From 2406dbaf154059311a12e207a19d5a09c17d096a Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 21 Sep 2023 09:54:21 -0400 Subject: [PATCH 01/12] Various Fixes --- CHANGELOG.md | 8 +++++ .../MSFT_O365OrgSettings.psm1 | 12 +++---- .../Dependencies/Manifest.psd1 | 34 +++++++++---------- 3 files changed, 30 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c814cca2cb..bee760f578 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* O365OrgSettings + * Changes to how ToDo discrepencies are being fixed in the SET method. +* DEPENDENCIES + * Updated Microsoft.Graph to version 2.6.1. + + # 1.23.920.2 * DEPENDENCIES diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index dcd2bfa9fc..e81751c228 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -570,14 +570,13 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message 'Setting configuration of Office 365 Settings' $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters $currentValues = Get-TargetResource @PSBoundParameters if ($M365WebEnableUsersToOpenFilesFrom3PStorage -ne $currentValues.M365WebEnableUsersToOpenFilesFrom3PStorage) { - Write-Verbose -Message "Setting the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}" + Write-Verbose -Message "Updating the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}" $OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e' $M365WebEnableUsersToOpenFilesFrom3PStorageValue = Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled, Id' Update-MgservicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) ` @@ -585,7 +584,7 @@ function Set-TargetResource } if ($PlannerAllowCalendarSharing -ne $currentValues.PlannerAllowCalendarSharing) { - Write-Verbose -Message "Setting the Planner Allow Calendar Sharing setting to {$PlannerAllowCalendarSharing}" + Write-Verbose -Message "Updating the Planner Allow Calendar Sharing setting to {$PlannerAllowCalendarSharing}" Set-M365DSCO365OrgSettingsPlannerConfig -AllowCalendarSharing $PlannerAllowCalendarSharing } @@ -641,7 +640,6 @@ function Set-TargetResource # Reports Display Names $AdminCenterReportDisplayConcealedNamesEnabled = Get-M365DSCOrgSettingsAdminCenterReport - Write-Verbose "$($AdminCenterReportDisplayConcealedNamesEnabled.displayConcealedNames) = $AdminCenterReportDisplayConcealedNames" if ($AdminCenterReportDisplayConcealedNames -ne $AdminCenterReportDisplayConcealedNamesEnabled.displayConcealedNames) { Write-Verbose -Message "Updating the Admin Center Report Display Concealed Names setting to {$AdminCenterReportDisplayConcealedNames}" @@ -787,15 +785,15 @@ function Set-TargetResource # To Do $ToDoParametersToUpdate = @{} - if ($currentValues.ToDoIsPushNotificationEnabled -and $ToDoIsPushNotificationEnabled -ne $currentValues.ToDoIsPushNotificationEnabled) + if ($ToDoIsPushNotificationEnabled -ne $currentValues.ToDoIsPushNotificationEnabled) { $ToDoParametersToUpdate.Add('isPushNotificationEnabled', $ToDoIsPushNotificationEnabled) } - if ($currentValues.ToDoIsExternalJoinEnabled -and $ToDoIsExternalJoinEnabled -ne $currentValues.ToDoIsExternalJoinEnabled) + if ($ToDoIsExternalJoinEnabled -ne $currentValues.ToDoIsExternalJoinEnabled) { $ToDoParametersToUpdate.Add('isExternalJoinEnabled', $ToDoIsExternalJoinEnabled) } - if ($currentValues.ToDoIsExternalShareEnabled -and $ToDoIsExternalShareEnabled -ne $currentValues.ToDoIsExternalShareEnabled) + if ($ToDoIsExternalShareEnabled -ne $currentValues.ToDoIsExternalShareEnabled) { $ToDoParametersToUpdate.Add('isExternalShareEnabled', $ToDoIsExternalShareEnabled) } diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index ca06a634d4..69a12f0113 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -10,71 +10,71 @@ }, @{ ModuleName = 'Microsoft.Graph.Applications' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Authentication' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Devices.CorporateManagement' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement.Administration' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement.Enrollment' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.DirectoryManagement' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.Governance' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.SignIns' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Reports' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Teams' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.DeviceManagement.Administration' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.DirectoryObjects' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Groups' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Planner' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Users' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.Graph.Users.Actions' - RequiredVersion = '2.5.0' + RequiredVersion = '2.6.1' }, @{ ModuleName = 'Microsoft.PowerApps.Administration.PowerShell' From 