Merge pull request #1454 from microsoft/Dev

Release 1.21.915.1
microsoft · Sep 16, 2021 · be45b35 · be45b35
2 parents 3840425 + 599ed6b
commit be45b35
Show file tree

Hide file tree

Showing 63 changed files with 7,431 additions and 1,091 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,36 @@
 # Change log for Microsoft365DSC
 
+# 1.21.915.1
+
+* EXOAntiPhishPolicy
+  * Added support for EnableFirstContactSafetyTips & EnableViaTag;
+* EXOAtpPolicyForO365
+  * Added support for AllowSafeDocsOpen;
+* EXOHostedContentFilterPolicy
+  * Added support for HighConfidencePhishAction;
+* EXOHostedOutboundSpamFilterPolicy
+  Added support for RecipientLimitInternalPerHour, RecipientLimitPerDay,
+  RecipientLimitExternalPerHour, ActionWhenThresholdReached & AutoForwardingMode;
+* EXOHostedOutboundSpamFilterRule
+  Initial release;
+* IntuneAppConfigurationPolicy
+  * Added support for the CustomSettings property;
+* IntuneDeviceCompliancePolicyWindows10
+  * Removed the App Secret and Application ID from the output;
+  * Added DefenderEnabled to the Resource;
+* IntuneDeviceConfigurationWindows10
+  * Initial release;
+* DEPENDENCIES;
+  * Updated Microsoft.Graph.Authentication to version 1.7.0;
+  * Added dependency on Microsoft.Graph.DeviceManagement;
+  * Added dependency on Microsoft.Graph.DeviceManagement.Administration;
+  * Added dependency on Microsoft.Graph.DeviceManagement.Enrolment;
+  * Added dependency on Microsoft.Graph.Devices.CorporateManagement;
+  * Updated Microsoft.Graph.Planner to version 1.7.0;
+  * Updated Microsoft.Graph.Teams to version 1.7.0;
+  * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.136;
+  * Updated MSCloudLoginAssistant to version 1.0.67;
+
 # 1.21.908.1
 
 * PPTenantSettings

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1
@@ -25,6 +25,10 @@ function Get-TargetResource
         [System.Boolean]
         $EnableAntispoofEnforcement = $true,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableFirstContactSafetyTips = $true,
+
         [Parameter()]
         [System.Boolean]
         $EnableMailboxIntelligence = $true,
@@ -65,6 +69,10 @@ function Get-TargetResource
         [System.Boolean]
         $EnableUnusualCharactersSafetyTips = $false,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableViaTag = $false,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
@@ -208,6 +216,7 @@ function Get-TargetResource
                 AdminDisplayName                              = $AntiPhishPolicy.AdminDisplayName
                 AuthenticationFailAction                      = $AntiPhishPolicy.AuthenticationFailAction
                 Enabled                                       = $AntiPhishPolicy.Enabled
+                EnableFirstContactSafetyTips                  = $AntiPhishPolicy.EnableFirstContactSafetyTips
                 EnableAntispoofEnforcement                    = $AntiPhishPolicy.EnableAntispoofEnforcement
                 EnableMailboxIntelligence                     = $AntiPhishPolicy.EnableMailboxIntelligence
                 EnableMailboxIntelligenceProtection           = $AntiPhishPolicy.EnableMailboxIntelligenceProtection
@@ -219,6 +228,7 @@ function Get-TargetResource
                 EnableTargetedUserProtection                  = $AntiPhishPolicy.EnableTargetedUserProtection
                 EnableUnauthenticatedSender                   = $AntiPhishPolicy.EnableUnauthenticatedSender
                 EnableUnusualCharactersSafetyTips             = $AntiPhishPolicy.EnableUnusualCharactersSafetyTips
+                EnableViaTag                                  = $AntiPhishPolicy.EnableViaTag
                 ExcludedDomains                               = $AntiPhishPolicy.ExcludedDomains
                 ExcludedSenders                               = $AntiPhishPolicy.ExcludedSenders
                 ImpersonationProtectionState                  = $AntiPhishPolicy.ImpersonationProtectionState
@@ -298,6 +308,10 @@ function Set-TargetResource
         [System.Boolean]
         $EnableAntispoofEnforcement = $true,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableFirstContactSafetyTips = $true,
+
         [Parameter()]
         [System.Boolean]
         $EnableMailboxIntelligence = $true,
@@ -338,6 +352,10 @@ function Set-TargetResource
         [System.Boolean]
         $EnableUnusualCharactersSafetyTips = $false,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableViaTag = $false,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]
@@ -492,6 +510,10 @@ function Test-TargetResource
         [System.Boolean]
         $EnableAntispoofEnforcement = $true,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableFirstContactSafetyTips = $true,
+
         [Parameter()]
         [System.Boolean]
         $EnableMailboxIntelligence = $true,
@@ -532,6 +554,10 @@ function Test-TargetResource
         [System.Boolean]
         $EnableUnusualCharactersSafetyTips = $false,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableViaTag = $false,
+
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
         [System.String]

