diff --git a/CHANGELOG.md b/CHANGELOG.md index 47e595e3e1..d6c0e7380c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,75 @@ # Change log for Microsoft365DSC +# 1.25.122.1 + +* AADConditionalAccessPolicy + * Fixes CA policy deployment errors when deploying policies based for workload identities. + * Fixed DisableResilienceDefaults result + * Add DisableResilienceDefaults false szenario +* AADDeviceRegistrationPolicy + * Fixes an error when trying to disable AAD join. +* AADGroupsNamingPolicy + * Use correct parameter `DesiredValues` given to `Test-M365DSCParameterState`, + contrary to `EXOTenantAllowBlockListItems` these resources are not affected + but we still should use the correct parameter +* AADRoleSetting + * Fixed issue where missing settings object for a role caused errors. + FIXES [#5602](https://github.com/microsoft/Microsoft365DSC/issues/5602) +* AADServicePrincipal + * FIXES [#5549](https://github.com/microsoft/Microsoft365DSC/issues/5549) +* EXOAvailabilityConfig + * Removed dependency on Microsoft Graph to retrieve user information. +* EXODistributionGroup + * Removed dependency on Microsoft Graph to retrieve user information. +* EXOHostedContentFilterPolicy + * Use correct parameter `DesiredValues` given to `Test-M365DSCParameterState`, + contrary to `EXOTenantAllowBlockListItems` these resources are not affected + but we still should use the correct parameter +* EXOTenantAllowBlockListItems + * Fixed `Test-TargetResource` by using the correct parameter `DesiredValues` + given to `Test-M365DSCParameterState` +* EXOTransportRule + * Fix type of `SenderInRecipientList` in schema +* FabricAdminTenantSettings + * Added support for the AllowGetOneLakeUDK, AllowMountDfCreation, AllowOneLakeUDK, + ArtifactOrgAppPreview properties. + * Fix values that have a zero length whitespace character. +* IntuneAppProtectionPolicyiOS + * Fixes [#5589] https://github.com/microsoft/Microsoft365DSC/issues/5589 +* SCAutoSensitivityLabelPolicy + * Use correct parameter `DesiredValues` given to `Test-M365DSCParameterState`, + contrary to `EXOTenantAllowBlockListItems` these resources are not affected + but we still should use the correct parameter +* SCLabelPolicy + * Use correct parameter `DesiredValues` given to `Test-M365DSCParameterState`, + contrary to `EXOTenantAllowBlockListItems` these resources are not affected + but we still should use the correct parameter +* SCSecurityFilter + * Use correct parameter `DesiredValues` given to `Test-M365DSCParameterState`, + contrary to `EXOTenantAllowBlockListItems` these resources are not affected + but we still should use the correct parameter +* SPOSPOBrowserIdleSignout + * Corrected export types where the schema expected a String, but received a different type + FIXES [#5648](https://github.com/microsoft/Microsoft365DSC/issues/5648) +* SPOSharingSettings + * Corrected export types where the schema expected a String, but received a different type + FIXES [#5648](https://github.com/microsoft/Microsoft365DSC/issues/5648) +* M365DSCReport + * Fix missing delimiter when called without the parameter. + FIXES [#5634](https://github.com/microsoft/Microsoft365DSC/issues/5634) + * Add configuration validation to inform about comparisons against empty or invalid configurations. + FIXES [#5658](https://github.com/microsoft/Microsoft365DSC/issues/5658) +* M365DSCTelemetryEngine + * Report LCM details only if running as administrator. +* M365DSCUtil + * In `Test-M365DSCParameterState` try to replace the line endings before + making the comparison otherwise it may fail as it did for a few resources + FIXES [#5648](https://github.com/microsoft/Microsoft365DSC/issues/5648) +* MISC + * Export Performance Improvements + Implements the changes described in [#5615](https://github.com/microsoft/Microsoft365DSC/issues/5615) + Improved resource caching behavior across Intune resources. + # 1.25.115.1 * AADAuthenticationRequirement diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 index f888d5f7ea..b03afb5728 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 @@ -354,7 +354,6 @@ function Test-TargetResource Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" - $testResult = $true foreach ($reviewer in $Reviewers) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 6287779158..807a436a05 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -84,64 +84,58 @@ function Get-TargetResource ) try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message ($_) - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - try - { - $getValue = $null - #region resource generator code - if (-not [string]::IsNullOrEmpty($Id)) + if (-not $Script:exportedInstance) { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + try { - $getValue = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters } - else + catch + { + Write-Verbose -Message ($_) + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) { $getValue = Get-MgBetaDirectoryAdministrativeUnit -AdministrativeUnitId $Id -ErrorAction SilentlyContinue } - } - if ($null -eq $getValue -and -not [string]::IsNullOrEmpty($DisplayName)) - { - Write-Verbose -Message "Could not find an Azure AD Administrative Unit by Id, trying by DisplayName {$DisplayName}" - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue -and -not [string]::IsNullOrEmpty($DisplayName)) { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $getValue = $Script:exportedInstances | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } - } - else + Write-Verbose -Message "Could not find an Azure AD Administrative Unit by Id, trying by DisplayName {$DisplayName}" + if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgBetaDirectoryAdministrativeUnit -Filter "DisplayName eq '$DisplayName'" -ErrorAction Stop } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Azure AD Administrative Unit with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Azure AD Administrative Unit with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Azure AD Administrative Unit with Id {$Id} and DisplayName {$DisplayName} was found." @@ -1099,6 +1093,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params if ($null -ne $Results.ScopedRoleMembers) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 index fd8647a090..d38ad0c241 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 @@ -129,393 +129,383 @@ function Get-TargetResource [System.String[]] $AccessTokens ) - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters + try + { + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - Write-Verbose -Message 'Getting configuration of Azure AD Application' + Write-Verbose -Message 'Getting configuration of Azure AD Application' - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - $AADApp = $null - try - { - try - { - if (-not [System.String]::IsNullOrEmpty($AppId)) + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + $AADApp = $null + + try { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $AADApp = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $AppId } - } - else + if (-not [System.String]::IsNullOrEmpty($AppId)) { $AADApp = Get-MgBetaApplication -Filter "AppId eq '$AppId'" } } - } - catch - { - Write-Verbose -Message "Could not retrieve AzureAD Application by Application ID {$AppId}" - } - - if ($null -eq $AADApp) - { - Write-Verbose -Message "Attempting to retrieve Azure AD Application by DisplayName {$DisplayName}" - - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + catch { - $AADApp = $Script:exportedInstances | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } + Write-Verbose -Message "Could not retrieve AzureAD Application by Application ID {$AppId}" } - else + + if ($null -eq $AADApp) { + Write-Verbose -Message "Attempting to retrieve Azure AD Application by DisplayName {$DisplayName}" $AADApp = [Array](Get-MgBetaApplication -Filter "DisplayName eq '$($DisplayName)'") } + if ($null -ne $AADApp -and $AADApp.Count -gt 1) + { + Throw "Multiple AAD Apps with the Displayname $($DisplayName) exist in the tenant." + } + elseif ($null -eq $AADApp) + { + Write-Verbose -Message 'Could not retrieve and instance of the Azure AD App in the Get-TargetResource function.' + return $nullReturn + } } - if ($null -ne $AADApp -and $AADApp.Count -gt 1) + else { - Throw "Multiple AAD Apps with the Displayname $($DisplayName) exist in the tenant." + $AADApp = $Script:exportedInstance } - elseif ($null -eq $AADApp) + Write-Verbose -Message 'An instance of Azure AD App was retrieved.' + + $AADBetaApp = Get-MgBetaApplication -Property 'id,displayName,appId,authenticationBehaviors,additionalProperties' -ApplicationId $AADApp.Id -ErrorAction SilentlyContinue + $AADAppKeyCredentials = Get-MgBetaApplication -Property 'keyCredentials' -ApplicationId $AADApp.Id -ErrorAction SilentlyContinue + + $complexAuthenticationBehaviors = @{} + if ($null -ne $AADBetaApp.authenticationBehaviors.blockAzureADGraphAccess) { - Write-Verbose -Message 'Could not retrieve and instance of the Azure AD App in the Get-TargetResource function.' - return $nullReturn + $complexAuthenticationBehaviors.Add('BlockAzureADGraphAccess', $AADBetaApp.authenticationBehaviors.blockAzureADGraphAccess) } - else + if ($null -ne $AADBetaApp.authenticationBehaviors.removeUnverifiedEmailClaim) { - Write-Verbose -Message 'An instance of Azure AD App was retrieved.' - - $AADBetaApp = Get-MgBetaApplication -Property 'id,displayName,appId,authenticationBehaviors,additionalProperties' -ApplicationId $AADApp.Id -ErrorAction SilentlyContinue - $AADAppKeyCredentials = Get-MgBetaApplication -Property 'keyCredentials' -ApplicationId $AADApp.Id -ErrorAction SilentlyContinue + $complexAuthenticationBehaviors.Add('RemoveUnverifiedEmailClaim', $AADBetaApp.authenticationBehaviors.removeUnverifiedEmailClaim) + } + if ($null -ne $AADBetaApp.authenticationBehaviors.requireClientServicePrincipal) + { + $complexAuthenticationBehaviors.Add('RequireClientServicePrincipal', $AADBetaApp.authenticationBehaviors.requireClientServicePrincipal) + } + if ($complexAuthenticationBehaviors.values.Where({ $null -ne $_ }).Count -eq 0) + { + $complexAuthenticationBehaviors = $null + } - $complexAuthenticationBehaviors = @{} - if ($null -ne $AADBetaApp.authenticationBehaviors.blockAzureADGraphAccess) - { - $complexAuthenticationBehaviors.Add('BlockAzureADGraphAccess', $AADBetaApp.authenticationBehaviors.blockAzureADGraphAccess) - } - if ($null -ne $AADBetaApp.authenticationBehaviors.removeUnverifiedEmailClaim) + $complexOptionalClaims = @{} + $complexAccessToken = @() + foreach ($currentAccessToken in $AADApp.optionalClaims.accessToken) + { + $myAccessToken = @{} + $myAccessToken.Add('Essential', $currentAccessToken.essential) + $myAccessToken.Add('Name', $currentAccessToken.name) + $myAccessToken.Add('Source', $currentAccessToken.source) + if ($myAccessToken.values.Where({ $null -ne $_ }).Count -gt 0) { - $complexAuthenticationBehaviors.Add('RemoveUnverifiedEmailClaim', $AADBetaApp.authenticationBehaviors.removeUnverifiedEmailClaim) + $complexAccessToken += $myAccessToken } - if ($null -ne $AADBetaApp.authenticationBehaviors.requireClientServicePrincipal) + } + $complexOptionalClaims.Add('AccessToken', $complexAccessToken) + $complexIdToken = @() + foreach ($currentIdToken in $AADApp.optionalClaims.idToken) + { + $myIdToken = @{} + $myIdToken.Add('Essential', $currentIdToken.essential) + $myIdToken.Add('Name', $currentIdToken.name) + $myIdToken.Add('Source', $currentIdToken.source) + if ($myIdToken.values.Where({ $null -ne $_ }).Count -gt 0) { - $complexAuthenticationBehaviors.Add('RequireClientServicePrincipal', $AADBetaApp.authenticationBehaviors.requireClientServicePrincipal) + $complexIdToken += $myIdToken } - if ($complexAuthenticationBehaviors.values.Where({ $null -ne $_ }).Count -eq 0) + } + $complexOptionalClaims.Add('IdToken', $complexIdToken) + $complexSaml2Token = @() + foreach ($currentSaml2Token in $AADApp.optionalClaims.saml2Token) + { + $mySaml2Token = @{} + $mySaml2Token.Add('Essential', $currentSaml2Token.essential) + $mySaml2Token.Add('Name', $currentSaml2Token.name) + $mySaml2Token.Add('Source', $currentSaml2Token.source) + if ($mySaml2Token.values.Where({ $null -ne $_ }).Count -gt 0) { - $complexAuthenticationBehaviors = $null + $complexSaml2Token += $mySaml2Token } + } + $complexOptionalClaims.Add('Saml2Token', $complexSaml2Token) + if ($complexOptionalClaims.values.Where({ $null -ne $_ }).Count -eq 0) + { + $complexOptionalClaims = $null + } - $complexOptionalClaims = @{} - $complexAccessToken = @() - foreach ($currentAccessToken in $AADApp.optionalClaims.accessToken) - { - $myAccessToken = @{} - $myAccessToken.Add('Essential', $currentAccessToken.essential) - $myAccessToken.Add('Name', $currentAccessToken.name) - $myAccessToken.Add('Source', $currentAccessToken.source) - if ($myAccessToken.values.Where({ $null -ne $_ }).Count -gt 0) - { - $complexAccessToken += $myAccessToken - } - } - $complexOptionalClaims.Add('AccessToken', $complexAccessToken) - $complexIdToken = @() - foreach ($currentIdToken in $AADApp.optionalClaims.idToken) + + $complexApi = @{} + $complexPreAuthorizedApplications = @() + foreach ($currentPreAuthorizedApplications in $AADApp.api.preAuthorizedApplications) + { + $myPreAuthorizedApplications = @{} + $myPreAuthorizedApplications.Add('AppId', $currentPreAuthorizedApplications.appId) + $myPreAuthorizedApplications.Add('PermissionIds', $currentPreAuthorizedApplications.permissionIds) + if ($myPreAuthorizedApplications.values.Where({ $null -ne $_ }).Count -gt 0) { - $myIdToken = @{} - $myIdToken.Add('Essential', $currentIdToken.essential) - $myIdToken.Add('Name', $currentIdToken.name) - $myIdToken.Add('Source', $currentIdToken.source) - if ($myIdToken.values.Where({ $null -ne $_ }).Count -gt 0) - { - $complexIdToken += $myIdToken - } + $complexPreAuthorizedApplications += $myPreAuthorizedApplications } - $complexOptionalClaims.Add('IdToken', $complexIdToken) - $complexSaml2Token = @() - foreach ($currentSaml2Token in $AADApp.optionalClaims.saml2Token) - { - $mySaml2Token = @{} - $mySaml2Token.Add('Essential', $currentSaml2Token.essential) - $mySaml2Token.Add('Name', $currentSaml2Token.name) - $mySaml2Token.Add('Source', $currentSaml2Token.source) - if ($mySaml2Token.values.Where({ $null -ne $_ }).Count -gt 0) - { - $complexSaml2Token += $mySaml2Token - } - } - $complexOptionalClaims.Add('Saml2Token', $complexSaml2Token) - if ($complexOptionalClaims.values.Where({ $null -ne $_ }).Count -eq 0) - { - $complexOptionalClaims = $null + } + + $complexOAuth2Scopes = @() + foreach ($currentOAuth2Scope in $AADApp.api.Oauth2PermissionScopes) + { + $complexOAuth2Scopes += @{ + adminConsentDescription = $currentOAuth2Scope.adminConsentDescription + adminConsentDisplayName = $currentOAuth2Scope.adminConsentDisplayName + id = $currentOAuth2Scope.id + isEnabled = $currentOAuth2Scope.isEnabled + type = $currentOAuth2Scope.type + userConsentDescription = $currentOAuth2Scope.userConsentDescription + userConsentDisplayName = $currentOAuth2Scope.userConsentDisplayName + value = $currentOAuth2Scope.value } + } + $complexApi.Add('PreAuthorizedApplications', $complexPreAuthorizedApplications) + $complexApi.Add('Oauth2PermissionScopes', $complexOAuth2Scopes) + if ($complexApi.values.Where({ $null -ne $_ }).Count -eq 0) + { + $complexApi = $null + } - $complexApi = @{} - $complexPreAuthorizedApplications = @() - foreach ($currentPreAuthorizedApplications in $AADApp.api.preAuthorizedApplications) + $complexKeyCredentials = @() + foreach ($currentkeyCredentials in $AADAppKeyCredentials.keyCredentials) + { + $mykeyCredentials = @{} + if ($null -ne $currentkeyCredentials.customKeyIdentifier) { - $myPreAuthorizedApplications = @{} - $myPreAuthorizedApplications.Add('AppId', $currentPreAuthorizedApplications.appId) - $myPreAuthorizedApplications.Add('PermissionIds', $currentPreAuthorizedApplications.permissionIds) - if ($myPreAuthorizedApplications.values.Where({ $null -ne $_ }).Count -gt 0) - { - $complexPreAuthorizedApplications += $myPreAuthorizedApplications - } + $mykeyCredentials.Add('CustomKeyIdentifier', [convert]::ToBase64String($currentkeyCredentials.customKeyIdentifier)) } - - $complexOAuth2Scopes = @() - foreach ($currentOAuth2Scope in $AADApp.api.Oauth2PermissionScopes) + $mykeyCredentials.Add('DisplayName', $currentkeyCredentials.displayName) + if ($null -ne $currentkeyCredentials.endDateTime) { - $complexOAuth2Scopes += @{ - adminConsentDescription = $currentOAuth2Scope.adminConsentDescription - adminConsentDisplayName = $currentOAuth2Scope.adminConsentDisplayName - id = $currentOAuth2Scope.id - isEnabled = $currentOAuth2Scope.isEnabled - type = $currentOAuth2Scope.type - userConsentDescription = $currentOAuth2Scope.userConsentDescription - userConsentDisplayName = $currentOAuth2Scope.userConsentDisplayName - value = $currentOAuth2Scope.value - } + $mykeyCredentials.Add('EndDateTime', ([DateTimeOffset]$currentkeyCredentials.endDateTime).ToString('o')) } + $mykeyCredentials.Add('KeyId', $currentkeyCredentials.keyId) - $complexApi.Add('PreAuthorizedApplications', $complexPreAuthorizedApplications) - $complexApi.Add('Oauth2PermissionScopes', $complexOAuth2Scopes) - if ($complexApi.values.Where({ $null -ne $_ }).Count -eq 0) - { - $complexApi = $null - } - $complexKeyCredentials = @() - foreach ($currentkeyCredentials in $AADAppKeyCredentials.keyCredentials) + if ($null -ne $currentkeyCredentials.Key) { - $mykeyCredentials = @{} - if ($null -ne $currentkeyCredentials.customKeyIdentifier) - { - $mykeyCredentials.Add('CustomKeyIdentifier', [convert]::ToBase64String($currentkeyCredentials.customKeyIdentifier)) - } - $mykeyCredentials.Add('DisplayName', $currentkeyCredentials.displayName) - if ($null -ne $currentkeyCredentials.endDateTime) - { - $mykeyCredentials.Add('EndDateTime', ([DateTimeOffset]$currentkeyCredentials.endDateTime).ToString('o')) - } - $mykeyCredentials.Add('KeyId', $currentkeyCredentials.keyId) - - - if ($null -ne $currentkeyCredentials.Key) - { - $mykeyCredentials.Add('Key', [convert]::ToBase64String($currentkeyCredentials.key)) - } - - if ($null -ne $currentkeyCredentials.startDateTime) - { - $mykeyCredentials.Add('StartDateTime', ([DateTimeOffset]$currentkeyCredentials.startDateTime).ToString('o')) - } - $mykeyCredentials.Add('Type', $currentkeyCredentials.type) - $mykeyCredentials.Add('Usage', $currentkeyCredentials.usage) - if ($mykeyCredentials.values.Where({ $null -ne $_ }).Count -gt 0) - { - $complexKeyCredentials += $mykeyCredentials - } + $mykeyCredentials.Add('Key', [convert]::ToBase64String($currentkeyCredentials.key)) } - $complexPasswordCredentials = @() - foreach ($currentpasswordCredentials in $AADApp.passwordCredentials) + if ($null -ne $currentkeyCredentials.startDateTime) { - $mypasswordCredentials = @{} - $mypasswordCredentials.Add('DisplayName', $currentpasswordCredentials.displayName) - if ($null -ne $currentpasswordCredentials.endDateTime) - { - $mypasswordCredentials.Add('EndDateTime', ([DateTimeOffset]$currentpasswordCredentials.endDateTime).ToString('o')) - } - $mypasswordCredentials.Add('Hint', $currentpasswordCredentials.hint) - $mypasswordCredentials.Add('KeyId', $currentpasswordCredentials.keyId) - if ($null -ne $currentpasswordCredentials.startDateTime) - { - $mypasswordCredentials.Add('StartDateTime', ([DateTimeOffset]$currentpasswordCredentials.startDateTime).ToString('o')) - } - if ($mypasswordCredentials.values.Where({ $null -ne $_ }).Count -gt 0) - { - $complexPasswordCredentials += $mypasswordCredentials - } + $mykeyCredentials.Add('StartDateTime', ([DateTimeOffset]$currentkeyCredentials.startDateTime).ToString('o')) } - - $complexAppRoles = @() - foreach ($currentappRoles in $AADApp.appRoles) + $mykeyCredentials.Add('Type', $currentkeyCredentials.type) + $mykeyCredentials.Add('Usage', $currentkeyCredentials.usage) + if ($mykeyCredentials.values.Where({ $null -ne $_ }).Count -gt 0) { - $myappRoles = @{} - $myappRoles.Add('AllowedMemberTypes', $currentappRoles.allowedMemberTypes) - $myappRoles.Add('Description', $currentappRoles.description) - $myappRoles.Add('DisplayName', $currentappRoles.displayName) - $myappRoles.Add('Id', $currentappRoles.id) - $myappRoles.Add('IsEnabled', $currentappRoles.isEnabled) - $myappRoles.Add('Origin', $currentappRoles.origin) - $myappRoles.Add('Value', $currentappRoles.value) - if ($myappRoles.values.Where({ $null -ne $_ }).Count -gt 0) - { - $complexAppRoles += $myappRoles - } + $complexKeyCredentials += $mykeyCredentials } + } - $permissionsObj = Get-M365DSCAzureADAppPermissions -App $AADApp - $isPublicClient = $false - if (-not [System.String]::IsNullOrEmpty($AADApp.PublicClient) -and $AADApp.PublicClient -eq $true) + $complexPasswordCredentials = @() + foreach ($currentpasswordCredentials in $AADApp.passwordCredentials) + { + $mypasswordCredentials = @{} + $mypasswordCredentials.Add('DisplayName', $currentpasswordCredentials.displayName) + if ($null -ne $currentpasswordCredentials.endDateTime) { - $isPublicClient = $true + $mypasswordCredentials.Add('EndDateTime', ([DateTimeOffset]$currentpasswordCredentials.endDateTime).ToString('o')) } - $AvailableToOtherTenantsValue = $false - if ($AADApp.SignInAudience -ne 'AzureADMyOrg') + $mypasswordCredentials.Add('Hint', $currentpasswordCredentials.hint) + $mypasswordCredentials.Add('KeyId', $currentpasswordCredentials.keyId) + if ($null -ne $currentpasswordCredentials.startDateTime) { - $AvailableToOtherTenantsValue = $true + $mypasswordCredentials.Add('StartDateTime', ([DateTimeOffset]$currentpasswordCredentials.startDateTime).ToString('o')) } - - [Array]$Owners = Get-MgApplicationOwner -ApplicationId $AADApp.Id -All:$true | ` - Where-Object { !$_.DeletedDateTime } - $OwnersValues = @() - foreach ($Owner in $Owners) + if ($mypasswordCredentials.values.Where({ $null -ne $_ }).Count -gt 0) { - if ($Owner.AdditionalProperties.userPrincipalName) - { - $OwnersValues += $Owner.AdditionalProperties.userPrincipalName - } - else - { - $OwnersValues += $Owner.Id - } + $complexPasswordCredentials += $mypasswordCredentials } + } - $IsFallbackPublicClientValue = $false - if ($AADApp.IsFallbackPublicClient) + $complexAppRoles = @() + foreach ($currentappRoles in $AADApp.appRoles) + { + $myappRoles = @{} + $myappRoles.Add('AllowedMemberTypes', $currentappRoles.allowedMemberTypes) + $myappRoles.Add('Description', $currentappRoles.description) + $myappRoles.Add('DisplayName', $currentappRoles.displayName) + $myappRoles.Add('Id', $currentappRoles.id) + $myappRoles.Add('IsEnabled', $currentappRoles.isEnabled) + $myappRoles.Add('Origin', $currentappRoles.origin) + $myappRoles.Add('Value', $currentappRoles.value) + if ($myappRoles.values.Where({ $null -ne $_ }).Count -gt 0) { - $IsFallbackPublicClientValue = $AADApp.IsFallbackPublicClient + $complexAppRoles += $myappRoles } + } - #region OnPremisesPublishing - $onPremisesPublishingValue = @{} - $oppInfo = $null + $permissionsObj = Get-M365DSCAzureADAppPermissions -App $AADApp + $isPublicClient = $false + if (-not [System.String]::IsNullOrEmpty($AADApp.PublicClient) -and $AADApp.PublicClient -eq $true) + { + $isPublicClient = $true + } + $AvailableToOtherTenantsValue = $false + if ($AADApp.SignInAudience -ne 'AzureADMyOrg') + { + $AvailableToOtherTenantsValue = $true + } - try + [Array]$Owners = Get-MgApplicationOwner -ApplicationId $AADApp.Id -All:$true | ` + Where-Object { !