rename-M365DSCCimInstanceParameter -Properties $createParameters + $createParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$createParameters).Clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $createParameters.$key -and $createParameters.$key.GetType().Name -like '*CimInstance*') + { + $createParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $createParameters.$key + } + } + #region resource generator code + $createParameters.Add("@odata.type", "#microsoft.graph.ComplianceManagementPartner") + $policy = New-MgBetaDeviceManagementComplianceManagementPartner -BodyParameter $createParameters + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Device Management Compliance Management Partner with Id {$($currentInstance.Id)}" + + $updateParameters = ([Hashtable]$BoundParameters).Clone() + $updateParameters = Rename-M365DSCCimInstanceParameter -Properties $updateParameters + + $updateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$updateParameters).Clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $pdateParameters.$key -and $updateParameters.$key.GetType().Name -like '*CimInstance*') + { + $updateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $updateParameters.ComplianceManagementPartnerId + } + } + + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.ComplianceManagementPartner") + Update-MgBetaDeviceManagementComplianceManagementPartner ` + -ComplianceManagementPartnerId $currentInstance.Id ` + -BodyParameter $UpdateParameters + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Device Management Compliance Management Partner with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgBetaDeviceManagementComplianceManagementPartner -ComplianceManagementPartnerId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $AndroidEnrollmentAssignments, + + [Parameter()] + [System.Boolean] + $AndroidOnboarded, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $IosEnrollmentAssignments, + + [Parameter()] + [System.Boolean] + $IosOnboarded, + + [Parameter()] + [System.String] + $LastHeartbeatDateTime, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $MacOsEnrollmentAssignments, + + [Parameter()] + [System.Boolean] + $MacOsOnboarded, + + [Parameter()] + [ValidateSet('unknown','unavailable','enabled','terminated','rejected','unresponsive')] + [System.String] + $PartnerState, + + [Parameter()] + [System.String] + $Id, + + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Device Management Compliance Management Partner with Id {$Id} and DisplayName {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) + { + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'Intune' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + [array]$getValue = Get-MgBetaDeviceManagementComplianceManagementPartner ` + -Filter $Filter ` + -All ` + -ErrorAction Stop + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + elseif (-not [string]::IsNullOrEmpty($config.name)) + { + $displayedKey = $config.name + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + if ($null -ne $Results.AndroidEnrollmentAssignments) + { + $complexMapping = @( + @{ + Name = 'AndroidEnrollmentAssignments' + CimInstanceName = 'IntuneComplianceManagementPartnerAssignment' + IsRequired = $False + } + @{ + Name = 'Target' + CimInstanceName = 'IntuneDeviceAndAppManagementAssignmentTarget' + IsRequired = $False + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.AndroidEnrollmentAssignments ` + -CIMInstanceName 'IntunecomplianceManagementPartnerAssignment' ` + -ComplexTypeMapping $complexMapping + + if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.AndroidEnrollmentAssignments = $complexTypeStringResult + } + else + { + $Results.Remove('AndroidEnrollmentAssignments') | Out-Null + } + } + if ($null -ne $Results.IosEnrollmentAssignments) + { + $complexMapping = @( + @{ + Name = 'IosEnrollmentAssignments' + CimInstanceName = 'IntuneComplianceManagementPartnerAssignment' + IsRequired = $False + } + @{ + Name = 'Target' + CimInstanceName = 'IntuneDeviceAndAppManagementAssignmentTarget' + IsRequired = $False + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.IosEnrollmentAssignments ` + -CIMInstanceName 'IntunecomplianceManagementPartnerAssignment' ` + -ComplexTypeMapping $complexMapping + + if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.IosEnrollmentAssignments = $complexTypeStringResult + } + else + { + $Results.Remove('IosEnrollmentAssignments') | Out-Null + } + } + if ($null -ne $Results.MacOsEnrollmentAssignments) + { + $complexMapping = @( + @{ + Name = 'MacOsEnrollmentAssignments' + CimInstanceName = 'IntuneComplianceManagementPartnerAssignment' + IsRequired = $False + } + @{ + Name = 'Target' + CimInstanceName = 'IntuneDeviceAndAppManagementAssignmentTarget' + IsRequired = $False + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.MacOsEnrollmentAssignments ` + -CIMInstanceName 'IntunecomplianceManagementPartnerAssignment' ` + -ComplexTypeMapping $complexMapping + + if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.MacOsEnrollmentAssignments = $complexTypeStringResult + } + else + { + $Results.Remove('MacOsEnrollmentAssignments') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.AndroidEnrollmentAssignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "AndroidEnrollmentAssignments" -IsCIMArray:$True + } + if ($Results.IosEnrollmentAssignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "IosEnrollmentAssignments" -IsCIMArray:$True + } + if ($Results.MacOsEnrollmentAssignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "MacOsEnrollmentAssignments" -IsCIMArray:$True + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.schema.mof new file mode 100644 index 0000000000..371d239262 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.schema.mof @@ -0,0 +1,37 @@ +[ClassVersion("1.0.0")] +class MSFT_IntuneComplianceManagementPartnerAssignment +{ + [Write, Description("Group assignment target."), EmbeddedInstance("MSFT_IntuneDeviceAndAppManagementAssignmentTarget")] String Target; +}; +[ClassVersion("1.0.0")] +class MSFT_IntuneDeviceAndAppManagementAssignmentTarget +{ + [Write, Description("The ID of the filter for the target assignment.")] String DeviceAndAppManagementAssignmentFilterId; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are: none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String DeviceAndAppManagementAssignmentFilterType; + [Write, Description("AAD Group Id.")] String GroupId; + [Write, Description("The collection Id that is the target of the assignment.")] String CollectionId; + [Write, Description("The type of the entity."), ValueMap{"#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.androidFotaDeploymentAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget","#microsoft.graph.groupAssignmentTarget"}, Values{"#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.androidFotaDeploymentAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget","#microsoft.graph.groupAssignmentTarget"}] String odataType; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceManagementComplianceManagementPartner")] +class MSFT_IntuneDeviceManagementComplianceManagementPartner : OMI_BaseResource +{ + [Write, Description("User groups which enroll Android devices through partner."), EmbeddedInstance("MSFT_IntunecomplianceManagementPartnerAssignment")] String AndroidEnrollmentAssignments[]; + [Write, Description("Partner onboarded for Android devices.")] Boolean AndroidOnboarded; + [Key, Description("Partner display name")] String DisplayName; + [Write, Description("User groups which enroll ios devices through partner."), EmbeddedInstance("MSFT_IntunecomplianceManagementPartnerAssignment")] String IosEnrollmentAssignments[]; + [Write, Description("Partner onboarded for ios devices.")] Boolean IosOnboarded; + [Write, Description("Timestamp of last heartbeat after admin onboarded to the compliance management partner")] String LastHeartbeatDateTime; + [Write, Description("User groups which enroll Mac devices through partner."), EmbeddedInstance("MSFT_IntunecomplianceManagementPartnerAssignment")] String MacOsEnrollmentAssignments[]; + [Write, Description("Partner onboarded for Mac devices.")] Boolean MacOsOnboarded; + [Write, Description("Partner state of this tenant. Possible values are: unknown, unavailable, enabled, terminated, rejected, unresponsive."), ValueMap{"unknown","unavailable","enabled","terminated","rejected","unresponsive"}, Values{"unknown","unavailable","enabled","terminated","rejected","unresponsive"}] String PartnerState; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/readme.md new file mode 100644 index 0000000000..16b90d3c50 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/readme.md @@ -0,0 +1,6 @@ + +# IntuneDeviceManagementComplianceManagementPartner + +## Description + +Intune Device Management Compliance Management Partner diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/settings.json new file mode 100644 index 0000000000..1675aa1eae --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/settings.json @@ -0,0 +1,57 @@ +{ + "resourceName": "IntuneDeviceManagementComplianceManagementPartner", + "description": "This resource configures an Intune Device Management Compliance Management Partner.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementServiceConfig.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementServiceConfig.ReadWrite.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementServiceConfig.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementServiceConfig.ReadWrite.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + }, + { + "name": "Group.Read.All" + } + ] + } + } +} + +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceManagementPartner.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceManagementPartner.Tests.ps1 new file mode 100644 index 0000000000..50f7b194d5 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceManagementPartner.Tests.ps1 @@ -0,0 +1,501 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneDeviceManagementComplianceManagementPartner" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgBetaDeviceManagementComplianceManagementPartner -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementComplianceManagementPartner -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceManagementComplianceManagementPartner -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + # Test contexts + Context -Name "The IntuneDeviceManagementComplianceManagementPartner should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + AndroidEnrollmentAssignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ + Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } -ClientOnly) + } -ClientOnly) + ) + AndroidOnboarded = $True + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + IosEnrollmentAssignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ + Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } -ClientOnly) + } -ClientOnly) + ) + IosOnboarded = $True + LastHeartbeatDateTime = "2023-01-01T00:00:00.0000000+01:00" + MacOsEnrollmentAssignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ + Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } -ClientOnly) + } -ClientOnly) + ) + MacOsOnboarded = $True + PartnerState = "unknown" + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementComplianceManagementPartner -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaDeviceManagementComplianceManagementPartner -Exactly 1 + } + } + + Context -Name "The IntuneDeviceManagementComplianceManagementPartner exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + AndroidEnrollmentAssignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ + Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } -ClientOnly) + } -ClientOnly) + ) + AndroidOnboarded = $True + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + IosEnrollmentAssignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ + Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } -ClientOnly) + } -ClientOnly) + ) + IosOnboarded = $True + LastHeartbeatDateTime = "2023-01-01T00:00:00.0000000+01:00" + MacOsEnrollmentAssignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ + Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } -ClientOnly) + } -ClientOnly) + ) + MacOsOnboarded = $True + PartnerState = "unknown" + Ensure = 'Absent' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementComplianceManagementPartner -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.ComplianceManagementPartner" + } + AndroidEnrollmentAssignments = @( + @{ + Target = @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + } + ) + AndroidOnboarded = $True + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + IosEnrollmentAssignments = @( + @{ + Target = @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + } + ) + IosOnboarded = $True + LastHeartbeatDateTime = "2023-01-01T00:00:00.0000000+01:00" + MacOsEnrollmentAssignments = @( + @{ + Target = @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + } + ) + MacOsOnboarded = $True + PartnerState = "unknown" + + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementComplianceManagementPartner -Exactly 1 + } + } + Context -Name "The IntuneDeviceManagementComplianceManagementPartner Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AndroidEnrollmentAssignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ + Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } -ClientOnly) + } -ClientOnly) + ) + AndroidOnboarded = $True + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + IosEnrollmentAssignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ + Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } -ClientOnly) + } -ClientOnly) + ) + IosOnboarded = $True + LastHeartbeatDateTime = "2023-01-01T00:00:00.0000000+01:00" + MacOsEnrollmentAssignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ + Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } -ClientOnly) + } -ClientOnly) + ) + MacOsOnboarded = $True + PartnerState = "unknown" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementComplianceManagementPartner -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.ComplianceManagementPartner" + } + AndroidEnrollmentAssignments = @( + @{ + Target = @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + } + ) + AndroidOnboarded = $True + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + IosEnrollmentAssignments = @( + @{ + Target = @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + } + ) + IosOnboarded = $True + LastHeartbeatDateTime = "2023-01-01T00:00:00.0000000+01:00" + MacOsEnrollmentAssignments = @( + @{ + Target = @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + } + ) + MacOsOnboarded = $True + PartnerState = "unknown" + + } + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneDeviceManagementComplianceManagementPartner exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + AndroidEnrollmentAssignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ + Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } -ClientOnly) + } -ClientOnly) + ) + AndroidOnboarded = $True + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + IosEnrollmentAssignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ + Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } -ClientOnly) + } -ClientOnly) + ) + IosOnboarded = $True + LastHeartbeatDateTime = "2023-01-01T00:00:00.0000000+01:00" + MacOsEnrollmentAssignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ + Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } -ClientOnly) + } -ClientOnly) + ) + MacOsOnboarded = $True + PartnerState = "unknown" + Ensure = 'Present' + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementComplianceManagementPartner -MockWith { + return @{ + AndroidEnrollmentAssignments = @( + @{ + Target = @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + } + ) + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + IosEnrollmentAssignments = @( + @{ + Target = @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + } + ) + LastHeartbeatDateTime = "2023-01-01T00:00:00.0000000+01:00" + MacOsEnrollmentAssignments = @( + @{ + Target = @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + } + ) + PartnerState = "unknown" + } + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceManagementComplianceManagementPartner -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementComplianceManagementPartner -MockWith { + return @{ + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.ComplianceManagementPartner" + } + AndroidEnrollmentAssignments = @( + @{ + Target = @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + } + ) + AndroidOnboarded = $True + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + IosEnrollmentAssignments = @( + @{ + Target = @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + } + ) + IosOnboarded = $True + LastHeartbeatDateTime = "2023-01-01T00:00:00.0000000+01:00" + MacOsEnrollmentAssignments = @( + @{ + Target = @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = "FakeStringValue" + CollectionId = "FakeStringValue" + '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + } + ) + MacOsOnboarded = $True + PartnerState = "unknown" + + } + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From b966dcef47e0bd964330baefe6c11d91bd5ce44f Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Mon, 4 Nov 2024 13:58:08 +0100 Subject: [PATCH 02/17] update changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c81516ac05..0a0319fbf9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -105,6 +105,8 @@ * Added a few verbose messages * IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile * Initial release. +* IntuneDeviceManagementComplianceManagementPartner + * Initial release * IntuneEndpointDetectionAndResponsePolicyWindows10 * Fixes an issue with `AutoFromConnector` as the Configuration package type. FIXES [#5246](https://github.com/microsoft/Microsoft365DSC/issues/5246) From 43d16d8342cc3d297e5c4b2ca5a7d0d8a2523418 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Mon, 4 Nov 2024 14:28:20 +0100 Subject: [PATCH 03/17] added examples --- .../1-Create.ps1 | 44 +++++++++++++++++++ .../2-Update.ps1 | 44 +++++++++++++++++++ .../3-Remove.ps1 | 31 +++++++++++++ 3 files changed, 119 insertions(+) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/3-Remove.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 new file mode 100644 index 0000000000..a59abafe5e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 @@ -0,0 +1,44 @@ +<# +This example creates a new Device Management Compliance Management Partner. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceManagementComplianceManagementPartner '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' + { + AndroidEnrollmentAssignments = @( + MSFT_IntunecomplianceManagementPartnerAssignment @{ + Target = MSFT_IntunedeviceAndAppManagementAssignmentTarget @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = '11111111-1111-1111-1111-111111111111' + CollectionId = '22222222-2222-2222-2222-222222222222' + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + } + ) + AndroidOnboarded = $True + DisplayName = "3rdPartyPartnerAndroidManagement" + PartnerState = "enabled" + Ensure = "Present" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint; + } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 new file mode 100644 index 0000000000..84612dc5fe --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 @@ -0,0 +1,44 @@ +<# +This example updates an existing Device Management Compliance Management Partner. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceManagementComplianceManagementPartner '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' + { + AndroidEnrollmentAssignments = @( + MSFT_IntunecomplianceManagementPartnerAssignment @{ + Target = MSFT_IntunedeviceAndAppManagementAssignmentTarget @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupId = '11111111-2222-2222-2222-111111111111' + CollectionId = '22222222-2222-2222-2222-222222222222' + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + } + ) + AndroidOnboarded = $True + DisplayName = "3rdPartyPartnerAndroidManagement" + PartnerState = "enabled" + Ensure = "Present" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint; + } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/3-Remove.ps1 new file mode 100644 index 0000000000..e2c34116b0 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/3-Remove.ps1 @@ -0,0 +1,31 @@ +<# +This example removes a Device Management Compliance Management Partner. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceManagementComplianceManagementPartner '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' + { + DisplayName = "3rdPartyPartnerAndroidManagement" + Ensure = "Absent" + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint; + } From 916eadbc24bb467d109138bb751afd2aa2c4d7dc Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Mon, 4 Nov 2024 14:47:01 +0100 Subject: [PATCH 04/17] updated tests --- .../1-Create.ps1 | 2 ++ .../2-Update.ps1 | 2 ++ .../3-Remove.ps1 | 2 ++ 3 files changed, 6 insertions(+) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 index a59abafe5e..2553370a19 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 @@ -42,3 +42,5 @@ Configuration Example TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint; } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 index 84612dc5fe..08b0e2591c 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 @@ -42,3 +42,5 @@ Configuration Example TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint; } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/3-Remove.ps1 index e2c34116b0..ba2a4a65b7 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/3-Remove.ps1 @@ -29,3 +29,5 @@ Configuration Example TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint; } + } +} From 9ecd496cb117027717b6a5edf046a87c25e4ae2b Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Mon, 4 Nov 2024 15:08:27 +0100 Subject: [PATCH 05/17] updated tests --- .../1-Create.ps1 | 4 ++-- .../2-Update.ps1 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 index 2553370a19..e3e9238f20 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 @@ -24,8 +24,8 @@ Configuration Example IntuneDeviceManagementComplianceManagementPartner '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' { AndroidEnrollmentAssignments = @( - MSFT_IntunecomplianceManagementPartnerAssignment @{ - Target = MSFT_IntunedeviceAndAppManagementAssignmentTarget @{ + MSFT_IntunecomplianceManagementPartnerAssignment{ + Target = MSFT_IntunedeviceAndAppManagementAssignmentTarget{ DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" GroupId = '11111111-1111-1111-1111-111111111111' CollectionId = '22222222-2222-2222-2222-222222222222' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 index 08b0e2591c..88324a853b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 @@ -24,8 +24,8 @@ Configuration Example IntuneDeviceManagementComplianceManagementPartner '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' { AndroidEnrollmentAssignments = @( - MSFT_IntunecomplianceManagementPartnerAssignment @{ - Target = MSFT_IntunedeviceAndAppManagementAssignmentTarget @{ + MSFT_IntunecomplianceManagementPartnerAssignment{ + Target = MSFT_IntunedeviceAndAppManagementAssignmentTarget{ DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" GroupId = '11111111-2222-2222-2222-111111111111' CollectionId = '22222222-2222-2222-2222-222222222222' From f42a0bbc5547f72dc77dd556288175d022c4cd11 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Tue, 5 Nov 2024 09:01:10 +0100 Subject: [PATCH 06/17] updated stubs --- Tests/Unit/Stubs/Microsoft365.psm1 | 262 +++++++++++++++++++++++++++++ 1 file changed, 262 insertions(+) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 7a3ce5eea9..567e8f98df 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -101990,6 +101990,268 @@ function Update-MgBetaDeviceManagementApplePushNotificationCertificate $HttpPipelineAppend ) } + +function Get-MgBetaDeviceManagementComplianceManagementPartner +{ + [Cmdletbinding()] + param( + [Parameter()] + [string]$ComplianceManagementPartnerId, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Models.IDeviceManagementAdministrationIdentity]$InputObject, + + [Parameter()] + [string[]]$ExpandProperty, + + [Parameter()] + [string[]]$Property, + + [Parameter()] + [string]$Filter, + + [Parameter()] + [string]$Search, + + [Parameter()] + [int]$Skip, + + [Parameter()] + [string[]]$Sort, + + [Parameter()] + [int]$Top, + + [Parameter()] + [string]$ResponseHeadersVariable, + + [Parameter()] + [switch]$Break, + + [Parameter()] + [System.Collections.IDictionary]$Headers, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelineAppend, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelinePrepend, + + [Parameter()] + [uri]$Proxy, + + [Parameter()] + [pscredential]$ProxyCredential, + + [Parameter()] + [switch]$ProxyUseDefaultCredentials, + + [Parameter()] + [int]$PageSize, + + [Parameter()] + [switch]$All, + + [Parameter()] + [string]$CountVariable + ) +} + +function New-MgBetaDeviceManagementComplianceManagementPartner +{ + [Cmdletbinding()] + param( + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartner]$BodyParameter, + + [Parameter()] + [string]$ResponseHeadersVariable, + + [Parameter()] + [hashtable]$AdditionalProperties, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartnerAssignment[]]$AndroidEnrollmentAssignments, + + [Parameter()] + [switch]$AndroidOnboarded, + + [Parameter()] + [string]$DisplayName, + + [Parameter()] + [string]$Id, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartnerAssignment[]]$IosEnrollmentAssignments, + + [Parameter()] + [switch]$IosOnboarded, + + [Parameter()] + [datetime]$LastHeartbeatDateTime, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartnerAssignment[]]$MacOSEnrollmentAssignments, + + [Parameter()] + [switch]$MacOSOnboarded, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Support.DeviceManagementPartnerTenantState]$PartnerState, + + [Parameter()] + [switch]$Break, + + [Parameter()] + [System.Collections.IDictionary]$Headers, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelineAppend, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelinePrepend, + + [Parameter()] + [uri]$Proxy, + + [Parameter()] + [pscredential]$ProxyCredential, + + [Parameter()] + [switch]$ProxyUseDefaultCredentials, + + [Parameter()] + [switch]$Confirm, + + [Parameter()] + [switch]$WhatIf + ) +} +function Update-MgBetaDeviceManagementComplianceManagementPartner +{ + [Cmdletbinding()] + param( + [Parameter()] + [string]$ComplianceManagementPartnerId, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Models.IDeviceManagementAdministrationIdentity]$InputObject, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartner]$BodyParameter, + + [Parameter()] + [string]$ResponseHeadersVariable, + + [Parameter()] + [hashtable]$AdditionalProperties, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartnerAssignment[]]$AndroidEnrollmentAssignments, + + [Parameter()] + [switch]$AndroidOnboarded, + + [Parameter()] + [string]$DisplayName, + + [Parameter()] + [string]$Id, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartnerAssignment[]]$IosEnrollmentAssignments, + + [Parameter()] + [switch]$IosOnboarded, + + [Parameter()] + [datetime]$LastHeartbeatDateTime, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartnerAssignment[]]$MacOSEnrollmentAssignments, + + [Parameter()] + [switch]$MacOSOnboarded, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Support.DeviceManagementPartnerTenantState]$PartnerState, + + [Parameter()] + [switch]$Break, + + [Parameter()] + [System.Collections.IDictionary]$Headers, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelineAppend, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelinePrepend, + + [Parameter()] + [uri]$Proxy, + + [Parameter()] + [pscredential]$ProxyCredential, + + [Parameter()] + [switch]$ProxyUseDefaultCredentials, + + [Parameter()] + [switch]$WhatIf, + + [Parameter()] + [switch]$Confirm + ) +} +function Remove-MgBetaDeviceManagementComplianceManagementPartner +{ + [Cmdletbinding()] + param( + [Parameter()] + [string]$ComplianceManagementPartnerId, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Models.IDeviceManagementAdministrationIdentity]$InputObject, + + [Parameter()] + [string]$IfMatch, + + [Parameter()] + [string]$ResponseHeadersVariable, + + [Parameter()] + [switch]$Break, + + [Parameter()] + [System.Collections.IDictionary]$Headers, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelineAppend, + + [Parameter()] + [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelinePrepend, + + [Parameter()] + [switch]$PassThru, + + [Parameter()] + [uri]$Proxy, + + [Parameter()] + [pscredential]$ProxyCredential, + + [Parameter()] + [switch]$ProxyUseDefaultCredentials, + + [Parameter()] + [switch]$Confirm, + + [Parameter()] + [switch]$WhatIf + ) +} #endregion #region Microsoft.Graph.Authentication function Update-MgBetaNetworkAccessFilteringPolicyRule From ee94136054815bc9c87f3d63a69b02474c880906 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Tue, 5 Nov 2024 13:37:09 +0100 Subject: [PATCH 07/17] removed one layer of CimInstances --- ...ManagementComplianceManagementPartner.psm1 | 170 +++++++++----- ...mentComplianceManagementPartner.schema.mof | 8 +- .../1-Create.ps1 | 12 +- .../2-Update.ps1 | 12 +- ...ementComplianceManagementPartner.Tests.ps1 | 211 ++++++++++-------- 5 files changed, 236 insertions(+), 177 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 index 10cc855353..42b65641e2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 @@ -25,10 +25,6 @@ function Get-TargetResource [System.Boolean] $IosOnboarded, - [Parameter()] - [System.String] - $LastHeartbeatDateTime, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $MacOsEnrollmentAssignments, @@ -126,26 +122,34 @@ function Get-TargetResource { $myAndroidEnrollmentAssignments = @{} $complexTarget = @{} - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentAndroidEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterId) - if ($null -ne $currentAndroidEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType) + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentAndroidEnrollmentAssignments.deviceAndAppManagementAssignmentFilterId) + if ($null -ne $currentAndroidEnrollmentAssignments.deviceAndAppManagementAssignmentFilterType) { - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentAndroidEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType.ToString()) + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentAndroidEnrollmentAssignments.deviceAndAppManagementAssignmentFilterType.ToString()) } - $complexTarget.Add('GroupId', $currentAndroidEnrollmentAssignments.target.groupId) - $complexTarget.Add('CollectionId', $currentAndroidEnrollmentAssignments.target.collectionId) - if ($null -ne $currentAndroidEnrollmentAssignments.target.'