52ee8b5d5b40357455607019fe20893e68a743cc Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 22 Sep 2023 12:49:00 -0400 Subject: [PATCH 02/12] AADApplication Soft Delete Support --- CHANGELOG.md | 3 +- .../MSFT_AADApplication.psm1 | 49 +++++++++++++++++-- 2 files changed, 47 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bee760f578..b9b1e574fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,12 +2,13 @@ # UNRELEASED +* AADApplication + * Added support for restoring soft deleted instances. * O365OrgSettings * Changes to how ToDo discrepencies are being fixed in the SET method. * DEPENDENCIES * Updated Microsoft.Graph to version 2.6.1. - # 1.23.920.2 * DEPENDENCIES diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 index 1b1bb7df6f..22ee0b25c3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 @@ -421,7 +421,44 @@ function Set-TargetResource $currentParameters.Remove('LogoutURL') | Out-Null $currentParameters.Remove('Homepage') | Out-Null + $skipToUpdate = $false + $AppIdValue = $null if ($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Absent') + { + # Before attempting to create a new instance, let's first check to see if there is already an existing instance that is soft deleted + if (-not [System.String]::IsNullOrEmpty($AppId)) + { + Write-Verbose "Trying to retrieve existing deleted Applications from soft delete by Id {$AppId}." + [Array]$deletedApp = Get-MgBetaDirectoryDeletedApplication -DirectoryObjectId $AppId -ErrorAction SilentlyContinue + } + + if ($null -eq $deletedApp) + { + Write-Verbose "Trying to retrieve existing deleted Applications from soft delete by DisplayName {$DisplayName}." + [Array]$deletedApp = Get-MgBetaDirectoryDeletedApplication -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue + } + + if ($null -ne $deletedApp -and $deletedApp.Length -eq 1) + { + $deletedSinceInDays = [System.DateTime]::Now.Subtract($deletedApp[0].DeletedDateTime).Days + if ($deletedSinceInDays -le 30) + { + Write-Verbose -Message "Found existing deleted instance of {$DisplayName}. Restoring it instead of creating a new one. This could take a few minutes to complete." + Restore-MgBetaDirectoryDeletedItem -DirectoryObjectId $deletedApp.Id + $skipToUpdate = $true + $AppIdValue = $deletedApp.Id + } + else + { + Write-Verbose -Message "Found existing deleted instance of {$DisplayName}. However, the deleted date was over days ago and it cannot be restored. Will recreate a new instance instead." + } + } + elseif ($deletedApp.Length -gt 1) + { + Write-Verbose -Message "Multiple instances of a deleted application with name {$DisplayName} wehre found. Creating a new instance since we can't determine what instance to restore." + } + } + if ($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Absent' -and -not $skipToUpdate) { Write-Verbose -Message "Creating New AzureAD Application {$DisplayName} with values:`r`n$($currentParameters | Out-String)" $currentParameters.Remove('ObjectId') | Out-Null @@ -441,14 +478,18 @@ function Set-TargetResource } # App should exist and will be configured to desired state - if ($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Present') + elseif (($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Present') -or $skipToUpdate) { $currentParameters.Remove('ObjectId') | Out-Null - $currentParameters.Add('ApplicationId', $currentAADApp.ObjectId) + if (-not $skipToUpdate) + { + $AppIdValue = $currentAADApp.ObjectId + } + $currentParameters.Add('ApplicationId', $AppIdValue) Write-Verbose -Message "Updating existing AzureAD Application {$DisplayName} with values:`r`n$($currentParameters | Out-String)" Update-MgApplication @currentParameters - $currentAADApp.Add('ID', $currentAADApp.ObjectId) + $currentAADApp.Add('ID', $AppIdValue) $needToUpdatePermissions = $true } # App exists but should not @@ -815,7 +856,7 @@ function Export-TargetResource $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters - + $dscContent = [System.Text.StringBuilder]::new() $i = 1 Write-Host "`r`n" -NoNewline From 812ea210b0fa2343a59ae2ad354afd6a493e8b42 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 22 Sep 2023 15:01:37 -0400 Subject: [PATCH 03/12] Fixes --- .../MSFT_AADApplication.psm1 | 4 +- .../Microsoft365DSC.AADApplication.Tests.ps1 | 3 + Tests/Unit/Stubs/Microsoft365.psm1 | 679 ++++++++++++++---- 3 files changed, 550 insertions(+), 136 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 index 22ee0b25c3..f91d1f061f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 @@ -429,13 +429,13 @@ function Set-TargetResource if (-not [System.String]::IsNullOrEmpty($AppId)) { Write-Verbose "Trying to retrieve existing deleted Applications from soft delete by Id {$AppId}." - [Array]$deletedApp = Get-MgBetaDirectoryDeletedApplication -DirectoryObjectId $AppId -ErrorAction SilentlyContinue + [Array]$deletedApp = Get-MgBetaDirectoryDeletedItemAsApplication -DirectoryObjectId $AppId -ErrorAction SilentlyContinue } if ($null -eq $deletedApp) { Write-Verbose "Trying to retrieve existing deleted Applications from soft delete by DisplayName {$DisplayName}." - [Array]$deletedApp = Get-MgBetaDirectoryDeletedApplication -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue + [Array]$deletedApp = Get-MgBetaDirectoryDeletedItemAsApplication -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue } if ($null -ne $deletedApp -and $deletedApp.Length -eq 1) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 index aaefe7f454..07b9c9254c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 @@ -38,6 +38,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Remove-MgApplication -MockWith { } + Mock -CommandName MgBetaDirectoryDeletedItemAsApplication -MockWith { + } + Mock -CommandName New-MgApplication -MockWith { return @{ ID = '12345-12345-12345-12345-12345' diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 8d2c788a14..5ae21ddbc4 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -23546,10 +23546,6 @@ function New-MgBetaDevice [PSObject] $Extensions, - [Parameter()] - [System.DateTime] - $OnPremisesLastSyncDateTime, - [Parameter()] [PSObject] $AlternativeSecurityIds, @@ -23562,6 +23558,10 @@ function New-MgBetaDevice [PSObject] $Commands, + [Parameter()] + [System.String] + $OnPremisesSecurityIdentifier, + [Parameter()] [System.String] $OperatingSystemVersion, @@ -23571,8 +23571,8 @@ function New-MgBetaDevice $Id, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.DateTime] + $OnPremisesLastSyncDateTime, [Parameter()] [System.String] @@ -23594,6 +23594,10 @@ function New-MgBetaDevice [System.String] $ProfileType, + [Parameter()] + [PSObject] + $ExtensionAttributes, + [Parameter()] [System.Management.Automation.SwitchParameter] $OnPremisesSyncEnabled, @@ -23662,6 +23666,10 @@ function New-MgBetaDevice [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [PSObject] + $HttpPipelineAppend, + [Parameter()] [System.String] $OperatingSystem, @@ -23674,10 +23682,6 @@ function New-MgBetaDevice [System.String] $DeviceOwnership, - [Parameter()] - [PSObject] - $ExtensionAttributes, - [Parameter()] [System.DateTime] $ApproximateLastSignInDateTime, @@ -23759,14 +23763,6 @@ function New-MgBetaDirectoryAdministrativeUnit [System.Management.Automation.SwitchParameter] $IsMemberManagementRestricted, - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.String] - $Visibility, - [Parameter()] [PSObject] $ScopedRoleMembers, @@ -23795,6 +23791,14 @@ function New-MgBetaDirectoryAdministrativeUnit [PSObject] $Extensions, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Visibility, + [Parameter()] [System.DateTime] $DeletedDateTime, @@ -23808,6 +23812,63 @@ function New-MgBetaDirectoryAdministrativeUnit $HttpPipelineAppend ) } +function New-MgBetaDirectoryAdministrativeUnitMember +{ + [CmdletBinding()] + param( + [Parameter()] + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $AdministrativeUnitId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} function New-MgBetaDirectoryAdministrativeUnitMemberByRef { [CmdletBinding()] @@ -24476,6 +24537,47 @@ function Remove-MgBetaDirectorySetting $HttpPipelineAppend ) } +function Restore-MgBetaDirectoryDeletedItem +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $DirectoryObjectId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} function Update-MgBetaDevice { [CmdletBinding()] @@ -24532,6 +24634,10 @@ function Update-MgBetaDevice [PSObject] $Commands, + [Parameter()] + [System.String] + $OnPremisesSecurityIdentifier, + [Parameter()] [System.String] $OperatingSystemVersion, @@ -24753,6 +24859,10 @@ function Update-MgBetaDirectory [PSObject] $AttributeSets, + [Parameter()] + [PSObject] + $Subscriptions, + [Parameter()] [System.Uri] $Proxy, @@ -24834,10 +24944,6 @@ function Update-MgBetaDirectoryAdministrativeUnit [System.Management.Automation.SwitchParameter] $IsMemberManagementRestricted, - [Parameter()] - [System.String] - $Visibility, - [Parameter()] [PSObject] $ScopedRoleMembers, @@ -24870,6 +24976,10 @@ function Update-MgBetaDirectoryAdministrativeUnit [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Visibility, + [Parameter()] [System.DateTime] $DeletedDateTime, @@ -24903,10 +25013,6 @@ function Update-MgBetaDirectorySetting [System.String] $DisplayName, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, @@ -24923,6 +25029,10 @@ function Update-MgBetaDirectorySetting [System.String] $TemplateId, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Uri] $Proxy, @@ -24996,6 +25106,10 @@ function Update-MgBetaOrganization [PSObject] $PartnerInformation, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, @@ -25060,6 +25174,10 @@ function Update-MgBetaOrganization [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [PSObject] + $CertificateBasedAuthConfiguration, + [Parameter()] [System.String[]] $TechnicalNotificationMails, @@ -25080,6 +25198,10 @@ function Update-MgBetaOrganization [System.DateTime] $OnPremisesLastSyncDateTime, + [Parameter()] + [System.DateTime] + $DeletedDateTime, + [Parameter()] [PSObject] $ProvisionedPlans, @@ -25089,17 +25211,13 @@ function Update-MgBetaOrganization $DirectorySizeQuota, [Parameter()] - [PSObject] - $CertificateBasedAuthConfiguration, + [System.DateTime] + $OnPremisesLastPasswordSyncDateTime, [Parameter()] [PSObject] $Branding, - [Parameter()] - [System.DateTime] - $DeletedDateTime, - [Parameter()] [System.String] $CountryLetterCode, @@ -25120,10 +25238,6 @@ function Update-MgBetaOrganization [System.String] $OrganizationId, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - [Parameter()] [System.String[]] $SecurityComplianceNotificationPhones, @@ -25145,10 +25259,6 @@ function Update-MgBetaOrganizationSetting [PSObject] $ItemInsights, - [Parameter()] - [PSObject] - $ProfileCardProperties, - [Parameter()] [PSObject] $MicrosoftApplicationDataAccess, @@ -25181,10 +25291,6 @@ function Update-MgBetaOrganizationSetting [System.String] $Id, - [Parameter()] - [PSObject] - $Pronouns, - [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, @@ -25215,8 +25321,8 @@ function Update-MgBetaOrganizationSettingItemInsight [CmdletBinding()] param( [Parameter()] - [System.String] - $DisabledForGroup, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] @@ -25246,10 +25352,6 @@ function Update-MgBetaOrganizationSettingItemInsight [System.String] $OrganizationId, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] [PSObject] $HttpPipelineAppend, @@ -25262,6 +25364,10 @@ function Update-MgBetaOrganizationSettingItemInsight [System.Management.Automation.SwitchParameter] $IsEnabledInOrganization, + [Parameter()] + [System.String] + $DisabledForGroup, + [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, @@ -25276,8 +25382,8 @@ function Update-MgBetaOrganizationSettingPersonInsight [CmdletBinding()] param( [Parameter()] - [System.String] - $DisabledForGroup, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] @@ -25307,10 +25413,6 @@ function Update-MgBetaOrganizationSettingPersonInsight [System.String] $OrganizationId, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] [PSObject] $HttpPipelineAppend, @@ -25323,6 +25425,10 @@ function Update-MgBetaOrganizationSettingPersonInsight [System.Management.Automation.SwitchParameter] $IsEnabledInOrganization, + [Parameter()] + [System.String] + $DisabledForGroup, + [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, @@ -25332,6 +25438,83 @@ function Update-MgBetaOrganizationSettingPersonInsight $Break ) } +function Get-MgBetaDirectoryDeletedApplication +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.String] + $DirectoryObjectId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} #endregion #region Microsoft.Graph.Beta.Identity.Governance function Get-MgBetaAgreement @@ -48520,45 +48703,163 @@ function Get-MgBetaDirectoryAdministrativeUnitMember $Filter, [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaDirectoryAdministrativeUnitScopedRoleMember +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $AdministrativeUnitId, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String] + $ScopedRoleMembershipId, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $CountVariable, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [PSObject] + $HttpPipelineAppend + ) +} +function Get-MgBetaDirectoryDeletedItem +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.String] - $Search, + $DirectoryObjectId, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Break, + [System.String[]] + $ExpandProperty, [Parameter()] [System.String[]] - $ExpandProperty, + $Property, [Parameter()] [PSObject] - $HttpPipelineAppend + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break ) } -function Get-MgBetaDirectoryAdministrativeUnitScopedRoleMember +function Get-MgBetaDirectoryDeletedItemAsApplication { [CmdletBinding()] param( - [Parameter()] - [System.String] - $AdministrativeUnitId, - [Parameter()] [System.String[]] $Property, [Parameter()] - [PSObject] - $InputObject, - - [Parameter()] - [System.String] - $ScopedRoleMembershipId, + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, [Parameter()] [System.Int32] @@ -48572,6 +48873,10 @@ function Get-MgBetaDirectoryAdministrativeUnitScopedRoleMember [System.Int32] $Skip, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Int32] $Top, @@ -48604,6 +48909,10 @@ function Get-MgBetaDirectoryAdministrativeUnitScopedRoleMember [System.String] $Search, + [Parameter()] + [System.String] + $DirectoryObjectId, + [Parameter()] [System.Management.Automation.SwitchParameter] $Break, @@ -48612,10 +48921,6 @@ function Get-MgBetaDirectoryAdministrativeUnitScopedRoleMember [System.String[]] $ExpandProperty, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - [Parameter()] [PSObject] $HttpPipelineAppend @@ -49149,10 +49454,6 @@ function New-MgBetaDevice [PSObject] $Extensions, - [Parameter()] - [System.DateTime] - $OnPremisesLastSyncDateTime, - [Parameter()] [PSObject] $AlternativeSecurityIds, @@ -49165,6 +49466,10 @@ function New-MgBetaDevice [PSObject] $Commands, + [Parameter()] + [System.String] + $OnPremisesSecurityIdentifier, + [Parameter()] [System.String] $OperatingSystemVersion, @@ -49174,8 +49479,8 @@ function New-MgBetaDevice $Id, [Parameter()] - [PSObject] - $HttpPipelineAppend, + [System.DateTime] + $OnPremisesLastSyncDateTime, [Parameter()] [System.String] @@ -49197,6 +49502,10 @@ function New-MgBetaDevice [System.String] $ProfileType, + [Parameter()] + [PSObject] + $ExtensionAttributes, + [Parameter()] [System.Management.Automation.SwitchParameter] $OnPremisesSyncEnabled, @@ -49265,6 +49574,10 @@ function New-MgBetaDevice [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [PSObject] + $HttpPipelineAppend, + [Parameter()] [System.String] $OperatingSystem, @@ -49277,10 +49590,6 @@ function New-MgBetaDevice [System.String] $DeviceOwnership, - [Parameter()] - [PSObject] - $ExtensionAttributes, - [Parameter()] [System.DateTime] $ApproximateLastSignInDateTime, @@ -49362,14 +49671,6 @@ function New-MgBetaDirectoryAdministrativeUnit [System.Management.Automation.SwitchParameter] $IsMemberManagementRestricted, - [Parameter()] - [System.Management.Automation.PSCredential] - $ProxyCredential, - - [Parameter()] - [System.String] - $Visibility, - [Parameter()] [PSObject] $ScopedRoleMembers, @@ -49398,6 +49699,14 @@ function New-MgBetaDirectoryAdministrativeUnit [PSObject] $Extensions, + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $Visibility, + [Parameter()] [System.DateTime] $DeletedDateTime, @@ -49411,6 +49720,63 @@ function New-MgBetaDirectoryAdministrativeUnit $HttpPipelineAppend ) } +function New-MgBetaDirectoryAdministrativeUnitMember +{ + [CmdletBinding()] + param( + [Parameter()] + [System.DateTime] + $DeletedDateTime, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.String] + $AdministrativeUnitId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} function New-MgBetaDirectoryAdministrativeUnitMemberByRef { [CmdletBinding()] @@ -50079,6 +50445,47 @@ function Remove-MgBetaDirectorySetting $HttpPipelineAppend ) } +function Restore-MgBetaDirectoryDeletedItem +{ + [CmdletBinding()] + param( + [Parameter()] + [PSObject] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [PSObject] + $HttpPipelineAppend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.String] + $DirectoryObjectId, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break + ) +} function Update-MgBetaDevice { [CmdletBinding()] @@ -50135,6 +50542,10 @@ function Update-MgBetaDevice [PSObject] $Commands, + [Parameter()] + [System.String] + $OnPremisesSecurityIdentifier, + [Parameter()] [System.String] $OperatingSystemVersion, @@ -50356,6 +50767,10 @@ function Update-MgBetaDirectory [PSObject] $AttributeSets, + [Parameter()] + [PSObject] + $Subscriptions, + [Parameter()] [System.Uri] $Proxy, @@ -50437,10 +50852,6 @@ function Update-MgBetaDirectoryAdministrativeUnit [System.Management.Automation.SwitchParameter] $IsMemberManagementRestricted, - [Parameter()] - [System.String] - $Visibility, - [Parameter()] [PSObject] $ScopedRoleMembers, @@ -50473,6 +50884,10 @@ function Update-MgBetaDirectoryAdministrativeUnit [System.Management.Automation.PSCredential] $ProxyCredential, + [Parameter()] + [System.String] + $Visibility, + [Parameter()] [System.DateTime] $DeletedDateTime, @@ -50506,10 +50921,6 @@ function Update-MgBetaDirectorySetting [System.String] $DisplayName, - [Parameter()] - [PSObject] - $InputObject, - [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, @@ -50526,6 +50937,10 @@ function Update-MgBetaDirectorySetting [System.String] $TemplateId, + [Parameter()] + [PSObject] + $InputObject, + [Parameter()] [System.Uri] $Proxy, @@ -50599,6 +51014,10 @@ function Update-MgBetaOrganization [PSObject] $PartnerInformation, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, @@ -50663,6 +51082,10 @@ function Update-MgBetaOrganization [System.Management.Automation.SwitchParameter] $Confirm, + [Parameter()] + [PSObject] + $CertificateBasedAuthConfiguration, + [Parameter()] [System.String[]] $TechnicalNotificationMails, @@ -50683,6 +51106,10 @@ function Update-MgBetaOrganization [System.DateTime] $OnPremisesLastSyncDateTime, + [Parameter()] + [System.DateTime] + $DeletedDateTime, + [Parameter()] [PSObject] $ProvisionedPlans, @@ -50692,17 +51119,13 @@ function Update-MgBetaOrganization $DirectorySizeQuota, [Parameter()] - [PSObject] - $CertificateBasedAuthConfiguration, + [System.DateTime] + $OnPremisesLastPasswordSyncDateTime, [Parameter()] [PSObject] $Branding, - [Parameter()] - [System.DateTime] - $DeletedDateTime, - [Parameter()] [System.String] $CountryLetterCode, @@ -50723,10 +51146,6 @@ function Update-MgBetaOrganization [System.String] $OrganizationId, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ProxyUseDefaultCredentials, - [Parameter()] [System.String[]] $SecurityComplianceNotificationPhones, @@ -50748,10 +51167,6 @@ function Update-MgBetaOrganizationSetting [PSObject] $ItemInsights, - [Parameter()] - [PSObject] - $ProfileCardProperties, - [Parameter()] [PSObject] $MicrosoftApplicationDataAccess, @@ -50784,10 +51199,6 @@ function Update-MgBetaOrganizationSetting [System.String] $Id, - [Parameter()] - [PSObject] - $Pronouns, - [Parameter()] [System.Management.Automation.SwitchParameter] $Confirm, @@ -50818,8 +51229,8 @@ function Update-MgBetaOrganizationSettingItemInsight [CmdletBinding()] param( [Parameter()] - [System.String] - $DisabledForGroup, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] @@ -50849,10 +51260,6 @@ function Update-MgBetaOrganizationSettingItemInsight [System.String] $OrganizationId, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] [PSObject] $HttpPipelineAppend, @@ -50865,6 +51272,10 @@ function Update-MgBetaOrganizationSettingItemInsight [System.Management.Automation.SwitchParameter] $IsEnabledInOrganization, + [Parameter()] + [System.String] + $DisabledForGroup, + [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, @@ -50879,8 +51290,8 @@ function Update-MgBetaOrganizationSettingPersonInsight [CmdletBinding()] param( [Parameter()] - [System.String] - $DisabledForGroup, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] [System.String] @@ -50910,10 +51321,6 @@ function Update-MgBetaOrganizationSettingPersonInsight [System.String] $OrganizationId, - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - [Parameter()] [PSObject] $HttpPipelineAppend, @@ -50926,6 +51333,10 @@ function Update-MgBetaOrganizationSettingPersonInsight [System.Management.Automation.SwitchParameter] $IsEnabledInOrganization, + [Parameter()] + [System.String] + $DisabledForGroup, + [Parameter()] [System.Collections.Hashtable] $AdditionalProperties, From 328fc2b9a905150d5d6b0094b9b8935cff1e5152 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 25 Sep 2023 10:44:26 -0400 Subject: [PATCH 04/12] M365DSCRuleEvaluation Improvements --- CHANGELOG.md | 2 + .../MSFT_M365DSCRuleEvaluation.psm1 | 43 +++++++++++++------ 2 files changed, 31 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b9b1e574fb..60eb0bb6cf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ * AADApplication * Added support for restoring soft deleted instances. +* M365DSCRuleEvaluation + * Improvements to how rules are evaluated and how drifts are logged. * O365OrgSettings * Changes to how ToDo discrepencies are being fixed in the SET method. * DEPENDENCIES diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 index 84b36e985d..e8236ff0f6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 @@ -161,9 +161,7 @@ function Test-TargetResource Import-Module $module.Path -Force -Function 'Export-TargetResource' | Out-Null $cmdName = "MSFT_$ResourceName\Export-TargetResource" - Write-Verbose -Message "Retrieving Instances" - $instances = &$cmdName @params - Write-Verbose -Message "Retrieved {$($instances.Length)} Instances" + [Array]$instances = &$cmdName @params $DSCStringContent = @" # Generated with Microsoft365DSC version 1.23.906.1 @@ -194,27 +192,48 @@ function Test-TargetResource Write-Verbose -Message "Querying DSC Objects for invalid instances based on the specified Rule Definition." $queryBlock = [Scriptblock]::Create($RuleDefinition) - [Array]$invalidInstances = $DSCConvertedInstances | Where-Object -FilterScript $queryBlock - Write-Verbose -Message "Identified {$($invalidInstances.Length)} invalid instances." + [Array]$instances = $DSCConvertedInstances | Where-Object -FilterScript $queryBlock + Write-Verbose -Message "Identified {$($instances.Length)} instances matching rule." - $result = $InvalidInstances.Length -eq 0 + $result = ($instances.Length -$DSCConvertedInstances.Length) -eq 0 if (-not [System.String]::IsNullOrEmpty($AfterRuleCountQuery)) { Write-Verbose -Message "Checking the After Rule Count" - $afterRuleCountQueryString = "`$invalidInstances.Length $AfterRuleCountQuery" + $afterRuleCountQueryString = "`$instances.Length $AfterRuleCountQuery" $afterRuleCountQueryBlock = [Scriptblock]::Create($afterRuleCountQueryString) $result = [Boolean](Invoke-Command -ScriptBlock $afterRuleCountQueryBlock) Write-Verbose -Message "Output of rule count: $($result | Out-String)" - } + $message = [System.Text.StringBuilder]::New() + if ($instances.Length -eq 0) + { + [void]$message.AppendLine("No instances were found for the given Rule Definition.") + } + elseif (-not $result) + { + $invalidInstancesLogNames = '' + foreach ($invalidInstance in $instances) + { + $invalidInstancesLogNames += "[$ResourceName]$($invalidInstance.ResourceInstanceName)`r`n" + } - if (-not $result) + [void]$message.AppendLine("The following resource instance(s) failed a rule