$_.DeletedDateTime } + $OwnersValues = @() + foreach ($Owner in $Owners) + { + if ($Owner.AdditionalProperties.userPrincipalName) { - $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/applications/$($AADBetaApp.Id)/onPremisesPublishing" - $oppInfo = Invoke-MgGraphRequest -Method GET ` - -Uri $Uri ` - -ErrorAction SilentlyContinue + $OwnersValues += $Owner.AdditionalProperties.userPrincipalName } - catch + else { - Write-Verbose -Message "On-premises publishing is not enabled for App {$($AADBetaApp.DisplayName)}" + $OwnersValues += $Owner.Id } + } - if ($null -ne $oppInfo) + $IsFallbackPublicClientValue = $false + if ($AADApp.IsFallbackPublicClient) + { + $IsFallbackPublicClientValue = $AADApp.IsFallbackPublicClient + } + + #region OnPremisesPublishing + $onPremisesPublishingValue = @{} + $oppInfo = $null + + try + { + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/applications/$($AADBetaApp.Id)/onPremisesPublishing" + $oppInfo = Invoke-MgGraphRequest -Method GET ` + -Uri $Uri ` + -ErrorAction SilentlyContinue + } + catch + { + Write-Verbose -Message "On-premises publishing is not enabled for App {$($AADBetaApp.DisplayName)}" + } + + if ($null -ne $oppInfo) + { + $onPremisesPublishingValue = @{ + alternateUrl = $oppInfo.alternateUrl + applicationServerTimeout = $oppInfo.applicationServerTimeout + externalAuthenticationType = $oppInfo.externalAuthenticationType + externalUrl = $oppInfo.externalUrl + internalUrl = $oppInfo.internalUrl + isBackendCertificateValidationEnabled = $oppInfo.isBackendCertificateValidationEnabled + isHttpOnlyCookieEnabled = $oppInfo.isHttpOnlyCookieEnabled + isPersistentCookieEnabled = $oppInfo.isPersistentCookieEnabled + isSecureCookieEnabled = $oppInfo.isSecureCookieEnabled + isStateSessionEnabled = $oppInfo.isStateSessionEnabled + isTranslateHostHeaderEnabled = $oppInfo.isTranslateHostHeaderEnabled + isTranslateLinksInBodyEnabled = $oppInfo.isTranslateLinksInBodyEnabled + } + + # onPremisesApplicationSegments + $segmentValues = @() + foreach ($segment in $oppInfo.onPremisesApplicationSegments) { - $onPremisesPublishingValue = @{ - alternateUrl = $oppInfo.alternateUrl - applicationServerTimeout = $oppInfo.applicationServerTimeout - externalAuthenticationType = $oppInfo.externalAuthenticationType - externalUrl = $oppInfo.externalUrl - internalUrl = $oppInfo.internalUrl - isBackendCertificateValidationEnabled = $oppInfo.isBackendCertificateValidationEnabled - isHttpOnlyCookieEnabled = $oppInfo.isHttpOnlyCookieEnabled - isPersistentCookieEnabled = $oppInfo.isPersistentCookieEnabled - isSecureCookieEnabled = $oppInfo.isSecureCookieEnabled - isStateSessionEnabled = $oppInfo.isStateSessionEnabled - isTranslateHostHeaderEnabled = $oppInfo.isTranslateHostHeaderEnabled - isTranslateLinksInBodyEnabled = $oppInfo.isTranslateLinksInBodyEnabled + $entry = @{ + alternateUrl = $segment.AlternateUrl + externalUrl = $segment.externalUrl + internalUrl = $segment.internalUrl } - # onPremisesApplicationSegments - $segmentValues = @() - foreach ($segment in $oppInfo.onPremisesApplicationSegments) + $corsConfigurationValues = @() + foreach ($cors in $segment.corsConfigurations) { - $entry = @{ - alternateUrl = $segment.AlternateUrl - externalUrl = $segment.externalUrl - internalUrl = $segment.internalUrl - } - - $corsConfigurationValues = @() - foreach ($cors in $segment.corsConfigurations) - { - $corsEntry = @{ - allowedHeaders = [Array]($cors.allowedHeaders) - allowedMethods = [Array]($cors.allowedMethods) - allowedOrigins = [Array]($cors.allowedOrigins) - maxAgeInSeconds = $cors.maxAgeInSeconds - resource = $cors.resource - } - $corsConfigurationValues += $corsEntry + $corsEntry = @{ + allowedHeaders = [Array]($cors.allowedHeaders) + allowedMethods = [Array]($cors.allowedMethods) + allowedOrigins = [Array]($cors.allowedOrigins) + maxAgeInSeconds = $cors.maxAgeInSeconds + resource = $cors.resource } - $entry.Add('corsConfigurations', $corsConfigurationValues) - $segmentValues += $entry + $corsConfigurationValues += $corsEntry } - $onPremisesPublishingValue.Add('onPremisesApplicationSegments', $segmentValues) + $entry.Add('corsConfigurations', $corsConfigurationValues) + $segmentValues += $entry + } + $onPremisesPublishingValue.Add('onPremisesApplicationSegments', $segmentValues) - # singleSignOnSettings - $singleSignOnValues = @{ - kerberosSignOnSettings = @{ - kerberosServicePrincipalName = $oppInfo.singleSignOnSettings.kerberosSignOnSettings.kerberosServicePrincipalName - kerberosSignOnMappingAttributeType = $oppInfo.singleSignOnSettings.kerberosSignOnSettings.kerberosSignOnMappingAttributeType - } - singleSignOnMode = $oppInfo.singleSignOnSettings.singleSignOnMode + # singleSignOnSettings + $singleSignOnValues = @{ + kerberosSignOnSettings = @{ + kerberosServicePrincipalName = $oppInfo.singleSignOnSettings.kerberosSignOnSettings.kerberosServicePrincipalName + kerberosSignOnMappingAttributeType = $oppInfo.singleSignOnSettings.kerberosSignOnSettings.kerberosSignOnMappingAttributeType } - $onPremisesPublishingValue.Add('singleSignOnSettings', $singleSignOnValues) + singleSignOnMode = $oppInfo.singleSignOnSettings.singleSignOnMode } - #endregion + $onPremisesPublishingValue.Add('singleSignOnSettings', $singleSignOnValues) + } + #endregion - $IdentifierUrisValue = @() - if ($null -ne $AADApp.IdentifierUris) - { - $IdentifierUrisValue = $AADApp.IdentifierUris - } + $IdentifierUrisValue = @() + if ($null -ne $AADApp.IdentifierUris) + { + $IdentifierUrisValue = $AADApp.IdentifierUris + } - $result = @{ - DisplayName = $AADApp.DisplayName - AvailableToOtherTenants = $AvailableToOtherTenantsValue - Description = $AADApp.Description - GroupMembershipClaims = $AADApp.GroupMembershipClaims - Homepage = $AADApp.web.HomepageUrl - IdentifierUris = $IdentifierUrisValue - IsFallbackPublicClient = $IsFallbackPublicClientValue - KnownClientApplications = $AADApp.Api.KnownClientApplications - LogoutURL = $AADApp.web.LogoutURL - PublicClient = $isPublicClient - ReplyURLs = $AADApp.web.RedirectUris - Owners = $OwnersValues - ObjectId = $AADApp.Id - AppId = $AADApp.AppId - OptionalClaims = $complexOptionalClaims - Api = $complexApi - AuthenticationBehaviors = $complexAuthenticationBehaviors - KeyCredentials = $complexKeyCredentials - PasswordCredentials = $complexPasswordCredentials - AppRoles = $complexAppRoles - Permissions = $permissionsObj - OnPremisesPublishing = $onPremisesPublishingValue - ApplicationTemplateId = $AADApp.AdditionalProperties.applicationTemplateId - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + $result = @{ + DisplayName = $AADApp.DisplayName + AvailableToOtherTenants = $AvailableToOtherTenantsValue + Description = $AADApp.Description + GroupMembershipClaims = $AADApp.GroupMembershipClaims + Homepage = $AADApp.web.HomepageUrl + IdentifierUris = $IdentifierUrisValue + IsFallbackPublicClient = $IsFallbackPublicClientValue + KnownClientApplications = $AADApp.Api.KnownClientApplications + LogoutURL = $AADApp.web.LogoutURL + PublicClient = $isPublicClient + ReplyURLs = $AADApp.web.RedirectUris + Owners = $OwnersValues + ObjectId = $AADApp.Id + AppId = $AADApp.AppId + OptionalClaims = $complexOptionalClaims + Api = $complexApi + AuthenticationBehaviors = $complexAuthenticationBehaviors + KeyCredentials = $complexKeyCredentials + PasswordCredentials = $complexPasswordCredentials + AppRoles = $complexAppRoles + Permissions = $permissionsObj + OnPremisesPublishing = $onPremisesPublishingValue + ApplicationTemplateId = $AADApp.AdditionalProperties.applicationTemplateId + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -1602,6 +1592,7 @@ function Export-TargetResource } try { + $Script:exportedInstance = $AADApp $Results = Get-TargetResource @Params if ($Results.Ensure -eq 'Present') { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 index be5b8e6c1a..ac69ac161e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 @@ -79,50 +79,57 @@ function Get-TargetResource try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - if (-not [System.String]::IsNullOrEmpty($Id)) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaPolicyAuthenticationMethodPolicy -ErrorAction SilentlyContinue - } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy with Id {$Id}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if (-Not [string]::IsNullOrEmpty($DisplayName)) + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) { - $getValue = Get-MgBetaPolicyAuthenticationMethodPolicy ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.DisplayName -eq "$($DisplayName)" ` - -and $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.AuthenticationMethodsPolicy' ` + $getValue = Get-MgBetaPolicyAuthenticationMethodPolicy -ErrorAction SilentlyContinue + } + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaPolicyAuthenticationMethodPolicy ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.DisplayName -eq "$($DisplayName)" ` + -and $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.AuthenticationMethodsPolicy' ` + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Azure AD Authentication Method Policy with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Azure AD Authentication Method Policy with Id {$Id} and DisplayName {$DisplayName} was found." @@ -642,6 +649,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 index 9e56d5d973..fe1e412886 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 @@ -235,8 +235,7 @@ function Test-TargetResource Write-Verbose -Message "Testing configuration of the Azure AD Authentication Requirement for a user with UPN {$UserPrincipalName}" $CurrentValues = Get-TargetResource @PSBoundParameters - $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() $testResult = $true $CurrentValues.remove('Id') | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationStrengthPolicy/MSFT_AADAuthenticationStrengthPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationStrengthPolicy/MSFT_AADAuthenticationStrengthPolicy.psm1 index 63e999016f..56463cd84f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationStrengthPolicy/MSFT_AADAuthenticationStrengthPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationStrengthPolicy/MSFT_AADAuthenticationStrengthPolicy.psm1 @@ -57,41 +57,47 @@ function Get-TargetResource try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $getValue = $null + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if (-not [System.String]::IsNullOrEmpty($Id)) - { - $getValue = Get-MgBetaPolicyAuthenticationStrengthPolicy -AuthenticationStrengthPolicyId $Id -ErrorAction 'SilentlyContinue' - } + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if ($null -eq $getValue) - { - $getValue = Get-MgBetaPolicyAuthenticationStrengthPolicy | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } -ErrorAction SilentlyContinue - } + $getValue = $null + + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaPolicyAuthenticationStrengthPolicy -AuthenticationStrengthPolicyId $Id -ErrorAction 'SilentlyContinue' + } - if ($null -eq $getValue) + if ($null -eq $getValue) + { + $getValue = Get-MgBetaPolicyAuthenticationStrengthPolicy | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } -ErrorAction SilentlyContinue + } + + if ($null -eq $getValue) + { + return $nullResult + } + } + else { - return $nullResult + $getValue = $Script:exportedInstance } - $results = @{ Description = $getValue.Description DisplayName = $getValue.DisplayName @@ -409,6 +415,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 0ee0fdacb8..331a56ecc3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -263,56 +263,63 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message 'Getting configuration of AzureAD Conditional Access Policy' - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - if ($PSBoundParameters.ContainsKey('Id')) + if (-not $Script:exportedInstance) { - Write-Verbose -Message 'PolicyID was specified' - try + Write-Verbose -Message 'Getting configuration of AzureAD Conditional Access Policy' + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + if ($PSBoundParameters.ContainsKey('Id')) { - $Policy = Get-MgBetaIdentityConditionalAccessPolicy -ConditionalAccessPolicyId $Id -ErrorAction Stop + Write-Verbose -Message 'PolicyID was specified' + try + { + $Policy = Get-MgBetaIdentityConditionalAccessPolicy -ConditionalAccessPolicyId $Id -ErrorAction Stop + } + catch + { + Write-Verbose -Message "Couldn't find existing policy by ID {$Id}" + $Policy = Get-MgBetaIdentityConditionalAccessPolicy -Filter "DisplayName eq '$DisplayName'" + if ($Policy.Length -gt 1) + { + throw "Duplicate CA Policies named $DisplayName exist in tenant" + } + } } - catch + else { - Write-Verbose -Message "Couldn't find existing policy by ID {$Id}" + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple CA Policies since displayname is not unique $Policy = Get-MgBetaIdentityConditionalAccessPolicy -Filter "DisplayName eq '$DisplayName'" if ($Policy.Length -gt 1) { throw "Duplicate CA Policies named $DisplayName exist in tenant" } } - } - else - { - Write-Verbose -Message 'Id was NOT specified' - ## Can retreive multiple CA Policies since displayname is not unique - $Policy = Get-MgBetaIdentityConditionalAccessPolicy -Filter "DisplayName eq '$DisplayName'" - if ($Policy.Length -gt 1) + + if ([String]::IsNullOrEmpty($Policy.id)) { - throw "Duplicate CA Policies named $DisplayName exist in tenant" + Write-Verbose -Message "No existing Policy with name {$DisplayName} were found" + $currentValues = $PSBoundParameters + $currentValues.Ensure = 'Absent' + return $currentValues } } - - if ([String]::IsNullOrEmpty($Policy.id)) + else { - Write-Verbose -Message "No existing Policy with name {$DisplayName} were found" - $currentValues = $PSBoundParameters - $currentValues.Ensure = 'Absent' - return $currentValues + $Policy = $Script:exportedInstance } Write-Verbose -Message 'Get-TargetResource: Found existing Conditional Access policy' @@ -711,7 +718,7 @@ function Get-TargetResource #no translation needed PersistentBrowserIsEnabled = $false -or $Policy.SessionControls.PersistentBrowser.IsEnabled #no translation needed - DisableResilienceDefaultsIsEnabled = $false -or $Policy.SessionControls.disableResilienceDefaults.IsEnabled + DisableResilienceDefaultsIsEnabled = $false -or $Policy.SessionControls.disableResilienceDefaults #make false if undefined, true if true PersistentBrowserMode = [System.String]$Policy.SessionControls.PersistentBrowser.Mode #no translation needed @@ -1035,7 +1042,6 @@ function Set-TargetResource Write-Verbose -Message 'Set-Targetresource: create Conditions object' $conditions = @{ applications = @{} - users = @{} } #create and provision Application Condition object Write-Verbose -Message 'Set-Targetresource: create Application Condition object' @@ -1122,6 +1128,10 @@ function Set-TargetResource Write-Verbose -Message 'Set-Targetresource: process includeusers' if ($currentParameters.ContainsKey('IncludeUsers')) { + if (-not $conditions.ContainsKey('users')) + { + $conditions.Add('users', @{}) + } $conditions.Users.Add('includeUsers', @()) foreach ($includeuser in $IncludeUsers) { @@ -1169,6 +1179,10 @@ function Set-TargetResource Write-Verbose -Message 'Set-Targetresource: process excludeusers' if ($currentParameters.ContainsKey('ExcludeUsers')) { + if (-not $conditions.ContainsKey('users')) + { + $conditions.Add('users', @{}) + } $conditions.users.Add('excludeUsers', @()) foreach ($excludeuser in $ExcludeUsers) { @@ -1216,6 +1230,10 @@ function Set-TargetResource Write-Verbose -Message 'Set-Targetresource: process includegroups' if ($currentParameters.ContainsKey('IncludeGroups')) { + if (-not $conditions.ContainsKey('users')) + { + $conditions.Add('users', @{}) + } $conditions.users.Add('includeGroups', @()) foreach ($includegroup in $IncludeGroups) { @@ -1266,6 +1284,10 @@ function Set-TargetResource Write-Verbose -Message 'Set-Targetresource: process excludegroups' if ($currentParameters.ContainsKey('ExcludeGroups')) { + if (-not $conditions.ContainsKey('users')) + { + $conditions.Add('users', @{}) + } $conditions.users.Add('excludeGroups', @()) foreach ($ExcludeGroup in $ExcludeGroups) { @@ -1316,6 +1338,10 @@ function Set-TargetResource Write-Verbose -Message 'Set-Targetresource: process includeroles' if ($currentParameters.ContainsKey('IncludeRoles')) { + if (-not $conditions.ContainsKey('users')) + { + $conditions.Add('users', @{}) + } $conditions.Users.Add('includeRoles', @()) if ($IncludeRoles) { @@ -1350,6 +1376,10 @@ function Set-TargetResource Write-Verbose -Message 'Set-Targetresource: process excluderoles' if ($currentParameters.ContainsKey('ExcludeRoles')) { + if (-not $conditions.ContainsKey('users')) + { + $conditions.Add('users', @{}) + } $conditions.users.Add('excludeRoles', @()) if ($ExcludeRoles) { @@ -1384,6 +1414,10 @@ function Set-TargetResource Write-Verbose -Message 'Set-Targetresource: process includeGuestOrExternalUser' If ($currentParameters.ContainsKey('IncludeGuestOrExternalUserTypes')) { + if (-not $conditions.ContainsKey('users')) + { + $conditions.Add('users', @{}) + } $includeGuestsOrExternalUsers = $null if ($IncludeGuestOrExternalUserTypes.Count -ne 0) { @@ -1415,6 +1449,10 @@ function Set-TargetResource Write-Verbose -Message 'Set-Targetresource: process excludeGuestsOrExternalUsers' If ($currentParameters.ContainsKey('ExcludeGuestOrExternalUserTypes')) { + if (-not $conditions.ContainsKey('users')) + { + $conditions.Add('users', @{}) + } $excludeGuestsOrExternalUsers = $null if ($ExcludeGuestOrExternalUserTypes.Count -ne 0) { @@ -1745,7 +1783,7 @@ function Set-TargetResource $NewParameters.Add('grantControls', $GrantControls) } - if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled -or $DisableResilienceDefaultsIsEnabled) + if ($ApplicationEnforcedRestrictionsIsEnabled -or $CloudAppSecurityIsEnabled -or $SignInFrequencyIsEnabled -or $PersistentBrowserIsEnabled -or !([String]::IsNullOrEmpty($DisableResilienceDefaultsIsEnabled))) { Write-Verbose -Message 'Set-Targetresource: process session controls' $sessioncontrols = $null @@ -1812,9 +1850,9 @@ function Set-TargetResource $sessioncontrols.persistentBrowser.isEnabled = $true $sessioncontrols.persistentBrowser.mode = $PersistentBrowserMode } - if ($DisableResilienceDefaultsIsEnabled) + if (!([String]::IsNullOrEmpty($DisableResilienceDefaultsIsEnabled))) { - $sessioncontrols.Add('disableResilienceDefaults', $true) + $sessioncontrols.Add('disableResilienceDefaults', $DisableResilienceDefaultsIsEnabled) } $NewParameters.Add('sessionControls', $sessioncontrols) #add SessionControls to the parameter list @@ -1851,7 +1889,7 @@ function Set-TargetResource Write-Verbose -Message 'Create Parameters:' Write-Verbose -Message (Convert-M365DscHashtableToString $NewParameters) - if ($newparameters.Conditions.applications.count -gt 0 -and $newparameters.Conditions.Users.count -gt 0 -and ($newparameters.GrantControls.count -gt 0 -or $newparameters.SessionControls.count -gt 0)) + if ($newparameters.Conditions.applications.count -gt 0 -and ($newparameters.Conditions.Users.count -gt 0 -or $newparameters.Conditions.ClientApplications.count -gt 0) -and ($newparameters.GrantControls.count -gt 0 -or $newparameters.SessionControls.count -gt 0)) { try { @@ -2289,6 +2327,7 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + $Script:exportedInstance = $Policy $Results = Get-TargetResource @Params if ([System.String]::IsNullOrEmpty($Results.DeviceFilterMode)) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 index 5a427827ca..8314222e22 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 @@ -352,23 +352,23 @@ function Set-TargetResource } $azureADRegistrationAllowedToRegister = '#microsoft.graph.noDeviceRegistrationMembership' - if ($AzureAdJoinLocalAdminsRegisteringMode -eq 'All') + if ($AzureADAllowedToJoin -eq 'All') { $azureADRegistrationAllowedToRegister = '#microsoft.graph.allDeviceRegistrationMembership' } - elseif ($AzureAdJoinLocalAdminsRegisteringMode -eq 'Selected') + elseif ($AzureADAllowedToJoin -eq 'Selected') { $azureADRegistrationAllowedToRegister = '#microsoft.graph.enumeratedDeviceRegistrationMembership' $azureADRegistrationAllowedUsers = @() - foreach ($user in $AzureAdJoinLocalAdminsRegisteringUsers) + foreach ($user in $AzureADAllowedToJoinUsers) { $userInfo = Get-MgUser -UserId $user $azureADRegistrationAllowedUsers += $userInfo.Id } $azureADRegistrationAllowedGroups = @() - foreach ($group in $AzureAdJoinLocalAdminsRegisteringGroups) + foreach ($group in $AzureADAllowedToJoinGroups) { $groupInfo = Get-MgGroup -Filter "DisplayName eq '$group'" $azureADRegistrationAllowedGroups += $groupInfo.Id diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringProfile/MSFT_AADFilteringProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringProfile/MSFT_AADFilteringProfile.psm1 index 13cc48b691..4545a3bc35 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringProfile/MSFT_AADFilteringProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFilteringProfile/MSFT_AADFilteringProfile.psm1 @@ -369,7 +369,6 @@ function Test-TargetResource Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" - $testResult = $true #Compare Cim instances diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 10b9a40cd5..9d0cf188b7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -108,112 +108,98 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message 'Getting configuration of AzureAD Group' - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - $nullReturn.Owners = @() - $nullReturn.Members = @() - $nullReturn.MemberOf = @() - $nullReturn.AssignedToRole = @() try { - if ($PSBoundParameters.ContainsKey('Id')) + if (-not $Script:exportedInstance) { - Write-Verbose -Message 'GroupID was specified' - try + Write-Verbose -Message 'Getting configuration of AzureAD Group' + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + $nullReturn.Owners = @() + $nullReturn.Members = @() + $nullReturn.MemberOf = @() + $nullReturn.AssignedToRole = @() + + if ($PSBoundParameters.ContainsKey('Id')) { - if ($null -ne $Script:exportedGroups -and $Script:ExportMode) - { - $Group = $Script:exportedGroups | Where-Object -FilterScript { $_.Id -eq $Id } - } - else + Write-Verbose -Message 'GroupID was specified' + try { $Group = Get-MgGroup -GroupId $Id -ErrorAction Stop } - } - catch - { - Write-Verbose -Message "Couldn't get group by ID, trying by name" - if ($null -ne $Script:exportedGroups -and $Script:ExportMode) - { - $Group = $Script:exportedGroups | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } - } - else + catch { + Write-Verbose -Message "Couldn't get group by ID, trying by name" if ($DisplayName.Contains("'")) { $DisplayName = $DisplayName -replace "'", "''" } $filter = "DisplayName eq '$DisplayName'" $Group = Get-MgGroup -Filter $filter -ErrorAction Stop - } - if ($Group.Length -gt 1) - { - throw "Duplicate AzureAD Groups named $DisplayName exist in tenant" + if ($Group.Length -gt 1) + { + throw "Duplicate AzureAD Groups named $DisplayName exist in tenant" + } } } - } - else - { - Write-Verbose -Message 'Id was NOT specified' - ## Can retreive multiple AAD Groups since displayname is not unique - if ($null -ne $Script:exportedGroups -and $Script:ExportMode) - { - $Group = $Script:exportedGroups | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } - } else { + Write-Verbose -Message 'Id was NOT specified' + ## Can retreive multiple AAD Groups since displayname is not unique if ($DisplayName.Contains("'")) { $DisplayName = $DisplayName -replace "'", "''" } $filter = "DisplayName eq '$DisplayName'" $Group = Get-MgGroup -Filter $filter -ErrorAction Stop + if ($Group.Length -gt 1) + { + throw "Duplicate AzureAD Groups named $DisplayName exist in tenant" + } } - if ($Group.Length -gt 1) + + if ($null -eq $Group) { - throw "Duplicate AzureAD Groups named $DisplayName exist in tenant" + Write-Verbose -Message 'Group was null, returning null' + return $nullReturn } } - - if ($null -eq $Group) - { - Write-Verbose -Message 'Group was null, returning null' - return $nullReturn - } else { - Write-Verbose -Message 'Found existing AzureAD Group' + $Group = $Script:exportedInstance + } + + Write-Verbose -Message 'Found existing AzureAD Group' - # Owners - [Array]$owners = Get-MgBetaGroupOwner -GroupId $Group.Id -All:$true - $OwnersValues = @() - foreach ($owner in $owners) + # Owners + [Array]$owners = Get-MgBetaGroupOwner -GroupId $Group.Id -All:$true + $OwnersValues = @() + foreach ($owner in $owners) + { + if ($owner.AdditionalProperties.userPrincipalName -ne $null) { - if ($owner.AdditionalProperties.userPrincipalName -ne $null) - { - $OwnersValues += $owner.AdditionalProperties.userPrincipalName - } - elseif ($owner.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.servicePrincipal') - { - $OwnersValues += $owner.AdditionalProperties.displayName - } + $OwnersValues += $owner.AdditionalProperties.userPrincipalName + } + elseif ($owner.