@odata.type') + $complexTarget.Add('GroupId', $currentAndroidEnrollmentAssignments.groupId) + $groupObj = Get-MgGroup -GroupId $currentAndroidEnrollmentAssignments.groupId -Property DisplayName + $complexTarget.Add('GroupDisplayName', $groupObj.DisplayName) + $complexTarget.Add('CollectionId', $currentAndroidEnrollmentAssignments.collectionId) + if ($null -ne $currentAndroidEnrollmentAssignments.'@odata.type') { - $complexTarget.Add('odataType', $currentAndroidEnrollmentAssignments.target.'@odata.type'.ToString()) + $complexTarget.Add('odataType', $currentAndroidEnrollmentAssignments.'@odata.type'.ToString()) } if ($complexTarget.values.Where({$null -ne $_}).Count -eq 0) { $complexTarget = $null } + else + { + $complexAndroidEnrollmentAssignments += $complexTarget + } + <# $myAndroidEnrollmentAssignments.Add('Target',$complexTarget) if ($myAndroidEnrollmentAssignments.values.Where({$null -ne $_}).Count -gt 0) { $complexAndroidEnrollmentAssignments += $myAndroidEnrollmentAssignments } + #> } $complexIosEnrollmentAssignments = @() @@ -153,26 +157,34 @@ function Get-TargetResource { $myIosEnrollmentAssignments = @{} $complexTarget = @{} - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentIosEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterId) - if ($null -ne $currentIosEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType) + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentIosEnrollmentAssignments.deviceAndAppManagementAssignmentFilterId) + if ($null -ne $currentIosEnrollmentAssignments.deviceAndAppManagementAssignmentFilterType) { - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentIosEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType.ToString()) + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentIosEnrollmentAssignments.deviceAndAppManagementAssignmentFilterType.ToString()) } - $complexTarget.Add('GroupId', $currentIosEnrollmentAssignments.target.groupId) - $complexTarget.Add('CollectionId', $currentIosEnrollmentAssignments.target.collectionId) - if ($null -ne $currentIosEnrollmentAssignments.target.'@odata.type') + $complexTarget.Add('GroupId', $currentIosEnrollmentAssignments.groupId) + $groupObj = Get-MgGroup -GroupId $currentIosEnrollmentAssignments.groupId -Property DisplayName + $complexTarget.Add('GroupDisplayName', $groupObj.DisplayName) + $complexTarget.Add('CollectionId', $currentIosEnrollmentAssignments.collectionId) + if ($null -ne $currentIosEnrollmentAssignments.'@odata.type') { - $complexTarget.Add('odataType', $currentIosEnrollmentAssignments.target.'@odata.type'.ToString()) + $complexTarget.Add('odataType', $currentIosEnrollmentAssignments.'@odata.type'.ToString()) } if ($complexTarget.values.Where({$null -ne $_}).Count -eq 0) { $complexTarget = $null } + else + { + $complexIosEnrollmentAssignments += $complexTarget + } + <# $myIosEnrollmentAssignments.Add('Target',$complexTarget) if ($myIosEnrollmentAssignments.values.Where({$null -ne $_}).Count -gt 0) { $complexIosEnrollmentAssignments += $myIosEnrollmentAssignments } + #> } $complexMacOsEnrollmentAssignments = @() @@ -180,26 +192,34 @@ function Get-TargetResource { $myMacOsEnrollmentAssignments = @{} $complexTarget = @{} - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentMacOsEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterId) - if ($null -ne $currentMacOsEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType) + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentMacOsEnrollmentAssignments.deviceAndAppManagementAssignmentFilterId) + if ($null -ne $currentMacOsEnrollmentAssignments.deviceAndAppManagementAssignmentFilterType) { - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentMacOsEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType.ToString()) + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentMacOsEnrollmentAssignments.deviceAndAppManagementAssignmentFilterType.ToString()) } - $complexTarget.Add('GroupId', $currentMacOsEnrollmentAssignments.target.groupId) - $complexTarget.Add('CollectionId', $currentMacOsEnrollmentAssignments.target.collectionId) - if ($null -ne $currentMacOsEnrollmentAssignments.target.'@odata.type') + $complexTarget.Add('GroupId', $currentMacOsEnrollmentAssignments.groupId) + $groupObj = Get-MgGroup -GroupId $currentMacOsEnrollmentAssignments.groupId -Property DisplayName + $complexTarget.Add('GroupDisplayName', $groupObj.DisplayName) + $complexTarget.Add('CollectionId', $currentMacOsEnrollmentAssignments.collectionId) + if ($null -ne $currentMacOsEnrollmentAssignments.'@odata.type') { - $complexTarget.Add('odataType', $currentMacOsEnrollmentAssignments.target.'@odata.type'.ToString()) + $complexTarget.Add('odataType', $currentMacOsEnrollmentAssignments.'@odata.type'.ToString()) } if ($complexTarget.values.Where({$null -ne $_}).Count -eq 0) { $complexTarget = $null } + else + { + $complexMacOsEnrollmentAssignments += $complexTarget + } + <# $myMacOsEnrollmentAssignments.Add('Target',$complexTarget) if ($myMacOsEnrollmentAssignments.values.Where({$null -ne $_}).Count -gt 0) { $complexMacOsEnrollmentAssignments += $myMacOsEnrollmentAssignments } + #> } #endregion @@ -211,14 +231,6 @@ function Get-TargetResource } #endregion - #region resource generator code - $dateLastHeartbeatDateTime = $null - if ($null -ne $getValue.LastHeartbeatDateTime) - { - $dateLastHeartbeatDateTime = ([DateTimeOffset]$getValue.LastHeartbeatDateTime).ToString('o') - } - #endregion - $results = @{ #region resource generator code AndroidEnrollmentAssignments = $complexAndroidEnrollmentAssignments @@ -226,7 +238,6 @@ function Get-TargetResource DisplayName = $getValue.DisplayName IosEnrollmentAssignments = $complexIosEnrollmentAssignments IosOnboarded = $getValue.IosOnboarded - LastHeartbeatDateTime = $dateLastHeartbeatDateTime MacOsEnrollmentAssignments = $complexMacOsEnrollmentAssignments MacOsOnboarded = $getValue.MacOsOnboarded PartnerState = $enumPartnerState @@ -281,10 +292,6 @@ function Set-TargetResource [System.Boolean] $IosOnboarded, - [Parameter()] - [System.String] - $LastHeartbeatDateTime, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $MacOsEnrollmentAssignments, @@ -363,17 +370,38 @@ function Set-TargetResource $createParameters.Remove('Id') | Out-Null $keys = (([Hashtable]$createParameters).Clone()).Keys + $errorFound = $false foreach ($key in $keys) { - if ($null -ne $createParameters.$key -and $createParameters.$key.GetType().Name -like '*CimInstance*') + if ($null -ne $createParameters.$key -and $createParameters[$key].GetType().Name -like '*CimInstance*') { - $createParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $createParameters.$key + $complexObject = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $createParameters.$key + $createParameters.Add($key, @()) + foreach ($instance in $complexObject) + { + $targetObject = $instance.Clone() + $groupObj = Get-MgGroup -Filter "DisplayName eq '$($instance.GroupDisplayName)'" + if ($groupObj -and $groupObj.SecurityEnabled -eq $true) + { + $targetObject.Add('groupId', $groupObj.Id) + $targetObject.Remove('GroupDisplayName') + $createParameters[$key] += @{target = $targetObject} + } + else + { + $errorFound = $true + Add-M365DSCEvent -Message "Cannot create DeviceManagementComplianceManagementPartner {$DisplayName}, Group '$($instance.GroupDisplayName)' in $key does not exist or is not a security-group" -Source $($MyInvocation.MyCommand.Source) -EventId 19 -EntryType Error -TenantId $TenantId + } + } } } + if ($errorFound -eq $false) + { #region resource generator code - $createParameters.Add("@odata.type", "#microsoft.graph.ComplianceManagementPartner") - $policy = New-MgBetaDeviceManagementComplianceManagementPartner -BodyParameter $createParameters + $createParameters.Add("@odata.type", "#microsoft.graph.ComplianceManagementPartner") + $policy = New-MgBetaDeviceManagementComplianceManagementPartner -BodyParameter $createParameters #endregion + } } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -385,20 +413,40 @@ function Set-TargetResource $updateParameters.Remove('Id') | Out-Null $keys = (([Hashtable]$updateParameters).Clone()).Keys + $errorFound = $false foreach ($key in $keys) { if ($null -ne $pdateParameters.$key -and $updateParameters.$key.GetType().Name -like '*CimInstance*') { - $updateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $updateParameters.ComplianceManagementPartnerId + $complexObject = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $updateParameters.$key + $updateParameters.Add($key, @()) + foreach ($instance in $complexObject) + { + $targetObject = $instance.Clone() + $groupObj = Get-MgGroup -Filter "DisplayName eq '$($instance.GroupDisplayName)'" + if ($groupObj -and $groupObj.SecurityEnabled -eq $true) + { + $targetObject.Add('groupId', $groupObj.Id) + $targetObject.Remove('GroupDisplayName') + $updateParameters[$key] += @{target = $targetObject} + } + else + { + $errorFound = $true + Add-M365DSCEvent -Message "Cannot update DeviceManagementComplianceManagementPartner {$DisplayName}, Group '$($instance.GroupDisplayName)' in $key does not exist or is not a security-group" -Source $($MyInvocation.MyCommand.Source) -EventId 19 -EntryType Error -TenantId $TenantId + } + } } } - - #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.ComplianceManagementPartner") - Update-MgBetaDeviceManagementComplianceManagementPartner ` - -ComplianceManagementPartnerId $currentInstance.Id ` - -BodyParameter $UpdateParameters - #endregion + if ($errorFOund -eq $false) + { + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.ComplianceManagementPartner") + Update-MgBetaDeviceManagementComplianceManagementPartner ` + -ComplianceManagementPartnerId $currentInstance.Id ` + -BodyParameter $UpdateParameters + #endregion + } } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -436,10 +484,6 @@ function Test-TargetResource [System.Boolean] $IosOnboarded, - [Parameter()] - [System.String] - $LastHeartbeatDateTime, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $MacOsEnrollmentAssignments, @@ -659,6 +703,7 @@ function Export-TargetResource -Results $Results if ($null -ne $Results.AndroidEnrollmentAssignments) { + <# $complexMapping = @( @{ Name = 'AndroidEnrollmentAssignments' @@ -671,10 +716,11 @@ function Export-TargetResource IsRequired = $False } ) + #> $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.AndroidEnrollmentAssignments ` - -CIMInstanceName 'IntunecomplianceManagementPartnerAssignment' ` - -ComplexTypeMapping $complexMapping + -CIMInstanceName 'IntuneDeviceAndAppManagementAssignmentTarget' <#` + -ComplexTypeMapping $complexMapping#> if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -687,6 +733,7 @@ function Export-TargetResource } if ($null -ne $Results.IosEnrollmentAssignments) { + <# $complexMapping = @( @{ Name = 'IosEnrollmentAssignments' @@ -699,10 +746,11 @@ function Export-TargetResource IsRequired = $False } ) + #> $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.IosEnrollmentAssignments ` - -CIMInstanceName 'IntunecomplianceManagementPartnerAssignment' ` - -ComplexTypeMapping $complexMapping + -CIMInstanceName 'IntuneDeviceAndAppManagementAssignmentTarget' <#` + -ComplexTypeMapping $complexMapping#> if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -715,6 +763,7 @@ function Export-TargetResource } if ($null -ne $Results.MacOsEnrollmentAssignments) { + <# $complexMapping = @( @{ Name = 'MacOsEnrollmentAssignments' @@ -727,10 +776,11 @@ function Export-TargetResource IsRequired = $False } ) + #> $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.MacOsEnrollmentAssignments ` - -CIMInstanceName 'IntunecomplianceManagementPartnerAssignment' ` - -ComplexTypeMapping $complexMapping + -CIMInstanceName 'IntuneDeviceAndAppManagementAssignmentTarget' <#` + -ComplexTypeMapping $complexMapping#> if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.schema.mof index 371d239262..449af203bc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.schema.mof @@ -9,6 +9,7 @@ class MSFT_IntuneDeviceAndAppManagementAssignmentTarget [Write, Description("The ID of the filter for the target assignment.")] String DeviceAndAppManagementAssignmentFilterId; [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are: none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String DeviceAndAppManagementAssignmentFilterType; [Write, Description("AAD Group Id.")] String GroupId; + [Write, Description("AAD Group DisplayName.")] String GroupDisplayName; [Write, Description("The collection Id that is the target of the assignment.")] String CollectionId; [Write, Description("The type of the