Merge branch 'Dev' into Dev

microsoft · Jan 17, 2025 · e8d2a0e · e8d2a0e
2 parents 5e5ed01 + 48a8b90
commit e8d2a0e
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 53 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,12 +4,24 @@
 
 * AADConditionalAccessPolicy
   * Fixes CA policy deployment errors when deploying policies based for workload identities.
+  * Fixed DisableResilienceDefaults result
+  * Add DisableResilienceDefaults false szenario
 * AADDeviceRegistrationPolicy
   * Fixes an error when trying to disable AAD join.
+* AADRoleSetting
+  * Fixed issue where missing settings object for a role caused errors.
+    FIXES [#5602](https://github.com/microsoft/Microsoft365DSC/issues/5602)
+* AADServicePrincipal
+  * FIXES [#5549](https://github.com/microsoft/Microsoft365DSC/issues/5549)
 * FabricAdminTenantSettings
   * Added support for the AllowGetOneLakeUDK, AllowMountDfCreation, AllowOneLakeUDK,
     ArtifactOrgAppPreview properties.
   * Fix values that have a zero length whitespace character.
+* M365DSCReport
+  * Fix missing delimiter when called without the parameter.
+    FIXES [#5634](https://github.com/microsoft/Microsoft365DSC/issues/5634)
+* M365DSCTelemetryEngine
+  * Report LCM details only if running as administrator.
 
 # 1.25.115.1
 

diff --git a/...t365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/...t365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1
@@ -711,7 +711,7 @@ function Get-TargetResource
         #no translation needed
         PersistentBrowserIsEnabled               = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled
         #no translation needed
-        DisableResilienceDefaultsIsEnabled       = $false -or $Policy.SessionControls.disableResilienceDefaults.IsEnabled
+        DisableResilienceDefaultsIsEnabled       = $false -or $Policy.SessionControls.disableResilienceDefaults
         #make false if undefined, true if true
         PersistentBrowserMode                    = [System.String]$Policy.SessionControls.PersistentBrowser.Mode
         #no translation needed
@@ -1776,7 +1776,7 @@ function Set-TargetResource
             $NewParameters.Add('grantControls', $GrantControls)
         }
 
-        if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled -or $DisableResilienceDefaultsIsEnabled)
+        if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled -or !([String]::IsNullOrEmpty($DisableResilienceDefaultsIsEnabled)))
         {
             Write-Verbose -Message 'Set-Targetresource: process session controls'
             $sessioncontrols = $null
@@ -1843,9 +1843,9 @@ function Set-TargetResource
                 $sessioncontrols.persistentBrowser.isEnabled = $true
                 $sessioncontrols.persistentBrowser.mode = $PersistentBrowserMode
             }
-            if ($DisableResilienceDefaultsIsEnabled)
+            if (!([String]::IsNullOrEmpty($DisableResilienceDefaultsIsEnabled)))
             {
-                $sessioncontrols.Add('disableResilienceDefaults', $true)
+                $sessioncontrols.Add('disableResilienceDefaults', $DisableResilienceDefaultsIsEnabled)
             }
             $NewParameters.Add('sessionControls', $sessioncontrols)
             #add SessionControls to the parameter list

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1
@@ -278,7 +278,7 @@ function Get-TargetResource
     }
 
     #get Policyrule
-    $role = Get-MgBetaPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $Policy.Policyid
+    $role = Get-MgBetaPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $Policy.Policyid -ErrorAction SilentlyContinue
 
     $DisplayName = $RoleDefinition.DisplayName
     $ActivationMaxDuration = ($role | Where-Object { $_.Id -eq 'Expiration_EndUser_Assignment' }).AdditionalProperties.maximumDuration

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1
@@ -309,7 +309,7 @@ function Get-TargetResource
             }
 
             $result = @{
-                AppId                              = $appInstance.DisplayName
+                AppId                              = $AADServicePrincipal.AppId
                 AppRoleAssignedTo                  = $AppRoleAssignedToValues
                 ObjectID                           = $AADServicePrincipal.Id
                 DisplayName                        = $AADServicePrincipal.DisplayName

diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1
@@ -709,6 +709,7 @@ function New-M365DSCReportFromConfiguration
             $delimiterParam = [System.Management.Automation.RuntimeDefinedParameter]::New("Delimiter", [System.String], $attributeCollection)
             $delimiterParam.Value = ';' # default value, comma makes a mess when importing a CSV-file in Excel
             $paramDictionary.Add("Delimiter", $delimiterParam)
+            $PSBoundParameters.Add("Delimiter", $delimiterParam.Value)
         }
         return $paramDictionary
     }

diff --git a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1
@@ -108,14 +108,7 @@ function Add-M365DSCTelemetryEvent
             {
                 if ($null -eq $Script:M365DSCCurrentRoles -or $Script:M365DSCCurrentRoles.Length -eq 0)
                 {
-                    try
-                    {
-                        Connect-M365Tenant -Workload 'MicrosoftGraph' @Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction SilentlyContinue
-                    }
-                    catch
-                    {
-                        Write-Verbose -Message $_
-                    }
+                    Connect-M365Tenant -Workload 'MicrosoftGraph' $Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction SilentlyContinue
                     $Script:M365DSCCurrentRoles = @()
 
                     $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/me?$select=id'
@@ -151,7 +144,7 @@ function Add-M365DSCTelemetryEvent
                 {
                     try
                     {
-                        Connect-M365Tenant -Workload 'MicrosoftGraph' @Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction Stop
+                        Connect-M365Tenant -Workload 'MicrosoftGraph' $Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction Stop
                         $Script:M365DSCCurrentRoles = @()
 
