Merge pull request #3809 from microsoft/Dev

Release 1.23.1018.1

Author: NikCharlebois

CHANGELOG.md

@@ -1,5 +1,27 @@
 # Change log for Microsoft365DSC
 
+# 1.23.1018.1
+
+* AADAuthenticationMethodPolicyAuthenticator
+  * Fixes an issue with the Get method when an assigned group
+    was deleted.
+* AADConditionalAccessPolicy
+  * Added support for the SigninFrequencyInterval parameter.
+* EXODistributionGroup
+  * Changes the export logic to use PrimarySMTPAddress if provided.
+* IntuneAntivirusPolicyWindows10SettingCatalog
+  * Added "-All" parameter to retrieve all settings from a template.
+  FIXES [#3722](https://github.com/microsoft/Microsoft365DSC/issues/3722)
+* TeamsGroupPolicyAssignment
+  * Fixes the export of CsGroup, when the display name of a group is included in
+    another display name.
+  FIXES [#3736](https://github.com/microsoft/Microsoft365DSC/issues/3736)
+* TeamsUserPolicyAssignment
+  * Initial release.
+  FIXES [#3777](https://github.com/microsoft/Microsoft365DSC/issues/3777)
+* MISC
+  * Fixes fancy quotes in complex objects for extraction.
+
 # 1.23.1011.1
 
 * AADRoleEligibilityScheduleRequest
@@ -9,6 +31,8 @@
   * Added support for retrieved groups as calendar delegates.
 * EXODistributionGroup
   * Fixes the export of group membership to use Identity.
+* IntuneDeviceConfigurationPolicyWindows10
+  * Support setting assignment groups by display name
 * TeamsUpdateManagementPolicy
   * Add support for the new acceptable value for UseNewTeamsClient
     (NewTeamsAsDefault).
@@ -28,7 +52,7 @@
     were not managed correctly.
     FIXES [#3639](https://github.com/microsoft/Microsoft365DSC/issues/3639)
 * AADEntitlementManagementConnectedOrganization
-  * Fixed [[#3738](https://github.com/microsoft/Microsoft365DSC/issues/3738)]
+  * FIXES [[#3738](https://github.com/microsoft/Microsoft365DSC/issues/3738)]
 * EXOCalendarProcessing
   * Initial release.
 * EXODistributionGroup

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof

@@ -24,6 +24,12 @@ class MSFT_AADAuthenticationMethodPolicyIncludeTarget
     [Write, Description("The kind of entity targeted. Possible values are: user, group."), ValueMap{"user","group","unknownFutureValue"}, Values{"user","group","unknownFutureValue"}] String TargetType;
 };
 [ClassVersion("1.0.0")]
+class MSFT_MicrosoftGraphExcludeTarget
+{
+    [Write, Description("The object identifier of an Azure AD user or group.")] String Id;
+    [Write, Description("The type of the authentication method target. Possible values are: user, group, unknownFutureValue."), ValueMap{"user","group","unknownFutureValue"}, Values{"user","group","unknownFutureValue"}] String TargetType;
+};
+[ClassVersion("1.0.0")]
 class MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget
 {
     [Write, Description("The object identifier of an Azure AD user or group.")] String Id;

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1

@@ -247,8 +247,12 @@ function Get-TargetResource
             $myExcludeTargets = @{}
             if ($currentExcludeTargets.id -ne 'all_users')
             {
-                $myExcludeTargetsDisplayName = Get-MgGroup -GroupId $currentExcludeTargets.id
-                $myExcludeTargets.Add('Id', $myExcludeTargetsDisplayName.DisplayName)
+                $myExcludeTargetsDisplayName = Get-MgGroup -GroupId $currentExcludeTargets.id -ErrorAction SilentlyContinue
+
+                if ($null -ne $myIncludeTargetsDisplayName)
+                {
+                    $myExcludeTargets.Add('Id', $myExcludeTargetsDisplayName.DisplayName)
+                }
             }
             else
             {
@@ -271,8 +275,11 @@ function Get-TargetResource
             $myIncludeTargets = @{}
             if ($currentIncludeTargets.id -ne 'all_users')
             {
-                $myIncludeTargetsDisplayName = Get-MgGroup -GroupId $currentIncludeTargets.id
-                $myIncludeTargets.Add('Id', $myIncludeTargetsDisplayName.DisplayName)
+                $myIncludeTargetsDisplayName = Get-MgGroup -GroupId $currentIncludeTargets.id -ErrorAction SilentlyContinue
+                if ($null -ne $myIncludeTargetsDisplayName)
+                {
+                    $myIncludeTargets.Add('Id', $myIncludeTargetsDisplayName.DisplayName)
+                }
             }
             else
             {

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1

@@ -159,6 +159,11 @@ function Get-TargetResource
         [System.Boolean]
         $SignInFrequencyIsEnabled,
 