entity."), ValueMap{"#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.androidFotaDeploymentAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget","#microsoft.graph.groupAssignmentTarget"}, Values{"#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.androidFotaDeploymentAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget","#microsoft.graph.groupAssignmentTarget"}] String odataType; }; @@ -16,13 +17,12 @@ class MSFT_IntuneDeviceAndAppManagementAssignmentTarget [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceManagementComplianceManagementPartner")] class MSFT_IntuneDeviceManagementComplianceManagementPartner : OMI_BaseResource { - [Write, Description("User groups which enroll Android devices through partner."), EmbeddedInstance("MSFT_IntunecomplianceManagementPartnerAssignment")] String AndroidEnrollmentAssignments[]; + [Write, Description("User groups which enroll Android devices through partner."), EmbeddedInstance("MSFT_IntuneDeviceAndAppManagementAssignmentTarget")] String AndroidEnrollmentAssignments[]; [Write, Description("Partner onboarded for Android devices.")] Boolean AndroidOnboarded; [Key, Description("Partner display name")] String DisplayName; - [Write, Description("User groups which enroll ios devices through partner."), EmbeddedInstance("MSFT_IntunecomplianceManagementPartnerAssignment")] String IosEnrollmentAssignments[]; + [Write, Description("User groups which enroll ios devices through partner."), EmbeddedInstance("MSFT_IntuneDeviceAndAppManagementAssignmentTarget")] String IosEnrollmentAssignments[]; [Write, Description("Partner onboarded for ios devices.")] Boolean IosOnboarded; - [Write, Description("Timestamp of last heartbeat after admin onboarded to the compliance management partner")] String LastHeartbeatDateTime; - [Write, Description("User groups which enroll Mac devices through partner."), EmbeddedInstance("MSFT_IntunecomplianceManagementPartnerAssignment")] String MacOsEnrollmentAssignments[]; + [Write, Description("User groups which enroll Mac devices through partner."), EmbeddedInstance("MSFT_IntuneDeviceAndAppManagementAssignmentTarget")] String MacOsEnrollmentAssignments[]; [Write, Description("Partner onboarded for Mac devices.")] Boolean MacOsOnboarded; [Write, Description("Partner state of this tenant. Possible values are: unknown, unavailable, enabled, terminated, rejected, unresponsive."), ValueMap{"unknown","unavailable","enabled","terminated","rejected","unresponsive"}, Values{"unknown","unavailable","enabled","terminated","rejected","unresponsive"}] String PartnerState; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 index e3e9238f20..ce2a8501ec 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 @@ -25,13 +25,11 @@ Configuration Example { AndroidEnrollmentAssignments = @( MSFT_IntunecomplianceManagementPartnerAssignment{ - Target = MSFT_IntunedeviceAndAppManagementAssignmentTarget{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = '11111111-1111-1111-1111-111111111111' - CollectionId = '22222222-2222-2222-2222-222222222222' - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" - } + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupDisplayName = 'SomeGroup' + CollectionId = '22222222-2222-2222-2222-222222222222' + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" } ) AndroidOnboarded = $True diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 index 88324a853b..46328d2d34 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 @@ -25,13 +25,11 @@ Configuration Example { AndroidEnrollmentAssignments = @( MSFT_IntunecomplianceManagementPartnerAssignment{ - Target = MSFT_IntunedeviceAndAppManagementAssignmentTarget{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = '11111111-2222-2222-2222-111111111111' - CollectionId = '22222222-2222-2222-2222-222222222222' - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" - } + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupDisplayName = 'SomeOtherGroup' + CollectionId = '22222222-2222-2222-2222-222222222222' + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" } ) AndroidOnboarded = $True diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceManagementPartner.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceManagementPartner.Tests.ps1 index 50f7b194d5..2eacd44dc9 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceManagementPartner.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceManagementPartner.Tests.ps1 @@ -57,41 +57,34 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $testParams = @{ AndroidEnrollmentAssignments = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ - Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" - } -ClientOnly) + (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupDisplayName = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) AndroidOnboarded = $True DisplayName = "FakeStringValue" Id = "FakeStringValue" IosEnrollmentAssignments = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ - Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" - } -ClientOnly) + (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupDisplayName = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) IosOnboarded = $True - LastHeartbeatDateTime = "2023-01-01T00:00:00.0000000+01:00" MacOsEnrollmentAssignments = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ - Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" - } -ClientOnly) + (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupDisplayName = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) MacOsOnboarded = $True @@ -103,6 +96,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgBetaDeviceManagementComplianceManagementPartner -MockWith { return $null } + + Mock -CommandName Get-MgGroup -MockWith { + return @{ + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SecurityEnabled = $true + } + } } It 'Should return Values from the Get method' { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' @@ -120,41 +121,34 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $testParams = @{ AndroidEnrollmentAssignments = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ - Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" - } -ClientOnly) + (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupDisplayName = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) AndroidOnboarded = $True DisplayName = "FakeStringValue" Id = "FakeStringValue" IosEnrollmentAssignments = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ - Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" - } -ClientOnly) + (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupDisplayName = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) IosOnboarded = $True - LastHeartbeatDateTime = "2023-01-01T00:00:00.0000000+01:00" MacOsEnrollmentAssignments = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ - Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" - } -ClientOnly) + (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupDisplayName = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) MacOsOnboarded = $True @@ -211,6 +205,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + + Mock -CommandName Get-MgGroup -MockWith { + return @{ + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SecurityEnabled = $true + } + } } It 'Should return Values from the Get method' { @@ -230,41 +232,35 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $testParams = @{ AndroidEnrollmentAssignments = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ - Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" - } -ClientOnly) + (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupDisplayName = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) AndroidOnboarded = $True DisplayName = "FakeStringValue" Id = "FakeStringValue" IosEnrollmentAssignments = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ - Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" - } -ClientOnly) + (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupDisplayName = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) IosOnboarded = $True LastHeartbeatDateTime = "2023-01-01T00:00:00.0000000+01:00" MacOsEnrollmentAssignments = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ - Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" - } -ClientOnly) + (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupDisplayName = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) MacOsOnboarded = $True @@ -321,6 +317,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + + Mock -CommandName Get-MgGroup -MockWith { + return @{ + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SecurityEnabled = $true + } + } } @@ -333,41 +337,34 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { BeforeAll { $testParams = @{ AndroidEnrollmentAssignments = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ - Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" - } -ClientOnly) + (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupDisplayName = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) AndroidOnboarded = $True DisplayName = "FakeStringValue" Id = "FakeStringValue" IosEnrollmentAssignments = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ - Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" - } -ClientOnly) + (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupDisplayName = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) IosOnboarded = $True - LastHeartbeatDateTime = "2023-01-01T00:00:00.0000000+01:00" MacOsEnrollmentAssignments = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_IntunecomplianceManagementPartnerAssignment -Property @{ - Target = (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" - } -ClientOnly) + (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + GroupDisplayName = "FakeStringValue" + CollectionId = "FakeStringValue" + odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) MacOsOnboarded = $True @@ -417,6 +414,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { PartnerState = "unknown" } } + + Mock -CommandName Get-MgGroup -MockWith { + return @{ + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SecurityEnabled = $true + } + } } It 'Should return Values from the Get method' { @@ -489,6 +494,14 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } + + Mock -CommandName Get-MgGroup -MockWith { + return @{ + DisplayName = "FakeStringValue" + Id = "FakeStringValue" + SecurityEnabled = $true + } + } } It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams From dd705e25d576a0b4500934ce47a3c615f1b7a6b4 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Wed, 6 Nov 2024 08:07:00 +0100 Subject: [PATCH 08/17] updated examples --- .../1-Create.ps1 | 2 +- .../2-Update.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 index ce2a8501ec..fa74662d35 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 @@ -24,7 +24,7 @@ Configuration Example IntuneDeviceManagementComplianceManagementPartner '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' { AndroidEnrollmentAssignments = @( - MSFT_IntunecomplianceManagementPartnerAssignment{ + MSFT_IntuneDeviceAndAppManagementAssignmentTarget{ DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" GroupDisplayName = 'SomeGroup' CollectionId = '22222222-2222-2222-2222-222222222222' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 index 46328d2d34..647bc2f5a2 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 @@ -24,7 +24,7 @@ Configuration Example IntuneDeviceManagementComplianceManagementPartner '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' { AndroidEnrollmentAssignments = @( - MSFT_IntunecomplianceManagementPartnerAssignment{ + MSFT_IntuneDeviceAndAppManagementAssignmentTarget{ DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" GroupDisplayName = 'SomeOtherGroup' CollectionId = '22222222-2222-2222-2222-222222222222' From 79b2d62762d9f7f8c1e77e5a6737c5e59f6db629 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Wed, 6 Nov 2024 08:36:01 +0100 Subject: [PATCH 09/17] updated stubs --- Tests/Unit/Stubs/Microsoft365.psm1 | 42 +++++++++++++++--------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index dc2c3b5ff1..7b4a2bd1b7 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -102487,7 +102487,7 @@ function Get-MgBetaDeviceManagementComplianceManagementPartner [string]$ComplianceManagementPartnerId, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Models.IDeviceManagementAdministrationIdentity]$InputObject, + [object]$InputObject, [Parameter()] [string[]]$ExpandProperty, @@ -102520,10 +102520,10 @@ function Get-MgBetaDeviceManagementComplianceManagementPartner [System.Collections.IDictionary]$Headers, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelineAppend, + [PSObject]$HttpPipelineAppend, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelinePrepend, + [PSObject]$HttpPipelinePrepend, [Parameter()] [uri]$Proxy, @@ -102550,7 +102550,7 @@ function New-MgBetaDeviceManagementComplianceManagementPartner [Cmdletbinding()] param( [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartner]$BodyParameter, + [object]$BodyParameter, [Parameter()] [string]$ResponseHeadersVariable, @@ -102559,7 +102559,7 @@ function New-MgBetaDeviceManagementComplianceManagementPartner [hashtable]$AdditionalProperties, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartnerAssignment[]]$AndroidEnrollmentAssignments, + [object[]]$AndroidEnrollmentAssignments, [Parameter()] [switch]$AndroidOnboarded, @@ -102571,7 +102571,7 @@ function New-MgBetaDeviceManagementComplianceManagementPartner [string]$Id, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartnerAssignment[]]$IosEnrollmentAssignments, + [object[]]$IosEnrollmentAssignments, [Parameter()] [switch]$IosOnboarded, @@ -102580,13 +102580,13 @@ function New-MgBetaDeviceManagementComplianceManagementPartner [datetime]$LastHeartbeatDateTime, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartnerAssignment[]]$MacOSEnrollmentAssignments, + [object[]]$MacOSEnrollmentAssignments, [Parameter()] [switch]$MacOSOnboarded, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Support.DeviceManagementPartnerTenantState]$PartnerState, + [object]$PartnerState, [Parameter()] [switch]$Break, @@ -102595,10 +102595,10 @@ function New-MgBetaDeviceManagementComplianceManagementPartner [System.Collections.IDictionary]$Headers, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelineAppend, + [PSObject]$HttpPipelineAppend, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelinePrepend, + [PSObject]$HttpPipelinePrepend, [Parameter()] [uri]$Proxy, @@ -102624,10 +102624,10 @@ function Update-MgBetaDeviceManagementComplianceManagementPartner [string]$ComplianceManagementPartnerId, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Models.IDeviceManagementAdministrationIdentity]$InputObject, + [object]$InputObject, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartner]$BodyParameter, + [object]$BodyParameter, [Parameter()] [string]$ResponseHeadersVariable, @@ -102636,7 +102636,7 @@ function Update-MgBetaDeviceManagementComplianceManagementPartner [hashtable]$AdditionalProperties, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartnerAssignment[]]$AndroidEnrollmentAssignments, + [object[]]$AndroidEnrollmentAssignments, [Parameter()] [switch]$AndroidOnboarded, @@ -102648,7 +102648,7 @@ function Update-MgBetaDeviceManagementComplianceManagementPartner [string]$Id, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartnerAssignment[]]$IosEnrollmentAssignments, + [object[]]$IosEnrollmentAssignments, [Parameter()] [switch]$IosOnboarded, @@ -102657,13 +102657,13 @@ function Update-MgBetaDeviceManagementComplianceManagementPartner [datetime]$LastHeartbeatDateTime, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphComplianceManagementPartnerAssignment[]]$MacOSEnrollmentAssignments, + [object[]]$MacOSEnrollmentAssignments, [Parameter()] [switch]$MacOSOnboarded, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Support.DeviceManagementPartnerTenantState]$PartnerState, + [object]$PartnerState, [Parameter()] [switch]$Break, @@ -102672,10 +102672,10 @@ function Update-MgBetaDeviceManagementComplianceManagementPartner [System.Collections.IDictionary]$Headers, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelineAppend, + [PSObject]$HttpPipelineAppend, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelinePrepend, + [PSObject]$HttpPipelinePrepend, [Parameter()] [uri]$Proxy, @@ -102701,7 +102701,7 @@ function Remove-MgBetaDeviceManagementComplianceManagementPartner [string]$ComplianceManagementPartnerId, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Models.IDeviceManagementAdministrationIdentity]$InputObject, + [object]$InputObject, [Parameter()] [string]$IfMatch, @@ -102716,10 +102716,10 @@ function Remove-MgBetaDeviceManagementComplianceManagementPartner [System.Collections.IDictionary]$Headers, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelineAppend, + [PSObject]$HttpPipelineAppend, [Parameter()] - [Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]]$HttpPipelinePrepend, + [PSObject]$HttpPipelinePrepend, [Parameter()] [switch]$PassThru, From f11809951069a9c39ed261eb3483247409fae2a2 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Wed, 6 Nov 2024 09:03:15 +0100 Subject: [PATCH 10/17] updated Get-TargetResource to get assignments from target --- ...ManagementComplianceManagementPartner.psm1 | 48 +++++++++---------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 index 42b65641e2..d287d4dd9f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 @@ -122,18 +122,18 @@ function Get-TargetResource { $myAndroidEnrollmentAssignments = @{} $complexTarget = @{} - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentAndroidEnrollmentAssignments.deviceAndAppManagementAssignmentFilterId) - if ($null -ne $currentAndroidEnrollmentAssignments.deviceAndAppManagementAssignmentFilterType) + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentAndroidEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterId) + if ($null -ne $currentAndroidEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType) { - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentAndroidEnrollmentAssignments.deviceAndAppManagementAssignmentFilterType.ToString()) + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentAndroidEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType.ToString()) } - $complexTarget.Add('GroupId', $currentAndroidEnrollmentAssignments.groupId) - $groupObj = Get-MgGroup -GroupId $currentAndroidEnrollmentAssignments.groupId -Property DisplayName + $complexTarget.Add('GroupId', $currentAndroidEnrollmentAssignments.target.groupId) + $groupObj = Get-MgGroup -GroupId $currentAndroidEnrollmentAssignments.target.groupId -Property DisplayName $complexTarget.Add('GroupDisplayName', $groupObj.DisplayName) - $complexTarget.Add('CollectionId', $currentAndroidEnrollmentAssignments.collectionId) - if ($null -ne $currentAndroidEnrollmentAssignments.'@odata.type') + $complexTarget.Add('CollectionId', $currentAndroidEnrollmentAssignments.target.collectionId) + if ($null -ne $currentAndroidEnrollmentAssignments.target.'@odata.type') { - $complexTarget.Add('odataType', $currentAndroidEnrollmentAssignments.'@odata.type'.ToString()) + $complexTarget.Add('odataType', $currentAndroidEnrollmentAssignments.target.'@odata.type'.ToString()) } if ($complexTarget.values.Where({$null -ne $_}).Count -eq 0) { @@ -157,18 +157,18 @@ function Get-TargetResource { $myIosEnrollmentAssignments = @{} $complexTarget = @{} - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentIosEnrollmentAssignments.deviceAndAppManagementAssignmentFilterId) - if ($null -ne $currentIosEnrollmentAssignments.deviceAndAppManagementAssignmentFilterType) + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentIosEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterId) + if ($null -ne $currentIosEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType) { - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentIosEnrollmentAssignments.deviceAndAppManagementAssignmentFilterType.ToString()) + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentIosEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType.ToString()) } - $complexTarget.Add('GroupId', $currentIosEnrollmentAssignments.groupId) - $groupObj = Get-MgGroup -GroupId $currentIosEnrollmentAssignments.groupId -Property DisplayName + $complexTarget.Add('GroupId', $currentIosEnrollmentAssignments.target.groupId) + $groupObj = Get-MgGroup -GroupId $currentIosEnrollmentAssignments.target.groupId -Property DisplayName $complexTarget.Add('GroupDisplayName', $groupObj.DisplayName) - $complexTarget.Add('CollectionId', $currentIosEnrollmentAssignments.collectionId) - if ($null -ne $currentIosEnrollmentAssignments.'@odata.type') + $complexTarget.Add('CollectionId', $currentIosEnrollmentAssignments.target.collectionId) + if ($null -ne $currentIosEnrollmentAssignments.target.'@odata.type') { - $complexTarget.Add('odataType', $currentIosEnrollmentAssignments.'@odata.type'.ToString()) + $complexTarget.Add('odataType', $currentIosEnrollmentAssignments.target.'@odata.type'.ToString()) } if ($complexTarget.values.Where({$null -ne $_}).Count -eq 0) { @@ -192,18 +192,18 @@ function Get-TargetResource { $myMacOsEnrollmentAssignments = @{} $complexTarget = @{} - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentMacOsEnrollmentAssignments.deviceAndAppManagementAssignmentFilterId) - if ($null -ne $currentMacOsEnrollmentAssignments.deviceAndAppManagementAssignmentFilterType) + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentMacOsEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterId) + if ($null -ne $currentMacOsEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType) { - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentMacOsEnrollmentAssignments.deviceAndAppManagementAssignmentFilterType.ToString()) + $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentMacOsEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType.ToString()) } - $complexTarget.Add('GroupId', $currentMacOsEnrollmentAssignments.groupId) - $groupObj = Get-MgGroup -GroupId $currentMacOsEnrollmentAssignments.groupId -Property DisplayName + $complexTarget.Add('GroupId', $currentMacOsEnrollmentAssignments.target.groupId) + $groupObj = Get-MgGroup -GroupId $currentMacOsEnrollmentAssignments.target.groupId -Property DisplayName $complexTarget.Add('GroupDisplayName', $groupObj.DisplayName) - $complexTarget.Add('CollectionId', $currentMacOsEnrollmentAssignments.collectionId) - if ($null -ne $currentMacOsEnrollmentAssignments.'@odata.type') + $complexTarget.Add('CollectionId', $currentMacOsEnrollmentAssignments.target.collectionId) + if ($null -ne $currentMacOsEnrollmentAssignments.target.'@odata.type') { - $complexTarget.Add('odataType', $currentMacOsEnrollmentAssignments.'@odata.type'.ToString()) + $complexTarget.Add('odataType', $currentMacOsEnrollmentAssignments.target.'@odata.type'.ToString()) } if ($complexTarget.values.Where({$null -ne $_}).Count -eq 0) { From 023fd600b1826a166404a85644ba983642bb2862 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Thu, 7 Nov 2024 15:32:36 +0100 Subject: [PATCH 11/17] updated schema and corresponding code --- ...ManagementComplianceManagementPartner.psm1 | 289 +++++------------- ...mentComplianceManagementPartner.schema.mof | 2 +- .../1-Create.ps1 | 20 +- .../2-Update.ps1 | 11 +- .../Modules/M365DSCDRGUtil.psm1 | 47 ++- ...ementComplianceManagementPartner.Tests.ps1 | 151 +++------ 6 files changed, 170 insertions(+), 350 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 index d287d4dd9f..2e9f23f5e4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 @@ -117,109 +117,40 @@ function Get-TargetResource Write-Verbose -Message "An Intune Device Management Compliance Management Partner with Id {$Id} and DisplayName {$DisplayName} was found" #region resource generator code - $complexAndroidEnrollmentAssignments = @() - foreach ($currentAndroidEnrollmentAssignments in $getValue.androidEnrollmentAssignments) + if ($getValue.androidEnrollmentAssignments.Count -gt 0) { - $myAndroidEnrollmentAssignments = @{} - $complexTarget = @{} - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentAndroidEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterId) - if ($null -ne $currentAndroidEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType) - { - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentAndroidEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType.ToString()) - } - $complexTarget.Add('GroupId', $currentAndroidEnrollmentAssignments.target.groupId) - $groupObj = Get-MgGroup -GroupId $currentAndroidEnrollmentAssignments.target.groupId -Property DisplayName - $complexTarget.Add('GroupDisplayName', $groupObj.DisplayName) - $complexTarget.Add('CollectionId', $currentAndroidEnrollmentAssignments.target.collectionId) - if ($null -ne $currentAndroidEnrollmentAssignments.target.'@odata.type') - { - $complexTarget.Add('odataType', $currentAndroidEnrollmentAssignments.target.'@odata.type'.ToString()) - } - if ($complexTarget.values.Where({$null -ne $_}).Count -eq 0) - { - $complexTarget = $null - } - else - { - $complexAndroidEnrollmentAssignments += $complexTarget - } - <# - $myAndroidEnrollmentAssignments.Add('Target',$complexTarget) - if ($myAndroidEnrollmentAssignments.values.Where({$null -ne $_}).Count -gt 0) - { - $complexAndroidEnrollmentAssignments += $myAndroidEnrollmentAssignments - } - #> + $returnAndroidEnrollmentAssignments = @() + $returnAndroidEnrollmentAssignments += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter $true ` + -Assignments ($getValue.androidEnrollmentAssignments) + } + else + { + $returnAndroidEnrollmentAssignments = $null } - $complexIosEnrollmentAssignments = @() - foreach ($currentIosEnrollmentAssignments in $getValue.iosEnrollmentAssignments) + if ($getValue.iosEnrollmentAssignments.Count -gt 0) { - $myIosEnrollmentAssignments = @{} - $complexTarget = @{} - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentIosEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterId) - if ($null -ne $currentIosEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType) - { - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentIosEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType.ToString()) - } - $complexTarget.Add('GroupId', $currentIosEnrollmentAssignments.target.groupId) - $groupObj = Get-MgGroup -GroupId $currentIosEnrollmentAssignments.target.groupId -Property DisplayName - $complexTarget.Add('GroupDisplayName', $groupObj.DisplayName) - $complexTarget.Add('CollectionId', $currentIosEnrollmentAssignments.target.collectionId) - if ($null -ne $currentIosEnrollmentAssignments.target.'@odata.type') - { - $complexTarget.Add('odataType', $currentIosEnrollmentAssignments.target.'@odata.type'.ToString()) - } - if ($complexTarget.values.Where({$null -ne $_}).Count -eq 0) - { - $complexTarget = $null - } - else - { - $complexIosEnrollmentAssignments += $complexTarget - } - <# - $myIosEnrollmentAssignments.Add('Target',$complexTarget) - if ($myIosEnrollmentAssignments.values.Where({$null -ne $_}).Count -gt 0) - { - $complexIosEnrollmentAssignments += $myIosEnrollmentAssignments - } - #> + $returnIosEnrollmentAssignments = @() + $returnIosEnrollmentAssignments += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter $true ` + -Assignments ($getValue.iosEnrollmentAssignments) + } + else + { + $returnIosEnrollmentAssignments = $null } - $complexMacOsEnrollmentAssignments = @() - foreach ($currentMacOsEnrollmentAssignments in $getValue.macOsEnrollmentAssignments) + if ($getValue.macOsEnrollmentAssignments.Count -gt 0) { - $myMacOsEnrollmentAssignments = @{} - $complexTarget = @{} - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterId', $currentMacOsEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterId) - if ($null -ne $currentMacOsEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType) - { - $complexTarget.Add('DeviceAndAppManagementAssignmentFilterType', $currentMacOsEnrollmentAssignments.target.deviceAndAppManagementAssignmentFilterType.ToString()) - } - $complexTarget.Add('GroupId', $currentMacOsEnrollmentAssignments.target.groupId) - $groupObj = Get-MgGroup -GroupId $currentMacOsEnrollmentAssignments.target.groupId -Property DisplayName - $complexTarget.Add('GroupDisplayName', $groupObj.DisplayName) - $complexTarget.Add('CollectionId', $currentMacOsEnrollmentAssignments.target.collectionId) - if ($null -ne $currentMacOsEnrollmentAssignments.target.'@odata.type') - { - $complexTarget.Add('odataType', $currentMacOsEnrollmentAssignments.target.'