Merge pull request #3116 from William-Francillette/IntuneDeviceEnroll…

…mentStatusPageWindows10 PR : [BREAKING CHANGE] Fixes 2933
microsoft · Apr 1, 2023 · 4d8dfe5 · 4d8dfe5
2 parents be8e108 + 6afebaf
commit 4d8dfe5
Show file tree

Hide file tree

Showing 8 changed files with 273 additions and 57 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,11 @@
 # Change log for Microsoft365DSC
 
 # UNRELEASED
+* IntuneDeviceEnrollmentStatusPageWindows10
+  * [BREAKING CHANGE] Renamed resource IntuneDeviceEnrollmentConfigurationWindows10 to IntuneDeviceEnrollmentStatusPageWindows10
+  * Added support for property Assignments.
+  * Added support for property Priority
+  * FIXES [#2933](https://github.com/microsoft/Microsoft365DSC/issues/2933)
 * AADAdministrativeUnit
   * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required
   * Fixes extraction of the Members property.

diff --git a/...viceEnrollmentConfigurationWindows10.psm1 → ...eDeviceEnrollmentStatusPageWindows10.psm1 b/...viceEnrollmentConfigurationWindows10.psm1 → ...eDeviceEnrollmentStatusPageWindows10.psm1
@@ -66,6 +66,14 @@ function Get-TargetResource
         $TrackInstallProgressForAutopilotOnly,
         #endregion
 
+        [Parameter()]
+        [System.Uint32]
+        $Priority,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $Assignments,
+
         [Parameter()]
         [System.String]
         [ValidateSet('Absent', 'Present')]
@@ -103,7 +111,7 @@ function Get-TargetResource
             -ProfileName 'beta'
 
         #Ensure the proper dependencies are installed in the current environment.
-        Confirm-M365DSCDependencies
+        Confirm-M365DSCDependencies -Verbose
 
         #region Telemetry
         $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '')
@@ -128,9 +136,10 @@ function Get-TargetResource
             if (-Not [string]::IsNullOrEmpty($DisplayName))
             {
                 $getValue = Get-MgDeviceManagementDeviceEnrollmentConfiguration `
+                    -Filter "DisplayName eq '$DisplayName'" `
                     -ErrorAction SilentlyContinue | Where-Object `
                     -FilterScript { `
-                        $_.DisplayName -eq "$($DisplayName)" `
+                        $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10EnrollmentCompletionPageConfiguration' `
                 }
             }
         }
@@ -157,12 +166,35 @@ function Get-TargetResource
             SelectedMobileAppIds                    = $getValue.AdditionalProperties.selectedMobileAppIds
             ShowInstallationProgress                = $getValue.AdditionalProperties.showInstallationProgress
             TrackInstallProgressForAutopilotOnly    = $getValue.AdditionalProperties.trackInstallProgressForAutopilotOnly
+            Priority                                = $getValue.Priority
             Description                             = $getValue.Description
             DisplayName                             = $getValue.DisplayName
             Id                                      = $getValue.Id
             Ensure                                  = 'Present'
+            Credential                              = $Credential
+            ApplicationId                           = $ApplicationId
+            TenantId                                = $TenantId
+            ApplicationSecret                       = $ApplicationSecret
+            CertificateThumbprint                   = $CertificateThumbprint
+            Managedidentity                         = $ManagedIdentity.IsPresent
             #endregion
         }
+        $assignmentsValues = Get-MgDeviceManagementDeviceEnrollmentConfigurationAssignment -DeviceEnrollmentConfigurationId $Id
+        $assignmentResult = @()
+        foreach ($assignmentEntry in $AssignmentsValues)
+        {
+            $assignmentValue = @{
+                dataType                                   = $assignmentEntry.Target.AdditionalProperties.'@odata.type'
+                deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType)
+                    {
+                        $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()
+                    })
+                deviceAndAppManagementAssignmentFilterId   = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId
+                groupId                                    = $assignmentEntry.Target.AdditionalProperties.groupId
+            }
+            $assignmentResult += $assignmentValue
+        }
+        $results.Add('Assignments', $assignmentResult)
 
         return [System.Collections.Hashtable] $results
     }
@@ -245,6 +277,14 @@ function Set-TargetResource
         $TrackInstallProgressForAutopilotOnly,
         #endregion
 
+        [Parameter()]
+        [System.Uint32]
+        $Priority,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $Assignments,
+
         [Parameter()]
         [System.String]
         [ValidateSet('Absent', 'Present')]
@@ -275,6 +315,7 @@ function Set-TargetResource
         $ManagedIdentity
     )
 
+
     #Ensure the proper dependencies are installed in the current environment.
     Confirm-M365DSCDependencies
 
