From 14cc3a5f8892a36c96453c9b6d299275eb271e28 Mon Sep 17 00:00:00 2001
From: Fabien Tschanz <fabien.tschanz@mobi.ch>
Date: Thu, 16 Jan 2025 11:19:23 +0100
Subject: [PATCH] Report LCM details only if running as administrator

---
 CHANGELOG.md                                  |  5 +
 .../Modules/M365DSCTelemetryEngine.psm1       | 94 ++++++++++---------
 2 files changed, 53 insertions(+), 46 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 47e595e3e1..92840d2b08 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Change log for Microsoft365DSC
 
+# UNRELEASED
+
+* M365DSCTelemetryEngine
+  * Report LCM details only if running as administrator.
+
 # 1.25.115.1
 
 * AADAuthenticationRequirement
diff --git a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1
index a99991adbe..795b7ff6dd 100644
--- a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1
+++ b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1
@@ -108,14 +108,7 @@ function Add-M365DSCTelemetryEvent
             {
                 if ($null -eq $Script:M365DSCCurrentRoles -or $Script:M365DSCCurrentRoles.Length -eq 0)
                 {
-                    try
-                    {
-                        Connect-M365Tenant -Workload 'MicrosoftGraph' @Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction SilentlyContinue
-                    }
-                    catch
-                    {
-                        Write-Verbose -Message $_
-                    }
+                    Connect-M365Tenant -Workload 'MicrosoftGraph' $Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction SilentlyContinue
                     $Script:M365DSCCurrentRoles = @()
 
                     $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/me?$select=id'
@@ -151,7 +144,7 @@ function Add-M365DSCTelemetryEvent
                 {
                     try
                     {
-                        Connect-M365Tenant -Workload 'MicrosoftGraph' @Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction Stop
+                        Connect-M365Tenant -Workload 'MicrosoftGraph' $Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction Stop
                         $Script:M365DSCCurrentRoles = @()
 
                         $sp = Get-MgServicePrincipal -Filter "AppId eq '$($Global:M365DSCTelemetryConnectionToGraphParams.ApplicationId)'" `
@@ -372,54 +365,63 @@ function Add-M365DSCTelemetryEvent
             # LCM Metadata Information
             try
             {
-                if ($null -eq $Script:LCMInfo)
+                if ($null -eq $Script:M365DSCCurrentPrincipalIsAdmin)
                 {
-                    $Script:LCMInfo = Get-DscLocalConfigurationManager -ErrorAction Stop
+                    $currentPrincipal = New-Object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())
+                    $Script:M365DSCCurrentPrincipalIsAdmin = $currentPrincipal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)
                 }
 
-                $certificateConfigured = $false
-                if (-not [System.String]::IsNullOrEmpty($LCMInfo.CertificateID))
+                if ($Script:M365DSCCurrentPrincipalIsAdmin)
                 {
-                    $certificateConfigured = $true
-                }
-
-                $partialConfiguration = $false
-                if (-not [System.String]::IsNullOrEmpty($Script:LCMInfo.PartialConfigurations))
-                {
-                    $partialConfiguration = $true
-                }
-                $Data.Add('LCMUsesPartialConfigurations', $partialConfiguration)
-                $Data.Add('LCMCertificateConfigured', $certificateConfigured)
-                $Data.Add('LCMConfigurationMode', $Script:LCMInfo.ConfigurationMode)
-                $Data.Add('LCMConfigurationModeFrequencyMins', $Script:LCMInfo.ConfigurationModeFrequencyMins)
-                $Data.Add('LCMRefreshMode', $Script:LCMInfo.RefreshMode)
-                $Data.Add('LCMState', $Script:LCMInfo.LCMState)
-                $Data.Add('LCMStateDetail', $Script:LCMInfo.LCMStateDetail)
-
-                if ([System.String]::IsNullOrEmpty($Type))
-                {
-                    if ($Global:M365DSCExportInProgress)
-                    {
-                        $Type = 'Export'
-                    }
-                    elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is performing a consistency check.' -or `
-                            $Script:LCMInfo.LCMStateDetail -eq 'LCM exécute une vérification de cohérence.' -or `
-                            $Script:LCMInfo.LCMStateDetail -eq 'LCM führt gerade eine Konsistenzüberprüfung durch.')
+                    if ($null -eq $Script:LCMInfo)
                     {
-                        $Type = 'MonitoringScheduled'
+                        $Script:LCMInfo = Get-DscLocalConfigurationManager -ErrorAction Stop
                     }
-                    elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is testing node against the configuration.')
+
+                    $certificateConfigured = $false
+                    if (-not [System.String]::IsNullOrEmpty($LCMInfo.CertificateID))
                     {
-                        $Type = 'MonitoringManual'
+                        $certificateConfigured = $true
                     }
-                    elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is applying a new configuration.' -or `
-                            $Script:LCMInfo.LCMStateDetail -eq 'LCM applique une nouvelle configuration.')
+
+                    $partialConfiguration = $false
+                    if (-not [System.String]::IsNullOrEmpty($Script:LCMInfo.PartialConfigurations))
                     {
-                        $Type = 'ApplyingConfiguration'
+                        $partialConfiguration = $true
                     }
-                    else
+                    $Data.Add('LCMUsesPartialConfigurations', $partialConfiguration)
+                    $Data.Add('LCMCertificateConfigured', $certificateConfigured)
+                    $Data.Add('LCMConfigurationMode', $Script:LCMInfo.ConfigurationMode)
+                    $Data.Add('LCMConfigurationModeFrequencyMins', $Script:LCMInfo.ConfigurationModeFrequencyMins)
+                    $Data.Add('LCMRefreshMode', $Script:LCMInfo.RefreshMode)
+                    $Data.Add('LCMState', $Script:LCMInfo.LCMState)
+                    $Data.Add('LCMStateDetail', $Script:LCMInfo.LCMStateDetail)
+
+                    if ([System.String]::IsNullOrEmpty($Type))
                     {
-                        $Type = 'Undetermined'
+                        if ($Global:M365DSCExportInProgress)
+                        {
+                            $Type = 'Export'
+                        }
+                        elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is performing a consistency check.' -or `
+                                $Script:LCMInfo.LCMStateDetail -eq 'LCM exécute une vérification de cohérence.' -or `
+                                $Script:LCMInfo.LCMStateDetail -eq 'LCM führt gerade eine Konsistenzüberprüfung durch.')
+                        {
+                            $Type = 'MonitoringScheduled'
+                        }
+                        elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is testing node against the configuration.')
+                        {
+                            $Type = 'MonitoringManual'
+                        }
+                        elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is applying a new configuration.' -or `
+                                $Script:LCMInfo.LCMStateDetail -eq 'LCM applique une nouvelle configuration.')
+                        {
+                            $Type = 'ApplyingConfiguration'
+                        }
+                        else
+                        {
+                            $Type = 'Undetermined'
+                        }
                     }
                 }
             }