@odata.type'.ToString()) - } - if ($complexTarget.values.Where({$null -ne $_}).Count -eq 0) - { - $complexTarget = $null - } - else - { - $complexMacOsEnrollmentAssignments += $complexTarget - } - <# - $myMacOsEnrollmentAssignments.Add('Target',$complexTarget) - if ($myMacOsEnrollmentAssignments.values.Where({$null -ne $_}).Count -gt 0) - { - $complexMacOsEnrollmentAssignments += $myMacOsEnrollmentAssignments - } - #> + $returnMacOsEnrollmentAssignments = @() + $returnMacOsEnrollmentAssignments += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter $true ` + -Assignments ($getValue.macOsEnrollmentAssignments) + } + else + { + $returnMacOsEnrollmentAssignments = $null } #endregion @@ -233,12 +164,12 @@ function Get-TargetResource $results = @{ #region resource generator code - AndroidEnrollmentAssignments = $complexAndroidEnrollmentAssignments + AndroidEnrollmentAssignments = $returnAndroidEnrollmentAssignments AndroidOnboarded = $getValue.AndroidOnboarded DisplayName = $getValue.DisplayName - IosEnrollmentAssignments = $complexIosEnrollmentAssignments + IosEnrollmentAssignments = $returnIosEnrollmentAssignments IosOnboarded = $getValue.IosOnboarded - MacOsEnrollmentAssignments = $complexMacOsEnrollmentAssignments + MacOsEnrollmentAssignments = $returnMacOsEnrollmentAssignments MacOsOnboarded = $getValue.MacOsOnboarded PartnerState = $enumPartnerState Id = $getValue.Id @@ -369,39 +300,33 @@ function Set-TargetResource $createParameters = Rename-M365DSCCimInstanceParameter -Properties $createParameters $createParameters.Remove('Id') | Out-Null - $keys = (([Hashtable]$createParameters).Clone()).Keys - $errorFound = $false - foreach ($key in $keys) + foreach ($key in ($CreateParameters.clone()).Keys) { - if ($null -ne $createParameters.$key -and $createParameters[$key].GetType().Name -like '*CimInstance*') + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') { - $complexObject = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $createParameters.$key - $createParameters.Add($key, @()) - foreach ($instance in $complexObject) - { - $targetObject = $instance.Clone() - $groupObj = Get-MgGroup -Filter "DisplayName eq '$($instance.GroupDisplayName)'" - if ($groupObj -and $groupObj.SecurityEnabled -eq $true) - { - $targetObject.Add('groupId', $groupObj.Id) - $targetObject.Remove('GroupDisplayName') - $createParameters[$key] += @{target = $targetObject} - } - else - { - $errorFound = $true - Add-M365DSCEvent -Message "Cannot create DeviceManagementComplianceManagementPartner {$DisplayName}, Group '$($instance.GroupDisplayName)' in $key does not exist or is not a security-group" -Source $($MyInvocation.MyCommand.Source) -EventId 19 -EntryType Error -TenantId $TenantId - } - } + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] } } - if ($errorFound -eq $false) + + if ($createParameters.AndroidEnrollmentAssignments.Count -gt 0) + { + $androidEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true -Assignments $createParameters.AndroidEnrollmentAssignments #-DataTypeName '@odata.Type' + $createParameters.AndroidEnrollmentAssignments = $androidEnrollmentAssignmentsHash + } + if ($createParameters.IosEnrollmentAssignments.Count -gt 0) { + $iosEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true -Assignments $createParameters.IosEnrollmentAssignments #-DataTypeName '@odata.Type' + $createParameters.IosEnrollmentAssignments = $iosEnrollmentAssignmentsHash + } + if ($createParameters.MacOsEnrollmentAssignments.Count -gt 0) + { + $macOsEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true -Assignments $createParameters.MacOsEnrollmentAssignments #-DataTypeName '@odata.Type' + $createParameters.MacOsEnrollmentAssignments = $macOsEnrollmentAssignmentsHash + } #region resource generator code - $createParameters.Add("@odata.type", "#microsoft.graph.ComplianceManagementPartner") - $policy = New-MgBetaDeviceManagementComplianceManagementPartner -BodyParameter $createParameters + $createParameters.Add("@odata.type", "#microsoft.graph.ComplianceManagementPartner") + $policy = New-MgBetaDeviceManagementComplianceManagementPartner -BodyParameter $createParameters #endregion - } } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { @@ -412,41 +337,34 @@ function Set-TargetResource $updateParameters.Remove('Id') | Out-Null - $keys = (([Hashtable]$updateParameters).Clone()).Keys - $errorFound = $false - foreach ($key in $keys) + foreach ($key in ($UpdateParameters.clone()).Keys) { - if ($null -ne $pdateParameters.$key -and $updateParameters.$key.GetType().Name -like '*CimInstance*') + if ($updateParameters[$key].getType().Fullname -like '*CimInstance*') { - $complexObject = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $updateParameters.$key - $updateParameters.Add($key, @()) - foreach ($instance in $complexObject) - { - $targetObject = $instance.Clone() - $groupObj = Get-MgGroup -Filter "DisplayName eq '$($instance.GroupDisplayName)'" - if ($groupObj -and $groupObj.SecurityEnabled -eq $true) - { - $targetObject.Add('groupId', $groupObj.Id) - $targetObject.Remove('GroupDisplayName') - $updateParameters[$key] += @{target = $targetObject} - } - else - { - $errorFound = $true - Add-M365DSCEvent -Message "Cannot update DeviceManagementComplianceManagementPartner {$DisplayName}, Group '$($instance.GroupDisplayName)' in $key does not exist or is not a security-group" -Source $($MyInvocation.MyCommand.Source) -EventId 19 -EntryType Error -TenantId $TenantId - } - } + $updateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $updateParameters[$key] } } - if ($errorFOund -eq $false) + if ($updateParameters.AndroidEnrollmentAssignments.Count -gt 0) { - #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.ComplianceManagementPartner") - Update-MgBetaDeviceManagementComplianceManagementPartner ` - -ComplianceManagementPartnerId $currentInstance.Id ` - -BodyParameter $UpdateParameters - #endregion + $androidEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true -Assignments $updateParameters.AndroidEnrollmentAssignments #-DataTypeName 'odataType' + $updateParameters.AndroidEnrollmentAssignments = $androidEnrollmentAssignmentsHash + } + if ($updateParameters.IosEnrollmentAssignments.Count -gt 0) + { + $iosEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true -Assignments $updateParameters.IosEnrollmentAssignments #-DataTypeName 'odataType' + $updateParameters.IosEnrollmentAssignments = $iosEnrollmentAssignmentsHash + } + if ($updateParameters.MacOsEnrollmentAssignments.Count -gt 0) + { + $macOsEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true -Assignments $updateParameters.MacOsEnrollmentAssignments #-DataTypeName 'odataType' + $updateParameters.MacOsEnrollmentAssignments = $macOsEnrollmentAssignmentsHash } + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.ComplianceManagementPartner") + Update-MgBetaDeviceManagementComplianceManagementPartner ` + -ComplianceManagementPartnerId $currentInstance.Id ` + -BodyParameter $UpdateParameters + #endregion } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -703,24 +621,9 @@ function Export-TargetResource -Results $Results if ($null -ne $Results.AndroidEnrollmentAssignments) { - <# - $complexMapping = @( - @{ - Name = 'AndroidEnrollmentAssignments' - CimInstanceName = 'IntuneComplianceManagementPartnerAssignment' - IsRequired = $False - } - @{ - Name = 'Target' - CimInstanceName = 'IntuneDeviceAndAppManagementAssignmentTarget' - IsRequired = $False - } - ) - #> $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.AndroidEnrollmentAssignments ` - -CIMInstanceName 'IntuneDeviceAndAppManagementAssignmentTarget' <#` - -ComplexTypeMapping $complexMapping#> + -CIMInstanceName 'IntuneDeviceAndAppManagementAssignmentTarget' if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -733,24 +636,9 @@ function Export-TargetResource } if ($null -ne $Results.IosEnrollmentAssignments) { - <# - $complexMapping = @( - @{ - Name = 'IosEnrollmentAssignments' - CimInstanceName = 'IntuneComplianceManagementPartnerAssignment' - IsRequired = $False - } - @{ - Name = 'Target' - CimInstanceName = 'IntuneDeviceAndAppManagementAssignmentTarget' - IsRequired = $False - } - ) - #> $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.IosEnrollmentAssignments ` - -CIMInstanceName 'IntuneDeviceAndAppManagementAssignmentTarget' <#` - -ComplexTypeMapping $complexMapping#> + -CIMInstanceName 'IntuneDeviceAndAppManagementAssignmentTarget' if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -763,24 +651,9 @@ function Export-TargetResource } if ($null -ne $Results.MacOsEnrollmentAssignments) { - <# - $complexMapping = @( - @{ - Name = 'MacOsEnrollmentAssignments' - CimInstanceName = 'IntuneComplianceManagementPartnerAssignment' - IsRequired = $False - } - @{ - Name = 'Target' - CimInstanceName = 'IntuneDeviceAndAppManagementAssignmentTarget' - IsRequired = $False - } - ) - #> $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.MacOsEnrollmentAssignments ` - -CIMInstanceName 'IntuneDeviceAndAppManagementAssignmentTarget' <#` - -ComplexTypeMapping $complexMapping#> + -CIMInstanceName 'IntuneDeviceAndAppManagementAssignmentTarget' if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { @@ -797,18 +670,6 @@ function Export-TargetResource -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential - if ($Results.AndroidEnrollmentAssignments) - { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "AndroidEnrollmentAssignments" -IsCIMArray:$True - } - if ($Results.IosEnrollmentAssignments) - { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "IosEnrollmentAssignments" -IsCIMArray:$True - } - if ($Results.MacOsEnrollmentAssignments) - { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "MacOsEnrollmentAssignments" -IsCIMArray:$True - } $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.schema.mof index 449af203bc..cd26349d16 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.schema.mof @@ -11,7 +11,7 @@ class MSFT_IntuneDeviceAndAppManagementAssignmentTarget [Write, Description("AAD Group Id.")] String GroupId; [Write, Description("AAD Group DisplayName.")] String GroupDisplayName; [Write, Description("The collection Id that is the target of the assignment.")] String CollectionId; - [Write, Description("The type of the entity."), ValueMap{"#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.androidFotaDeploymentAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget","#microsoft.graph.groupAssignmentTarget"}, Values{"#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.androidFotaDeploymentAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget","#microsoft.graph.groupAssignmentTarget"}] String odataType; + [Write, Description("The type of the entity."), ValueMap{"#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.androidFotaDeploymentAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget","#microsoft.graph.groupAssignmentTarget"}, Values{"#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.androidFotaDeploymentAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget","#microsoft.graph.groupAssignmentTarget"}] String dataType; }; [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceManagementComplianceManagementPartner")] diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 index fa74662d35..40579cc99b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 @@ -25,15 +25,27 @@ Configuration Example { AndroidEnrollmentAssignments = @( MSFT_IntuneDeviceAndAppManagementAssignmentTarget{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupDisplayName = 'SomeGroup' - CollectionId = '22222222-2222-2222-2222-222222222222' + GroupDisplayName = 'All devices' odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" } ) AndroidOnboarded = $True DisplayName = "3rdPartyPartnerAndroidManagement" + IosEnrollmentAssignments = @( + MSFT_IntuneDeviceAndAppManagementAssignmentTarget{ + GroupDisplayName = 'SomeGroup' + odataType = "#microsoft.graph.groupAssignmentTarget" + } + ) + IosOnboarded = $True + MacOsEnrollmentAssignments = @( + MSFT_IntuneDeviceAndAppManagementAssignmentTarget{ + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" + CollectionId = 'SomeCollectionId' + odataType = "#microsoft.graph.configurationManagerCollectionAAssignmentTarget" + DeviceAndAppManagementAssignmentFilterType = "none" + } + ) PartnerState = "enabled" Ensure = "Present" ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 index 647bc2f5a2..9d69f9f2a6 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 @@ -23,17 +23,14 @@ Configuration Example { IntuneDeviceManagementComplianceManagementPartner '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' { - AndroidEnrollmentAssignments = @( + IosEnrollmentAssignments = @( MSFT_IntuneDeviceAndAppManagementAssignmentTarget{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupDisplayName = 'SomeOtherGroup' - CollectionId = '22222222-2222-2222-2222-222222222222' + GroupDisplayName = 'All devices' odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" } ) - AndroidOnboarded = $True - DisplayName = "3rdPartyPartnerAndroidManagement" + IosOnboarded = $True + DisplayName = "3rdPartyPartnerIosManagement" PartnerState = "enabled" Ensure = "Present" ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index c6ac727450..4d03658055 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -86,7 +86,6 @@ function Rename-M365DSCCimInstanceParameter { $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result $keys = ($hashProperties.clone()).keys - foreach ($key in $keys) { $keyName = $key.substring(0, 1).tolower() + $key.substring(1, $key.length - 1) @@ -864,9 +863,14 @@ function ConvertFrom-IntunePolicyAssignment [Parameter(Mandatory = $true)] [Array] $Assignments, + [Parameter()] [System.Boolean] - $IncludeDeviceFilter = $true + $IncludeDeviceFilter = $true<#, + + [Parameter()] + [System.string] + $DataTypeName = 'dataType'#> ) $assignmentResult = @() @@ -900,12 +904,17 @@ function ConvertFrom-IntunePolicyAssignment $collectionId = $assignment.Target.AdditionalProperties.collectionId } - $hashAssignment.Add('dataType',$dataType) + $hashAssignment.Add('dataType', $dataType) if (-not [string]::IsNullOrEmpty($groupId)) { $hashAssignment.Add('groupId', $groupId) - $group = Get-MgGroup -GroupId ($groupId) -ErrorAction SilentlyContinue + try { + $group = Get-MgGroup -GroupId $groupId -ErrorAction Stop + } + catch { + write-verbose "ConvertFrom-IntunePolicyAssignment: Error in Get-MgGroup: $($_.exception.message)" + } if ($null -ne $group) { $groupDisplayName = $group.DisplayName @@ -956,9 +965,12 @@ function ConvertTo-IntunePolicyAssignment [Parameter()] [System.Boolean] - $IncludeDeviceFilter = $true - ) + $IncludeDeviceFilter = $true<#, + [Parameter()] + [System.String] + $DataTypeName = 'dataType'#> + ) if ($null -eq $Assignments) { return ,@() @@ -967,7 +979,7 @@ function ConvertTo-IntunePolicyAssignment $assignmentResult = @() foreach ($assignment in $Assignments) { - $target = @{"@odata.type" = $assignment.dataType} + $target = @{"@odata.type" = $assignment['dataType']} if ($IncludeDeviceFilter) { if ($null -ne $assignment.DeviceAndAppManagementAssignmentFilterType) @@ -982,12 +994,29 @@ function ConvertTo-IntunePolicyAssignment } elseif ($assignment.dataType -like '*GroupAssignmentTarget') { - $group = Get-MgGroup -GroupId ($assignment.groupId) -ErrorAction SilentlyContinue + if ($assignment.groupId) + { + try { + $group = Get-MgGroup -GroupId ($assignment.groupId) -ErrorAction SilentlyContinue + } + catch { + write-verbose "ConvertTo-IntunePolicyAssignment: Error in Get-MgGroup (GroupId '$($assignment.groupId)'): $($_.exception.message)" + } + } + else + { + $group = $null + } if ($null -eq $group) { if ($assignment.groupDisplayName) { - $group = Get-MgGroup -Filter "DisplayName eq '$($assignment.groupDisplayName)'" -ErrorAction SilentlyContinue + try { + $group = Get-MgGroup -Filter "DisplayName eq '$($assignment.groupDisplayName)'" -ErrorAction Stop + } + catch { + write-verbose "ConvertTo-IntunePolicyAssignment: Error in Get-MgGroup (DisplayName '$($assignment.groupDisplayName)'): $($_.exception.message)" -ForegroundColor Yellow + } if ($null -eq $group) { $message = "Skipping assignment for the group with DisplayName {$($assignment.groupDisplayName)} as it could not be found in the directory.