@@ -305,6 +346,8 @@ function Set-TargetResource
         $CreateParameters = ([Hashtable]$PSBoundParameters).clone()
         $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters
         $CreateParameters.Remove('Id') | Out-Null
+        $CreateParameters.Remove('Assignments') | Out-Null
+        $CreateParameters.Remove('Priority') | Out-Null
 
         #region resource generator code
         if ($CreateParameters.showInstallationProgress -eq $false)
@@ -327,7 +370,19 @@ function Set-TargetResource
         }
 
         $CreateParameters.Add('@odata.type', '#microsoft.graph.windows10EnrollmentCompletionPageConfiguration')
-        $null = New-MgDeviceManagementDeviceEnrollmentConfiguration -BodyParameter $CreateParameters
+        $policy = New-MgDeviceManagementDeviceEnrollmentConfiguration -BodyParameter $CreateParameters
+
+        foreach ($assignment in $Assignments)
+        {
+            $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment
+        }
+        Update-DeviceEnrollmentConfigurationAssignment `
+            -DeviceEnrollmentConfigurationId $policy.id `
+            -Targets $assignmentsHash
+
+        Update-DeviceEnrollmentConfigurationPriority `
+            -DeviceEnrollmentConfigurationId $policy.id `
+            -Priority $Priority
         #endregion
     }
     elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present')
@@ -336,6 +391,8 @@ function Set-TargetResource
 
         $UpdateParameters = ([Hashtable]$PSBoundParameters).clone()
         $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters
+        $UpdateParameters.Remove('Assignments') | Out-Null
+        $UpdateParameters.Remove('Priority') | Out-Null
 
         #region resource generator code
         if ($UpdateParameters.blockDeviceSetupRetryByUser -eq $true)
@@ -346,8 +403,24 @@ function Set-TargetResource
         }
 
         $UpdateParameters.Add('@odata.type', '#microsoft.graph.windows10EnrollmentCompletionPageConfiguration')
-        Update-MgDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $currentInstance.Id `
+        Update-MgDeviceManagementDeviceEnrollmentConfiguration `
+            -DeviceEnrollmentConfigurationId $currentInstance.Id `
             -BodyParameter $UpdateParameters
+
+        if ($currentInstance.Id -notlike '*_DefaultWindows10EnrollmentCompletionPageConfiguration')
+        {
+            foreach ($assignment in $Assignments)
+            {
+                $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment
+            }
+            Update-DeviceEnrollmentConfigurationAssignment `
+                -DeviceEnrollmentConfigurationId $currentInstance.id `
+                -Targets $assignmentsHash
+
+            Update-DeviceEnrollmentConfigurationPriority `
+                -DeviceEnrollmentConfigurationId $currentInstance.id `
+                -Priority $Priority
+        }
         #endregion
     }
     elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
@@ -427,6 +500,14 @@ function Test-TargetResource
         $TrackInstallProgressForAutopilotOnly,
         #endregion
 
+        [Parameter()]
+        [System.Uint32]
+        $Priority,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $Assignments,
+
         [Parameter()]
         [System.String]
         [ValidateSet('Absent', 'Present')]
@@ -457,6 +538,7 @@ function Test-TargetResource
         $ManagedIdentity
     )
 
+
     #Ensure the proper dependencies are installed in the current environment.
     Confirm-M365DSCDependencies
 
@@ -470,7 +552,6 @@ function Test-TargetResource
     #endregion
 
     Write-Verbose -Message "Testing configuration of the Intune Device Enrollment Configuration for Windows10 with Id {$Id} and DisplayName {$DisplayName}"
-
     $CurrentValues = Get-TargetResource @PSBoundParameters
     $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone()
 
@@ -616,12 +697,27 @@ function Export-TargetResource
             $Results = Get-TargetResource @Params
             $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
                 -Results $Results
-
+            if ($Results.Assignments)
+            {
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments
+                if ($complexTypeStringResult)
+                {
+                    $Results.Assignments = $complexTypeStringResult
+                }
+                else
+                {
+                    $Results.Remove('Assignments') | Out-Null
+                }
+            }
             $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName `
                 -ConnectionMode $ConnectionMode `
                 -ModulePath $PSScriptRoot `
                 -Results $Results `
                 -Credential $Credential
+            if ($Results.Assignments)
+            {
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true
+            }
 
             $dscContent += $currentDSCBlock
             Save-M365DSCPartialExport -Content $currentDSCBlock `
@@ -646,6 +742,93 @@ function Export-TargetResource
     }
 }
 