+        [Parameter()]
+        [ValidateSet('timeBased', 'everyTime', 'unknownFutureValue')]
+        [System.String]
+        $SignInFrequencyInterval,
+
         [Parameter()]
         [ValidateSet('Always', 'Never', '')]
         [System.String]
@@ -525,10 +530,12 @@ function Get-TargetResource
         if ($Policy.SessionControls.SignInFrequency.IsEnabled)
         {
             $SignInFrequencyType = [System.String]$Policy.SessionControls.SignInFrequency.Type
+            $SignInFrequencyIntervalValue = [System.String]$Policy.SessionControls.SignInFrequency.FrequencyInterval
         }
         else
         {
             $SignInFrequencyType = $null
+            $SignInFrequencyIntervalValue = $null
         }
         if ($Policy.SessionControls.PersistentBrowser.IsEnabled)
         {
@@ -626,6 +633,7 @@ function Get-TargetResource
             SignInFrequencyValue                     = $Policy.SessionControls.SignInFrequency.Value
             #no translation or conversion needed, $null returned if undefined
             SignInFrequencyType                      = [System.String]$Policy.SessionControls.SignInFrequency.Type
+            SignInFrequencyInterval                  = $SignInFrequencyIntervalValue
             #no translation needed
             PersistentBrowserIsEnabled               = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled
             #make false if undefined, true if true
@@ -807,6 +815,11 @@ function Set-TargetResource
         [System.Boolean]
         $SignInFrequencyIsEnabled,
 
+        [Parameter()]
+        [ValidateSet('timeBased', 'everyTime', 'unknownFutureValue')]
+        [System.String]
+        $SignInFrequencyInterval,
+
         [Parameter()]
         [ValidateSet('Always', 'Never', '')]
         [System.String]
@@ -1421,16 +1434,32 @@ function Set-TargetResource
             if ($SignInFrequencyIsEnabled)
             {
                 $SigninFrequencyProp = @{
-                    IsEnabled = $true
-                    Type      = $null
-                    Value     = $null
+                    isEnabled         = $true
+                    type              = $null
+                    value             = $null
+                    frequencyInterval = $null
                 }
 
                 $sessioncontrols.Add('SignInFrequency', $SigninFrequencyProp)
                 #create and provision SignInFrequency object if used
-                $sessioncontrols.SignInFrequency.IsEnabled = $true
-                $sessioncontrols.SignInFrequency.Type = $SignInFrequencyType
-                $sessioncontrols.SignInFrequency.Value = $SignInFrequencyValue
+                $sessioncontrols.SignInFrequency.isEnabled = $true
+                if ($SignInFrequencyType -ne '')
+                {
+                    $sessioncontrols.SignInFrequency.type = $SignInFrequencyType
+                }
+                else
+                {
+                    $sessioncontrols.SignInFrequency.Remove("type") | Out-Null
+                }
+                if ($SignInFrequencyValue -gt 0)
+                {
+                    $sessioncontrols.SignInFrequency.value = $SignInFrequencyValue
+                }
+                else
+                {
+                    $sessioncontrols.SignInFrequency.Remove("value") | Out-Null
+                }
+                $sessioncontrols.SignInFrequency.frequencyInterval = $SignInFrequencyInterval
             }
             if ($PersistentBrowserIsEnabled)
             {
@@ -1670,6 +1699,11 @@ function Test-TargetResource
         [System.Boolean]
         $SignInFrequencyIsEnabled,
 
+        [Parameter()]
+        [ValidateSet('timeBased', 'everyTime', 'unknownFutureValue')]
+        [System.String]
+        $SignInFrequencyInterval,
+
         [Parameter()]
         [ValidateSet('Always', 'Never', '')]
         [System.String]

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof

@@ -23,7 +23,7 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
     [Write, Description("Client Device Platforms out of scope of the Policy.")] String ExcludePlatforms[];
     [Write, Description("AAD Named Locations in scope of the Policy.")] String IncludeLocations[];
     [Write, Description("AAD Named Locations out of scope of the Policy.")] String ExcludeLocations[];
-    [Write, Description("Client Device Filter mode of the Policy."), ValueMap{"include","exclude"}, Values{"include","exclude"}]  String DeviceFilterMode;
+    [Write, Description("Client Device Filter mode of the Policy."), ValueMap{"include","exclude"}, Values{"include","exclude"}] String DeviceFilterMode;
     [Write, Description("Client Device Filter rule of the Policy.")] String DeviceFilterRule;
     [Write, Description("AAD Identity Protection User Risk Levels in scope of the Policy.")] String UserRiskLevels[];
     [Write, Description("AAD Identity Protection Sign-in Risk Levels in scope of the Policy.")] String SignInRiskLevels[];
@@ -38,6 +38,7 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
     [Write, Description("Custom Controls assigned to the grant property of this policy.")] String CustomAuthenticationFactors[];
     [Write, Description("Sign in frequency unit (days/hours) to be interpreted by the policy."), ValueMap{"Days","Hours",""}, Values{"Days","Hours",""}] String SignInFrequencyType;
     [Write, Description("Specifies, whether sign-in frequency is enforced by the Policy.")] Boolean SignInFrequencyIsEnabled;
+    [Write, Description("Sign in frequency interval. Possible values are: timeBased, everyTime and unknownFutureValue."), ValueMap{"timeBased","everyTime","unknownFutureValue"}, Values{"timeBased","everyTime","unknownFutureValue"}]  String SignInFrequencyInterval;
     [Write, Description("Specifies, whether Browser Persistence is controlled by the Policy.")] Boolean PersistentBrowserIsEnabled;
     [Write, Description("Specifies, what Browser Persistence control is enforced by the Policy."), ValueMap{"Always","Never",""}, Values{"Always","Never",""}] String PersistentBrowserMode;
     [Write, Description("Name of the associated authentication strength policy.")] String AuthenticationStrength;

Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1

@@ -247,13 +247,37 @@ function Get-TargetResource
     {
         if ($null -ne $Script:exportedInstances -and $Script:ExportMode)
         {
-            $distributionGroup = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity}
-            $distributionGroupMembers = Get-DistributionGroupMember -Identity $Identity  -ErrorAction Stop -ResultSize Unlimited
+            if ($null -ne $PrimarySmtpAddress)
+            {
+                $distributionGroup = $Script:exportedInstances | Where-Object -FilterScript {$_.PrimarySmtpAddress -eq $PrimarySmtpAddress}
+                $distributionGroupMembers = Get-DistributionGroupMember -Identity $PrimarySmtpAddress `
+                    -ErrorAction 'Stop' `
+                    -ResultSize 'Unlimited'
+            }
+            else
+            {
+                $distributionGroup = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity -eq $Identity}
+                $distributionGroupMembers = Get-DistributionGroupMember -Identity $Identity `
+                    -ErrorAction 'Stop' `
+                    -ResultSize 'Unlimited'
+            }
         }
         else
         {
-            $distributionGroup = Get-DistributionGroup -Identity $Identity -ErrorAction Stop
-            $distributionGroupMembers = Get-DistributionGroupMember -Identity $Identity  -ErrorAction Stop -ResultSize Unlimited
+            if ($null -ne $PrimarySmtpAddress)
+            {
+                $distributionGroup = Get-DistributionGroup -Identity $PrimarySmtpAddress -ErrorAction Stop
+                $distributionGroupMembers = Get-DistributionGroupMember -Identity $PrimarySmtpAddress `
+                    -ErrorAction 'Stop' `
+                    -ResultSize 'Unlimited'
+            }
+            else
+            {
+                $distributionGroup = Get-DistributionGroup -Identity $Identity -ErrorAction Stop
+                $distributionGroupMembers = Get-DistributionGroupMember -Identity $Identity `
+                    -ErrorAction 'Stop' `
+                    -ResultSize 'Unlimited'
+            }
         }
 
         if ($null -eq $distributionGroup)
@@ -645,6 +669,7 @@ function Set-TargetResource
         }
         $currentParameters.Remove('OrganizationalUnit') | Out-Null
         $currentParameters.Remove('Type') | Out-Null
+        $currentParameters.Remove('Members') | Out-Null
 
         if ($EmailAddresses.Length -gt 0)
         {
@@ -661,7 +686,7 @@ function Set-TargetResource
         {
             $currentParameters.Identity = $newGroup.Identity
         }
-        Set-DistributionGroup @currentParameters
+        Set-DistributionGroup @currentParameters -BypassSecurityGroupManagerCheck
     }
 }
 
@@ -984,6 +1009,7 @@ function Export-TargetResource
             Write-Host "    |---[$i/$($Script:exportedInstances.Count)] $($distributionGroup.Identity)" -NoNewline
             $params = @{
                 Identity              = $distributionGroup.Identity
+                PrimarySmtpAddress    = $distributionGroup.PrimarySmtpAddress
                 Name                  = $distributionGroup.Name
                 Credential            = $Credential
                 ApplicationId         = $ApplicationId

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.schema.mof

@@ -1795,7 +1795,7 @@ function Format-M365DSCIntuneSettingCatalogPolicySettings
 
     $settings = @()
 
-    $templateSettings = Get-MgBetaDeviceManagementConfigurationPolicyTemplateSettingTemplate -DeviceManagementConfigurationPolicyTemplateId $templateReferenceId
+    $templateSettings = Get-MgBetaDeviceManagementConfigurationPolicyTemplateSettingTemplate -DeviceManagementConfigurationPolicyTemplateId $templateReferenceId -All
 
     #write-verbose -Message ( $DSCParams|out-string)
 

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1

@@ -1,11 +1,12 @@
 [ClassVersion("1.0.0.0")]
 class MSFT_DeviceManagementConfigurationPolicyAssignments
 {
- [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType;
- [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType;
- [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId;
- [Write, Description("The group Id that is the target of the assignment.")] String groupId;
- [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId;
+    [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType;
+    [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType;
+    [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId;
+    [Write, Description("The group Id that is the target of the assignment.")] String groupId;
+    [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName;
+    [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId;
 };
 
 [ClassVersion("1.0.0")]