validation:`r`n$invalidInstancesLogNames") + [void]$message.AppendLine("`r`nRuleDefinition:`r`n$RuleDefinition") + [void]$message.AppendLine("`r`AfterRuleCountQuery:`r`n$AfterRuleCountQuery") + Add-M365DSCEvent -Message $message.ToString() ` + -EventType 'RuleEvaluation' ` + -EntryType 'Warning' ` + -EventID 1 -Source $CurrentResourceName + } + } + elseif (-not $result) { + $invalidInstances = Compare-Object -ReferenceObject $DSCConvertedInstances.ResourceInstanceName -DifferenceObject $instances.ResourceInstanceName # Log drifts for each invalid instances found. $invalidInstancesLogNames = '' foreach ($invalidInstance in $invalidInstances) { - $invalidInstancesLogNames += "[$ResourceName]$($invalidInstance.ResourceInstanceName)`r`n" + $invalidInstancesLogNames += "[$ResourceName]$($invalidInstance.InputObject)`r`n" } if (-not $result) @@ -222,10 +241,6 @@ function Test-TargetResource $message = [System.Text.StringBuilder]::New() [void]$message.AppendLine("The following resource instance(s) failed a rule validation:`r`n$invalidInstancesLogNames") [void]$message.AppendLine("`r`nRuleDefinition:`r`n$RuleDefinition") - if (-not [System.String]::IsNullOrEmpty($AfterRuleCountQuery)) - { - [void]$message.AppendLine("`r`AfterRuleCountQuery:`r`n$AfterRuleCountQuery") - } Add-M365DSCEvent -Message $message.ToString() ` -EventType 'RuleEvaluation' ` -EntryType 'Warning' ` From 6889d122559e733f405ab5e1a43561e836c80e33 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 25 Sep 2023 10:46:50 -0400 Subject: [PATCH 05/12] Updated PowerApps Dependency --- CHANGELOG.md | 1 + Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 60eb0bb6cf..59c94e5c75 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ * Changes to how ToDo discrepencies are being fixed in the SET method. * DEPENDENCIES * Updated Microsoft.Graph to version 2.6.1. + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.117. # 1.23.920.2 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 69a12f0113..6f17b80157 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -78,7 +78,7 @@ }, @{ ModuleName = 'Microsoft.PowerApps.Administration.PowerShell' - RequiredVersion = '2.0.174' + RequiredVersion = '2.0.177' }, @{ ModuleName = 'MicrosoftTeams' From ba88fe88dae4c5fcfea843b182ea90a11fae7d12 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 25 Sep 2023 11:04:36 -0400 Subject: [PATCH 06/12] Update MSFT_M365DSCRuleEvaluation.psm1 --- .../MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 index e8236ff0f6..a2a19a754f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 @@ -203,7 +203,6 @@ function Test-TargetResource $afterRuleCountQueryString = "`$instances.Length $AfterRuleCountQuery" $afterRuleCountQueryBlock = [Scriptblock]::Create($afterRuleCountQueryString) $result = [Boolean](Invoke-Command -ScriptBlock $afterRuleCountQueryBlock) - Write-Verbose -Message "Output of rule count: $($result | Out-String)" $message = [System.Text.StringBuilder]::New() if ($instances.Length -eq 0) { @@ -247,6 +246,7 @@ function Test-TargetResource -EventID 1 -Source $CurrentResourceName } } + Write-Verbose -Message "Test-TargetResource returned $result" return $result } } From cce5eebc0e4ef1cc3ee94f4ccdc8c04160e63644 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 25 Sep 2023 11:39:42 -0400 Subject: [PATCH 07/12] Update MSFT_M365DSCRuleEvaluation.psm1 --- .../MSFT_M365DSCRuleEvaluation.psm1 | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 index a2a19a754f..793817f0af 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 @@ -191,9 +191,17 @@ function Test-TargetResource Write-Verbose -Message "Successfully converted {$($DSCConvertedInstances.Length)} DSC Objects." Write-Verbose -Message "Querying DSC Objects for invalid instances based on the specified Rule Definition." - $queryBlock = [Scriptblock]::Create($RuleDefinition) - [Array]$instances = $DSCConvertedInstances | Where-Object -FilterScript $queryBlock - Write-Verbose -Message "Identified {$($instances.Length)} instances matching rule." + if ($RuleDefinition -eq '*') + { + [Array]$instances = $DSCConvertedInstances + Write-Verbose -Message "Identified {$($instances.Length)} instances matching rule." + } + else + { + $queryBlock = [Scriptblock]::Create($RuleDefinition) + [Array]$instances = $DSCConvertedInstances | Where-Object -FilterScript $queryBlock + Write-Verbose -Message "Identified {$($instances.Length)} instances matching rule." + } $result = ($instances.Length -$DSCConvertedInstances.Length) -eq 0 From 62a74279ca4e3a56c70703340599f33f84ad84b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CMario=E2=80=9D?