                         $sp = Get-MgServicePrincipal -Filter "AppId eq '$($Global:M365DSCTelemetryConnectionToGraphParams.ApplicationId)'" `
@@ -372,54 +365,63 @@ function Add-M365DSCTelemetryEvent
             # LCM Metadata Information
             try
             {
-                if ($null -eq $Script:LCMInfo)
+                if ($null -eq $Script:M365DSCCurrentPrincipalIsAdmin)
                 {
-                    $Script:LCMInfo = Get-DscLocalConfigurationManager -ErrorAction Stop
+                    $currentPrincipal = New-Object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())
+                    $Script:M365DSCCurrentPrincipalIsAdmin = $currentPrincipal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)
                 }
 
-                $certificateConfigured = $false
-                if (-not [System.String]::IsNullOrEmpty($LCMInfo.CertificateID))
+                if ($Script:M365DSCCurrentPrincipalIsAdmin)
                 {
-                    $certificateConfigured = $true
-                }
-
-                $partialConfiguration = $false
-                if (-not [System.String]::IsNullOrEmpty($Script:LCMInfo.PartialConfigurations))
-                {
-                    $partialConfiguration = $true
-                }
-                $Data.Add('LCMUsesPartialConfigurations', $partialConfiguration)
-                $Data.Add('LCMCertificateConfigured', $certificateConfigured)
-                $Data.Add('LCMConfigurationMode', $Script:LCMInfo.ConfigurationMode)
-                $Data.Add('LCMConfigurationModeFrequencyMins', $Script:LCMInfo.ConfigurationModeFrequencyMins)
-                $Data.Add('LCMRefreshMode', $Script:LCMInfo.RefreshMode)
-                $Data.Add('LCMState', $Script:LCMInfo.LCMState)
-                $Data.Add('LCMStateDetail', $Script:LCMInfo.LCMStateDetail)
-
-                if ([System.String]::IsNullOrEmpty($Type))
-                {
-                    if ($Global:M365DSCExportInProgress)
-                    {
-                        $Type = 'Export'
-                    }
-                    elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is performing a consistency check.' -or `
-                            $Script:LCMInfo.LCMStateDetail -eq 'LCM exécute une vérification de cohérence.' -or `
-                            $Script:LCMInfo.LCMStateDetail -eq 'LCM führt gerade eine Konsistenzüberprüfung durch.')
+                    if ($null -eq $Script:LCMInfo)
                     {
-                        $Type = 'MonitoringScheduled'
+                        $Script:LCMInfo = Get-DscLocalConfigurationManager -ErrorAction Stop
                     }
-                    elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is testing node against the configuration.')
+
+                    $certificateConfigured = $false
+                    if (-not [System.String]::IsNullOrEmpty($LCMInfo.CertificateID))
                     {
-                        $Type = 'MonitoringManual'
+                        $certificateConfigured = $true
                     }
-                    elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is applying a new configuration.' -or `
-                            $Script:LCMInfo.LCMStateDetail -eq 'LCM applique une nouvelle configuration.')
+
+                    $partialConfiguration = $false
+                    if (-not [System.String]::IsNullOrEmpty($Script:LCMInfo.PartialConfigurations))
                     {
-                        $Type = 'ApplyingConfiguration'
+                        $partialConfiguration = $true
                     }
-                    else
+                    $Data.Add('LCMUsesPartialConfigurations', $partialConfiguration)
+                    $Data.Add('LCMCertificateConfigured', $certificateConfigured)
+                    $Data.Add('LCMConfigurationMode', $Script:LCMInfo.ConfigurationMode)
+                    $Data.Add('LCMConfigurationModeFrequencyMins', $Script:LCMInfo.ConfigurationModeFrequencyMins)
+                    $Data.Add('LCMRefreshMode', $Script:LCMInfo.RefreshMode)
+                    $Data.Add('LCMState', $Script:LCMInfo.LCMState)
+                    $Data.Add('LCMStateDetail', $Script:LCMInfo.LCMStateDetail)
+
+                    if ([System.String]::IsNullOrEmpty($Type))
                     {
-                        $Type = 'Undetermined'
+                        if ($Global:M365DSCExportInProgress)
+                        {
+                            $Type = 'Export'
+                        }
+                        elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is performing a consistency check.' -or `
+                                $Script:LCMInfo.LCMStateDetail -eq 'LCM exécute une vérification de cohérence.' -or `
+                                $Script:LCMInfo.LCMStateDetail -eq 'LCM führt gerade eine Konsistenzüberprüfung durch.')
+                        {
+                            $Type = 'MonitoringScheduled'
+                        }
+                        elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is testing node against the configuration.')
+                        {
+                            $Type = 'MonitoringManual'
+                        }
+                        elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is applying a new configuration.' -or `
+                                $Script:LCMInfo.LCMStateDetail -eq 'LCM applique une nouvelle configuration.')
+                        {
+                            $Type = 'ApplyingConfiguration'
+                        }
+                        else
+                        {
+                            $Type = 'Undetermined'
+                        }
                     }
                 }
             }

diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1
@@ -215,7 +215,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
         Context -Name 'The app exists and values are already in the desired state' -Fixture {
             BeforeAll {
                 $testParams = @{
-                    AppId                     = 'App1'
+                    AppId                     = 'b4f08c68-7276-4cb8-b9ae-e75fca5ff834'
                     DisplayName               = 'App1'
                     AlternativeNames          = 'AlternativeName1', 'AlternativeName2'
                     AccountEnabled            = $true