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.servicePrincipal') + { + $OwnersValues += $owner.AdditionalProperties.displayName } + } $MembersValues = $null $result = @{} @@ -242,42 +228,42 @@ function Get-TargetResource $result.Add('GroupAsMembers', $GroupAsMembersValues) } - # MemberOf - [Array]$memberOf = Get-MgBetaGroupMemberOf -GroupId $Group.Id -All # result also used for/by AssignedToRole - $MemberOfValues = @() - # Note: only process security-groups that this group is a member of and not directory roles (if any) - foreach ($member in ($memberOf | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.group' })) + # MemberOf + [Array]$memberOf = Get-MgBetaGroupMemberOf -GroupId $Group.Id -All # result also used for/by AssignedToRole + $MemberOfValues = @() + # Note: only process security-groups that this group is a member of and not directory roles (if any) + foreach ($member in ($memberOf | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.group' })) + { + if ($null -ne $member.AdditionalProperties.displayName) { - if ($null -ne $member.AdditionalProperties.displayName) - { - $MemberOfValues += $member.AdditionalProperties.displayName - } + $MemberOfValues += $member.AdditionalProperties.displayName } + } - # AssignedToRole - $AssignedToRoleValues = $null - if ($Group.IsAssignableToRole -eq $true) + # AssignedToRole + $AssignedToRoleValues = $null + if ($Group.IsAssignableToRole -eq $true) + { + $AssignedToRoleValues = @() + $roleAssignments = Get-MgBetaRoleManagementDirectoryRoleAssignment -Filter "PrincipalId eq '$($Group.Id)'" + foreach ($assignment in $roleAssignments) { - $AssignedToRoleValues = @() - $roleAssignments = Get-MgBetaRoleManagementDirectoryRoleAssignment -Filter "PrincipalId eq '$($Group.Id)'" - foreach ($assignment in $roleAssignments) - { - $roleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $assignment.RoleDefinitionId - $AssignedToRoleValues += $roleDefinition.DisplayName - } + $roleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $assignment.RoleDefinitionId + $AssignedToRoleValues += $roleDefinition.DisplayName } + } - # Licenses - $assignedLicensesValues = $null - $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/groups/$($Group.Id)/assignedLicenses" - $assignedLicensesRequest = Invoke-MgGraphRequest -Method 'GET' ` - -Uri $uri + # Licenses + $assignedLicensesValues = $null + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/groups/$($Group.Id)/assignedLicenses" + $assignedLicensesRequest = Invoke-MgGraphRequest -Method 'GET' ` + -Uri $uri - if ($assignedLicensesRequest.value.Length -gt 0) - { - $assignedLicensesValues = Get-M365DSCAzureADGroupLicenses -AssignedLicenses $assignedLicensesRequest.value + if ($assignedLicensesRequest.value.Length -gt 0) + { + $assignedLicensesValues = Get-M365DSCAzureADGroupLicenses -AssignedLicenses $assignedLicensesRequest.value - } + } $policySettings = @{ DisplayName = $Group.DisplayName @@ -306,8 +292,7 @@ function Get-TargetResource } $result += $policySettings - return $result - } + return $result } catch { @@ -1319,6 +1304,7 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + $Script:exportedInstance = $group $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsNamingPolicy/MSFT_AADGroupsNamingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsNamingPolicy/MSFT_AADGroupsNamingPolicy.psm1 index 7c5ea39a5c..8ee09d2353 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsNamingPolicy/MSFT_AADGroupsNamingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroupsNamingPolicy/MSFT_AADGroupsNamingPolicy.psm1 @@ -304,7 +304,7 @@ function Test-TargetResource $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $ValuesToCheck ` + -DesiredValues $PSBoundParameters ` -ValuesToCheck $ValuesToCheck.Keys Write-Verbose -Message "Test-TargetResource returned $TestResult" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 index af69cfc90b..0ec7c56c0c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 @@ -72,91 +72,95 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message 'Getting configuration of AAD Named Location' + try + { + if (-not $Script:exportedInstance) + { + Write-Verbose -Message 'Getting configuration of AAD Named Location' - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - try - { - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - if ($Id) - { - $NamedLocation = Get-MgBetaIdentityConditionalAccessNamedLocation -NamedLocationId $Id -ErrorAction Stop - } - } - catch - { - Write-Verbose -Message "Could not retrieve AAD Named Location by ID {$Id}" - } - if ($null -eq $NamedLocation) - { + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' try { - $NamedLocation = Get-MgBetaIdentityConditionalAccessNamedLocation -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } - if ($NamedLocation.Length -gt 1) + if ($Id) { - throw "More than one instance of a Named Location Policy with name {$DisplayName} was found. Please provide the ID parameter." + $NamedLocation = Get-MgBetaIdentityConditionalAccessNamedLocation -NamedLocationId $Id -ErrorAction Stop } } catch { - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential + Write-Verbose -Message "Could not retrieve AAD Named Location by ID {$Id}" + } + + if ($null -eq $NamedLocation) + { + try + { + $NamedLocation = Get-MgBetaIdentityConditionalAccessNamedLocation -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } + if ($NamedLocation.Length -gt 1) + { + throw "More than one instance of a Named Location Policy with name {$DisplayName} was found. Please provide the ID parameter." + } + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + return $nullReturn + } + } + if ($null -eq $NamedLocation) + { + Write-Verbose "No existing AAD Named Location found with DisplayName {$DisplayName}" return $nullReturn } } - - if ($null -eq $NamedLocation) - { - Write-Verbose "No existing AAD Named Location found with DisplayName {$DisplayName}" - return $nullReturn - } else { - Write-Verbose "Found existing AAD Named Location {$($NamedLocation.DisplayName)}" - $Result = @{ - OdataType = $NamedLocation.AdditionalProperties.'@odata.type' - Id = $NamedLocation.Id - DisplayName = $NamedLocation.DisplayName - IpRanges = $NamedLocation.AdditionalProperties.ipRanges.cidrAddress - IsTrusted = $NamedLocation.AdditionalProperties.isTrusted - CountriesAndRegions = [String[]]$NamedLocation.AdditionalProperties.countriesAndRegions - CountryLookupMethod = $NamedLocation.AdditionalProperties.countryLookupMethod - IncludeUnknownCountriesAndRegions = $NamedLocation.AdditionalProperties.includeUnknownCountriesAndRegions - Ensure = 'Present' - ApplicationSecret = $ApplicationSecret - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - Credential = $Credential - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } - - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + $NamedLocation = $Script:exportedInstance } + Write-Verbose "Found existing AAD Named Location {$($NamedLocation.DisplayName)}" + $Result = @{ + OdataType = $NamedLocation.AdditionalProperties.'@odata.type' + Id = $NamedLocation.Id + DisplayName = $NamedLocation.DisplayName + IpRanges = $NamedLocation.AdditionalProperties.ipRanges.cidrAddress + IsTrusted = $NamedLocation.AdditionalProperties.isTrusted + CountriesAndRegions = [String[]]$NamedLocation.AdditionalProperties.countriesAndRegions + CountryLookupMethod = $NamedLocation.AdditionalProperties.countryLookupMethod + IncludeUnknownCountriesAndRegions = $NamedLocation.AdditionalProperties.includeUnknownCountriesAndRegions + Ensure = 'Present' + ApplicationSecret = $ApplicationSecret + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Credential = $Credential + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -540,6 +544,7 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + $Script:exportedInstance = $AADNamedLocation $Results = Get-TargetResource @Params if ($Results.Ensure -eq 'Present') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleDefinition/MSFT_AADRoleDefinition.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleDefinition/MSFT_AADRoleDefinition.psm1 index 772a68b2ca..1d77a478f7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleDefinition/MSFT_AADRoleDefinition.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleDefinition/MSFT_AADRoleDefinition.psm1 @@ -69,83 +69,73 @@ function Get-TargetResource [System.String[]] $AccessTokens ) - - Write-Verbose -Message 'Getting configuration of Azure AD role definition' - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' try { - try + if (-not $Script:exportedInstance) { - if (($null -ne $Id) -and ($Id -ne '')) + Write-Verbose -Message 'Getting configuration of Azure AD role definition' + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + try { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $AADRoleDefinition = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } - } - else + if (($null -ne $Id) -and ($Id -ne '')) { $AADRoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "Id eq '$($Id)'" } } - } - catch - { - Write-Verbose -Message "Could not retrieve AAD roledefinition by Id: {$Id}" - } - if ($null -eq $AADRoleDefinition) - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + catch { - $AADRoleDefinition = $Script:exportedInstances | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } + Write-Verbose -Message "Could not retrieve AAD roledefinition by Id: {$Id}" } - else + if ($null -eq $AADRoleDefinition) { $AADRoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$($DisplayName)'" } - } - if ($null -eq $AADRoleDefinition) - { - return $nullReturn + if ($null -eq $AADRoleDefinition) + { + return $nullReturn + } } else { - $result = @{ - Id = $AADRoleDefinition.Id - DisplayName = $AADRoleDefinition.DisplayName - Description = $AADRoleDefinition.Description - ResourceScopes = $AADRoleDefinition.ResourceScopes - IsEnabled = $AADRoleDefinition.IsEnabled - RolePermissions = $AADRoleDefinition.RolePermissions.AllowedResourceActions - TemplateId = $AADRoleDefinition.TemplateId - Version = $AADRoleDefinition.Version - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - ApplicationSecret = $ApplicationSecret - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + $AADRoleDefinition = $Script:exportedInstance + } + $result = @{ + Id = $AADRoleDefinition.Id + DisplayName = $AADRoleDefinition.DisplayName + Description = $AADRoleDefinition.Description + ResourceScopes = $AADRoleDefinition.ResourceScopes + IsEnabled = $AADRoleDefinition.IsEnabled + RolePermissions = $AADRoleDefinition.RolePermissions.AllowedResourceActions + TemplateId = $AADRoleDefinition.TemplateId + Version = $AADRoleDefinition.Version + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + ApplicationSecret = $ApplicationSecret + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -480,6 +470,7 @@ function Export-TargetResource RolePermissions = @('temp') AccessTokens = $AccessTokens } + $Script:exportedInstance = $AADRoleDefinition $Results = Get-TargetResource @Params if ($Results.Ensure -eq 'Present' -and ([array]$results.RolePermissions).Length -gt 0) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 index 2af52a4d70..bafa544699 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.psm1 @@ -210,48 +210,48 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of Role: $DisplayName" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - Write-Verbose -Message 'Getting configuration of Role' - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullReturn = $PSBoundParameters - - $RoleDefintion = $null - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $RoleDefinition = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } - } - elseif (-not [System.String]::IsNullOrEmpty($Id)) + if (-not $Script:exportedInstance) { - $RoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $Id ` - -ErrorAction SilentlyContinue - } - - if ($null -eq $RoleDefinition -and -not [System.String]::IsNullOrEmpty($DisplayName)) - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + Write-Verbose -Message "Getting configuration of Role: $DisplayName" + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + Write-Verbose -Message 'Getting configuration of Role' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $RoleDefinition = $null + if (-not [System.String]::IsNullOrEmpty($Id)) { - $RoleDefinition = $Script:exportedInstances | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } + $RoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $Id ` + -ErrorAction SilentlyContinue } - else + + if ($null -eq $RoleDefinition -and -not [System.String]::IsNullOrEmpty($DisplayName)) { $RoleDefinition = Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "displayName eq '$DisplayName'" } } + else + { + $RoleDefinition = $Script:exportedInstance + } + + $nullReturn = $PSBoundParameters + if ($null -eq $RoleDefinition) + { + return $nullReturn + } try { @@ -278,7 +278,7 @@ function Get-TargetResource } #get Policyrule - $role = Get-MgBetaPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $Policy.Policyid + $role = Get-MgBetaPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $Policy.Policyid -ErrorAction SilentlyContinue $DisplayName = $RoleDefinition.DisplayName $ActivationMaxDuration = ($role | Where-Object { $_.Id -eq 'Expiration_EndUser_Assignment' }).AdditionalProperties.maximumDuration @@ -1492,6 +1492,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $role $Results = Get-TargetResource @Params if ($Results.Ensure -eq 'Present') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 index 0ec87681ed..18dce4cf19 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 @@ -130,54 +130,44 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message 'Getting configuration of Azure AD ServicePrincipal' - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' try { - try + if (-not $Script:exportedInstance) { - if (-not [System.String]::IsNullOrEmpty($ObjectID)) + Write-Verbose -Message 'Getting configuration of Azure AD ServicePrincipal' + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + try { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $AADServicePrincipal = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } - } - else + if (-not [System.String]::IsNullOrEmpty($ObjectID)) { $AADServicePrincipal = Get-MgServicePrincipal -ServicePrincipalId $ObjectId ` -Expand 'AppRoleAssignedTo' ` -ErrorAction Stop } } - } - catch - { - Write-Verbose -Message "Azure AD ServicePrincipal with ObjectID: $($ObjectID) could not be retrieved" - } - - if ($null -eq $AADServicePrincipal) - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + catch { - $AADServicePrincipal = $Script:exportedInstances | Where-Object -FilterScript { $_.AppId -eq $AppId } + Write-Verbose -Message "Azure AD ServicePrincipal with ObjectID: $($ObjectID) could not be retrieved" } - else + + if ($null -eq $AADServicePrincipal) { $ObjectGuid = [System.Guid]::empty if (-not [System.Guid]::TryParse($AppId, [System.Management.Automation.PSReference]$ObjectGuid)) @@ -195,155 +185,150 @@ function Get-TargetResource -Expand 'AppRoleAssignedTo' } } + if ($null -eq $AADServicePrincipal) + { + return $nullReturn + } } - if ($null -eq $AADServicePrincipal) + else { - return $nullReturn + $AADServicePrincipal = $Script:exportedInstance } - else + + $AppRoleAssignedToValues = @() + foreach ($principal in $AADServicePrincipal.AppRoleAssignedTo) { - $AppRoleAssignedToValues = @() - foreach ($principal in $AADServicePrincipal.AppRoleAssignedTo) + $currentAssignment = @{ + PrincipalType = $null + Identity = $null + } + if ($principal.PrincipalType -eq 'User') { - $currentAssignment = @{ - PrincipalType = $null - Identity = $null - } - if ($principal.PrincipalType -eq 'User') - { - $user = Get-MgUser -UserId $principal.PrincipalId - $currentAssignment.PrincipalType = 'User' - $currentAssignment.Identity = $user.UserPrincipalName.Split('@')[0] - $AppRoleAssignedToValues += $currentAssignment - } - elseif ($principal.PrincipalType -eq 'Group') - { - $group = Get-MgGroup -GroupId $principal.PrincipalId - $currentAssignment.PrincipalType = 'Group' - $currentAssignment.Identity = $group.DisplayName - $AppRoleAssignedToValues += $currentAssignment - } + $user = Get-MgUser -UserId $principal.PrincipalId + $currentAssignment.PrincipalType = 'User' + $currentAssignment.Identity = $user.UserPrincipalName.Split('@')[0] + $AppRoleAssignedToValues += $currentAssignment } - - $ownersValues = @() - $ownersInfo = Get-MgServicePrincipalOwner -ServicePrincipalId $AADServicePrincipal.Id -ErrorAction SilentlyContinue - foreach ($ownerInfo in $ownersInfo) + elseif ($principal.PrincipalType -eq 'Group') { - $info = Get-MgUser -UserId $ownerInfo.Id -ErrorAction SilentlyContinue - if ($null -ne $info) - { - $ownersValues += $info.UserPrincipalName - } + $group = Get-MgGroup -GroupId $principal.PrincipalId + $currentAssignment.PrincipalType = 'Group' + $currentAssignment.Identity = $group.DisplayName + $AppRoleAssignedToValues += $currentAssignment } + } - [Array]$complexDelegatedPermissionClassifications = @() - $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/servicePrincipals/$($AADServicePrincipal.Id)/delegatedPermissionClassifications" - $permissionClassifications = Invoke-MgGraphRequest -Uri $Uri -Method Get - foreach ($permissionClassification in $permissionClassifications.Value) + $ownersValues = @() + $ownersInfo = Get-MgServicePrincipalOwner -ServicePrincipalId $AADServicePrincipal.Id -ErrorAction SilentlyContinue + foreach ($ownerInfo in $ownersInfo) + { + $info = Get-MgUser -UserId $ownerInfo.Id -ErrorAction SilentlyContinue + if ($null -ne $info) { - $hashtable = @{ - classification = $permissionClassification.Classification - permissionName = $permissionClassification.permissionName - } - $complexDelegatedPermissionClassifications += $hashtable + $ownersValues += $info.UserPrincipalName } + } - $complexKeyCredentials = @() - foreach ($currentkeyCredentials in $AADServicePrincipal.keyCredentials) - { - $mykeyCredentials = @{} - if ($null -ne $currentkeyCredentials.customKeyIdentifier) - { - $mykeyCredentials.Add('CustomKeyIdentifier', [convert]::ToBase64String($currentkeyCredentials.customKeyIdentifier)) - } - $mykeyCredentials.Add('DisplayName', $currentkeyCredentials.displayName) - if ($null -ne $currentkeyCredentials.endDateTime) - { - $mykeyCredentials.Add('EndDateTime', ([DateTimeOffset]$currentkeyCredentials.endDateTime).ToString('o')) - } - $mykeyCredentials.Add('KeyId', $currentkeyCredentials.keyId) + [Array]$complexDelegatedPermissionClassifications = @() + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/servicePrincipals/$($AADServicePrincipal.Id)/delegatedPermissionClassifications" + $permissionClassifications = Invoke-MgGraphRequest -Uri $Uri -Method Get + foreach ($permissionClassification in $permissionClassifications.Value) + { + $hashtable = @{ + classification = $permissionClassification.Classification + permissionName = $permissionClassification.permissionName + } + $complexDelegatedPermissionClassifications += $hashtable + } + $complexKeyCredentials = @() + foreach ($currentkeyCredentials in $AADServicePrincipal.keyCredentials) + { + $mykeyCredentials = @{} + if ($null -ne $currentkeyCredentials.customKeyIdentifier) + { + $mykeyCredentials.Add('CustomKeyIdentifier', [convert]::ToBase64String($currentkeyCredentials.customKeyIdentifier)) + } + $mykeyCredentials.Add('DisplayName', $currentkeyCredentials.displayName) + if ($null -ne $currentkeyCredentials.endDateTime) + { + $mykeyCredentials.Add('EndDateTime', ([DateTimeOffset]$currentkeyCredentials.endDateTime).ToString('o')) + } + $mykeyCredentials.Add('KeyId', $currentkeyCredentials.keyId) - if ($null -ne $currentkeyCredentials.Key) - { - $mykeyCredentials.Add('Key', [convert]::ToBase64String($currentkeyCredentials.key)) - } - if ($null -ne $currentkeyCredentials.startDateTime) - { - $mykeyCredentials.Add('StartDateTime', ([DateTimeOffset]$currentkeyCredentials.startDateTime).ToString('o')) - } - $mykeyCredentials.Add('Type', $currentkeyCredentials.type) - $mykeyCredentials.Add('Usage', $currentkeyCredentials.usage) - if ($mykeyCredentials.values.Where({ $null -ne $_ }).Count -gt 0) - { - $complexKeyCredentials += $mykeyCredentials - } + if ($null -ne $currentkeyCredentials.Key) + { + $mykeyCredentials.Add('Key', [convert]::ToBase64String($currentkeyCredentials.key)) } - $complexPasswordCredentials = @() - foreach ($currentpasswordCredentials in $AADServicePrincipal.passwordCredentials) + if ($null -ne $currentkeyCredentials.startDateTime) { - $mypasswordCredentials = @{} - $mypasswordCredentials.Add('DisplayName', $currentpasswordCredentials.displayName) - if ($null -ne $currentpasswordCredentials.endDateTime) - { - $mypasswordCredentials.Add('EndDateTime', ([DateTimeOffset]$currentpasswordCredentials.endDateTime).ToString('o')) - } - $mypasswordCredentials.Add('Hint', $currentpasswordCredentials.hint) - $mypasswordCredentials.Add('KeyId', $currentpasswordCredentials.keyId) - if ($null -ne $currentpasswordCredentials.startDateTime) - { - $mypasswordCredentials.Add('StartDateTime', ([DateTimeOffset]$currentpasswordCredentials.startDateTime).ToString('o')) - } - if ($mypasswordCredentials.values.Where({ $null -ne $_ }).Count -gt 0) - { - $complexPasswordCredentials += $mypasswordCredentials - } + $mykeyCredentials.Add('StartDateTime', ([DateTimeOffset]$currentkeyCredentials.startDateTime).ToString('o')) } - - $complexCustomSecurityAttributes = [Array](Get-CustomSecurityAttributes -ServicePrincipalId $AADServicePrincipal.Id) - if ($null -eq $complexCustomSecurityAttributes) + $mykeyCredentials.Add('Type', $currentkeyCredentials.type) + $mykeyCredentials.Add('Usage', $currentkeyCredentials.usage) + if ($mykeyCredentials.values.Where({ $null -ne $_ }).Count -gt 0) { - $complexCustomSecurityAttributes = @() + $complexKeyCredentials += $mykeyCredentials } + } - $result = @{ - AppId = $appInstance.DisplayName - AppRoleAssignedTo = $AppRoleAssignedToValues - ObjectID = $AADServicePrincipal.Id - DisplayName = $AADServicePrincipal.DisplayName - AlternativeNames = $AADServicePrincipal.AlternativeNames - AccountEnabled = [boolean]$AADServicePrincipal.AccountEnabled - AppRoleAssignmentRequired = $AADServicePrincipal.AppRoleAssignmentRequired - CustomSecurityAttributes = $complexCustomSecurityAttributes - DelegatedPermissionClassifications = [Array]$complexDelegatedPermissionClassifications - ErrorUrl = $AADServicePrincipal.ErrorUrl - Homepage = $AADServicePrincipal.Homepage - LogoutUrl = $AADServicePrincipal.LogoutUrl - Notes = $AADServicePrincipal.Notes - Owners = $ownersValues - PreferredSingleSignOnMode = $AADServicePrincipal.PreferredSingleSignOnMode - PublisherName = $AADServicePrincipal.PublisherName - ReplyURLs = $AADServicePrincipal.ReplyURLs - SamlMetadataURL = $AADServicePrincipal.SamlMetadataURL - ServicePrincipalNames = $AADServicePrincipal.ServicePrincipalNames - ServicePrincipalType = $AADServicePrincipal.ServicePrincipalType - Tags = $AADServicePrincipal.Tags - KeyCredentials = $complexKeyCredentials - PasswordCredentials = $complexPasswordCredentials - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - ApplicationSecret = $ApplicationSecret - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens + $complexPasswordCredentials = @() + foreach ($currentpasswordCredentials in $AADServicePrincipal.passwordCredentials) + { + $mypasswordCredentials = @{} + $mypasswordCredentials.Add('DisplayName', $currentpasswordCredentials.displayName) + if ($null -ne $currentpasswordCredentials.endDateTime) + { + $mypasswordCredentials.Add('EndDateTime', ([DateTimeOffset]$currentpasswordCredentials.endDateTime).ToString('o')) + } + $mypasswordCredentials.Add('Hint', $currentpasswordCredentials.hint) + $mypasswordCredentials.Add('KeyId', $currentpasswordCredentials.keyId) + if ($null -ne $currentpasswordCredentials.startDateTime) + { + $mypasswordCredentials.Add('StartDateTime', ([DateTimeOffset]$currentpasswordCredentials.startDateTime).ToString('o')) + } + if ($mypasswordCredentials.values.Where({ $null -ne $_ }).Count -gt 0) + { + $complexPasswordCredentials += $mypasswordCredentials } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result } + + $complexCustomSecurityAttributes = [Array](Get-CustomSecurityAttributes -ServicePrincipalId $AADServicePrincipal.Id) + if ($null -eq $complexCustomSecurityAttributes) + { + $complexCustomSecurityAttributes = @() + } + + $result = @{ + AppId = $AADServicePrincipal.AppId + AppRoleAssignedTo = $AppRoleAssignedToValues + ObjectID = $AADServicePrincipal.Id + DisplayName = $AADServicePrincipal.DisplayName + AlternativeNames = $AADServicePrincipal.AlternativeNames + AccountEnabled = [boolean]$AADServicePrincipal.AccountEnabled + AppRoleAssignmentRequired = $AADServicePrincipal.AppRoleAssignmentRequired + CustomSecurityAttributes = $complexCustomSecurityAttributes + DelegatedPermissionClassifications = [Array]$complexDelegatedPermissionClassifications + ErrorUrl = $AADServicePrincipal.ErrorUrl + Homepage = $AADServicePrincipal.Homepage + LogoutUrl = $AADServicePrincipal.LogoutUrl + Notes = $AADServicePrincipal.Notes + Owners = $ownersValues + PreferredSingleSignOnMode = $AADServicePrincipal.PreferredSingleSignOnMode + PublisherName = $AADServicePrincipal.PublisherName + ReplyURLs = $AADServicePrincipal.ReplyURLs + SamlMetadataURL = $AADServicePrincipal.SamlMetadataURL + ServicePrincipalNames = $AADServicePrincipal.ServicePrincipalNames + ServicePrincipalType = $AADServicePrincipal.ServicePrincipalType + Tags = $AADServicePrincipal.Tags + KeyCredentials = $complexKeyCredentials + PasswordCredentials = $complexPasswordCredentials + Ensure = 'Present' + } + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -1028,6 +1013,7 @@ function Export-TargetResource AppID = $AADServicePrincipal.AppId AccessTokens = $AccessTokens } + $Script:exportedInstance = $AADServicePrincipal $Results = Get-TargetResource @Params if ($Results.Ensure -eq 'Present') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADSocialIdentityProvider/MSFT_AADSocialIdentityProvider.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADSocialIdentityProvider/MSFT_AADSocialIdentityProvider.psm1 index 8dd43b269f..04793134bc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADSocialIdentityProvider/MSFT_AADSocialIdentityProvider.