diff --git a/CHANGELOG.md b/CHANGELOG.md index f95859a06f..d037782766 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,12 +4,24 @@ * AADConditionalAccessPolicy * Fixes CA policy deployment errors when deploying policies based for workload identities. + * Fixed DisableResilienceDefaults result + * Add DisableResilienceDefaults false szenario * AADDeviceRegistrationPolicy * Fixes an error when trying to disable AAD join. +* AADRoleSetting + * Fixed issue where missing settings object for a role caused errors. + FIXES [#5602](https://github.com/microsoft/Microsoft365DSC/issues/5602) +* AADServicePrincipal + * FIXES [#5549](https://github.com/microsoft/Microsoft365DSC/issues/5549) * FabricAdminTenantSettings * Added support for the AllowGetOneLakeUDK, AllowMountDfCreation, AllowOneLakeUDK, ArtifactOrgAppPreview properties. * Fix values that have a zero length whitespace character. +* M365DSCReport + * Fix missing delimiter when called without the parameter. + FIXES [#5634](https://github.com/microsoft/Microsoft365DSC/issues/5634) +* M365DSCTelemetryEngine + * Report LCM details only if running as administrator. # 1.25.115.1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 3086a78560..d5c52a7467 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -711,7 +711,7 @@ function Get-TargetResource #no translation needed PersistentBrowserIsEnabled = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled #no translation needed - DisableResilienceDefaultsIsEnabled = $false -or $Policy.SessionControls.disableResilienceDefaults.IsEnabled + DisableResilienceDefaultsIsEnabled = $false -or $Policy.SessionControls.disableResilienceDefaults #make false if undefined, true if true PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode #no translation needed @@ -1776,7 +1776,7 @@ function Set-TargetResource $NewParameters.Add('grantControls', $GrantControls) } - if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled -or $DisableResilienceDefaultsIsEnabled) + if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled -or !([String]::IsNullOrEmpty($DisableResilienceDefaultsIsEnabled))) { Write-Verbose -Message 'Set-Targetresource: process session controls' $sessioncontrols = $null @@ -1843,9 +1843,9 @@ function Set-TargetResource $sessioncontrols.persistentBrowser.isEnabled = $true $sessioncontrols.persistentBrowser.mode = $PersistentBrowserMode } - if ($DisableResilienceDefaultsIsEnabled) + if (!([String]::IsNullOrEmpty($DisableResilienceDefaultsIsEnabled))) { - $sessioncontrols.Add('disableResilienceDefaults', $true) + $sessioncontrols.Add('disableResilienceDefaults', $DisableResilienceDefaultsIsEnabled) } $NewParameters.Add('sessionControls', $sessioncontrols) #add SessionControls to the parameter list diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 index 2af52a4d70..c3a63acd65 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 @@ -278,7 +278,7 @@ function Get-TargetResource } #get Policyrule - $role = Get-MgBetaPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $Policy.Policyid + $role = Get-MgBetaPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $Policy.Policyid -ErrorAction SilentlyContinue $DisplayName = $RoleDefinition.DisplayName $ActivationMaxDuration = ($role | Where-Object { $_.Id -eq 'Expiration_EndUser_Assignment' }).AdditionalProperties.maximumDuration diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 index 0ec87681ed..cc05842a86 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 @@ -309,7 +309,7 @@ function Get-TargetResource } $result = @{ - AppId = $appInstance.DisplayName + AppId = $AADServicePrincipal.AppId AppRoleAssignedTo = $AppRoleAssignedToValues ObjectID = $AADServicePrincipal.Id DisplayName = $AADServicePrincipal.DisplayName diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index 50d924d40c..b5008d6b73 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -709,6 +709,7 @@ function New-M365DSCReportFromConfiguration $delimiterParam = [System.Management.Automation.RuntimeDefinedParameter]::New("Delimiter", [System.String], $attributeCollection) $delimiterParam.Value = ';' # default value, comma makes a mess when importing a CSV-file in Excel $paramDictionary.Add("Delimiter", $delimiterParam) + $PSBoundParameters.Add("Delimiter", $delimiterParam.Value) } return $paramDictionary } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 index a99991adbe..795b7ff6dd 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 @@ -108,14 +108,7 @@ function Add-M365DSCTelemetryEvent { if ($null -eq $Script:M365DSCCurrentRoles -or $Script:M365DSCCurrentRoles.Length -eq 0) { - try - { - Connect-M365Tenant -Workload 'MicrosoftGraph' @Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction SilentlyContinue - } - catch - { - Write-Verbose -Message $_ - } + Connect-M365Tenant -Workload 'MicrosoftGraph' $Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction SilentlyContinue $Script:M365DSCCurrentRoles = @() $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/me?