diff --git a/...s/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof b/...s/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof
@@ -9,6 +9,7 @@ class MSFT_EXOAntiPhishPolicy : OMI_BaseResource
     [Write, Description("The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages for the domains specified by the TargetedDomainsToProtect parameter."), ValueMap{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}, Values{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}] String TargetedDomainProtectionAction;
     [Write, Description("The TargetedUserProtectionAction parameter specifies the action to take on detected user impersonation messages for the users specified by the TargetedUsersToProtect parameter."), ValueMap{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}, Values{"BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"}] String TargetedUserProtectionAction;
     [Write, Description("Specify if this policy should be enabled. Default is $true.")] Boolean Enabled;
+    [Write, Description("The EnableFirstContactSafetyTips parameter specifies whether to enable or disable the safety tip that's shown when recipients first receive an email from a sender or do not often receive email from a sender.")] Boolean EnableFirstContactSafetyTips;
     [Write, Description("The EnableAntispoofEnforcement parameter specifies whether to enable or disable antispoofing protection for the policy.")] Boolean EnableAntispoofEnforcement;
     [Write, Description("The EnableMailboxIntelligence parameter specifies whether to enable or disable mailbox intelligence (the first contact graph) in domain and user impersonation protection.")] Boolean EnableMailboxIntelligence;
     [Write, Description("The EnableMailboxIntelligenceProtection specifies whether to enable or disable enhanced impersonation results based on each user's individual sender map. This intelligence allows Microsoft 365 to customize user impersonation detection and better handle false positives.")] Boolean EnableMailboxIntelligenceProtection;
@@ -20,6 +21,7 @@ class MSFT_EXOAntiPhishPolicy : OMI_BaseResource
     [Write, Description("The EnableTargetedUserProtection parameter specifies whether to enable user impersonation protection for the users specified by the TargetedUsersToProtect parameter")] Boolean EnableTargetedUserProtection;
     [Write, Description("The EnableUnauthenticatedSender parameter enables or disables unauthenticated sender identification in Outlook.")] Boolean EnableUnauthenticatedSender;
     [Write, Description("The EnableUnusualCharactersSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for unusual characters in domain and user impersonation detections.")] Boolean EnableUnusualCharactersSafetyTips;
+    [Write, Description("This setting is part of spoof protection. The EnableViaTag parameter enables or disables adding the via tag to the From address in Outlook.")] Boolean EnableViaTag;
     [Write, Description("Make this the default antiphishing policy")] Boolean MakeDefault;
     [Write, Description("The ExcludedDomains parameter specifies trusted domains that are excluded from scanning by antiphishing protection. You can specify multiple domains separated by commas.")] String ExcludedDomains[];
     [Write, Description("The ExcludedSenders parameter specifies a list of trusted sender email addresses that are excluded from scanning by antiphishing protection. You can specify multiple email addresses separated by commas.")] String ExcludedSenders[];

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpPolicyForO365/MSFT_EXOAtpPolicyForO365.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpPolicyForO365/MSFT_EXOAtpPolicyForO365.psm1
@@ -17,6 +17,10 @@ function Get-TargetResource
         [Boolean]
         $AllowClickThrough = $true,
 
+        [Parameter()]
+        [Boolean]
+        $AllowSafeDocsOpen = $false,
+
         [Parameter()]
         [System.String[]]
         $BlockUrls = @(),
@@ -110,6 +114,7 @@ function Get-TargetResource
                 IsSingleInstance              = "Yes"
                 Identity                      = $AtpPolicyForO365.Identity
                 AllowClickThrough             = $AtpPolicyForO365.AllowClickThrough
+                AllowSafeDocsOpen             = $AtpPolicyForO365.AllowSafeDocsOpen
                 BlockUrls                     = $AtpPolicyForO365.BlockUrls
                 EnableATPForSPOTeamsODB       = $AtpPolicyForO365.EnableATPForSPOTeamsODB
                 EnableSafeDocs                = $AtpPolicyForO365.EnableSafeDocs
@@ -172,6 +177,10 @@ function Set-TargetResource
         [Boolean]
         $AllowClickThrough = $true,
 
+        [Parameter()]
+        [Boolean]
+        $AllowSafeDocsOpen = $false,
+
         [Parameter()]
         [System.String[]]
         $BlockUrls = @(),
@@ -273,6 +282,10 @@ function Test-TargetResource
         [Boolean]
         $AllowClickThrough = $true,
 