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADSocialIdentityProvider/MSFT_AADSocialIdentityProvider.psm1 @@ -57,32 +57,40 @@ function Get-TargetResource try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = Get-MgBetaIdentityProvider -Filter "Id eq '$ClientId'" ` - -ErrorAction SilentlyContinue | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.socialIdentityProvider' } + $getValue = Get-MgBetaIdentityProvider -Filter "Id eq '$ClientId'" ` + -ErrorAction SilentlyContinue | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.socialIdentityProvider' } - if ($null -eq $getValue) + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find Social Identity Provider Client Id {$ClientId}" + return $nullResult + } + } + else { - Write-Verbose -Message "Could not find Social Identity Provider Client Id {$ClientId}" - return $nullResult + $getValue = $Script:exportedInstance } + Write-Verbose -Message "Social Identity Provider with ClientId {$ClientId} was found." $ClientSecretValue = $null @@ -398,6 +406,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADTokenLifetimePolicy/MSFT_AADTokenLifetimePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADTokenLifetimePolicy/MSFT_AADTokenLifetimePolicy.psm1 index 9da74687ae..ebae24d74c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADTokenLifetimePolicy/MSFT_AADTokenLifetimePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADTokenLifetimePolicy/MSFT_AADTokenLifetimePolicy.psm1 @@ -57,79 +57,83 @@ function Get-TargetResource [System.String[]] $AccessTokens ) - - Write-Verbose -Message 'Getting configuration of AzureAD Token Lifetime Policy' - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - try { - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - if (-Not [System.String]::IsNullOrEMpty($Id)) - { - $Policy = Get-MgBetaPolicyTokenLifetimePolicy -TokenLifetimePolicyId $Id -ErrorAction SilentlyContinue - } - } - catch - { - Write-Verbose -Message "Could not retrieve AzureAD Token Lifetime Policy by ID {$Id}" - } - if ($null -eq $Policy) + if (-not $Script:exportedInstance) { + Write-Verbose -Message 'Getting configuration of AzureAD Token Lifetime Policy' + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' try { - $Policy = Get-MgBetaPolicyTokenLifetimePolicy -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue + if (-Not [System.String]::IsNullOrEMpty($Id)) + { + $Policy = Get-MgBetaPolicyTokenLifetimePolicy -TokenLifetimePolicyId $Id -ErrorAction SilentlyContinue + } } catch { - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential + Write-Verbose -Message "Could not retrieve AzureAD Token Lifetime Policy by ID {$Id}" + } + if ($null -eq $Policy) + { + try + { + $Policy = Get-MgBetaPolicyTokenLifetimePolicy -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + } + if ($null -eq $Policy) + { + return $nullReturn } - } - if ($null -eq $Policy) - { - return $nullReturn } else { - Write-Verbose "Found existing AzureAD Policy {$($Policy.DisplayName)}" - $Result = @{ - Id = $Policy.Id - Description = $Policy.Description - Definition = $Policy.Definition - DisplayName = $Policy.DisplayName - IsOrganizationDefault = $Policy.IsOrganizationDefault - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - ApplicationSecret = $ApplicationSecret - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } + $Policy = $Script:exportedInstance + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing AzureAD Policy {$($Policy.DisplayName)}" + $Result = @{ + Id = $Policy.Id + Description = $Policy.Description + Definition = $Policy.Definition + DisplayName = $Policy.DisplayName + IsOrganizationDefault = $Policy.IsOrganizationDefault + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + ApplicationSecret = $ApplicationSecret + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -415,6 +419,7 @@ function Export-TargetResource ID = $AADPolicy.ID AccessTokens = $AccessTokens } + $Script:exportedInstance = $AADPolicy $Results = Get-TargetResource @Params # Fix quotes inside the Definition's JSON; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 index 288e5aea9c..269d5bc1ca 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADUser/MSFT_AADUser.psm1 @@ -134,46 +134,46 @@ function Get-TargetResource [System.String[]] $AccessTokens ) - Write-Verbose -Message "Getting configuration of Office 365 User $UserPrincipalName" - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullReturn = @{ - UserPrincipalName = $null - DisplayName = $null - FirstName = $null - LastName = $null - UsageLocation = $null - LicenseAssignment = $null - MemberOf = $null - Password = $null - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - ApplicationSecret = $ApplicationSecret - Ensure = 'Absent' - AccessTokens = $AccessTokens - } - try { - if (-not $Script:ExportMode) + if (-not $Script:exportedInstance) { + Write-Verbose -Message "Getting configuration of Office 365 User $UserPrincipalName" + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = @{ + UserPrincipalName = $null + DisplayName = $null + FirstName = $null + LastName = $null + UsageLocation = $null + LicenseAssignment = $null + MemberOf = $null + Password = $null + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + ApplicationSecret = $ApplicationSecret + Ensure = 'Absent' + AccessTokens = $AccessTokens + } + Write-Verbose -Message "Getting Office 365 User $UserPrincipalName" $propertiesToRetrieve = @('Id', 'UserPrincipalName', 'DisplayName', 'GivenName', 'Surname', 'UsageLocation', 'City', 'Country', 'Department', 'FacsimileTelephoneNumber', 'Mobile', 'OfficeLocation', 'TelephoneNumber', 'PostalCode', 'PreferredLanguage', 'State', 'StreetAddress', 'JobTitle', 'UserType', 'PasswordPolicies') $user = Get-MgUser -UserId $UserPrincipalName -Property $propertiesToRetrieve -ErrorAction SilentlyContinue @@ -186,7 +186,7 @@ function Get-TargetResource else { Write-Verbose -Message 'Retrieving user from the exported instances' - $user = $Script:M365DSCExportInstances | Where-Object -FilterScript { $_.UserPrincipalName -eq $UserPrincipalName } + $user = $Script:exportedInstance } Write-Verbose -Message "Found User $($UserPrincipalName)" @@ -1091,6 +1091,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $user $Results = Get-TargetResource @Params $Results.Password = "New-Object System.Management.Automation.PSCredential('Password', (ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force));" if ($null -ne $Results.UserPrincipalName) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 index c42db507fd..2c7162449a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 @@ -362,6 +362,10 @@ function Export-TargetResource $j = 1 foreach ($resourceGroup in $resourceGroups) { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } $displayedKey = $resourceGroup.ResourceGroupName Write-Host " |---[$j/$($resourceGroups.Length)] $displayedKey" -NoNewline diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAddressList/MSFT_EXOAddressList.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAddressList/MSFT_EXOAddressList.psm1 index 0ed8e06cd9..dc4023235d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAddressList/MSFT_EXOAddressList.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAddressList/MSFT_EXOAddressList.psm1 @@ -130,106 +130,95 @@ function Get-TargetResource [System.String[]] $AccessTokens ) + try + { + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of AddressList for $Name" - Write-Verbose -Message "Getting configuration of AddressList for $Name" + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - } + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + if ($null -eq (Get-Command 'Get-AddressList' -ErrorAction SilentlyContinue)) + { + return $nullReturn + } - try - { - if ($null -eq (Get-Command 'Get-AddressList' -ErrorAction SilentlyContinue)) - { - return $nullReturn - } - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $AddressLists = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } + $AddressLists = Get-AddressList -ErrorAction Stop + $AddressList = $AddressLists | Where-Object -FilterScript { $_.Name -eq $Name } + + if ($null -eq $AddressList) + { + Write-Verbose -Message "Address List $($Name) does not exist." + return $nullReturn + } } else { - $AddressLists = Get-AddressList -ErrorAction Stop - $AddressList = $AddressLists | Where-Object -FilterScript { $_.Name -eq $Name } + $AddressList = $Script:exportedInstance } - if ($null -eq $AddressList) + if ($null -eq $AddressList.IncludedRecipients) { - Write-Verbose -Message "Address List $($Name) does not exist." - return $nullReturn + $IncludedRecipients = @() } else { - if ($null -eq $AddressList.IncludedRecipients) - { - $IncludedRecipients = @() - } - else - { - $IncludedRecipients = $AddressList.IncludedRecipients - } - - $result = @{ - Name = $Name - ConditionalCompany = $AddressList.ConditionalCompany - ConditionalCustomAttribute1 = $AddressList.ConditionalCustomAttribute1 - ConditionalCustomAttribute10 = $AddressList.ConditionalCustomAttribute10 - ConditionalCustomAttribute11 = $AddressList.ConditionalCustomAttribute11 - ConditionalCustomAttribute12 = $AddressList.ConditionalCustomAttribute12 - ConditionalCustomAttribute13 = $AddressList.ConditionalCustomAttribute13 - ConditionalCustomAttribute14 = $AddressList.ConditionalCustomAttribute14 - ConditionalCustomAttribute15 = $AddressList.ConditionalCustomAttribute15 - ConditionalCustomAttribute2 = $AddressList.ConditionalCustomAttribute2 - ConditionalCustomAttribute3 = $AddressList.ConditionalCustomAttribute3 - ConditionalCustomAttribute4 = $AddressList.ConditionalCustomAttribute4 - ConditionalCustomAttribute5 = $AddressList.ConditionalCustomAttribute5 - ConditionalCustomAttribute6 = $AddressList.ConditionalCustomAttribute6 - ConditionalCustomAttribute7 = $AddressList.ConditionalCustomAttribute7 - ConditionalCustomAttribute8 = $AddressList.ConditionalCustomAttribute8 - ConditionalCustomAttribute9 = $AddressList.ConditionalCustomAttribute9 - ConditionalDepartment = $AddressList.ConditionalDepartment - ConditionalStateOrProvince = $AddressList.ConditionalStateOrProvince - DisplayName = $AddressList.DisplayName - IncludedRecipients = $IncludedRecipients - RecipientFilter = $AddressList.RecipientFilter - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens - } + $IncludedRecipients = $AddressList.IncludedRecipients + } - Write-Verbose -Message "Found AddressList $($Name)" - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + $result = @{ + Name = $Name + ConditionalCompany = $AddressList.ConditionalCompany + ConditionalCustomAttribute1 = $AddressList.ConditionalCustomAttribute1 + ConditionalCustomAttribute10 = $AddressList.ConditionalCustomAttribute10 + ConditionalCustomAttribute11 = $AddressList.ConditionalCustomAttribute11 + ConditionalCustomAttribute12 = $AddressList.ConditionalCustomAttribute12 + ConditionalCustomAttribute13 = $AddressList.ConditionalCustomAttribute13 + ConditionalCustomAttribute14 = $AddressList.ConditionalCustomAttribute14 + ConditionalCustomAttribute15 = $AddressList.ConditionalCustomAttribute15 + ConditionalCustomAttribute2 = $AddressList.ConditionalCustomAttribute2 + ConditionalCustomAttribute3 = $AddressList.ConditionalCustomAttribute3 + ConditionalCustomAttribute4 = $AddressList.ConditionalCustomAttribute4 + ConditionalCustomAttribute5 = $AddressList.ConditionalCustomAttribute5 + ConditionalCustomAttribute6 = $AddressList.ConditionalCustomAttribute6 + ConditionalCustomAttribute7 = $AddressList.ConditionalCustomAttribute7 + ConditionalCustomAttribute8 = $AddressList.ConditionalCustomAttribute8 + ConditionalCustomAttribute9 = $AddressList.ConditionalCustomAttribute9 + ConditionalDepartment = $AddressList.ConditionalDepartment + ConditionalStateOrProvince = $AddressList.ConditionalStateOrProvince + DisplayName = $AddressList.DisplayName + IncludedRecipients = $IncludedRecipients + RecipientFilter = $AddressList.RecipientFilter + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Found AddressList $($Name)" + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -765,6 +754,7 @@ function Export-TargetResource CertificatePath = $CertificatePath AccessTokens = $AccessTokens } + $Script:exportedInstance = $addressList $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAvailabilityConfig/MSFT_EXOAvailabilityConfig.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAvailabilityConfig/MSFT_EXOAvailabilityConfig.psm1 index 157d4fe455..24899e665b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAvailabilityConfig/MSFT_EXOAvailabilityConfig.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOAvailabilityConfig/MSFT_EXOAvailabilityConfig.psm1 @@ -58,9 +58,6 @@ function Get-TargetResource -InboundParameters $PSBoundParameters } - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -83,8 +80,8 @@ function Get-TargetResource if ($null -ne $AvailabilityConfigs -and $null -ne $AvailabilityConfigs.OrgWideAccount) { - $user = Get-MgUser -UserId $OrgWideAccount -ErrorAction Stop - $AvailabilityConfig = ($AvailabilityConfigs | Where-Object -FilterScript { $_.OrgWideAccount -IMatch $user.UserId }) + $user = Get-User -Identity $OrgWideAccount -ErrorAction Stop + $AvailabilityConfig = ($AvailabilityConfigs | Where-Object -FilterScript { $_.OrgWideAccount -IMatch $user.Id }) } if ($null -eq $AvailabilityConfig) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 index 6e42aebac8..6ba5dfac4f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 @@ -65,59 +65,51 @@ function Get-TargetResource [System.String[]] $AccessTokens ) - Write-Verbose -Message "Getting Data classification policy for $($Identity)" - - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting Data classification policy for $($Identity)" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - try - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $DataClassification = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } - } - else - { - $DataClassification = Get-DataClassification -Identity $Identity -ErrorAction Stop - } - if ($null -eq $DataClassification) - { - if (-not [System.String]::IsNullOrEmpty($Name)) - { - Write-Verbose -Message "Couldn't retrieve data classification by Identity. Trying by Name {$Name}." - $DataClassification = Get-DataClassification -Identity $Name - } + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + $DataClassification = Get-DataClassification -Identity $Identity -ErrorAction Stop if ($null -eq $DataClassification) { - Write-Verbose -Message "Data classification $($Identity) does not exist." - return $nullReturn + if (-not [System.String]::IsNullOrEmpty($Name)) + { + Write-Verbose -Message "Couldn't retrieve data classification by Identity. Trying by Name {$Name}." + $DataClassification = Get-DataClassification -Identity $Name + } + + if ($null -eq $DataClassification) + { + Write-Verbose -Message "Data classification $($Identity) does not exist." + return $nullReturn + } } } + else + { + $DataClassification = $Script:exportedInstance + } + $currentDefaultCultureName = ([system.globalization.cultureinfo]$DataClassification.DefaultCulture).Name $DataClassificationLocale = $currentDefaultCultureName $DataClassificationIsDefault = $false @@ -475,6 +467,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $DataClassification $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 index f758ab9a57..ad06841752 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODistributionGroup/MSFT_EXODistributionGroup.psm1 @@ -217,183 +217,165 @@ function Get-TargetResource [System.String[]] $AccessTokens ) - - Write-Verbose -Message "Getting configuration of Distribution Group for $Identity" - - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of Distribution Group for $Identity" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - try - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { if ($null -ne $PrimarySmtpAddress) { - $distributionGroup = $Script:exportedInstances | Where-Object -FilterScript { $_.PrimarySmtpAddress -eq $PrimarySmtpAddress } - $distributionGroupMembers = Get-DistributionGroupMember -Identity $PrimarySmtpAddress ` - -ErrorAction 'Stop' ` - -ResultSize 'Unlimited' + $distributionGroup = Get-DistributionGroup -Identity $PrimarySmtpAddress -ErrorAction Stop } else { - $distributionGroup = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } - $distributionGroupMembers = Get-DistributionGroupMember -Identity $Identity ` - -ErrorAction 'Stop' ` - -ResultSize 'Unlimited' + $distributionGroup = Get-DistributionGroup -Identity $Identity -ErrorAction Stop + } + + if ($null -eq $distributionGroup) + { + Write-Verbose -Message "Distribution Group $($Identity) does not exist." + return $nullReturn } } else { - if ($null -ne $PrimarySmtpAddress) - { - $distributionGroup = Get-DistributionGroup -Identity $PrimarySmtpAddress -ErrorAction Stop - $distributionGroupMembers = Get-DistributionGroupMember -Identity $PrimarySmtpAddress ` - -ErrorAction 'Stop' ` - -ResultSize 'Unlimited' - } - else - { - $distributionGroup = Get-DistributionGroup -Identity $Identity -ErrorAction Stop - $distributionGroupMembers = Get-DistributionGroupMember -Identity $Identity ` - -ErrorAction 'Stop' ` - -ResultSize 'Unlimited' - } + $distributionGroup = $Script:exportedInstance } - if ($null -eq $distributionGroup) + if ($null -ne $PrimarySmtpAddress) { - Write-Verbose -Message "Distribution Group $($Identity) does not exist." - return $nullReturn + $distributionGroupMembers = Get-DistributionGroupMember -Identity $PrimarySmtpAddress ` + -ErrorAction 'Stop' ` + -ResultSize 'Unlimited' } else { - Write-Verbose -Message "Found existing Distribution Group {$Identity}." - $descriptionValue = $null - if ($distributionGroup.Description.Length -gt 0) - { - $descriptionValue = $distributionGroup.Description[0].Replace("`r", '').Replace("`n", '') - } + $distributionGroupMembers = Get-DistributionGroupMember -Identity $Identity ` + -ErrorAction 'Stop' ` + -ResultSize 'Unlimited' + } - $groupTypeValue = 'Distribution' - if (([Array]$distributionGroup.GroupType.Replace(' ', '').Split(',')).Contains('SecurityEnabled')) - { - $groupTypeValue = 'Security' - } + Write-Verbose -Message "Found existing Distribution Group {$Identity}." + $descriptionValue = $null + if ($distributionGroup.Description.Length -gt 0) + { + $descriptionValue = $distributionGroup.Description[0].Replace("`r", '').Replace("`n", '') + } - $ManagedByValue = @() - if ($null -ne $distributionGroup.ManagedBy) + $groupTypeValue = 'Distribution' + if (([Array]$distributionGroup.GroupType.Replace(' ', '').Split(',')).Contains('SecurityEnabled')) + { + $groupTypeValue = 'Security' + } + + $ManagedByValue = @() + if ($null -ne $distributionGroup.ManagedBy) + { + foreach ($user in $distributionGroup.ManagedBy) { - foreach ($user in $distributionGroup.ManagedBy) + try + { + $user = Get-User -Identity $user -ErrorAction Stop + $ManagedByValue += $user.UserPrincipalName + } + catch { - try - { - $user = Get-MgUser -UserId $user -ErrorAction Stop - $ManagedByValue += $user.UserPrincipalName - } - catch - { - Write-Verbose -Message "Couldn't retrieve user {$user}" - } + Write-Verbose -Message "Couldn't retrieve user {$user}" } } + } - $ModeratedByValue = @() - if ($null -ne $distributionGroup.ModeratedBy) + $ModeratedByValue = @() + if ($null -ne $distributionGroup.ModeratedBy) + { + foreach ($user in $distributionGroup.ModeratedBy) { - foreach ($user in $distributionGroup.ModeratedBy) + try { - try - { - $user = Get-MgUser -UserId $user -ErrorAction Stop - $ModeratedByValue += $user.UserPrincipalName - } - catch - { - Write-Verbose -Message "Couldn't retrieve moderating user {$user}" - } + $user = Get-User -Identity $user -ErrorAction Stop + $ModeratedByValue += $user.UserPrincipalName + } + catch + { + Write-Verbose -Message "Couldn't retrieve moderating user {$user}" } } - $result = @{ - Identity = $distributionGroup.Identity - Alias = $distributionGroup.Alias - BccBlocked = $distributionGroup.BccBlocked - BypassNestedModerationEnabled = $distributionGroup.BypassNestedModerationEnabled - Description = $descriptionValue - DisplayName = $distributionGroup.DisplayName - HiddenGroupMembershipEnabled = $distributionGroup.HiddenGroupMembershipEnabled - ManagedBy = $ManagedByValue - MemberDepartRestriction = $distributionGroup.MemberDepartRestriction - MemberJoinRestriction = $distributionGroup.MemberJoinRestriction - Members = $distributionGroupMembers.Name - ModeratedBy = $ModeratedByValue - ModerationEnabled = $distributionGroup.ModerationEnabled - Name = $distributionGroup.Name - Notes = $distributionGroup.Notes - OrganizationalUnit = $distributionGroup.OrganizationalUnit - PrimarySmtpAddress = $distributionGroup.PrimarySmtpAddress - RequireSenderAuthenticationEnabled = $distributionGroup.RequireSenderAuthenticationEnabled - RoomList = $distributionGroup.RoomList - SendModerationNotifications = $distributionGroup.SendModerationNotifications - AcceptMessagesOnlyFrom = [Array]$distributionGroup.AcceptMessagesOnlyFrom - AcceptMessagesOnlyFromDLMembers = [Array]$distributionGroup.AcceptMessagesOnlyFromDLMembers - AcceptMessagesOnlyFromSendersOrMembers = [Array]$distributionGroup.AcceptMessagesOnlyFromSendersOrMembers - CustomAttribute1 = $distributionGroup.CustomAttribute1 - CustomAttribute2 = $distributionGroup.CustomAttribute2 - CustomAttribute3 = $distributionGroup.CustomAttribute3 - CustomAttribute4 = $distributionGroup.CustomAttribute4 - CustomAttribute5 = $distributionGroup.CustomAttribute5 - CustomAttribute6 = $distributionGroup.CustomAttribute6 - CustomAttribute7 = $distributionGroup.CustomAttribute7 - CustomAttribute8 = $distributionGroup.CustomAttribute8 - CustomAttribute9 = $distributionGroup.CustomAttribute9 - CustomAttribute10 = $distributionGroup.CustomAttribute10 - CustomAttribute11 = $distributionGroup.CustomAttribute11 - CustomAttribute12 = $distributionGroup.CustomAttribute12 - CustomAttribute13 = $distributionGroup.CustomAttribute13 - CustomAttribute14 = $distributionGroup.CustomAttribute14 - CustomAttribute15 = $distributionGroup.CustomAttribute15 - EmailAddresses = [Array]$distributionGroup.EmailAddresses - GrantSendOnBehalfTo = [Array]$distributionGroup.GrantSendOnBehalfTo - HiddenFromAddressListsEnabled = [Boolean]$distributionGroup.HiddenFromAddressListsEnabled - SendOofMessageToOriginatorEnabled = [Boolean]$distributionGroup.SendOofMessageToOriginatorEnabled - Type = $groupTypeValue - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens - } - - return $result } + $result = @{ + Identity = $distributionGroup.Identity + Alias = $distributionGroup.Alias + BccBlocked = $distributionGroup.BccBlocked + BypassNestedModerationEnabled = $distributionGroup.BypassNestedModerationEnabled + Description = $descriptionValue + DisplayName = $distributionGroup.DisplayName + HiddenGroupMembershipEnabled = $distributionGroup.HiddenGroupMembershipEnabled + ManagedBy = $ManagedByValue + MemberDepartRestriction = $distributionGroup.MemberDepartRestriction + MemberJoinRestriction = $distributionGroup.MemberJoinRestriction + Members = $distributionGroupMembers.Name + ModeratedBy = $ModeratedByValue + ModerationEnabled = $distributionGroup.ModerationEnabled + Name = $distributionGroup.Name + Notes = $distributionGroup.Notes + OrganizationalUnit = $distributionGroup.OrganizationalUnit + PrimarySmtpAddress = $distributionGroup.PrimarySmtpAddress + RequireSenderAuthenticationEnabled = $distributionGroup.RequireSenderAuthenticationEnabled + RoomList = $distributionGroup.RoomList + SendModerationNotifications = $distributionGroup.SendModerationNotifications + AcceptMessagesOnlyFrom = [Array]$distributionGroup.AcceptMessagesOnlyFrom + AcceptMessagesOnlyFromDLMembers = [Array]$distributionGroup.AcceptMessagesOnlyFromDLMembers + AcceptMessagesOnlyFromSendersOrMembers = [Array]$distributionGroup.AcceptMessagesOnlyFromSendersOrMembers + CustomAttribute1 = $distributionGroup.CustomAttribute1 + CustomAttribute2 = $distributionGroup.CustomAttribute2 + CustomAttribute3 = $distributionGroup.CustomAttribute3 + CustomAttribute4 = $distributionGroup.CustomAttribute4 + CustomAttribute5 = $distributionGroup.CustomAttribute5 + CustomAttribute6 = $distributionGroup.CustomAttribute6 + CustomAttribute7 = $distributionGroup.CustomAttribute7 + CustomAttribute8 = $distributionGroup.CustomAttribute8 + CustomAttribute9 = $distributionGroup.CustomAttribute9 + CustomAttribute10 = $distributionGroup.CustomAttribute10 + CustomAttribute11 = $distributionGroup.CustomAttribute11 + CustomAttribute12 = $distributionGroup.CustomAttribute12 + CustomAttribute13 = $distributionGroup.CustomAttribute13 + CustomAttribute14 = $distributionGroup.CustomAttribute14 + CustomAttribute15 = $distributionGroup.CustomAttribute15 + EmailAddresses = [Array]$distributionGroup.EmailAddresses + GrantSendOnBehalfTo = [Array]$distributionGroup.GrantSendOnBehalfTo + HiddenFromAddressListsEnabled = [Boolean]$distributionGroup.HiddenFromAddressListsEnabled + SendOofMessageToOriginatorEnabled = [Boolean]$distributionGroup.SendOofMessageToOriginatorEnabled + Type = $groupTypeValue + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens + } + + return $result } catch { @@ -1076,6 +1058,7 @@ function Export-TargetResource CertificatePath = $CertificatePath AccessTokens = $AccessTokens } + $Script:exportedInstance = $distributionGroup $Results = Get-TargetResource @Params if ($Results.AcceptMessagesOnlyFromSendersOrMembers.Length -eq 0) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGlobalAddressList/MSFT_EXOGlobalAddressList.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGlobalAddressList/MSFT_EXOGlobalAddressList.psm1 index c321c4e7a0..ae51f94cdc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGlobalAddressList/MSFT_EXOGlobalAddressList.