`r`n" diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceManagementPartner.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceManagementPartner.Tests.ps1 index 2eacd44dc9..c84791758f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceManagementPartner.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceManagementPartner.Tests.ps1 @@ -58,11 +58,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ AndroidEnrollmentAssignments = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupDisplayName = "FakeStringValue" + dataType = "#microsoft.graph.configurationManagerCollectionAssignmentTarget" CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) AndroidOnboarded = $True @@ -70,21 +67,15 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Id = "FakeStringValue" IosEnrollmentAssignments = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupDisplayName = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" + dataType = "#microsoft.graph.allDevicesAssignmentTarget" + GroupDisplayName = "All devices" } -ClientOnly) ) IosOnboarded = $True MacOsEnrollmentAssignments = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupDisplayName = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" + dataType = "#microsoft.graph.allDevicesAssignmentTarget" + GroupDisplayName = "All devices" } -ClientOnly) ) MacOsOnboarded = $True @@ -100,7 +91,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgGroup -MockWith { return @{ DisplayName = "FakeStringValue" - Id = "FakeStringValue" + Id = "FakeIdValue" SecurityEnabled = $true } } @@ -111,7 +102,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { It 'Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } - It 'Should Create the group from the Set method' { + It 'Should Create the Management Partner instance from the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName New-MgBetaDeviceManagementComplianceManagementPartner -Exactly 1 } @@ -122,11 +113,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ AndroidEnrollmentAssignments = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupDisplayName = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" + dataType = "#microsoft.graph.allDevicesAssignmentTarget" + GroupDisplayName = 'All devices' } -ClientOnly) ) AndroidOnboarded = $True @@ -134,20 +122,16 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Id = "FakeStringValue" IosEnrollmentAssignments = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupDisplayName = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" + dataType = "#microsoft.graph.allDevicesAssignmentTarget" + GroupDisplayName = "All devices" } -ClientOnly) ) IosOnboarded = $True MacOsEnrollmentAssignments = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupDisplayName = "FakeStringValue" + dataType = "#microsoft.graph.configurationManagerCollectionAssignmentTarget" CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" + DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) @@ -165,11 +149,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { AndroidEnrollmentAssignments = @( @{ Target = @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" } } ) @@ -179,11 +159,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { IosEnrollmentAssignments = @( @{ Target = @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" } } ) @@ -192,11 +168,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { MacOsEnrollmentAssignments = @( @{ Target = @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" - '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" + '@odata.type' = "#microsoft.graph.configurationManagerCollectionAssignmentTarget" + collectionId = "FakeStringValue" } } ) @@ -209,7 +182,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgGroup -MockWith { return @{ DisplayName = "FakeStringValue" - Id = "FakeStringValue" + Id = "FakeIdValue" SecurityEnabled = $true } } @@ -223,21 +196,19 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It 'Should Remove the group from the Set method' { + It 'Should Remove the Management Partner instance from the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Remove-MgBetaDeviceManagementComplianceManagementPartner -Exactly 1 } } + Context -Name "The IntuneDeviceManagementComplianceManagementPartner Exists and Values are already in the desired state" -Fixture { BeforeAll { $testParams = @{ AndroidEnrollmentAssignments = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupDisplayName = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" + dataType = "#microsoft.graph.allDevicesAssignmentTarget" + GroupDisplayName = "All devices" } -ClientOnly) ) AndroidOnboarded = $True @@ -245,22 +216,15 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Id = "FakeStringValue" IosEnrollmentAssignments = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupDisplayName = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" + GroupDisplayName = "All devices" + dataType = "#microsoft.graph.allDevicesAssignmentTarget" } -ClientOnly) ) IosOnboarded = $True - LastHeartbeatDateTime = "2023-01-01T00:00:00.0000000+01:00" MacOsEnrollmentAssignments = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupDisplayName = "FakeStringValue" + dataType = "#microsoft.graph.configurationManagerCollectionAssignmentTarget" CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" } -ClientOnly) ) MacOsOnboarded = $True @@ -277,11 +241,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { AndroidEnrollmentAssignments = @( @{ Target = @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" } } ) @@ -291,11 +251,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { IosEnrollmentAssignments = @( @{ Target = @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" } } ) @@ -304,11 +260,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { MacOsEnrollmentAssignments = @( @{ Target = @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" - '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" + '@odata.type' = "#microsoft.graph.configurationManagerCollectionAssignmentTarget" + collectionId = "FakeStringValue" } } ) @@ -321,7 +274,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgGroup -MockWith { return @{ DisplayName = "FakeStringValue" - Id = "FakeStringValue" + Id = "FakeIdValue" SecurityEnabled = $true } } @@ -338,11 +291,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $testParams = @{ AndroidEnrollmentAssignments = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupDisplayName = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" + dataType = "#microsoft.graph.allDevicesAssignmentTarget" + GroupDisplayName = "All devices" } -ClientOnly) ) AndroidOnboarded = $True @@ -350,21 +300,15 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Id = "FakeStringValue" IosEnrollmentAssignments = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupDisplayName = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" + dataType = "#microsoft.graph.allDevicesAssignmentTarget" + GroupDisplayName = "All devices" } -ClientOnly) ) IosOnboarded = $True MacOsEnrollmentAssignments = [CimInstance[]]@( (New-CimInstance -ClassName MSFT_IntunedeviceAndAppManagementAssignmentTarget -Property @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupDisplayName = "FakeStringValue" - CollectionId = "FakeStringValue" - odataType = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" + dataType = "#microsoft.graph.allDevicesAssignmentTarget" + GroupDisplayName = "All devices" } -ClientOnly) ) MacOsOnboarded = $True @@ -378,11 +322,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { AndroidEnrollmentAssignments = @( @{ Target = @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" } } ) @@ -391,11 +331,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { IosEnrollmentAssignments = @( @{ Target = @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" } } ) @@ -403,11 +339,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { MacOsEnrollmentAssignments = @( @{ Target = @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" } } ) @@ -418,7 +350,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgGroup -MockWith { return @{ DisplayName = "FakeStringValue" - Id = "FakeStringValue" + Id = "FakeIdValue" SecurityEnabled = $true } } @@ -432,7 +364,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } - It 'Should call the Set method' { + It 'Should update the Management Partner instance from the Set method' { Set-TargetResource @testParams Should -Invoke -CommandName Update-MgBetaDeviceManagementComplianceManagementPartner -Exactly 1 } @@ -454,11 +386,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { AndroidEnrollmentAssignments = @( @{ Target = @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" } } ) @@ -468,11 +396,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { IosEnrollmentAssignments = @( @{ Target = @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" } } ) @@ -481,11 +405,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { MacOsEnrollmentAssignments = @( @{ Target = @{ - DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" - GroupId = "FakeStringValue" - CollectionId = "FakeStringValue" '@odata.type' = "#microsoft.graph.allDevicesAssignmentTarget" - DeviceAndAppManagementAssignmentFilterType = "none" } } ) @@ -498,7 +418,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgGroup -MockWith { return @{ DisplayName = "FakeStringValue" - Id = "FakeStringValue" + Id = "FakeIdValue" SecurityEnabled = $true } } @@ -508,6 +428,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $result | Should -Not -BeNullOrEmpty } } + #> } } From fd0c49e8fc7b78c4333c0502c946700fa83e5f73 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Fri, 8 Nov 2024 08:04:55 +0100 Subject: [PATCH 12/17] updated examples --- .../1-Create.ps1 | 6 +++--- .../2-Update.ps1 | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 index 40579cc99b..82552e774d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 @@ -26,7 +26,7 @@ Configuration Example AndroidEnrollmentAssignments = @( MSFT_IntuneDeviceAndAppManagementAssignmentTarget{ GroupDisplayName = 'All devices' - odataType = "#microsoft.graph.allDevicesAssignmentTarget" + dataType = "#microsoft.graph.allDevicesAssignmentTarget" } ) AndroidOnboarded = $True @@ -34,7 +34,7 @@ Configuration Example IosEnrollmentAssignments = @( MSFT_IntuneDeviceAndAppManagementAssignmentTarget{ GroupDisplayName = 'SomeGroup' - odataType = "#microsoft.graph.groupAssignmentTarget" + dataType = "#microsoft.graph.groupAssignmentTarget" } ) IosOnboarded = $True @@ -42,7 +42,7 @@ Configuration Example MSFT_IntuneDeviceAndAppManagementAssignmentTarget{ DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" CollectionId = 'SomeCollectionId' - odataType = "#microsoft.graph.configurationManagerCollectionAAssignmentTarget" + dataType = "#microsoft.graph.configurationManagerCollectionAAssignmentTarget" DeviceAndAppManagementAssignmentFilterType = "none" } ) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 index 9d69f9f2a6..0f88411d79 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/2-Update.ps1 @@ -26,7 +26,7 @@ Configuration Example IosEnrollmentAssignments = @( MSFT_IntuneDeviceAndAppManagementAssignmentTarget{ GroupDisplayName = 'All devices' - odataType = "#microsoft.graph.allDevicesAssignmentTarget" + dataType = "#microsoft.graph.allDevicesAssignmentTarget" } ) IosOnboarded = $True From 18c27b888fe60a74a6f897730dbe468425a39107 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Fri, 8 Nov 2024 08:30:44 +0100 Subject: [PATCH 13/17] fixed typo in example --- .../1-Create.