= <“malauter@microsoft.com”> Date: Tue, 26 Sep 2023 10:17:45 +0200 Subject: [PATCH 08/12] Fixed handling of Graph connection --- CHANGELOG.md | 2 ++ Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 59c94e5c75..dba34a3e71 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ * DEPENDENCIES * Updated Microsoft.Graph to version 2.6.1. * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.117. +* MISC + * Fixed handling of Graph connection in Update-M365DSCAllowedGraphScopes # 1.23.920.2 diff --git a/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 index 5606a28d35..7ad66b8d6b 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 @@ -406,7 +406,7 @@ function Update-M365DSCAllowedGraphScopes Write-Verbose -Message 'Connecting to MS Graph to update permissions' $result = Connect-MgGraph @params -Environment $Environment - if ($result -eq 'Welcome To Microsoft Graph!') + if ($result -like '*Welcome To Microsoft Graph!*') { Write-Output 'Allowed Graph scopes updated!' } From 5d3d4f972180427df88bd19afd7e2d9ad74eabb1 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 27 Sep 2023 09:56:53 -0400 Subject: [PATCH 09/12] Fixes #3695 --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 59c94e5c75..e702b976d3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,9 @@ * AADApplication * Added support for restoring soft deleted instances. +* ADDRoleSetting + * Fixed issue with export where ApplicationSecret was not returned. + FIXES [#3695](https://github.com/microsoft/Microsoft365DSC/issues/3695) * M365DSCRuleEvaluation * Improvements to how rules are evaluated and how drifts are logged. * O365OrgSettings From a73d49737529ccf6d449e786b6bbe72ecffe2cd3 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 27 Sep 2023 09:56:59 -0400 Subject: [PATCH 10/12] Update MSFT_AADRoleSetting.psm1 --- .../MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 index f76bd79e52..4353dd8ce8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 @@ -370,6 +370,7 @@ function Get-TargetResource ApplicationId = $ApplicationId TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret Credential = $Credential ManagedIdentity = $ManagedIdentity.IsPresent } @@ -1302,11 +1303,6 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $ValuesToCheck.Remove('Id') | Out-Null - $ValuesToCheck.Remove('ManagedIdentity') | Out-Null $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` From 462cdcaa5e286c42a59f3312d5408dea91a46e4b Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 27 Sep 2023 09:58:54 -0400 Subject: [PATCH 11/12] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e702b976d3..76f1006333 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ * AADApplication * Added support for restoring soft deleted instances. -* ADDRoleSetting +* AADRoleSetting * Fixed issue with export where ApplicationSecret was not returned. FIXES [#3695](https://github.com/microsoft/Microsoft365DSC/issues/3695) * M365DSCRuleEvaluation From 7215ee337b8d89f436f3eab58b10921b88df9dee Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 27 Sep 2023 13:17:30 -0400 Subject: [PATCH 12/12] Release 1.23.927.1 --- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 31 +++++++++----------- 2 files changed, 15 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 860f326ac9..e11d4b344c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.23.927.1 * AADApplication * Added support for restoring soft deleted instances. diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 7971b9a7ea..8ef27b0dc8 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2023-09-20 +# Generated on: 2023-09-27 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.23.920.2' + ModuleVersion = '1.23.927.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -140,23 +140,20 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '** 1.23.920.2 rolls back the Graph dependencies to version 2.5.0 - * O365OrgSettings - * Fixes and issue where a the wrong url was being used in some of the API - calls, resulting in null returns for some properties in the Get method. - * SPOSharingSettings - * Changes verbose prompts to warnings. - * TeamsGroupPolicyAssignment - * Changes to how Group IDs are retrieved and evaluated. - * TeamsAppPermissionPolicy - * Fixes to the Test-TargetResource evaluation of empty arrays. + ReleaseNotes = '* AADApplication + * Added support for restoring soft deleted instances. + * AADRoleSetting + * Fixed issue with export where ApplicationSecret was not returned. + FIXES [#3695](https://github.com/microsoft/Microsoft365DSC/issues/3695) + * M365DSCRuleEvaluation + * Improvements to how rules are evaluated and how drifts are logged. + * O365OrgSettings + * Changes to how ToDo discrepencies are being fixed in the SET method. * DEPENDENCIES - * Updated Microsoft.Graph to version 2.6.0. - * Updated MicrosoftTeams to version 5.6.0. - FIXES [#3671](https://github.com/microsoft/Microsoft365DSC/issues/3671) + * Updated Microsoft.Graph to version 2.6.1. + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.117. * MISC - * M365DSCUtil: Fix problem naming similar resources - FIXES [#3700](https://github.com/microsoft/Microsoft365DSC/issues/3700)' + * Fixed handling of Graph connection in Update-M365DSCAllowedGraphScopes' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false