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGlobalAddressList/MSFT_EXOGlobalAddressList.psm1 @@ -128,97 +128,91 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting Global Address List configuration for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - - if ($null -eq (Get-Command 'Get-GlobalAddressList' -ErrorAction SilentlyContinue)) - { - return $nullReturn - } - try { - $AllGlobalAddressLists = Get-GlobalAddressList -ErrorAction Stop - - $GlobalAddressList = $AllGlobalAddressLists | Where-Object -FilterScript { $_.Name -eq $Name } - - if ($null -eq $GlobalAddressList) - { - Write-Verbose -Message "Global Address List $($Name) does not exist." - return $nullReturn - } - else + if (-not $Script:exportedInstance) { - if ($null -eq $GlobalAddressList.IncludedRecipients) + Write-Verbose -Message "Getting Global Address List configuration for $Name" + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + if ($null -eq (Get-Command 'Get-GlobalAddressList' -ErrorAction SilentlyContinue)) { - $IncludedRecipients = ''.ToString() + return $nullReturn } - else + + $GlobalAddressList = Get-GlobalAddressList -Identity $Name -ErrorAction Stop + + if ($null -eq $GlobalAddressList) { - $IncludedRecipients = $GlobalAddressList.IncludedRecipients + Write-Verbose -Message "Global Address List $($Name) does not exist." + return $nullReturn } + } + else + { + $GlobalAddressList = $Script:exportedInstance + } - $result = @{ - Name = $GlobalAddressList.Name - ConditionalCompany = $GlobalAddressList.ConditionalCompany - ConditionalCustomAttribute1 = $GlobalAddressList.ConditionalCustomAttribute1 - ConditionalCustomAttribute10 = $GlobalAddressList.ConditionalCustomAttribute10 - ConditionalCustomAttribute11 = $GlobalAddressList.ConditionalCustomAttribute11 - ConditionalCustomAttribute12 = $GlobalAddressList.ConditionalCustomAttribute12 - ConditionalCustomAttribute13 = $GlobalAddressList.ConditionalCustomAttribute13 - ConditionalCustomAttribute14 = $GlobalAddressList.ConditionalCustomAttribute14 - ConditionalCustomAttribute15 = $GlobalAddressList.ConditionalCustomAttribute15 - ConditionalCustomAttribute2 = $GlobalAddressList.ConditionalCustomAttribute2 - ConditionalCustomAttribute3 = $GlobalAddressList.ConditionalCustomAttribute3 - ConditionalCustomAttribute4 = $GlobalAddressList.ConditionalCustomAttribute4 - ConditionalCustomAttribute5 = $GlobalAddressList.ConditionalCustomAttribute5 - ConditionalCustomAttribute6 = $GlobalAddressList.ConditionalCustomAttribute6 - ConditionalCustomAttribute7 = $GlobalAddressList.ConditionalCustomAttribute7 - ConditionalCustomAttribute8 = $GlobalAddressList.ConditionalCustomAttribute8 - ConditionalCustomAttribute9 = $GlobalAddressList.ConditionalCustomAttribute9 - ConditionalDepartment = $GlobalAddressList.ConditionalDepartment - ConditionalStateOrProvince = $GlobalAddressList.ConditionalStateOrProvince - IncludedRecipients = $IncludedRecipients - RecipientFilter = $GlobalAddressList.RecipientFilter - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens - } + if ($null -eq $GlobalAddressList.IncludedRecipients) + { + $IncludedRecipients = ''.ToString() + } + else + { + $IncludedRecipients = $GlobalAddressList.IncludedRecipients + } - Write-Verbose -Message "Found Global Address List $($Name)" - return $result + $result = @{ + Name = $GlobalAddressList.Name + ConditionalCompany = $GlobalAddressList.ConditionalCompany + ConditionalCustomAttribute1 = $GlobalAddressList.ConditionalCustomAttribute1 + ConditionalCustomAttribute10 = $GlobalAddressList.ConditionalCustomAttribute10 + ConditionalCustomAttribute11 = $GlobalAddressList.ConditionalCustomAttribute11 + ConditionalCustomAttribute12 = $GlobalAddressList.ConditionalCustomAttribute12 + ConditionalCustomAttribute13 = $GlobalAddressList.ConditionalCustomAttribute13 + ConditionalCustomAttribute14 = $GlobalAddressList.ConditionalCustomAttribute14 + ConditionalCustomAttribute15 = $GlobalAddressList.ConditionalCustomAttribute15 + ConditionalCustomAttribute2 = $GlobalAddressList.ConditionalCustomAttribute2 + ConditionalCustomAttribute3 = $GlobalAddressList.ConditionalCustomAttribute3 + ConditionalCustomAttribute4 = $GlobalAddressList.ConditionalCustomAttribute4 + ConditionalCustomAttribute5 = $GlobalAddressList.ConditionalCustomAttribute5 + ConditionalCustomAttribute6 = $GlobalAddressList.ConditionalCustomAttribute6 + ConditionalCustomAttribute7 = $GlobalAddressList.ConditionalCustomAttribute7 + ConditionalCustomAttribute8 = $GlobalAddressList.ConditionalCustomAttribute8 + ConditionalCustomAttribute9 = $GlobalAddressList.ConditionalCustomAttribute9 + ConditionalDepartment = $GlobalAddressList.ConditionalDepartment + ConditionalStateOrProvince = $GlobalAddressList.ConditionalStateOrProvince + IncludedRecipients = $IncludedRecipients + RecipientFilter = $GlobalAddressList.RecipientFilter + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Found Global Address List $($Name)" + return $result } catch { @@ -740,6 +734,7 @@ function Export-TargetResource CertificatePath = $CertificatePath AccessTokens = $AccessTokens } + $Script:exportedInstance = $GlobalAddressList $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 index f1a55013b8..53ca107e7b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOGroupSettings/MSFT_EXOGroupSettings.psm1 @@ -247,44 +247,31 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of Office 365 Group Settings for $DisplayName" - - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of Office 365 Group Settings for $DisplayName" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = @{ - DisplayName = $DisplayName - } + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = @{ + DisplayName = $DisplayName + } - try - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - [Array]$group = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } - } - else - { Write-Verbose -Message "Retrieving group by id {$Id}" [Array]$group = Get-UnifiedGroup -Identity $Id -IncludeAllProperties -ErrorAction Stop @@ -293,25 +280,28 @@ function Get-TargetResource Write-Verbose -Message "Couldn't retrieve group by ID. Trying by DisplayName {$DisplayName}" [Array]$group = Get-UnifiedGroup -Identity $DisplayName -IncludeAllProperties -ErrorAction Stop } - } - if ($group.Length -gt 1) + if ($group.Length -gt 1) + { + Write-Warning -Message "Multiple instances of a group named {$DisplayName} was discovered which could result in inconsistencies retrieving its values." + } + $group = $group[0] + if ($null -eq $group) + { + Write-Verbose -Message "The specified group {$DisplayName} doesn't already exist." + return $nullReturn + } + } + else { - Write-Warning -Message "Multiple instances of a group named {$DisplayName} was discovered which could result in inconsistencies retrieving its values." + $group = $Script:exportedInstance } - $group = $group[0] } catch { return $nullReturn } - if ($null -eq $group) - { - Write-Verbose -Message "The specified group {$DisplayName} doesn't already exist." - return $nullReturn - } - $result = @{ DisplayName = $DisplayName Id = $group.Id @@ -1032,6 +1022,7 @@ function Export-TargetResource CertificatePath = $CertificatePath AccessTokens = $AccessTokens } + $Script:exportedInstance = $group $Results = Get-TargetResource @Params if ($Results -is [System.Collections.Hashtable] -and $Results.Count -gt 1) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 index 7886c18717..6bdb698bb4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOHostedContentFilterPolicy/MSFT_EXOHostedContentFilterPolicy.psm1 @@ -1091,7 +1091,7 @@ function Test-TargetResource $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $ValuesToCheck ` + -DesiredValues $PSBoundParameters ` -ValuesToCheck $ValuesToCheck.Keys Write-Verbose -Message "Test-TargetResource returned $TestResult" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 index f89dd48825..d97fa4e9ea 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPermission/MSFT_EXOMailboxPermission.psm1 @@ -68,55 +68,53 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting permissions for Mailbox {$Identity}" - - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting permissions for Mailbox {$Identity}" + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = @{ + Identity = $Identity + Ensure = 'Absent' + } - $nullResult = @{ - Identity = $Identity - Ensure = 'Absent' - } + [Array]$permission = Get-MailboxPermission -Identity $Identity -ErrorAction Stop - try - { - [Array]$permission = Get-MailboxPermission -Identity $Identity -ErrorAction Stop + if ($permission.Length -gt 1) + { + $permission = $permission | Where-Object -FilterScript { $_.User -eq $User -and (Compare-Object -ReferenceObject $_.AccessRights.Replace(' ', '').Split(',') -DifferenceObject $AccessRights).Count -eq 0 } + } - if ($permission.Length -gt 1) - { - $permission = $permission | Where-Object -FilterScript { $_.User -eq $User -and (Compare-Object -ReferenceObject $_.AccessRights.Replace(' ', '').Split(',') -DifferenceObject $AccessRights).Count -eq 0 } - } + if ($permission.Length -gt 1) + { + $permission = $permission[0] + } - if ($permission.Length -gt 1) - { - $permission = $permission[0] + if ($null -eq $permission) + { + Write-Verbose -Message "Permission for mailbox {$($Identity)} do not exist." + return $nullResult + } } - - if ($null -eq $permission) + else { - Write-Verbose -Message "Permission for mailbox {$($Identity)} do not exist." - return $nullResult + $permission = $Script:exportedInstance } $result = @{ @@ -461,6 +459,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $permission $Results = Get-TargetResource @Params if ($Results -is [System.Collections.Hashtable] -and $Results.Count -gt 1) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRole/MSFT_EXOManagementRole.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRole/MSFT_EXOManagementRole.psm1 index 6053feec9b..a46721ad0e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRole/MSFT_EXOManagementRole.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRole/MSFT_EXOManagementRole.psm1 @@ -55,72 +55,61 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting Management Role configuration for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting Management Role configuration for $Name" + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - try - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $AllManagementRoles = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Name } - } - else - { $AllManagementRoles = Get-ManagementRole -ErrorAction Stop - } - $ManagementRole = $AllManagementRoles | Where-Object -FilterScript { $_.Name -eq $Name } + $ManagementRole = $AllManagementRoles | Where-Object -FilterScript { $_.Name -eq $Name } - if ($null -eq $ManagementRole) - { - Write-Verbose -Message "Management Role $($Name) does not exist." - return $nullReturn + if ($null -eq $ManagementRole) + { + Write-Verbose -Message "Management Role $($Name) does not exist." + return $nullReturn + } } else { - $result = @{ - Name = $ManagementRole.Name - Parent = $ManagementRole.Parent - Description = $ManagementRole.Description - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens - } + $ManagementRole = $Script:exportedInstance + } - Write-Verbose -Message "Found Management Role $($Name)" - return $result + $result = @{ + Name = $ManagementRole.Name + Parent = $ManagementRole.Parent + Description = $ManagementRole.Description + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Found Management Role $($Name)" + return $result } catch { @@ -419,6 +408,7 @@ function Export-TargetResource Parent = $ManagementRole.Parent AccessTokens = $AccessTokens } + $Script:exportedInstance = $ManagementRole $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 index 079b515252..4eb32acd7f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 @@ -91,110 +91,99 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting Management Role Assignment for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting Management Role Assignment for $Name" + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - try - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $roleAssignment = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Name } - } - else - { $roleAssignment = Get-ManagementRoleAssignment -Identity $Name -ErrorAction SilentlyContinue - } - if ($null -eq $roleAssignment) - { - Write-Verbose -Message "Management Role Assignment $($Name) does not exist." - return $nullReturn + if ($null -eq $roleAssignment) + { + Write-Verbose -Message "Management Role Assignment $($Name) does not exist." + return $nullReturn + } } else { - $RecipientAdministrativeUnitScopeValue = $null - if ($roleAssignment.RecipientWriteScope -eq 'AdministrativeUnit') - { - $adminUnit = Get-AdministrativeUnit -Identity $roleAssignment.CustomRecipientWriteScope - - if ($RecipientAdministrativeUnitScope -eq $adminUnit.Id) - { - $RecipientAdministrativeUnitScopeValue = $RecipientAdministrativeUnitScope - } - else - { - $RecipientAdministrativeUnitScopeValue = $adminUnit.DisplayName - } - } + $roleAssignment = $Script:exportedInstance + } - $result = @{ - Name = $roleAssignment.Name - CustomRecipientWriteScope = $roleAssignment.CustomRecipientWriteScope - CustomResourceScope = $roleAssignment.CustomResourceScope - ExclusiveRecipientWriteScope = $roleAssignment.ExclusiveRecipientWriteScope - RecipientAdministrativeUnitScope = $RecipientAdministrativeUnitScopeValue - RecipientOrganizationalUnitScope = $roleAssignment.RecipientOrganizationalUnitScope - RecipientRelativeWriteScope = $roleAssignment.RecipientRelativeWriteScope - Role = $roleAssignment.Role - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens - } + $RecipientAdministrativeUnitScopeValue = $null + if ($roleAssignment.RecipientWriteScope -eq 'AdministrativeUnit') + { + $adminUnit = Get-AdministrativeUnit -Identity $roleAssignment.CustomRecipientWriteScope - if ($roleAssignment.RoleAssigneeType -eq 'SecurityGroup' -or $roleAssignment.RoleAssigneeType -eq 'RoleGroup') - { - $result.Add('SecurityGroup', $roleAssignment.RoleAssignee) - } - elseif ($roleAssignment.RoleAssigneeType -eq 'RoleAssignmentPolicy') - { - $result.Add('Policy', $roleAssignment.RoleAssignee) - } - elseif ($roleAssignment.RoleAssigneeType -eq 'ServicePrincipal') + if ($RecipientAdministrativeUnitScope -eq $adminUnit.Id) { - $result.Add('App', $roleAssignment.RoleAssignee) + $RecipientAdministrativeUnitScopeValue = $RecipientAdministrativeUnitScope } - elseif ($roleAssignment.RoleAssigneeType -eq 'User') + else { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - $userInfo = Get-MgUser -UserId ($roleAssignment.RoleAssignee) - $result.Add('User', $userInfo.UserPrincipalName) + $RecipientAdministrativeUnitScopeValue = $adminUnit.DisplayName } + } + + $result = @{ + Name = $roleAssignment.Name + CustomRecipientWriteScope = $roleAssignment.CustomRecipientWriteScope + CustomResourceScope = $roleAssignment.CustomResourceScope + ExclusiveRecipientWriteScope = $roleAssignment.ExclusiveRecipientWriteScope + RecipientAdministrativeUnitScope = $RecipientAdministrativeUnitScopeValue + RecipientOrganizationalUnitScope = $roleAssignment.RecipientOrganizationalUnitScope + RecipientRelativeWriteScope = $roleAssignment.RecipientRelativeWriteScope + Role = $roleAssignment.Role + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens + } - Write-Verbose -Message "Found Management Role Assignment $($Name)" - return $result + if ($roleAssignment.RoleAssigneeType -eq 'SecurityGroup' -or $roleAssignment.RoleAssigneeType -eq 'RoleGroup') + { + $result.Add('SecurityGroup', $roleAssignment.RoleAssignee) + } + elseif ($roleAssignment.RoleAssigneeType -eq 'RoleAssignmentPolicy') + { + $result.Add('Policy', $roleAssignment.RoleAssignee) } + elseif ($roleAssignment.RoleAssigneeType -eq 'ServicePrincipal') + { + $result.Add('App', $roleAssignment.RoleAssignee) + } + elseif ($roleAssignment.RoleAssigneeType -eq 'User') + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + $userInfo = Get-MgUser -UserId ($roleAssignment.RoleAssignee) + $result.Add('User', $userInfo.UserPrincipalName) + } + + Write-Verbose -Message "Found Management Role Assignment $($Name)" + return $result } catch { @@ -607,6 +596,7 @@ function Export-TargetResource CertificatePath = $CertificatePath AccessTokens = $AccessTokens } + $Script:exportedInstance = $assignment $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 index 01be59dfff..e1ac63c5f1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleEntry/MSFT_EXOManagementRoleEntry.psm1 @@ -50,66 +50,54 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting Management Role Entry configuration for {$Identity}" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - try { - $IdentityParts = $Identity.Split('\') - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $roleEntry = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $IdentityParts[0] -and $_.Name -eq $IdentityParts[1] } - } - else + if (-not $Script:exportedInstance) { + Write-Verbose -Message "Getting Management Role Entry configuration for {$Identity}" + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + $roleEntry = Get-ManagementRoleEntry -Identity $Identity -ResultSize 'Unlimited' -ErrorAction Stop - } - if ($null -eq $roleEntry) - { - throw "Management Role Entry {$Identity} does not exist." + if ($null -eq $roleEntry) + { + throw "Management Role Entry {$Identity} does not exist." + } } else { - $result = @{ - Identity = $Identity - Parameters = $roleEntry.Parameters - Type = $roleEntry.Type - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - ManagedIdentity = $ManagedIdentity - AccessTokens = $AccessTokens - } + $roleEntry = $Script:exportedInstance + } - Write-Verbose -Message "Found Management Role Entry {$Identity}." - return $result + $result = @{ + Identity = $Identity + Parameters = $roleEntry.Parameters + Type = $roleEntry.Type + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + ManagedIdentity = $ManagedIdentity + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Found Management Role Entry {$Identity}." + return $result } catch { @@ -391,6 +379,7 @@ function Export-TargetResource CertificatePath = $CertificatePath AccessTokens = $AccessTokens } + $Script:exportedInstance = $roleEntry $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/MSFT_EXOMessageClassification.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/MSFT_EXOMessageClassification.psm1 index 26afd542c2..c0e2a83f82 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/MSFT_EXOMessageClassification.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMessageClassification/MSFT_EXOMessageClassification.psm1 @@ -79,50 +79,48 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting Message Classification Configuration for $($Identity)" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting Message Classification Configuration for $($Identity)" + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - try - { - $MessageClassification = Get-MessageClassification -Identity $Identity -ErrorAction Stop + $MessageClassification = Get-MessageClassification -Identity $Identity -ErrorAction Stop - if ($null -eq $MessageClassification) - { - if (-not [System.String]::IsNullOrEmpty($DisplayName)) - { - Write-Verbose -Message "Couldn't retrieve Message Classification policy by Id {$($Identity)}. Trying by DisplayName." - $MessageClassification = Get-MessageClassification -Identity $DisplayName - } if ($null -eq $MessageClassification) { - return $nullReturn + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + Write-Verbose -Message "Couldn't retrieve Message Classification policy by Id {$($Identity)}. Trying by DisplayName." + $MessageClassification = Get-MessageClassification -Identity $DisplayName + } + if ($null -eq $MessageClassification) + { + return $nullReturn + } } } + else + { + $MessageClassification = $Script:exportedInstance + } $result = @{ Identity = $Identity @@ -526,6 +524,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $MessageClassification $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleAssignmentPolicy/MSFT_EXORoleAssignmentPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleAssignmentPolicy/MSFT_EXORoleAssignmentPolicy.psm1 index 37a5795d20..9e3f4591d9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleAssignmentPolicy/MSFT_EXORoleAssignmentPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleAssignmentPolicy/MSFT_EXORoleAssignmentPolicy.psm1 @@ -59,67 +59,63 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting Role Assignment Policy configuration for $Name" - - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting Role Assignment Policy configuration for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - try - { - $AllRoleAssignmentPolicies = Get-RoleAssignmentPolicy -ErrorAction Stop + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - $RoleAssignmentPolicy = $AllRoleAssignmentPolicies | Where-Object -FilterScript { $_.Name -eq $Name } + $AllRoleAssignmentPolicies = Get-RoleAssignmentPolicy -ErrorAction Stop - if ($null -eq $RoleAssignmentPolicy) - { - Write-Verbose -Message "Role Assignment Policy $($Name) does not exist." - return $nullReturn + $RoleAssignmentPolicy = $AllRoleAssignmentPolicies | Where-Object -FilterScript { $_.Name -eq $Name } + + if ($null -eq $RoleAssignmentPolicy) + { + Write-Verbose -Message "Role Assignment Policy $($Name) does not exist." + return $nullReturn + } } else { - $result = @{ - Name = $RoleAssignmentPolicy.Name - Description = $RoleAssignmentPolicy.Description - IsDefault = $RoleAssignmentPolicy.IsDefault - Roles = $RoleAssignmentPolicy.AssignedRoles - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens - } + $RoleAssignmentPolicy = $Script:exportedInstance + } - Write-Verbose -Message "Found Role Assignment Policy $($Name)" - return $result + $result = @{ + Name = $RoleAssignmentPolicy.Name + Description = $RoleAssignmentPolicy.Description + IsDefault = $RoleAssignmentPolicy.IsDefault + Roles = $RoleAssignmentPolicy.AssignedRoles + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Found Role Assignment Policy $($Name)" + return $result } catch { @@ -454,6 +450,7 @@ function Export-TargetResource CertificatePath = $CertificatePath AccessTokens = $AccessTokens } + $Script:exportedInstance = $RoleAssignmentPolicy $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 index 040ebe5990..ca53609d6e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORoleGroup/MSFT_EXORoleGroup.psm1 @@ -59,66 +59,64 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting Role Group configuration for $Name" - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters + try + { + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting Role Group configuration for $Name" + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - try - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $RoleGroup = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } - } - else - { $AllRoleGroups = Get-RoleGroup -ErrorAction Stop $RoleGroup = $AllRoleGroups | Where-Object -FilterScript { $_.Name -eq $Name } - } - if ($null -eq $RoleGroup) - { - Write-Verbose -Message "Role Group $($Name) does not exist." - return $nullReturn + if ($null -eq $RoleGroup) + { + Write-Verbose -Message "Role Group $($Name) does not exist." + return $nullReturn + } } else { - # Get RoleGroup Members DN if RoleGroup exists. This is required especially when adding Members like "Exchange Administrator" or "Global Administrator" that have different Names across Tenants - $roleGroupMember = Get-RoleGroupMember -Identity $Name | Select-Object DisplayName - - $result = @{ - Name = $RoleGroup.Name - Description = $RoleGroup.Description - Members = $roleGroupMember.DisplayName - Roles = $RoleGroup.Roles - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens - } + $RoleGroup = $Script:exportedInstance + } - Write-Verbose -Message "Found Role Group $($Name)" - return $result + # Get RoleGroup Members DN if RoleGroup exists. This is required especially when adding Members like "Exchange Administrator" or "Global Administrator" that have different Names across Tenants + $roleGroupMember = Get-RoleGroupMember -Identity $Name | Select-Object DisplayName + + $result = @{ + Name = $RoleGroup.Name + Description = $RoleGroup.Description + Members = $roleGroupMember.DisplayName + Roles = $RoleGroup.Roles + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Found Role Group $($Name)" + return $result } catch { @@ -458,6 +456,7 @@ function Export-TargetResource CertificatePath = $CertificatePath AccessTokens = $AccessTokens } + $Script:exportedInstance = $RoleGroup $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.psm1 index 54ee8e009f..63c35441ce 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOSharedMailbox/MSFT_EXOSharedMailbox.psm1 @@ -62,60 +62,40 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of Office 365 Shared Mailbox $DisplayName" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try { - try + if (-not $Script:exportedInstance) { - if (-not [System.String]::IsNullOrEmpty($Identity)) + Write-Verbose -Message "Getting configuration of Office 365 Shared Mailbox $DisplayName" + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + try { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $mailbox = $Script:exportedInstances | Where-Object -FilterScript { $_.Identity -eq $Identity } - } - else + if (-not [System.String]::IsNullOrEmpty($Identity)) { $mailbox = $mailbox = Get-Mailbox -Identity $Identity ` -RecipientTypeDetails 'SharedMailbox' ` -ResultSize Unlimited ` -ErrorAction Stop } - } - if ($null -eq $mailbox) - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $mailbox = $Script:exportedInstances | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } - } - else + if ($null -eq $mailbox) { $mailbox = $mailbox = Get-Mailbox -Identity $DisplayName ` -RecipientTypeDetails 'SharedMailbox' ` @@ -123,16 +103,20 @@ function Get-TargetResource -ErrorAction Stop } } - } - catch - { - Write-Verbose -Message "Could not retrieve AAD roledefinition by Id: {$Id}" - } + catch + { + Write-Verbose -Message "Could not retrieve AAD roledefinition by Id: {$Id}" + } - if ($null -eq $mailbox) + if ($null -eq $mailbox) + { + Write-Verbose -Message "The specified Shared Mailbox doesn't already exist." + return $nullReturn + } + } + else { - Write-Verbose -Message "The specified Shared Mailbox doesn't already exist." - return $nullReturn + $mailbox = $Script:exportedInstance } #region EmailAddresses @@ -554,6 +538,7 @@ function Export-TargetResource CertificatePath = $CertificatePath AccessTokens = $AccessTokens } + $Script:exportedInstance = $mailbox $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/MSFT_EXOTenantAllowBlockListItems.