+        [Parameter()]
+        [Boolean]
+        $AllowSafeDocsOpen = $false,
+
         [Parameter()]
         [System.String[]]
         $BlockUrls = @(),

diff --git a/...Microsoft365DSC/DSCResources/MSFT_EXOAtpPolicyForO365/MSFT_EXOAtpPolicyForO365.schema.mof b/...Microsoft365DSC/DSCResources/MSFT_EXOAtpPolicyForO365/MSFT_EXOAtpPolicyForO365.schema.mof
@@ -5,6 +5,7 @@ class MSFT_EXOAtpPolicyForO365 : OMI_BaseResource
     [Write, Description("The Identity parameter specifies the ATP policy that you want to modify. There's only one policy named Default.")] String Identity;
     [Write, Description("Since there is only one policy, the default policy, this must be set to 'Present'"), ValueMap{"Present"}, Values{"Present"}] String Ensure;
     [Write, Description("The AllowClickThrough parameter specifies whether to allow users to click through to the original blocked URL in Office 365 ProPlus. Default is $true.")] Boolean AllowClickThrough;
+    [Write, Description("The AllowSafeDocsOpen parameter specifies whether users can click through and bypass the Protected View container even when Safe Documents identifies a file as malicious.")] Boolean AllowSafeDocsOpen;
     [Write, Description("The BlockUrls parameter specifies the URLs that are always blocked by Safe Links scanning. You can specify multiple values separated by commas.")] String BlockUrls[];
     [Write, Description("The EnableATPForSPOTeamsODB parameter specifies whether ATP is enabled for SharePoint Online, OneDrive for Business and Microsoft Teams. Default is $false.")] Boolean EnableATPForSPOTeamsODB;
     [Write, Description("The EnableSafeDocs parameter specifies whether to enable the Safe Documents feature in the organization. Default is $false.")] Boolean EnableSafeDocs;

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpPolicyForO365/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAtpPolicyForO365/readme.md
@@ -36,6 +36,13 @@ AllowClickThrough
   users to click through to the original blocked URL in
   Office 365 ProPlus. The default value is $true
 
+AllowSafeDocsOpen
+
+- Required: No
+- Description: The AllowSafeDocsOpen parameter specifies whether users can
+  click through and bypass the Protected View container even when Safe Documents
+  identifies a file as malicious.
+
 BlockUrls
 
 - Required: No
@@ -79,6 +86,7 @@ TrackClicks
             Identity                        = 'Default'
             GlobalAdminAccount              = $GlobalAdminAccount
             AllowClickThrough               = $true
+            AllowSafeDocsOpen               = $true
             BlockUrls                       = @('test1.badurl.com','test2.badurl.com')
             EnableATPForSPOTeamsODB         = $true
             EnableSafeDocs                  = $false

diff --git a/...DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 b/...DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1
@@ -81,6 +81,11 @@ function Get-TargetResource
         [System.String]
         $EndUserSpamNotificationLanguage = 'Default',
 
+        [Parameter()]
+        [ValidateSet('MoveToJmf', 'Redirect', 'Quarantine')]
+        [System.String]
+        $HighConfidencePhishAction = 'Quarantine',
+
         [Parameter()]
         [ValidateSet('MoveToJmf', 'AddXHeader', 'ModifySubject', 'Redirect', 'Delete', 'Quarantine', 'NoAction')]
         [System.String]
@@ -311,6 +316,7 @@ function Get-TargetResource
                 EndUserSpamNotificationCustomSubject = $HostedContentFilterPolicy.EndUserSpamNotificationCustomSubject
                 EndUserSpamNotificationFrequency     = $HostedContentFilterPolicy.EndUserSpamNotificationFrequency
                 EndUserSpamNotificationLanguage      = $HostedContentFilterPolicy.EndUserSpamNotificationLanguage
+                HighConfidencePhishAction            = $HostedContentFilterPolicy.HighConfidencePhishAction
                 HighConfidenceSpamAction             = $HostedContentFilterPolicy.HighConfidenceSpamAction
                 InlineSafetyTipsEnabled              = $HostedContentFilterPolicy.InlineSafetyTipsEnabled
                 IncreaseScoreWithBizOrInfoUrls       = $HostedContentFilterPolicy.IncreaseScoreWithBizOrInfoUrls
@@ -467,6 +473,11 @@ function Set-TargetResource
         [System.String]
         $EndUserSpamNotificationLanguage = 'Default',
 
+        [Parameter()]
+        [ValidateSet('MoveToJmf', 'Redirect', 'Quarantine')]
+        [System.String]
+        $HighConfidencePhishAction = 'Quarantine',
+
         [Parameter()]
         [ValidateSet('MoveToJmf', 'AddXHeader', 'ModifySubject', 'Redirect', 'Delete', 'Quarantine', 'NoAction')]
         [System.String]
@@ -788,6 +799,11 @@ function Test-TargetResource
         [System.String]
         $EndUserSpamNotificationLanguage = 'Default',
 
+        [Parameter()]
+        [ValidateSet('MoveToJmf', 'Redirect', 'Quarantine')]
+        [System.String]
+        $HighConfidencePhishAction = 'Quarantine',
+
         [Parameter()]
         [ValidateSet('MoveToJmf', 'AddXHeader', 'ModifySubject', 'Redirect', 'Delete', 'Quarantine', 'NoAction')]
         [System.String]