+function Update-DeviceEnrollmentConfigurationAssignment
+{
+    [CmdletBinding()]
+    [OutputType([System.Collections.Hashtable])]
+    param (
+        [Parameter(Mandatory = 'true')]
+        [System.String]
+        $DeviceEnrollmentConfigurationId,
+
+        [Parameter()]
+        [Array]
+        $Targets
+    )
+    try
+    {
+        $deviceManagementPolicyAssignments = @()
+        $Uri = "https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations/$DeviceEnrollmentConfigurationId/assign"
+
+        foreach ($target in $targets)
+        {
+            $formattedTarget = @{'@odata.type' = $target.dataType }
+            if ($target.groupId)
+            {
+                $formattedTarget.Add('groupId', $target.groupId)
+            }
+            if ($target.collectionId)
+            {
+                $formattedTarget.Add('collectionId', $target.collectionId)
+            }
+            if ($target.deviceAndAppManagementAssignmentFilterType)
+            {
+                $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType)
+            }
+            if ($target.deviceAndAppManagementAssignmentFilterId)
+            {
+                $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId)
+            }
+            $deviceManagementPolicyAssignments += @{'target' = $formattedTarget }
+        }
+        $body = @{'enrollmentConfigurationAssignments' = $deviceManagementPolicyAssignments } | ConvertTo-Json -Depth 20
+        #write-verbose -Message $body
+        Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop
+    }
+    catch
+    {
+        New-M365DSCLogEntry -Message 'Error updating data:'
+        -Exception $_
+        -Source $($MyInvocation.MyCommand.Source)
+        -TenantId $TenantId
+        -Credential $Credential
+
+        return $null
+    }
+}
+
+function Update-DeviceEnrollmentConfigurationPriority
+{
+    [CmdletBinding()]
+    [OutputType([System.Collections.Hashtable])]
+    param (
+        [Parameter(Mandatory = 'true')]
+        [System.String]
+        $DeviceEnrollmentConfigurationId,
+
+        [Parameter(Mandatory = 'true')]
+        [System.UInt32]
+        $Priority
+    )
+    try
+    {
+        $Uri = "https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations/$DeviceEnrollmentConfigurationId/setPriority"
+        $body = @{'priority' = $Priority } | ConvertTo-Json -Depth 20
+        #write-verbose -Message $body
+        Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop
+    }
+    catch
+    {
+        New-M365DSCLogEntry -Message 'Error updating data:'
+        -Exception $_
+        -Source $($MyInvocation.MyCommand.Source)
+        -TenantId $TenantId
+        -Credential $Credential
+
+        return $null
+    }
+}
+
 function Rename-M365DSCCimInstanceParameter
 {
     [CmdletBinding()]

diff --git a/...rollmentConfigurationWindows10.schema.mof → ...eEnrollmentStatusPageWindows10.schema.mof b/...rollmentConfigurationWindows10.schema.mof → ...eEnrollmentStatusPageWindows10.schema.mof
@@ -1,6 +1,15 @@
+[ClassVersion("1.0.0.0")]
+class MSFT_DeviceManagementConfigurationPolicyAssignments
+{
+    [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType;
+    [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType;
+    [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId;
+    [Write, Description("The group Id that is the target of the assignment.")] String groupId;
+    [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId;
+};
 
-[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceEnrollmentConfigurationWindows10")]
-class MSFT_IntuneDeviceEnrollmentConfigurationWindows10 : OMI_BaseResource
+[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceEnrollmentStatusPageWindows10")]
+class MSFT_IntuneDeviceEnrollmentStatusPageWindows10 : OMI_BaseResource
 {
     [Key, Description("The display name of the device enrollment configuration")] String DisplayName;
     [Required, Description("The unique identifier for an entity. Read-only.")] String Id;
@@ -17,6 +26,8 @@ class MSFT_IntuneDeviceEnrollmentConfigurationWindows10 : OMI_BaseResource
     [Write, Description("Selected applications to track the installation status")] String SelectedMobileAppIds[];
     [Write, Description("Show or hide installation progress to user")] Boolean ShowInstallationProgress;
     [Write, Description("Only show installation progress for Autopilot enrollment scenarios")] Boolean TrackInstallProgressForAutopilotOnly;
+    [Write, Description("Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value.")] UInt32 Priority;
+    [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[];
     [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
     [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;

diff --git a/...nrollmentConfigurationWindows10/readme.md → ...ceEnrollmentStatusPageWindows10/readme.md b/...nrollmentConfigurationWindows10/readme.md → ...ceEnrollmentStatusPageWindows10/readme.md
@@ -1,5 +1,5 @@
 
-# IntuneDeviceEnrollmentConfigurationWindows10
+# IntuneDeviceEnrollmentStatusPageWindows10
 
 ## Description
 

diff --git a/...lmentConfigurationWindows10/settings.json → ...rollmentStatusPageWindows10/settings.json b/...lmentConfigurationWindows10/settings.json → ...rollmentStatusPageWindows10/settings.json
@@ -1,5 +1,5 @@
 {
-    "resourceName": "IntuneDeviceEnrollmentConfigurationWindows10",
+    "resourceName": "IntuneDeviceEnrollmentStatusPageWindows10",
     "description": "This resource configures an Intune Device Enrollment Status Page Configuration for Windows10.",
     "permissions": {
         "graph": {