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/MSFT_EXOTenantAllowBlockListItems.psm1 index 63a5ea5248..6e717a8c92 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/MSFT_EXOTenantAllowBlockListItems.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTenantAllowBlockListItems/MSFT_EXOTenantAllowBlockListItems.psm1 @@ -409,7 +409,7 @@ function Test-TargetResource $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $ValuesToCheck ` + -DesiredValues $PSBoundParameters ` -ValuesToCheck $ValuesToCheck.Keys Write-Verbose -Message "Test-TargetResource returned $testResult" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 index de0953b922..135dca0b4a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 @@ -739,258 +739,255 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting Transport Rule configuration for $Name" - - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting Transport Rule configuration for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $TransportRule = Get-TransportRule -Identity $Name -ErrorAction 'SilentlyContinue' + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - try - { - if ($null -eq $TransportRule) - { - Write-Verbose -Message "Transport Rule $($Name) does not exist." - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - return $nullReturn + $TransportRule = Get-TransportRule -Identity $Name -ErrorAction 'SilentlyContinue' + + if ($null -eq $TransportRule) + { + Write-Verbose -Message "Transport Rule $($Name) does not exist." + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + return $nullReturn + } } else { - $MessageContainsDataClassificationsValue = $null - if ($null -ne $TransportRule.MessageContainsDataClassifications) - { - $MessageContainsDataClassificationsValue = $TransportRule.MessageContainsDataClassifications.Replace('"', "'") - } + $TransportRule = $Script:exportedInstance + } - if ($TransportRule.State -eq 'Enabled') - { - $enabled = $true - } - else - { - $enabled = $false - } - $result = @{ - Name = $TransportRule.Name - ADComparisonAttribute = $TransportRule.ADComparisonAttribute - ADComparisonOperator = $TransportRule.ADComparisonOperator - ActivationDate = $TransportRule.ActivationDate - AddManagerAsRecipientType = $TransportRule.AddManagerAsRecipientType - AddToRecipients = $TransportRule.AddToRecipients - AnyOfCcHeader = $TransportRule.AnyOfCcHeader - AnyOfCcHeaderMemberOf = $TransportRule.AnyOfCcHeaderMemberOf - AnyOfRecipientAddressContainsWords = $TransportRule.AnyOfRecipientAddressContainsWords - AnyOfRecipientAddressMatchesPatterns = $TransportRule.AnyOfRecipientAddressMatchesPatterns - AnyOfToCcHeader = $TransportRule.AnyOfToCcHeader - AnyOfToCcHeaderMemberOf = $TransportRule.AnyOfToCcHeaderMemberOf - AnyOfToHeader = $TransportRule.AnyOfToHeader - AnyOfToHeaderMemberOf = $TransportRule.AnyOfToHeaderMemberOf - ApplyClassification = $TransportRule.ApplyClassification - ApplyHtmlDisclaimerFallbackAction = $TransportRule.ApplyHtmlDisclaimerFallbackAction - ApplyHtmlDisclaimerLocation = $TransportRule.ApplyHtmlDisclaimerLocation - ApplyHtmlDisclaimerText = $TransportRule.ApplyHtmlDisclaimerText - ApplyOME = $TransportRule.ApplyOME - ApplyRightsProtectionCustomizationTemplate = $TransportRule.ApplyRightsProtectionCustomizationTemplate - ApplyRightsProtectionTemplate = $TransportRule.ApplyRightsProtectionTemplate - AttachmentContainsWords = $TransportRule.AttachmentContainsWords - AttachmentExtensionMatchesWords = $TransportRule.AttachmentExtensionMatchesWords - AttachmentHasExecutableContent = $TransportRule.AttachmentHasExecutableContent - AttachmentIsPasswordProtected = $TransportRule.AttachmentIsPasswordProtected - AttachmentIsUnsupported = $TransportRule.AttachmentIsUnsupported - AttachmentMatchesPatterns = $TransportRule.AttachmentMatchesPatterns - AttachmentNameMatchesPatterns = $TransportRule.AttachmentNameMatchesPatterns - AttachmentPropertyContainsWords = $TransportRule.AttachmentPropertyContainsWords - AttachmentProcessingLimitExceeded = $TransportRule.AttachmentProcessingLimitExceeded - AttachmentSizeOver = $TransportRule.AttachmentSizeOver - BetweenMemberOf1 = $TransportRule.BetweenMemberOf1 - BetweenMemberOf2 = $TransportRule.BetweenMemberOf2 - BlindCopyTo = $TransportRule.BlindCopyTo - Comments = $TransportRule.Comments - ContentCharacterSetContainsWords = $TransportRule.ContentCharacterSetContainsWords - CopyTo = $TransportRule.CopyTo - DeleteMessage = $TransportRule.DeleteMessage - DlpPolicy = $TransportRule.DlpPolicy - Enabled = $enabled - ExceptIfADComparisonAttribute = $TransportRule.ExceptIfADComparisonAttribute - ExceptIfADComparisonOperator = $TransportRule.ExceptIfADComparisonOperator - ExceptIfAnyOfCcHeader = $TransportRule.ExceptIfAnyOfCcHeader - ExceptIfAnyOfCcHeaderMemberOf = $TransportRule.ExceptIfAnyOfCcHeaderMemberOf - ExceptIfAnyOfRecipientAddressContainsWords = $TransportRule.ExceptIfAnyOfRecipientAddressContainsWords - ExceptIfAnyOfRecipientAddressMatchesPatterns = $TransportRule.ExceptIfAnyOfRecipientAddressMatchesPatterns - ExceptIfAnyOfToCcHeader = $TransportRule.ExceptIfAnyOfToCcHeader - ExceptIfAnyOfToCcHeaderMemberOf = $TransportRule.ExceptIfAnyOfToCcHeaderMemberOf - ExceptIfAnyOfToHeader = $TransportRule.ExceptIfAnyOfToHeader - ExceptIfAnyOfToHeaderMemberOf = $TransportRule.ExceptIfAnyOfToHeaderMemberOf - ExceptIfAttachmentContainsWords = $TransportRule.ExceptIfAttachmentContainsWords - ExceptIfAttachmentExtensionMatchesWords = $TransportRule.ExceptIfAttachmentExtensionMatchesWords - ExceptIfAttachmentHasExecutableContent = $TransportRule.ExceptIfAttachmentHasExecutableContent - ExceptIfAttachmentIsPasswordProtected = $TransportRule.ExceptIfAttachmentIsPasswordProtected - ExceptIfAttachmentIsUnsupported = $TransportRule.ExceptIfAttachmentIsUnsupported - ExceptIfAttachmentMatchesPatterns = $TransportRule.ExceptIfAttachmentMatchesPatterns - ExceptIfAttachmentNameMatchesPatterns = $TransportRule.ExceptIfAttachmentNameMatchesPatterns - ExceptIfAttachmentPropertyContainsWords = $TransportRule.ExceptIfAttachmentPropertyContainsWords - ExceptIfAttachmentProcessingLimitExceeded = $TransportRule.ExceptIfAttachmentProcessingLimitExceeded - ExceptIfAttachmentSizeOver = $TransportRule.ExceptIfAttachmentSizeOver - ExceptIfBetweenMemberOf1 = $TransportRule.ExceptIfBetweenMemberOf1 - ExceptIfBetweenMemberOf2 = $TransportRule.ExceptIfBetweenMemberOf2 - ExceptIfContentCharacterSetContainsWords = $TransportRule.ExceptIfContentCharacterSetContainsWords - ExceptIfFrom = $TransportRule.ExceptIfFrom - ExceptIfFromAddressContainsWords = $TransportRule.ExceptIfFromAddressContainsWords - ExceptIfFromAddressMatchesPatterns = $TransportRule.ExceptIfFromAddressMatchesPatterns - ExceptIfFromMemberOf = $TransportRule.ExceptIfFromMemberOf - ExceptIfFromScope = $TransportRule.ExceptIfFromScope - ExceptIfHasClassification = $TransportRule.ExceptIfHasClassification - ExceptIfHasNoClassification = $TransportRule.ExceptIfHasNoClassification - ExceptIfHeaderContainsMessageHeader = $TransportRule.ExceptIfHeaderContainsMessageHeader - ExceptIfHeaderContainsWords = $TransportRule.ExceptIfHeaderContainsWords - ExceptIfHeaderMatchesMessageHeader = $TransportRule.ExceptIfHeaderMatchesMessageHeader - ExceptIfHeaderMatchesPatterns = $TransportRule.ExceptIfHeaderMatchesPatterns - ExceptIfManagerAddresses = $TransportRule.ExceptIfManagerAddresses - ExceptIfManagerForEvaluatedUser = $TransportRule.ExceptIfManagerForEvaluatedUser - ExceptIfMessageTypeMatches = $TransportRule.ExceptIfMessageTypeMatches - ExceptIfMessageSizeOver = $TransportRule.ExceptIfMessageSizeOver - ExceptIfRecipientADAttributeContainsWords = $TransportRule.ExceptIfRecipientADAttributeContainsWords - ExceptIfRecipientADAttributeMatchesPatterns = $TransportRule.ExceptIfRecipientADAttributeMatchesPatterns - ExceptIfRecipientAddressContainsWords = $TransportRule.ExceptIfRecipientAddressContainsWords - ExceptIfRecipientAddressMatchesPatterns = $TransportRule.ExceptIfRecipientAddressMatchesPatterns - ExceptIfRecipientDomainIs = $TransportRule.ExceptIfRecipientDomainIs - ExceptIfRecipientInSenderList = $TransportRule.ExceptIfRecipientInSenderList - ExceptIfSCLOver = $TransportRule.ExceptIfSCLOver - ExceptIfSenderADAttributeContainsWords = $TransportRule.ExceptIfSenderADAttributeContainsWords - ExceptIfSenderADAttributeMatchesPatterns = $TransportRule.ExceptIfSenderADAttributeMatchesPatterns - ExceptIfSenderDomainIs = $TransportRule.ExceptIfSenderDomainIs - ExceptIfSenderInRecipientList = $TransportRule.ExceptIfSenderInRecipientList - ExceptIfSenderIpRanges = $TransportRule.ExceptIfSenderIpRanges - ExceptIfSenderManagementRelationship = $TransportRule.ExceptIfSenderManagementRelationship - ExceptIfSentTo = $TransportRule.ExceptIfSentTo - ExceptIfSentToMemberOf = $TransportRule.ExceptIfSentToMemberOf - ExceptIfSentToScope = $TransportRule.ExceptIfSentToScope - ExceptIfSubjectContainsWords = $TransportRule.ExceptIfSubjectContainsWords - ExceptIfSubjectMatchesPatterns = $TransportRule.ExceptIfSubjectMatchesPatterns - ExceptIfSubjectOrBodyContainsWords = $TransportRule.ExceptIfSubjectOrBodyContainsWords - ExceptIfSubjectOrBodyMatchesPatterns = $TransportRule.ExceptIfSubjectOrBodyMatchesPatterns - ExceptIfWithImportance = $TransportRule.ExceptIfWithImportance - ExpiryDate = $TransportRule.ExpiryDate - From = $TransportRule.From - FromAddressContainsWords = $TransportRule.FromAddressContainsWords - FromAddressMatchesPatterns = $TransportRule.FromAddressMatchesPatterns - FromMemberOf = $TransportRule.FromMemberOf - FromScope = $TransportRule.FromScope - GenerateIncidentReport = $TransportRule.GenerateIncidentReport - GenerateNotification = $TransportRule.GenerateNotification - HasClassification = $TransportRule.HasClassification - HasNoClassification = $TransportRule.HasNoClassification - HeaderContainsMessageHeader = $TransportRule.HeaderContainsMessageHeader - HeaderContainsWords = $TransportRule.HeaderContainsWords - HeaderMatchesMessageHeader = $TransportRule.HeaderMatchesMessageHeader - HeaderMatchesPatterns = $TransportRule.HeaderMatchesPatterns - IncidentReportContent = $TransportRule.IncidentReportContent - ManagerAddresses = $TransportRule.ManagerAddresses - ManagerForEvaluatedUser = $TransportRule.ManagerForEvaluatedUser - MessageSizeOver = $TransportRule.MessageSizeOver - MessageTypeMatches = $TransportRule.MessageTypeMatches - Mode = $TransportRule.Mode - ModerateMessageByManager = $TransportRule.ModerateMessageByManager - ModerateMessageByUser = $TransportRule.ModerateMessageByUser - PrependSubject = $TransportRule.PrependSubject - Priority = $TransportRule.Priority - Quarantine = $TransportRule.Quarantine - RecipientADAttributeContainsWords = $TransportRule.RecipientADAttributeContainsWords - RecipientADAttributeMatchesPatterns = $TransportRule.RecipientADAttributeMatchesPatterns - RecipientAddressContainsWords = $TransportRule.RecipientAddressContainsWords - RecipientAddressMatchesPatterns = $TransportRule.RecipientAddressMatchesPatterns - RecipientAddressType = $TransportRule.RecipientAddressType - RecipientDomainIs = $TransportRule.RecipientDomainIs - RecipientInSenderList = $TransportRule.RecipientInSenderList - RedirectMessageTo = $TransportRule.RedirectMessageTo - RejectMessageEnhancedStatusCode = $TransportRule.RejectMessageEnhancedStatusCode - RejectMessageReasonText = $TransportRule.RejectMessageReasonText - RemoveHeader = $TransportRule.RemoveHeader - RemoveOME = $TransportRule.RemoveOME - RemoveOMEv2 = $TransportRule.RemoveOMEv2 - RemoveRMSAttachmentEncryption = $TransportRule.RemoveRMSAttachmentEncryption - RouteMessageOutboundConnector = $TransportRule.RouteMessageOutboundConnector - RouteMessageOutboundRequireTls = $TransportRule.RouteMessageOutboundRequireTls - RuleErrorAction = $TransportRule.RuleErrorAction - RuleSubType = $TransportRule.RuleSubType - SCLOver = $TransportRule.SCLOver - SenderADAttributeContainsWords = $TransportRule.SenderADAttributeContainsWords - SenderADAttributeMatchesPatterns = $TransportRule.SenderADAttributeMatchesPatterns - SenderAddressLocation = $TransportRule.SenderAddressLocation - SenderDomainIs = $TransportRule.SenderDomainIs - SenderInRecipientList = $TransportRule.SenderInRecipientList - SenderIpRanges = $TransportRule.SenderIpRanges - SenderManagementRelationship = $TransportRule.SenderManagementRelationship - SentTo = $TransportRule.SentTo - SentToMemberOf = $TransportRule.SentToMemberOf - SentToScope = $TransportRule.SentToScope - SetAuditSeverity = $TransportRule.SetAuditSeverity - SetHeaderName = $TransportRule.SetHeaderName - SetHeaderValue = $TransportRule.SetHeaderValue - SetSCL = $TransportRule.SetSCL - StopRuleProcessing = $TransportRule.StopRuleProcessing - SubjectContainsWords = $TransportRule.SubjectContainsWords - SubjectMatchesPatterns = $TransportRule.SubjectMatchesPatterns - SubjectOrBodyContainsWords = $TransportRule.SubjectOrBodyContainsWords - SubjectOrBodyMatchesPatterns = $TransportRule.SubjectOrBodyMatchesPatterns - WithImportance = $TransportRule.WithImportance - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens - } - $inputParams = (Get-Command 'Get-TargetResource').Parameters - foreach ($key in $inputParams.Keys) - { - $propertyInfo = $inputParams.$key - $curVar = $TransportRule.$key - if ($propertyInfo.ParameterType.Name -eq 'String[]' -and $curVar -eq $null) - { - $result.$key = @() - } - } + $MessageContainsDataClassificationsValue = $null + if ($null -ne $TransportRule.MessageContainsDataClassifications) + { + $MessageContainsDataClassificationsValue = $TransportRule.MessageContainsDataClassifications.Replace('"', "'") + } - # Formats DateTime as String - if ($null -ne $result.ActivationDate) - { - $result.ActivationDate = $TransportRule.ActivationDate.ToUniversalTime().ToString() - } - if ($null -ne $result.ExpiryDate) + if ($TransportRule.State -eq 'Enabled') + { + $enabled = $true + } + else + { + $enabled = $false + } + + $result = @{ + Name = $TransportRule.Name + ADComparisonAttribute = $TransportRule.ADComparisonAttribute + ADComparisonOperator = $TransportRule.ADComparisonOperator + ActivationDate = $TransportRule.ActivationDate + AddManagerAsRecipientType = $TransportRule.AddManagerAsRecipientType + AddToRecipients = $TransportRule.AddToRecipients + AnyOfCcHeader = $TransportRule.AnyOfCcHeader + AnyOfCcHeaderMemberOf = $TransportRule.AnyOfCcHeaderMemberOf + AnyOfRecipientAddressContainsWords = $TransportRule.AnyOfRecipientAddressContainsWords + AnyOfRecipientAddressMatchesPatterns = $TransportRule.AnyOfRecipientAddressMatchesPatterns + AnyOfToCcHeader = $TransportRule.AnyOfToCcHeader + AnyOfToCcHeaderMemberOf = $TransportRule.AnyOfToCcHeaderMemberOf + AnyOfToHeader = $TransportRule.AnyOfToHeader + AnyOfToHeaderMemberOf = $TransportRule.AnyOfToHeaderMemberOf + ApplyClassification = $TransportRule.ApplyClassification + ApplyHtmlDisclaimerFallbackAction = $TransportRule.ApplyHtmlDisclaimerFallbackAction + ApplyHtmlDisclaimerLocation = $TransportRule.ApplyHtmlDisclaimerLocation + ApplyHtmlDisclaimerText = $TransportRule.ApplyHtmlDisclaimerText + ApplyOME = $TransportRule.ApplyOME + ApplyRightsProtectionCustomizationTemplate = $TransportRule.ApplyRightsProtectionCustomizationTemplate + ApplyRightsProtectionTemplate = $TransportRule.ApplyRightsProtectionTemplate + AttachmentContainsWords = $TransportRule.AttachmentContainsWords + AttachmentExtensionMatchesWords = $TransportRule.AttachmentExtensionMatchesWords + AttachmentHasExecutableContent = $TransportRule.AttachmentHasExecutableContent + AttachmentIsPasswordProtected = $TransportRule.AttachmentIsPasswordProtected + AttachmentIsUnsupported = $TransportRule.AttachmentIsUnsupported + AttachmentMatchesPatterns = $TransportRule.AttachmentMatchesPatterns + AttachmentNameMatchesPatterns = $TransportRule.AttachmentNameMatchesPatterns + AttachmentPropertyContainsWords = $TransportRule.AttachmentPropertyContainsWords + AttachmentProcessingLimitExceeded = $TransportRule.AttachmentProcessingLimitExceeded + AttachmentSizeOver = $TransportRule.AttachmentSizeOver + BetweenMemberOf1 = $TransportRule.BetweenMemberOf1 + BetweenMemberOf2 = $TransportRule.BetweenMemberOf2 + BlindCopyTo = $TransportRule.BlindCopyTo + Comments = $TransportRule.Comments + ContentCharacterSetContainsWords = $TransportRule.ContentCharacterSetContainsWords + CopyTo = $TransportRule.CopyTo + DeleteMessage = $TransportRule.DeleteMessage + DlpPolicy = $TransportRule.DlpPolicy + Enabled = $enabled + ExceptIfADComparisonAttribute = $TransportRule.ExceptIfADComparisonAttribute + ExceptIfADComparisonOperator = $TransportRule.ExceptIfADComparisonOperator + ExceptIfAnyOfCcHeader = $TransportRule.ExceptIfAnyOfCcHeader + ExceptIfAnyOfCcHeaderMemberOf = $TransportRule.ExceptIfAnyOfCcHeaderMemberOf + ExceptIfAnyOfRecipientAddressContainsWords = $TransportRule.ExceptIfAnyOfRecipientAddressContainsWords + ExceptIfAnyOfRecipientAddressMatchesPatterns = $TransportRule.ExceptIfAnyOfRecipientAddressMatchesPatterns + ExceptIfAnyOfToCcHeader = $TransportRule.ExceptIfAnyOfToCcHeader + ExceptIfAnyOfToCcHeaderMemberOf = $TransportRule.ExceptIfAnyOfToCcHeaderMemberOf + ExceptIfAnyOfToHeader = $TransportRule.ExceptIfAnyOfToHeader + ExceptIfAnyOfToHeaderMemberOf = $TransportRule.ExceptIfAnyOfToHeaderMemberOf + ExceptIfAttachmentContainsWords = $TransportRule.ExceptIfAttachmentContainsWords + ExceptIfAttachmentExtensionMatchesWords = $TransportRule.ExceptIfAttachmentExtensionMatchesWords + ExceptIfAttachmentHasExecutableContent = $TransportRule.ExceptIfAttachmentHasExecutableContent + ExceptIfAttachmentIsPasswordProtected = $TransportRule.ExceptIfAttachmentIsPasswordProtected + ExceptIfAttachmentIsUnsupported = $TransportRule.ExceptIfAttachmentIsUnsupported + ExceptIfAttachmentMatchesPatterns = $TransportRule.ExceptIfAttachmentMatchesPatterns + ExceptIfAttachmentNameMatchesPatterns = $TransportRule.ExceptIfAttachmentNameMatchesPatterns + ExceptIfAttachmentPropertyContainsWords = $TransportRule.ExceptIfAttachmentPropertyContainsWords + ExceptIfAttachmentProcessingLimitExceeded = $TransportRule.ExceptIfAttachmentProcessingLimitExceeded + ExceptIfAttachmentSizeOver = $TransportRule.ExceptIfAttachmentSizeOver + ExceptIfBetweenMemberOf1 = $TransportRule.ExceptIfBetweenMemberOf1 + ExceptIfBetweenMemberOf2 = $TransportRule.ExceptIfBetweenMemberOf2 + ExceptIfContentCharacterSetContainsWords = $TransportRule.ExceptIfContentCharacterSetContainsWords + ExceptIfFrom = $TransportRule.ExceptIfFrom + ExceptIfFromAddressContainsWords = $TransportRule.ExceptIfFromAddressContainsWords + ExceptIfFromAddressMatchesPatterns = $TransportRule.ExceptIfFromAddressMatchesPatterns + ExceptIfFromMemberOf = $TransportRule.ExceptIfFromMemberOf + ExceptIfFromScope = $TransportRule.ExceptIfFromScope + ExceptIfHasClassification = $TransportRule.ExceptIfHasClassification + ExceptIfHasNoClassification = $TransportRule.ExceptIfHasNoClassification + ExceptIfHeaderContainsMessageHeader = $TransportRule.ExceptIfHeaderContainsMessageHeader + ExceptIfHeaderContainsWords = $TransportRule.ExceptIfHeaderContainsWords + ExceptIfHeaderMatchesMessageHeader = $TransportRule.ExceptIfHeaderMatchesMessageHeader + ExceptIfHeaderMatchesPatterns = $TransportRule.ExceptIfHeaderMatchesPatterns + ExceptIfManagerAddresses = $TransportRule.ExceptIfManagerAddresses + ExceptIfManagerForEvaluatedUser = $TransportRule.ExceptIfManagerForEvaluatedUser + ExceptIfMessageTypeMatches = $TransportRule.ExceptIfMessageTypeMatches + ExceptIfMessageSizeOver = $TransportRule.ExceptIfMessageSizeOver + ExceptIfRecipientADAttributeContainsWords = $TransportRule.ExceptIfRecipientADAttributeContainsWords + ExceptIfRecipientADAttributeMatchesPatterns = $TransportRule.ExceptIfRecipientADAttributeMatchesPatterns + ExceptIfRecipientAddressContainsWords = $TransportRule.ExceptIfRecipientAddressContainsWords + ExceptIfRecipientAddressMatchesPatterns = $TransportRule.ExceptIfRecipientAddressMatchesPatterns + ExceptIfRecipientDomainIs = $TransportRule.ExceptIfRecipientDomainIs + ExceptIfRecipientInSenderList = $TransportRule.ExceptIfRecipientInSenderList + ExceptIfSCLOver = $TransportRule.ExceptIfSCLOver + ExceptIfSenderADAttributeContainsWords = $TransportRule.ExceptIfSenderADAttributeContainsWords + ExceptIfSenderADAttributeMatchesPatterns = $TransportRule.ExceptIfSenderADAttributeMatchesPatterns + ExceptIfSenderDomainIs = $TransportRule.ExceptIfSenderDomainIs + ExceptIfSenderInRecipientList = $TransportRule.ExceptIfSenderInRecipientList + ExceptIfSenderIpRanges = $TransportRule.ExceptIfSenderIpRanges + ExceptIfSenderManagementRelationship = $TransportRule.ExceptIfSenderManagementRelationship + ExceptIfSentTo = $TransportRule.ExceptIfSentTo + ExceptIfSentToMemberOf = $TransportRule.ExceptIfSentToMemberOf + ExceptIfSentToScope = $TransportRule.ExceptIfSentToScope + ExceptIfSubjectContainsWords = $TransportRule.ExceptIfSubjectContainsWords + ExceptIfSubjectMatchesPatterns = $TransportRule.ExceptIfSubjectMatchesPatterns + ExceptIfSubjectOrBodyContainsWords = $TransportRule.ExceptIfSubjectOrBodyContainsWords + ExceptIfSubjectOrBodyMatchesPatterns = $TransportRule.ExceptIfSubjectOrBodyMatchesPatterns + ExceptIfWithImportance = $TransportRule.ExceptIfWithImportance + ExpiryDate = $TransportRule.ExpiryDate + From = $TransportRule.From + FromAddressContainsWords = $TransportRule.FromAddressContainsWords + FromAddressMatchesPatterns = $TransportRule.FromAddressMatchesPatterns + FromMemberOf = $TransportRule.FromMemberOf + FromScope = $TransportRule.FromScope + GenerateIncidentReport = $TransportRule.GenerateIncidentReport + GenerateNotification = $TransportRule.GenerateNotification + HasClassification = $TransportRule.HasClassification + HasNoClassification = $TransportRule.HasNoClassification + HeaderContainsMessageHeader = $TransportRule.HeaderContainsMessageHeader + HeaderContainsWords = $TransportRule.HeaderContainsWords + HeaderMatchesMessageHeader = $TransportRule.HeaderMatchesMessageHeader + HeaderMatchesPatterns = $TransportRule.HeaderMatchesPatterns + IncidentReportContent = $TransportRule.IncidentReportContent + ManagerAddresses = $TransportRule.ManagerAddresses + ManagerForEvaluatedUser = $TransportRule.ManagerForEvaluatedUser + MessageSizeOver = $TransportRule.MessageSizeOver + MessageTypeMatches = $TransportRule.MessageTypeMatches + Mode = $TransportRule.Mode + ModerateMessageByManager = $TransportRule.ModerateMessageByManager + ModerateMessageByUser = $TransportRule.ModerateMessageByUser + PrependSubject = $TransportRule.PrependSubject + Priority = $TransportRule.Priority + Quarantine = $TransportRule.Quarantine + RecipientADAttributeContainsWords = $TransportRule.RecipientADAttributeContainsWords + RecipientADAttributeMatchesPatterns = $TransportRule.RecipientADAttributeMatchesPatterns + RecipientAddressContainsWords = $TransportRule.RecipientAddressContainsWords + RecipientAddressMatchesPatterns = $TransportRule.RecipientAddressMatchesPatterns + RecipientAddressType = $TransportRule.RecipientAddressType + RecipientDomainIs = $TransportRule.RecipientDomainIs + RecipientInSenderList = $TransportRule.RecipientInSenderList + RedirectMessageTo = $TransportRule.RedirectMessageTo + RejectMessageEnhancedStatusCode = $TransportRule.RejectMessageEnhancedStatusCode + RejectMessageReasonText = $TransportRule.RejectMessageReasonText + RemoveHeader = $TransportRule.RemoveHeader + RemoveOME = $TransportRule.RemoveOME + RemoveOMEv2 = $TransportRule.RemoveOMEv2 + RemoveRMSAttachmentEncryption = $TransportRule.RemoveRMSAttachmentEncryption + RouteMessageOutboundConnector = $TransportRule.RouteMessageOutboundConnector + RouteMessageOutboundRequireTls = $TransportRule.RouteMessageOutboundRequireTls + RuleErrorAction = $TransportRule.RuleErrorAction + RuleSubType = $TransportRule.RuleSubType + SCLOver = $TransportRule.SCLOver + SenderADAttributeContainsWords = $TransportRule.SenderADAttributeContainsWords + SenderADAttributeMatchesPatterns = $TransportRule.SenderADAttributeMatchesPatterns + SenderAddressLocation = $TransportRule.SenderAddressLocation + SenderDomainIs = $TransportRule.SenderDomainIs + SenderInRecipientList = $TransportRule.SenderInRecipientList + SenderIpRanges = $TransportRule.SenderIpRanges + SenderManagementRelationship = $TransportRule.SenderManagementRelationship + SentTo = $TransportRule.SentTo + SentToMemberOf = $TransportRule.SentToMemberOf + SentToScope = $TransportRule.SentToScope + SetAuditSeverity = $TransportRule.SetAuditSeverity + SetHeaderName = $TransportRule.SetHeaderName + SetHeaderValue = $TransportRule.SetHeaderValue + SetSCL = $TransportRule.SetSCL + StopRuleProcessing = $TransportRule.StopRuleProcessing + SubjectContainsWords = $TransportRule.SubjectContainsWords + SubjectMatchesPatterns = $TransportRule.SubjectMatchesPatterns + SubjectOrBodyContainsWords = $TransportRule.SubjectOrBodyContainsWords + SubjectOrBodyMatchesPatterns = $TransportRule.SubjectOrBodyMatchesPatterns + WithImportance = $TransportRule.WithImportance + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens + } + $inputParams = (Get-Command 'Get-TargetResource').Parameters + foreach ($key in $inputParams.Keys) + { + $propertyInfo = $inputParams.