$select=id' @@ -151,7 +144,7 @@ function Add-M365DSCTelemetryEvent { try { - Connect-M365Tenant -Workload 'MicrosoftGraph' @Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction Stop + Connect-M365Tenant -Workload 'MicrosoftGraph' $Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction Stop $Script:M365DSCCurrentRoles = @() $sp = Get-MgServicePrincipal -Filter "AppId eq '$($Global:M365DSCTelemetryConnectionToGraphParams.ApplicationId)'" ` @@ -372,54 +365,63 @@ function Add-M365DSCTelemetryEvent # LCM Metadata Information try { - if ($null -eq $Script:LCMInfo) + if ($null -eq $Script:M365DSCCurrentPrincipalIsAdmin) { - $Script:LCMInfo = Get-DscLocalConfigurationManager -ErrorAction Stop + $currentPrincipal = New-Object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent()) + $Script:M365DSCCurrentPrincipalIsAdmin = $currentPrincipal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator) } - $certificateConfigured = $false - if (-not [System.String]::IsNullOrEmpty($LCMInfo.CertificateID)) + if ($Script:M365DSCCurrentPrincipalIsAdmin) { - $certificateConfigured = $true - } - - $partialConfiguration = $false - if (-not [System.String]::IsNullOrEmpty($Script:LCMInfo.PartialConfigurations)) - { - $partialConfiguration = $true - } - $Data.Add('LCMUsesPartialConfigurations', $partialConfiguration) - $Data.Add('LCMCertificateConfigured', $certificateConfigured) - $Data.Add('LCMConfigurationMode', $Script:LCMInfo.ConfigurationMode) - $Data.Add('LCMConfigurationModeFrequencyMins', $Script:LCMInfo.ConfigurationModeFrequencyMins) - $Data.Add('LCMRefreshMode', $Script:LCMInfo.RefreshMode) - $Data.Add('LCMState', $Script:LCMInfo.LCMState) - $Data.Add('LCMStateDetail', $Script:LCMInfo.LCMStateDetail) - - if ([System.String]::IsNullOrEmpty($Type)) - { - if ($Global:M365DSCExportInProgress) - { - $Type = 'Export' - } - elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is performing a consistency check.' -or ` - $Script:LCMInfo.LCMStateDetail -eq 'LCM exécute une vérification de cohérence.' -or ` - $Script:LCMInfo.LCMStateDetail -eq 'LCM führt gerade eine Konsistenzüberprüfung durch.') + if ($null -eq $Script:LCMInfo) { - $Type = 'MonitoringScheduled' + $Script:LCMInfo = Get-DscLocalConfigurationManager -ErrorAction Stop } - elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is testing node against the configuration.') + + $certificateConfigured = $false + if (-not [System.String]::IsNullOrEmpty($LCMInfo.CertificateID)) { - $Type = 'MonitoringManual' + $certificateConfigured = $true } - elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is applying a new configuration.' -or ` - $Script:LCMInfo.LCMStateDetail -eq 'LCM applique une nouvelle configuration.') + + $partialConfiguration = $false + if (-not [System.String]::IsNullOrEmpty($Script:LCMInfo.PartialConfigurations)) { - $Type = 'ApplyingConfiguration' + $partialConfiguration = $true } - else + $Data.Add('LCMUsesPartialConfigurations', $partialConfiguration) + $Data.Add('LCMCertificateConfigured', $certificateConfigured) + $Data.Add('LCMConfigurationMode', $Script:LCMInfo.ConfigurationMode) + $Data.Add('LCMConfigurationModeFrequencyMins', $Script:LCMInfo.ConfigurationModeFrequencyMins) + $Data.Add('LCMRefreshMode', $Script:LCMInfo.RefreshMode) + $Data.Add('LCMState', $Script:LCMInfo.LCMState) + $Data.Add('LCMStateDetail', $Script:LCMInfo.LCMStateDetail) + + if ([System.String]::IsNullOrEmpty($Type)) { - $Type = 'Undetermined' + if ($Global:M365DSCExportInProgress) + { + $Type = 'Export' + } + elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is performing a consistency check.' -or ` + $Script:LCMInfo.LCMStateDetail -eq 'LCM exécute une vérification de cohérence.' -or ` + $Script:LCMInfo.LCMStateDetail -eq 'LCM führt gerade eine Konsistenzüberprüfung durch.') + { + $Type = 'MonitoringScheduled' + } + elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is testing node against the configuration.') + { + $Type = 'MonitoringManual' + } + elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is applying a new configuration.' -or ` + $Script:LCMInfo.LCMStateDetail -eq 'LCM applique une nouvelle configuration.') + { + $Type = 'ApplyingConfiguration' + } + else + { + $Type = 'Undetermined' + } } } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 index d603524a7d..b00ef17dec 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 @@ -215,7 +215,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'The app exists and values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - AppId = 'App1' + AppId = 'b4f08c68-7276-4cb8-b9ae-e75fca5ff834' DisplayName = 'App1' AlternativeNames = 'AlternativeName1', 'AlternativeName2' AccountEnabled = $true