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 index 82552e774d..00b634cab3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementComplianceManagementPartner/1-Create.ps1 @@ -42,7 +42,7 @@ Configuration Example MSFT_IntuneDeviceAndAppManagementAssignmentTarget{ DeviceAndAppManagementAssignmentFilterId = "FakeStringValue" CollectionId = 'SomeCollectionId' - dataType = "#microsoft.graph.configurationManagerCollectionAAssignmentTarget" + dataType = "#microsoft.graph.configurationManagerCollectionAssignmentTarget" DeviceAndAppManagementAssignmentFilterType = "none" } ) From 5576729b9dfef84f14aabae3450981fac6d6ae6d Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Wed, 13 Nov 2024 11:47:37 +0100 Subject: [PATCH 14/17] updated handling of group-assignments so unknown groups are written to the eventlog --- ...ManagementComplianceManagementPartner.psm1 | 133 ++++++++++++++---- 1 file changed, 103 insertions(+), 30 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 index 2e9f23f5e4..f70d450c28 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 @@ -123,6 +123,19 @@ function Get-TargetResource $returnAndroidEnrollmentAssignments += ConvertFrom-IntunePolicyAssignment ` -IncludeDeviceFilter $true ` -Assignments ($getValue.androidEnrollmentAssignments) + foreach ($assignment in $returnAndroidEnrollmentAssignments) + { + if ($assignment.dataType -match 'groupAssignment' -and $null -eq $assignment.groupDisplayName) + { + Add-M365DSCEvent -Message "AndroidOsEnrollmentAssignments contain groupId $($assignment.groupId) that is an unknown group" ` + -Source $MyInvocation.MyCommand.Source ` + -EntryType Warning ` + -EventId 29 ` + -EventType Warning ` + -TenantId $Global:MSCloudLoginConnectionProfile.Intune.TenantId + + } + } } else { @@ -135,6 +148,18 @@ function Get-TargetResource $returnIosEnrollmentAssignments += ConvertFrom-IntunePolicyAssignment ` -IncludeDeviceFilter $true ` -Assignments ($getValue.iosEnrollmentAssignments) + foreach ($assignment in $returnAndroidEnrollmentAssignments) + { + if ($assignment.dataType -match 'groupAssignment' -and $null -eq $assignment.groupDisplayName) + { + Add-M365DSCEvent -Message "IosEnrollmentAssignments contain groupId $($assignment.groupId) that is an unknown group" ` + -Source $MyInvocation.MyCommand.Source ` + -EntryType Warning ` + -EventId 29 ` + -EventType Warning ` + -TenantId $TenantId + } + } } else { @@ -147,6 +172,18 @@ function Get-TargetResource $returnMacOsEnrollmentAssignments += ConvertFrom-IntunePolicyAssignment ` -IncludeDeviceFilter $true ` -Assignments ($getValue.macOsEnrollmentAssignments) + foreach ($assignment in $returnMacOsEnrollmentAssignments) + { + if ($assignment.dataType -match 'groupAssignment' -and $null -eq $assignment.groupDisplayName) + { + Add-M365DSCEvent -Message "MacOsEnrollmentAssignments contain groupId $($assignment.groupId) that is an unknown group" ` + -Source $MyInvocation.MyCommand.Source ` + -EntryType Warning ` + -EventId 29 ` + -EventType Warning ` + -TenantId $TenantId + } + } } else { @@ -308,21 +345,9 @@ function Set-TargetResource } } - if ($createParameters.AndroidEnrollmentAssignments.Count -gt 0) - { - $androidEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true -Assignments $createParameters.AndroidEnrollmentAssignments #-DataTypeName '@odata.Type' - $createParameters.AndroidEnrollmentAssignments = $androidEnrollmentAssignmentsHash - } - if ($createParameters.IosEnrollmentAssignments.Count -gt 0) - { - $iosEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true -Assignments $createParameters.IosEnrollmentAssignments #-DataTypeName '@odata.Type' - $createParameters.IosEnrollmentAssignments = $iosEnrollmentAssignmentsHash - } - if ($createParameters.MacOsEnrollmentAssignments.Count -gt 0) - { - $macOsEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true -Assignments $createParameters.MacOsEnrollmentAssignments #-DataTypeName '@odata.Type' - $createParameters.MacOsEnrollmentAssignments = $macOsEnrollmentAssignmentsHash - } + #Assignments in DSC are flattened and must be re-inflated so each assignment refer to targets + Convert-AssignmentListToTargetList -Parameters $createParameters + #region resource generator code $createParameters.Add("@odata.type", "#microsoft.graph.ComplianceManagementPartner") $policy = New-MgBetaDeviceManagementComplianceManagementPartner -BodyParameter $createParameters @@ -344,21 +369,10 @@ function Set-TargetResource $updateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $updateParameters[$key] } } - if ($updateParameters.AndroidEnrollmentAssignments.Count -gt 0) - { - $androidEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true -Assignments $updateParameters.AndroidEnrollmentAssignments #-DataTypeName 'odataType' - $updateParameters.AndroidEnrollmentAssignments = $androidEnrollmentAssignmentsHash - } - if ($updateParameters.IosEnrollmentAssignments.Count -gt 0) - { - $iosEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true -Assignments $updateParameters.IosEnrollmentAssignments #-DataTypeName 'odataType' - $updateParameters.IosEnrollmentAssignments = $iosEnrollmentAssignmentsHash - } - if ($updateParameters.MacOsEnrollmentAssignments.Count -gt 0) - { - $macOsEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true -Assignments $updateParameters.MacOsEnrollmentAssignments #-DataTypeName 'odataType' - $updateParameters.MacOsEnrollmentAssignments = $macOsEnrollmentAssignmentsHash - } + + #Assignments in DSC are flattened and must be re-inflated so each assignment refer to targets + Convert-AssignmentListToTargetList -Parameters $updateParameters + #region resource generator code $UpdateParameters.Add("@odata.type", "#microsoft.graph.ComplianceManagementPartner") Update-MgBetaDeviceManagementComplianceManagementPartner ` @@ -693,4 +707,63 @@ function Export-TargetResource } } +function Convert-AssignmentListToTargetList +{ + [CmdletBinding()] + #[OutputType([System.Collections.Hashtable])] + param( + [Parameter(Mandatory)] + [System.Collections.Hashtable]$Parameters + ) + process { + #$outputParameters = [hashtable]$InputParameters.Clone() + if ($InputParameters.AndroidEnrollmentAssignments.Count -gt 0) + { + $androidEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true ` + -Assignments $Parameters.AndroidEnrollmentAssignments #-DataTypeName '@odata.Type' + if ($androidEnrollmentAssignmentsHash.Count -ne $Parameters.AndroidEnrollmentAssignments.Count) + { + Add-M365DSCEvent -Message "One or more group-assignments in AndroidEnrollmentAssignments refer to unknown groups" ` + -Source $MyInvocation.MyCommand.Name ` + -EntryType Error ` + -EventId 29 ` + -EventType Error ` + -TenantId $TenantId + } + $Parameters.AndroidEnrollmentAssignments = $androidEnrollmentAssignmentsHash + } + if ($Parameters.IosEnrollmentAssignments.Count -gt 0) + { + $iosEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true ` + -Assignments $Parameters.IosEnrollmentAssignments #-DataTypeName '@odata.Type' + if ($iosEnrollmentAssignmentsHash.Count -ne $Parameters.IosEnrollmentAssignments.Count) + { + Add-M365DSCEvent -Message "One or more group-assignments in IosEnrollmentAssignments refer to unknown groups" ` + -Source $MyInvocation.MyCommand.Name ` + -EntryType Error ` + -EventId 29 ` + -EventType Error ` + -TenantId $TenantId + } + $Parameters.IosEnrollmentAssignments = $iosEnrollmentAssignmentsHash + } + if ($Parameters.MacOsEnrollmentAssignments.Count -gt 0) + { + $macOsEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true ` + -Assignments $Parameters.MacOsEnrollmentAssignments #-DataTypeName '@odata.Type' + if ($macOsEnrollmentAssignmentsHash.Count -ne $Parameters.MacOsEnrollmentAssignments.Count) + { + Add-M365DSCEvent -Message "One or more group-assignments in MacOsEnrollmentAssignments refer to unknown groups" ` + -Source $MyInvocation.MyCommand.Name ` + -EntryType Error ` + -EventId 29 ` + -EventType Error ` + -TenantId $TenantId + } + $Parameters.MacOsEnrollmentAssignments = $macOsEnrollmentAssignmentsHash + } + #outputParameters + } +} + Export-ModuleMember -Function *-TargetResource From df600911df346af768187a00047815de751e8b90 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Wed, 13 Nov 2024 11:48:53 +0100 Subject: [PATCH 15/17] updated typo in internal function --- ...MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 index f70d450c28..499fe56d45 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 @@ -717,7 +717,7 @@ function Convert-AssignmentListToTargetList ) process { #$outputParameters = [hashtable]$InputParameters.Clone() - if ($InputParameters.AndroidEnrollmentAssignments.Count -gt 0) + if ($Parameters.AndroidEnrollmentAssignments.Count -gt 0) { $androidEnrollmentAssignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter $true ` -Assignments $Parameters.AndroidEnrollmentAssignments #-DataTypeName '@odata.Type' @@ -762,7 +762,6 @@ function Convert-AssignmentListToTargetList } $Parameters.MacOsEnrollmentAssignments = $macOsEnrollmentAssignmentsHash } - #outputParameters } } From 66d32f9aa527b90f97f897da88c0328d945ad597 Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Thu, 14 Nov 2024 11:18:42 +0100 Subject: [PATCH 16/17] added validation of collection-assignments --- ...ManagementComplianceManagementPartner.psm1 | 86 +++++++++++++++++-- 1 file changed, 78 insertions(+), 8 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 index 499fe56d45..bbe43430d5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 @@ -328,7 +328,6 @@ function Set-TargetResource $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Management Compliance Management Partner with DisplayName {$DisplayName}" @@ -345,7 +344,7 @@ function Set-TargetResource } } - #Assignments in DSC are flattened and must be re-inflated so each assignment refer to targets + #Assignments in DSC are flattened and must be re-inflated so each assignment refer to one or more targets Convert-AssignmentListToTargetList -Parameters $createParameters #region resource generator code @@ -370,7 +369,7 @@ function Set-TargetResource } } - #Assignments in DSC are flattened and must be re-inflated so each assignment refer to targets + #Assignments in DSC are flattened and must be re-inflated so each assignment refer to one or more targets Convert-AssignmentListToTargetList -Parameters $updateParameters #region resource generator code @@ -715,7 +714,12 @@ function Convert-AssignmentListToTargetList [Parameter(Mandatory)] [System.Collections.Hashtable]$Parameters ) - process { + begin + { + $calledBy = $null + } + process + { #$outputParameters = [hashtable]$InputParameters.Clone() if ($Parameters.AndroidEnrollmentAssignments.Count -gt 0) { @@ -723,13 +727,35 @@ function Convert-AssignmentListToTargetList -Assignments $Parameters.AndroidEnrollmentAssignments #-DataTypeName '@odata.Type' if ($androidEnrollmentAssignmentsHash.Count -ne $Parameters.AndroidEnrollmentAssignments.Count) { + if ($null -eq $calledBy) + { + $calledBy = Get-PSCallStack | Select-Object -Skip 1 -First 1 -ExpandProperty InvocationInfo + } Add-M365DSCEvent -Message "One or more group-assignments in AndroidEnrollmentAssignments refer to unknown groups" ` - -Source $MyInvocation.MyCommand.Name ` + -Source $calledBy.MyCommand.Source ` -EntryType Error ` -EventId 29 ` -EventType Error ` -TenantId $TenantId } + $collectionsOk = $true + foreach ($assigment in $Parameters.AndroidEnrollmentAssignments) + { + if ($assignment.dataType -match 'Collection' -and $null -eq $assignment.CollectionId) + { + $collectionsOk = $false + } + } + if (-not $collectionsOk) + { + Add-M365DSCEvent -Message "One or more collection-assignments in AndroidEnrollmentAssignments is missing a CollectionId" ` + -Source $calledBy.MyCommand.Source ` + -EntryType Error ` + -EventId 39 ` + -EventType Error ` + -TenantId $TenantId + + } $Parameters.AndroidEnrollmentAssignments = $androidEnrollmentAssignmentsHash } if ($Parameters.IosEnrollmentAssignments.Count -gt 0) @@ -738,13 +764,35 @@ function Convert-AssignmentListToTargetList -Assignments $Parameters.IosEnrollmentAssignments #-DataTypeName '@odata.Type' if ($iosEnrollmentAssignmentsHash.Count -ne $Parameters.IosEnrollmentAssignments.Count) { + if ($null -eq $calledBy) + { + $calledBy = Get-PSCallStack | Select-Object -Skip 1 -First 1 -ExpandProperty InvocationInfo + } Add-M365DSCEvent -Message "One or more group-assignments in IosEnrollmentAssignments refer to unknown groups" ` - -Source $MyInvocation.MyCommand.Name ` + -Source $calledBy.MyCommand.Source ` -EntryType Error ` - -EventId 29 ` + -EventId 39 ` -EventType Error ` -TenantId $TenantId } + $collectionsOk = $true + foreach ($assigment in $Parameters.IosEnrollmentAssignments) + { + if ($assignment.dataType -match 'Collection' -and $null -eq $assignment.CollectionId) + { + $collectionsOk = $false + } + } + if (-not $collectionsOk) + { + Add-M365DSCEvent -Message "One or more collection-assignments in IosEnrollmentAssignments is missing a CollectionId" ` + -Source $calledBy.MyCommand.Source ` + -EntryType Error ` + -EventId 39 ` + -EventType Error ` + -TenantId $TenantId + + } $Parameters.IosEnrollmentAssignments = $iosEnrollmentAssignmentsHash } if ($Parameters.MacOsEnrollmentAssignments.Count -gt 0) @@ -753,13 +801,35 @@ function Convert-AssignmentListToTargetList -Assignments $Parameters.MacOsEnrollmentAssignments #-DataTypeName '@odata.Type' if ($macOsEnrollmentAssignmentsHash.Count -ne $Parameters.MacOsEnrollmentAssignments.Count) { + if ($null -eq $calledBy) + { + $calledBy = Get-PSCallStack | Select-Object -Skip 1 -First 1 -ExpandProperty InvocationInfo + } Add-M365DSCEvent -Message "One or more group-assignments in MacOsEnrollmentAssignments refer to unknown groups" ` - -Source $MyInvocation.MyCommand.Name ` + -Source $calledBy.MyCommand.Source ` -EntryType Error ` -EventId 29 ` -EventType Error ` -TenantId $TenantId } + $collectionsOk = $true + foreach ($assigment in $Parameters.MacOsEnrollmentAssignments) + { + if ($assignment.dataType -match 'Collection' -and $null -eq $assignment.CollectionId) + { + $collectionsOk = $false + } + } + if (-not $collectionsOk) + { + Add-M365DSCEvent -Message "One or more collection-assignments in MacOsEnrollmentAssignments is missing a CollectionId" ` + -Source $calledBy.MyCommand.Source ` + -EntryType Error ` + -EventId 39 ` + -EventType Error ` + -TenantId $TenantId + + } $Parameters.MacOsEnrollmentAssignments = $macOsEnrollmentAssignmentsHash } } From 00aa1326a0a3e6f507c2d7fdea142f4972f4543f Mon Sep 17 00:00:00 2001 From: salbeck-sit Date: Tue, 19 Nov 2024 15:07:54 +0100 Subject: [PATCH 17/17] fixed wrong workload-spec --- ...iceManagementComplianceManagementPartner.psm1 | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 index bbe43430d5..d9565ece56 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceManagementPartner/MSFT_IntuneDeviceManagementComplianceManagementPartner.psm1 @@ -80,7 +80,7 @@ function Get-TargetResource try { - $ConnectionMode = New-M365DSCConnection -Workload 'Intune' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -570,7 +570,7 @@ function Export-TargetResource $AccessTokens ) - $ConnectionMode = New-M365DSCConnection -Workload 'Intune' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. @@ -748,6 +748,10 @@ function Convert-AssignmentListToTargetList } if (-not $collectionsOk) { + if ($null -eq $calledBy) + { + $calledBy = Get-PSCallStack | Select-Object -Skip 1 -First 1 -ExpandProperty InvocationInfo + } Add-M365DSCEvent -Message "One or more collection-assignments in AndroidEnrollmentAssignments is missing a CollectionId" ` -Source $calledBy.MyCommand.Source ` -EntryType Error ` @@ -785,6 +789,10 @@ function Convert-AssignmentListToTargetList } if (-not $collectionsOk) { + if ($null -eq $calledBy) + { + $calledBy = Get-PSCallStack | Select-Object -Skip 1 -First 1 -ExpandProperty InvocationInfo + } Add-M365DSCEvent -Message "One or more collection-assignments in IosEnrollmentAssignments is missing a CollectionId" ` -Source $calledBy.MyCommand.Source ` -EntryType Error ` @@ -822,6 +830,10 @@ function Convert-AssignmentListToTargetList } if (-not $collectionsOk) { + if ($null -eq $calledBy) + { + $calledBy = Get-PSCallStack | Select-Object -Skip 1 -First 1 -ExpandProperty InvocationInfo + } Add-M365DSCEvent -Message "One or more collection-assignments in MacOsEnrollmentAssignments is missing a CollectionId" ` -Source $calledBy.MyCommand.Source ` -EntryType Error `