$key + $curVar = $TransportRule.$key + if ($propertyInfo.ParameterType.Name -eq 'String[]' -and $curVar -eq $null) { - $result.ExpiryDate = $TransportRule.ExpiryDate.ToUniversalTime().ToString() + $result.$key = @() } + } - Write-Verbose -Message "Found Transport Rule $($Name)" - return $result + # Formats DateTime as String + if ($null -ne $result.ActivationDate) + { + $result.ActivationDate = $TransportRule.ActivationDate.ToUniversalTime().ToString() + } + if ($null -ne $result.ExpiryDate) + { + $result.ExpiryDate = $TransportRule.ExpiryDate.ToUniversalTime().ToString() } + + Write-Verbose -Message "Found Transport Rule $($Name)" + return $result } catch { @@ -1823,7 +1820,7 @@ function Set-TargetResource } # CASE: Transport Rule exists and it should, but has different values than the desired ones elseif ($Ensure -eq 'Present' -and $currentTransportRuleConfig.Ensure -eq 'Present') - { + { if ($null -ne $HeaderContainsMessageHeader -and $null -eq $currentTransportRuleConfig.HeaderContainsMessageHeader) { $SetTransportRuleParams.Add("HeaderContainsMessageHeader",$null) @@ -1835,7 +1832,7 @@ function Set-TargetResource if ($null -ne $ExceptIfHeaderContainsWords -and $null -eq $currentTransportRuleConfig.ExceptIfHeaderContainsMessageHeader) { $SetTransportRuleParams.Add("ExceptIfHeaderContainsMessageHeader",$null) - } + } if ($null -ne $ExceptIfHeaderMatchesPatterns -and $null -eq $currentTransportRuleConfig.ExceptIfHeaderMatchesMessageHeader) { $SetTransportRuleParams.Add("ExceptIfHeaderMatchesMessageHeader",$null) @@ -2715,6 +2712,7 @@ function Export-TargetResource CertificatePath = $CertificatePath AccessTokens = $AccessTokens } + $Script:exportedInstance = $TransportRule $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof index 5be2160e33..3da55688de 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.schema.mof @@ -153,7 +153,7 @@ class MSFT_EXOTransportRule : OMI_BaseResource [Write, Description("The SenderADAttributeMatchesPatterns parameter specifies a condition that looks for text patterns in Active Directory attributes of message senders by using regular expressions.")] String SenderADAttributeMatchesPatterns[]; [Write, Description("The SenderAddressLocation parameter specifies where to look for sender addresses in conditions and exceptions that examine sender email addresses."), ValueMap{"Header","Envelope","HeaderOrEnvelope"}, Values{"Header","Envelope","HeaderOrEnvelope"}] String SenderAddressLocation; [Write, Description("The SenderDomainIs parameter specifies a condition that looks for senders with email address in the specified domains.")] String SenderDomainIs[]; - [Write, Description("This parameter is reserved for internal Microsoft use.")] String SenderInRecipientList; + [Write, Description("This parameter is reserved for internal Microsoft use.")] String SenderInRecipientList[]; [Write, Description("The SenderIpRanges parameter specifies a condition that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.")] String SenderIpRanges[]; [Write, Description("The SenderManagementRelationship parameter specifies a condition that looks for the relationship between the sender and recipients in messages."), ValueMap{"Manager","DirectReport"}, Values{"Manager","DirectReport"}] String SenderManagementRelationship; [Write, Description("The SentTo parameter specifies a condition that looks for recipients in messages.")] String SentTo[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 index 25923165c7..2dc89822d5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 @@ -61,6 +61,10 @@ function Get-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $AllowFreeTrial, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowGetOneLakeUDK, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $AllowGuestLookup, @@ -69,6 +73,14 @@ function Get-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $AllowGuestUserToAccessSharedContent, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowMountDfCreation, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowOneLakeUDK, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $AllowPowerBIASDQOnTenant, @@ -93,6 +105,10 @@ function Get-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $AppPush, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ArtifactOrgAppPreview, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $ArtifactSearchTenant, @@ -597,14 +613,18 @@ function Get-TargetResource AllowExternalDataSharingReceiverSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowExternalDataSharingReceiverSwitch' }) AllowExternalDataSharingSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowExternalDataSharingSwitch' }) AllowFreeTrial = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowFreeTrial' }) + AllowGetOneLakeUDK = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowGetOneLakeUDK' }) AllowGuestLookup = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowGuestLookup' }) AllowGuestUserToAccessSharedContent = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowGuestUserToAccessSharedContent' }) + AllowMountDfCreation = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowMountDfCreation' }) + AllowOneLakeUDK = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowOneLakeUDK' }) AllowPowerBIASDQOnTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowPowerBIASDQOnTenant' }) AllowSendAOAIDataToOtherRegions = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowSendAOAIDataToOtherRegions' }) AllowSendNLToDaxDataToOtherRegions = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowSendNLToDaxDataToOtherRegions' }) AllowServicePrincipalsCreateAndUseProfiles = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowServicePrincipalsCreateAndUseProfiles' }) AllowServicePrincipalsUseReadAdminAPIs = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AllowServicePrincipalsUseReadAdminAPIs' }) AppPush = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'AppPush' }) + ArtifactOrgAppPreview = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ArtifactOrgAppPreview' }) ArtifactSearchTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ArtifactSearchTenant' }) ASCollectQueryTextTelemetryTenantSwitch = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ASCollectQueryTextTelemetryTenantSwitch' }) ASShareableCloudConnectionBindingSecurityModeTenant = Get-M365DSCFabricTenantSettingObject -Setting ($instance.tenantSettings | Where-Object -FilterScript { $_.settingName -eq 'ASShareableCloudConnectionBindingSecurityModeTenant' }) @@ -796,6 +816,10 @@ function Set-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $AllowFreeTrial, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowGetOneLakeUDK, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $AllowGuestLookup, @@ -804,6 +828,14 @@ function Set-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $AllowGuestUserToAccessSharedContent, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowMountDfCreation, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowOneLakeUDK, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $AllowPowerBIASDQOnTenant, @@ -828,6 +860,10 @@ function Set-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $AppPush, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ArtifactOrgAppPreview, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $ArtifactSearchTenant, @@ -1351,6 +1387,10 @@ function Test-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $AllowFreeTrial, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowGetOneLakeUDK, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $AllowGuestLookup, @@ -1359,6 +1399,14 @@ function Test-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $AllowGuestUserToAccessSharedContent, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowMountDfCreation, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $AllowOneLakeUDK, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $AllowPowerBIASDQOnTenant, @@ -1383,6 +1431,10 @@ function Test-TargetResource [Microsoft.Management.Infrastructure.CimInstance] $AppPush, + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $ArtifactOrgAppPreview, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $ArtifactSearchTenant, @@ -2104,7 +2156,7 @@ function Get-M365DSCFabricTenantSettingObject } if (-not [System.String]::IsNullOrEmpty($Setting.tenantSettingGroup)) { - $values.Add('tenantSettingGroup', $Setting.tenantSettingGroup) + $values.Add('tenantSettingGroup',($Setting.tenantSettingGroup -creplace '\P{IsBasicLatin}')) } if ($null -ne $Setting.properties -and $Setting.properties.Length -gt 0) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.schema.mof index d52886c0bd..aecb148d64 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.schema.mof @@ -45,15 +45,19 @@ class MSFT_FabricAdminTenantSettings : OMI_BaseResource [Write, Description("Endorse master data (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowEndorsementMasterDataSwitch; [Write, Description("Users can accept external data shares (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowExternalDataSharingReceiverSwitch; [Write, Description("External data sharing (preview)"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowExternalDataSharingSwitch; + [Write, Description("Use short-lived user-delegated SAS tokens (preview)."), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowGetOneLakeUDK; [Write, Description("Users can try Microsoft Fabric paid features"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowFreeTrial; [Write, Description("Users can see guest users in lists of suggested people"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowGuestLookup; [Write, Description("Guest users can access Microsoft Fabric"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowGuestUserToAccessSharedContent; + [Write, Description("Users can create and use ADF Mount items (preview)."), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowMountDfCreation; + [Write, Description("Authenticate with OneLake user-delegated SAS tokens (preview)."), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowOneLakeUDK; [Write, Description("Allow DirectQuery connections to Power BI semantic models"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowPowerBIASDQOnTenant; [Write, Description("Data sent to Azure OpenAI can be processed outside your capacity's geographic region, compliance boundary, or national cloud instance"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowSendAOAIDataToOtherRegions; [Write, Description("Allow user data to leave their geography"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowSendNLToDaxDataToOtherRegions; [Write, Description("Allow service principals to create and use profiles"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowServicePrincipalsCreateAndUseProfiles; [Write, Description("Service principals can access read-only admin APIs"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AllowServicePrincipalsUseReadAdminAPIs; [Write, Description("Push apps to end users"), EmbeddedInstance("MSFT_FabricTenantSetting")] string AppPush; + [Write, Description("Users can discover and create org apps (preview)."), EmbeddedInstance("MSFT_FabricTenantSetting")] string ArtifactOrgAppPreview; [Write, Description("Use global search for Power BI"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ArtifactSearchTenant; [Write, Description("Microsoft can store query text to aid in support investigations"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ASCollectQueryTextTelemetryTenantSwitch; [Write, Description("Enable granular access control for all data connections"), EmbeddedInstance("MSFT_FabricTenantSetting")] string ASShareableCloudConnectionBindingSecurityModeTenant; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 index c6f59d5c4d..107831e02e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 @@ -159,52 +159,60 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Endpoint Protection Attack Surface Protection rules Policy {$DisplayName}" - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ErrorAction Stop - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + Write-Verbose -Message "Getting configuration of the Intune Endpoint Protection Attack Surface Protection rules Policy with Id {$Identity} and DisplayName {$DisplayName}" try { - #Retrieve policy general settings - if (-not [string]::IsNullOrEmpty($Identity)) + if (-not $Script:exportedInstance) { - $policy = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $Identity -ErrorAction SilentlyContinue - } - - if ($null -eq $policy) - { - Write-Verbose -Message "No Endpoint Protection Attack Surface Protection rules Policy with identity {$Identity} was found" - if (-not [String]::IsNullOrEmpty($DisplayName)) + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ErrorAction Stop + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $policy = $null + #Retrieve policy general settings + if (-not [string]::IsNullOrEmpty($Identity)) { - $policy = Get-MgBetaDeviceManagementIntent -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue + $policy = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $Identity -ErrorAction SilentlyContinue } - if (([array]$policy).count -gt 1) + if ($null -eq $policy) { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + Write-Verbose -Message "No Endpoint Protection Attack Surface Protection rules Policy with identity {$Identity} was found" + if (-not [String]::IsNullOrEmpty($DisplayName)) + { + $policy = Get-MgBetaDeviceManagementIntent -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue + } + + if (([array]$policy).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } + } + if ($null -eq $policy) + { + Write-Verbose -Message "No Endpoint Protection Attack Surface Protection rules Policy with displayName {$DisplayName} was found" + return $nullResult } } - if ($null -eq $policy) + else { - Write-Verbose -Message "No Endpoint Protection Attack Surface Protection rules Policy with displayName {$DisplayName} was found" - return $nullResult + $policy = $Script:exportedInstance } #Retrieve policy specific settings @@ -875,6 +883,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $policy $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 index 53e1af8eb9..fc3a834a10 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 @@ -110,53 +110,61 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Account Protection LAPS Policy with Id {$Identity} and DisplayName {$DisplayName}" + try { - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ErrorAction Stop - - #Ensure the proper dependencies are installed in the current environment. - #Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $templateReferenceId = 'adc46e5a-f4aa-4ff6-aeff-4f27bc525796_1' - - # Retrieve policy general settings - $policy = $null - if (-not [System.String]::IsNullOrEmpty($Identity)) + if (-not $Script:exportedInstance) { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue - } - - if ($null -eq $policy) - { - Write-Verbose -Message "No Account Protection LAPS Policy with Id {$Identity} was found" + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ErrorAction Stop + + #Ensure the proper dependencies are installed in the current environment. + #Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $templateReferenceId = 'adc46e5a-f4aa-4ff6-aeff-4f27bc525796_1' + + # Retrieve policy general settings + $policy = $null + if (-not [System.String]::IsNullOrEmpty($Identity)) + { + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue + } - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if ($null -eq $policy) { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` - -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "No Account Protection LAPS Policy with Id {$Identity} was found" - if ($policy.Length -gt 1) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - throw "Duplicate Account Protection LAPS Policy named $DisplayName exist in tenant" + $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" ` + -ErrorAction SilentlyContinue + + if ($policy.Length -gt 1) + { + throw "Duplicate Account Protection LAPS Policy named $DisplayName exist in tenant" + } } } } + else + { + $policy = $Script:exportedInstance + } if ($null -eq $policy) { @@ -714,6 +722,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $policy $Results = Get-TargetResource @params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 index 4e3faa7acd..cf7f39d78e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 @@ -58,54 +58,64 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Account Protection Local User Group Membership Policy {$DisplayName}" + Write-Verbose -Message "Getting configuration of the Intune Account Protection Local User Group Membership Policy with Id {$Identity} and DisplayName {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ErrorAction Stop - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - try + try { - #Retrieve policy general settings - - $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ExpandProperty settings -ErrorAction SilentlyContinue - - if ($null -eq $policy) + if (-not $Script:exportedInstance) { - Write-Verbose -Message "No Account Protection Local User Group Membership Policy with identity {$Identity} was found" - if (-not [String]::IsNullOrEmpty($DisplayName)) + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ErrorAction Stop + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + #Retrieve policy general settings + $policy = $null + if (-not [String]::IsNullOrEmpty($Identity)) { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" -ErrorAction SilentlyContinue - - if (([array]$devicePolicy).Count -gt 1) + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ExpandProperty settings -ErrorAction SilentlyContinue + } + + if ($null -eq $policy) + { + Write-Verbose -Message "No Account Protection Local User Group Membership Policy with identity {$Identity} was found" + if (-not [String]::IsNullOrEmpty($DisplayName)) { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" - } + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" -ErrorAction SilentlyContinue - if ($null -eq $policy) - { - Write-Verbose -Message "No Account Protection Local User Group Membership Policy with displayName {$DisplayName} was found" - return $nullResult - } + if (([array]$devicePolicy).Count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } + + if ($null -eq $policy) + { + Write-Verbose -Message "No Account Protection Local User Group Membership Policy with displayName {$DisplayName} was found" + return $nullResult + } - $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $policy.id -ExpandProperty settings -ErrorAction SilentlyContinue + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $policy.id -ExpandProperty settings -ErrorAction SilentlyContinue + } } } + else + { + $policy = $Script:exportedInstance + } #Retrieve policy specific settings @@ -565,6 +575,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $policy $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 index ba9f0795c9..5e1d76b54a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 @@ -123,58 +123,67 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Account Protection Policy {$DisplayName}" - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ErrorAction Stop - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + Write-Verbose -Message "Getting configuration of the Intune Account Protection Policy with Id {$Identity} and DisplayName {$DisplayName}" try { - #Retrieve policy general settings - - $policy = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $Identity -ExpandProperty settings, assignments -ErrorAction SilentlyContinue - - if ($null -eq $policy) + if (-not $Script:exportedInstance) { - Write-Verbose -Message "No Account Protection Policy with identity {$Identity} was found" - if (-not [String]::IsNullOrEmpty($DisplayName)) + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ErrorAction Stop + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + #Retrieve policy general settings + $policy = $null + if (-not [String]::IsNullOrEmpty($Identity)) { - $policy = Get-MgBetaDeviceManagementIntent -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue + $policy = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $Identity -ExpandProperty settings, assignments -ErrorAction SilentlyContinue } if ($null -eq $policy) { - Write-Verbose -Message "No Account Protection Policy with displayName {$DisplayName} was found" - return $nullResult - } + Write-Verbose -Message "No Account Protection Policy with identity {$Identity} was found" + if (-not [String]::IsNullOrEmpty($DisplayName)) + { + $policy = Get-MgBetaDeviceManagementIntent -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue + } - if (([array]$policy).count -gt 1) - { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" - } + if ($null -eq $policy) + { + Write-Verbose -Message "No Account Protection Policy with displayName {$DisplayName} was found" + return $nullResult + } - $policy = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $policy.id -ExpandProperty settings, assignments -ErrorAction SilentlyContinue + if (([array]$policy).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } - } + $policy = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $policy.id -ExpandProperty settings, assignments -ErrorAction SilentlyContinue + } + } + else + { + $policy = $Script:exportedInstance + } - $Identity = $policy.id + $Identity = $policy.Id [array]$settings = $policy.settings $returnHashtable = @{} @@ -743,6 +752,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $policy $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 index 03c2d49cbe..50040a3e62 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 @@ -68,56 +68,66 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Account Protection Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $getValue = $null - #region resource generator code - if (-not [System.String]::IsNullOrEmpty($Id)) - { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - } + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Account Protection Policy for Windows10 with Id {$Id}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Account Protection Policy for Windows10 with Id {$Id}" - if ($getValue.Length -gt 1) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - throw "Duplicate Intune Account Protection Policy for Windows10 named $DisplayName exist in tenant" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Account Protection Policy for Windows10 named $DisplayName exist in tenant" + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Account Protection Policy for Windows10 with Name {$DisplayName}." + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Account Protection Policy for Windows10 with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } + $Id = $getValue.Id Write-Verbose -Message "An Intune Account Protection Policy for Windows10 with Id {$Id} and Name {$DisplayName} was found" @@ -691,6 +701,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.psm1 index 12c7118142..a687062f54 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAndroidManagedStoreAppConfiguration/MSFT_IntuneAndroidManagedStoreAppConfiguration.psm1 @@ -85,54 +85,58 @@ ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Android Managed Store App Configuration Policy with Id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - if (-not [string]::IsNullOrWhiteSpace($id)) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $id -ErrorAction SilentlyContinue - } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrWhiteSpace($Id)) + { + $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $Id -ErrorAction SilentlyContinue + } - #region resource generator code - if ($null -eq $getValue) - { - $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidManagedStoreAppConfiguration' ` + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidManagedStoreAppConfiguration' ` + } } - } - #endregion + #endregion - if ($null -eq $getValue) + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Android Managed Store App Configuration Policy with id {$Id} and display name {$DisplayName} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "Nothing with id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } - Write-Verbose -Message "Found something with id {$id}" + Write-Verbose -Message "An Intune Android Managed Store App Configuration Policy with id {$Id}" #need to convert dictionary object into a hashtable array so we can work with it $complexPermissionActions = @() @@ -316,7 +320,7 @@ function Set-TargetResource if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - Write-Verbose -Message "Creating {$DisplayName}" + Write-Verbose -Message "Creating the Intune Android Managed Store App Configuration Policy {$DisplayName}" $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters @@ -358,7 +362,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Updating {$DisplayName}" + Write-Verbose -Message "Updating the Intune Android Managed Store App Configuration Policy {$DisplayName}" $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -396,7 +400,7 @@ function Set-TargetResource } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing {$DisplayName}" + Write-Verbose -Message "Removing the Intune Android Managed Store App Configuration Policy {$DisplayName}" #region resource generator code Remove-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $currentInstance.Id #endregion @@ -675,6 +679,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyLinux/MSFT_IntuneAntivirusExclusionsPolicyLinux.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyLinux/MSFT_IntuneAntivirusExclusionsPolicyLinux.psm1 index 39eb059aab..00c7d3d657 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyLinux/MSFT_IntuneAntivirusExclusionsPolicyLinux.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyLinux/MSFT_IntuneAntivirusExclusionsPolicyLinux.psm1 @@ -64,47 +64,58 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Antivirus Exclusions Policy for Linux with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - #Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + #Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = $null + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Antivirus Exclusions Policy Linux with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Antivirus Exclusions Policy Linux with Id {$Id}" - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter "Name eq '$DisplayName'" ` + -All ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -Filter "Name eq '$DisplayName'" ` - -All ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Antivirus Exclusions Policy Linux with Name {$DisplayName}." + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Antivirus Exclusions Policy Linux with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Antivirus Exclusions Policy Linux with Id {$Id} and Name {$DisplayName} was found" @@ -586,6 +597,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyMacOS/MSFT_IntuneAntivirusExclusionsPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyMacOS/MSFT_IntuneAntivirusExclusionsPolicyMacOS.psm1 index 531bbab484..d959f13095 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyMacOS/MSFT_IntuneAntivirusExclusionsPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusExclusionsPolicyMacOS/MSFT_IntuneAntivirusExclusionsPolicyMacOS.psm1 @@ -64,47 +64,59 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Antivirus Exclusions Policy for macOS with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Antivirus Exclusions Policy for macOS with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Antivirus Exclusions Policy for macOS with Id {$Id}" - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter "Name eq '$DisplayName'" ` + -All ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -Filter "Name eq '$DisplayName'" ` - -All ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Antivirus Exclusions Policy for macOS with Name {$DisplayName}." + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Antivirus Exclusions Policy for macOS with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Antivirus Exclusions Policy for macOS with Id {$Id} and Name {$DisplayName} was found" @@ -586,6 +598,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/MSFT_IntuneAntivirusPolicyLinux.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/MSFT_IntuneAntivirusPolicyLinux.psm1 index 96136daebc..fa0b9e0cde 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/MSFT_IntuneAntivirusPolicyLinux.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyLinux/MSFT_IntuneAntivirusPolicyLinux.psm1 @@ -175,55 +175,64 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Antivirus Policy for Linux with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - if (-not [System.String]::IsNullOrEmpty($Id)) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Antivirus Policy for Linux with Id {$Id}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Antivirus Policy for Linux with Id {$Id}" - if ($getValue.Length -gt 1) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - throw "Duplicate Intune Antivirus Policy for Linux named $DisplayName exist in tenant" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Antivirus Policy for Linux named $DisplayName exist in tenant" + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Antivirus Policy for Linux with Name {$DisplayName}." + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Antivirus Policy for Linux with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Antivirus Policy for Linux with Id {$Id} and Name {$DisplayName} was found" @@ -961,6 +970,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/MSFT_IntuneAntivirusPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/MSFT_IntuneAntivirusPolicyMacOS.psm1 index 0d0116f36b..131a7022b0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/MSFT_IntuneAntivirusPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyMacOS/MSFT_IntuneAntivirusPolicyMacOS.psm1 @@ -178,55 +178,64 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Antivirus Policy for MacOS with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - if (-not [System.String]::IsNullOrEmpty($Id)) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Antivirus Policy for macOS with Id {$Id}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Antivirus Policy for macOS with Id {$Id}" - if ($getValue.Length -gt 1) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - throw "Duplicate Intune Antivirus Policy for macOS named $DisplayName exist in tenant" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Antivirus Policy for macOS named $DisplayName exist in tenant" + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Antivirus Policy for macOS with Name {$DisplayName}." + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Antivirus Policy for macOS with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Antivirus Policy for macOS with Id {$Id} and Name {$DisplayName} was found" @@ -963,6 +972,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 index bf3eaec8ac..9264c945e1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 @@ -419,63 +419,70 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Antivirus Policy for Windows10 Setting Catalog with Id {$Identity} and DisplayName {$DisplayName}" + try { - Write-Verbose -Message "Checking for the Intune Endpoint Protection Policy {$DisplayName}" - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ErrorAction Stop - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $templateReferences = 'd948ff9b-99cb-4ee0-8012-1fbc09685377_1', 'e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1', '45fea5e9-280d-4da1-9792-fb5736da0ca9_1', '804339ad-1553-4478-a742-138fb5807418_1' - - # Retrieve policy general settings - $policy = $null - if (-not [System.String]::IsNullOrEmpty($Identity)) + if (-not $Script:exportedInstance) { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue - } - - if ($null -eq $policy) - { - Write-Verbose -Message "Could not find an Intune Antivirus Policy for Windows10 Setting Catalog with Id {$Identity}" + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ErrorAction Stop + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $templateReferences = 'd948ff9b-99cb-4ee0-8012-1fbc09685377_1', 'e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1', '45fea5e9-280d-4da1-9792-fb5736da0ca9_1', '804339ad-1553-4478-a742-138fb5807418_1' + + # Retrieve policy general settings + $policy = $null + if (-not [System.String]::IsNullOrEmpty($Identity)) + { + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue + } - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if ($null -eq $policy) { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { - $_.TemplateReference.TemplateId -in $templateReferences - } + Write-Verbose -Message "Could not find an Intune Antivirus Policy for Windows10 Setting Catalog with Id {$Identity}" - if ($policy.Length -gt 1) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - throw "Duplicate Intune Antivirus Policy for Windows10 Setting Catalog named $DisplayName exist in tenant" + $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { + $_.TemplateReference.TemplateId -in $templateReferences + } + + if ($policy.Length -gt 1) + { + throw "Duplicate Intune Antivirus Policy for Windows10 Setting Catalog named $DisplayName exist in tenant" + } } } - } - if ($null -eq $policy) + if ($null -eq $policy) + { + Write-Verbose -Message "Could not find an Intune Antivirus Policy for Windows10 Setting Catalog with Name {$DisplayName}" + return $nullResult + } + } + else { - Write-Verbose -Message "Could not find an Intune Antivirus Policy for Windows10 Setting Catalog with Name {$DisplayName}" - return $nullResult + $policy = $Script:exportedInstance } $Identity = $policy.Id Write-Verbose -Message "An Intune Antivirus Policy for Windows10 Setting Catalog with Id {$Identity} and Name {$DisplayName} was found." @@ -1682,6 +1689,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $policy $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10.psm1 index f3da05aead..91c9f89896 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10.psm1 @@ -148,55 +148,64 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune App And Browser Isolation Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - if (-not [System.String]::IsNullOrEmpty($Id)) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune App And Browser Isolation Policy for Windows10 with Id {$Id}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune App And Browser Isolation Policy for Windows10 with Id {$Id}" - if ($getValue.Length -gt 1) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - throw "Duplicate Intune App And Browser Isolation Policy for Windows10 named $DisplayName exist in tenant" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune App And Browser Isolation Policy for Windows10 named $DisplayName exist in tenant" + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune App And Browser Isolation Policy for Windows10 with Name {$DisplayName}." + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune App And Browser Isolation Policy for Windows10 with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune App And Browser Isolation Policy for Windows10 with Id {$Id} and Name {$DisplayName} was found" @@ -818,6 +827,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr.psm1 index 30ee290d10..d23dabab1e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr/MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr.psm1 @@ -148,47 +148,59 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune App And Browser Isolation Policy for Windows10 ConfigMgr with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune App And Browser Isolation Policy for Windows10 Config Mgr with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune App And Browser Isolation Policy for Windows10 Config Mgr with Id {$Id}" - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune App And Browser Isolation Policy for Windows10 Config Mgr with Name {$DisplayName}." + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune App And Browser Isolation Policy for Windows10 Config Mgr with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune App And Browser Isolation Policy for Windows10 Config Mgr with Id {$Id} and Name {$DisplayName} was found" @@ -803,6 +815,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.psm1 index a1cedf2a18..d51d7d889d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.psm1 @@ -50,41 +50,41 @@ function Get-TargetResource $AccessTokens ) - New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters | Out-Null - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + Write-Verbose -Message "Getting configuration of the Intune App Category with Id {$Id} and DisplayName {$DisplayName}." try { - $instance = $null - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } - } - - if ($null -eq $instance) + if (-not $Script:exportedInstance) { - $instance = Get-MgBetaDeviceAppManagementMobileAppCategory -MobileAppCategoryId $Id -ErrorAction SilentlyContinue + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $instance = $null + if (-not [string]::IsNullOrEmpty($Id)) + { + $instance = Get-MgBetaDeviceAppManagementMobileAppCategory -MobileAppCategoryId $Id -ErrorAction SilentlyContinue + } if ($null -eq $instance) { Write-Verbose -Message "Could not find MobileAppCategory by Id {$Id}." - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if (-not [string]::IsNullOrEmpty($DisplayName)) { $instance = Get-MgBetaDeviceAppManagementMobileAppCategory ` -All ` @@ -99,6 +99,10 @@ function Get-TargetResource return $nullResult } } + else + { + $instance = $Script:exportedInstance + } $results = @{ Id = $instance.Id @@ -363,12 +367,11 @@ function Export-TargetResource try { - $Script:ExportMode = $true - [array] $Script:exportedInstances = Get-MgBetaDeviceAppManagementMobileAppCategory -ErrorAction Stop + [array] $getValue = Get-MgBetaDeviceAppManagementMobileAppCategory -ErrorAction Stop $i = 1 $dscContent = '' - if ($Script:exportedInstances.Length -eq 0) + if ($getValue.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } @@ -376,10 +379,10 @@ function Export-TargetResource { Write-Host "`r`n" -NoNewline } - foreach ($config in $Script:exportedInstances) + foreach ($config in $getValue) { $displayedKey = $config.Id - Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id DisplayName = $config.DisplayName @@ -393,6 +396,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/MSFT_IntuneAppConfigurationDevicePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/MSFT_IntuneAppConfigurationDevicePolicy.psm1 index 1be31cd697..f657fe8bd6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/MSFT_IntuneAppConfigurationDevicePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/MSFT_IntuneAppConfigurationDevicePolicy.psm1 @@ -95,47 +95,59 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune App Configuration Device Policy with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune App Configuration Device Policy with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune App Configuration Device Policy with Id {$Id}" - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if (-not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune App Configuration Device Policy with DisplayName {$DisplayName}" + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune App Configuration Device Policy with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune App Configuration Device Policy with Id {$Id} and DisplayName {$DisplayName} was found." @@ -736,6 +748,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 index e1d3cc0d52..092cee74d1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 @@ -58,61 +58,66 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of Intune App Configuration Policy with Id {$Id}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + Write-Verbose -Message "Getting configuration of the Intune App Configuration Policy with Id {$Id} and DisplayName {$DisplayName}" - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = ([Hashtable]$PSBoundParameters).clone() - $nullResult.Ensure = 'Absent' try { - - try - { - $configPolicy = Get-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -TargetedManagedAppConfigurationId $Id ` - -ErrorAction Stop - } - catch + if (-not $Script:exportedInstance) { - $configPolicy = $null - } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - if ($null -eq $configPolicy) - { - Write-Verbose -Message "Could not find an Intune App Configuration Policy with Id {$Id}, searching by DisplayName {$DisplayName}" + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - try + $nullResult = ([Hashtable]$PSBoundParameters).clone() + $nullResult.Ensure = 'Absent' + + $configPolicy = $null + if (-not [string]::IsNullOrEmpty($Id)) { - $configPolicy = Get-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -All -Filter "displayName eq '$DisplayName'" ` + $configPolicy = Get-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -TargetedManagedAppConfigurationId $Id ` -ErrorAction Stop } - catch - { - $configPolicy = $null - } if ($null -eq $configPolicy) { - Write-Verbose -Message "No App Configuration Policy with DisplayName {$DisplayName} was found" - return $nullResult - } - if (([array]$configPolicy).count -gt 1) - { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + Write-Verbose -Message "Could not find an Intune App Configuration Policy with Id {$Id}, searching by DisplayName {$DisplayName}" + + try + { + $configPolicy = Get-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -All -Filter "displayName eq '$DisplayName'" ` + -ErrorAction Stop + } + catch + { + $configPolicy = $null + } + + if ($null -eq $configPolicy) + { + Write-Verbose -Message "No App Configuration Policy with DisplayName {$DisplayName} was found" + return $nullResult + } + if (([array]$configPolicy).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } } } + else + { + $configPolicy = $Script:exportedInstance + } Write-Verbose -Message "Found App Configuration Policy with Id {$($configPolicy.Id)} and DisplayName {$($configPolicy.DisplayName)}" $returnHashtable = @{ @@ -506,6 +511,8 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + + $Script:exportedInstance = $configPolicy $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 index f9b14c892d..8db888ab5d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 @@ -215,61 +215,72 @@ function Get-TargetResource [System.String[]] $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Android App Protection Policy {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + Write-Verbose -Message "Getting configuration of the Intune Android App Protection Policy with Id {$Id} and DisplayName {$DisplayName}" try { - if ($id -ne '') + if (-not $Script:exportedInstance) { - Write-Verbose -Message "Searching for Policy using Id {$Id}" - $policyInfo = Get-MgBetaDeviceAppManagementAndroidManagedAppProtection -Filter "Id eq '$Id'" -ExpandProperty Apps, assignments ` - -ErrorAction Stop + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $policyInfo = $null + if (-not [string]::IsNullOrEmpty($Id)) + { + Write-Verbose -Message "Searching for Policy using Id {$Id}" + $policyInfo = Get-MgBetaDeviceAppManagementAndroidManagedAppProtection -Filter "Id eq '$Id'" -ExpandProperty Apps, assignments ` + -ErrorAction Stop + } + if ($null -eq $policyInfo) { - Write-Verbose -Message "No Android App Protection Policy with Id {$Id} was found" - Write-Verbose -Message "Function will now search for a policy with the same displayName {$Displayname} - If found this policy will be amended" + if (-not [string]::IsNullOrEmpty($DisplayName)) + { + Write-Verbose -Message "Searching for Policy using DisplayName {$DisplayName}" + $policyInfoArray = Get-MgBetaDeviceAppManagementAndroidManagedAppProtection -ExpandProperty Apps, assignments ` + -ErrorAction Stop -All:$true + $policyInfo = $policyInfoArray | Where-Object -FilterScript { $_.displayName -eq $DisplayName } + } } - } - if ($null -eq $policyInfo) - { - Write-Verbose -Message "Searching for Policy using DisplayName {$DisplayName}" - $policyInfoArray = Get-MgBetaDeviceAppManagementAndroidManagedAppProtection -ExpandProperty Apps, assignments ` - -ErrorAction Stop -All:$true - $policyInfo = $policyInfoArray | Where-Object -FilterScript { $_.displayName -eq $DisplayName } - } - if ($null -eq $policyInfo) - { - Write-Verbose -Message "No Android App Protection Policy {$DisplayName} was found" - return $nullResult - } - # handle multiple results - throw error - may be able to remediate to specify ID in configuration at later date - if ($policyInfo.gettype().isarray) + if ($null -eq $policyInfo) + { + Write-Verbose -Message "No Android App Protection Policy {$DisplayName} was found" + return $nullResult + } + + # handle multiple results - throw error - may be able to remediate to specify ID in configuration at later date + if ($policyInfo.gettype().isarray) + { + Write-Verbose -Message "Multiple Android Policies with name {$DisplayName} were found - Where No valid ID is specified Module will only function with unique names, please manually remediate" + $nullResult.Ensure = 'ERROR' + throw 'Multiple Policies with same displayname identified - Module currently only functions with unique names' + } + + Write-Verbose -Message "Found Android App Protection Policy {$DisplayName}" + } + else { - Write-Verbose -Message "Multiple Android Policies with name {$DisplayName} were found - Where No valid ID is specified Module will only function with unique names, please manually remediate" - $nullResult.Ensure = 'ERROR' - throw 'Multiple Policies with same displayname identified - Module currently only functions with unique names' + $policyInfo = Get-MgBetaDeviceAppManagementAndroidManagedAppProtection -AndroidManagedAppProtectionId $Script:exportedInstance.Id -ExpandProperty Apps, assignments ` + -ErrorAction Stop } - Write-Verbose -Message "Found Android App Protection Policy {$DisplayName}" - $appsArray = @() if ($null -ne $policyInfo.Apps) { @@ -1147,6 +1158,8 @@ function Export-TargetResource ManagedIdentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + + $Script:exportedInstance = $policy $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 index 72b5ef5b63..4c86022073 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 @@ -16,6 +16,110 @@ function Get-TargetResource [System.String] $Description, + [Parameter()] + [System.String[]] + $AllowedDataIngestionLocations, + + [Parameter()] + [System.Boolean] + $AllowWidgetContentSync, + + [Parameter()] + [ValidateSet('block', 'wipe', 'warn', 'blockWhenSettingIsSupported')] + [System.String] + $AppActionIfAccountIsClockedOut, + + [Parameter()] + [ValidateSet('block', 'wipe', 'warn', 'blockWhenSettingIsSupported')] + [System.String] + $AppActionIfUnableToAuthenticateUser, + + [Parameter()] + [ValidateSet('selectedPublicApps', 'allCoreMicrosoftApps', 'allMicrosoftApps','allApps')] + [System.String] + $AppGroupType, + + [Parameter()] + [System.Boolean] + $BlockDataIngestionIntoOrganizationDocuments, + + [Parameter()] + [System.String] + $CustomDialerAppProtocol, + + [Parameter()] + [System.UInt32] + $DeployedAppCount, + + [Parameter()] + [ValidateSet('allApps','managedApps','customApp','blocked')] + [System.String] + $DialerRestrictionLevel, + + [Parameter()] + [System.String[]] + $ExemptedUniversalLinks, + + [Parameter()] + [System.String] + $GracePeriodToBlockAppsDuringOffClockHours, + + [Parameter()] + [System.Boolean] + $IsAssigned, + + [Parameter()] + [System.String[]] + $ManagedUniversalLinks, + + [Parameter()] + [ValidateSet('notConfigured', 'secured', 'low', 'medium', 'high')] + [System.String] + $MaximumAllowedDeviceThreatLevel, + + [Parameter()] + [System.String] + $MaximumRequiredOsVersion, + + [Parameter()] + [System.String] + $MaximumWarningOsVersion, + + [Parameter()] + [System.String] + $MaximumWipeOsVersion, + + [Parameter()] + [System.String] + $MessagingRedirectAppUrlScheme, + + [Parameter()] + [System.String] + $MinimumWarningSdkVersion, + + [Parameter()] + [ValidateSet('defenderOverThirdPartyPartner','thirdPartyPartnerOverDefender','unknownFutureValue')] + [System.String] + $MobileThreatDefensePartnerPriority, + + [Parameter()] + [ValidateSet('block','wipe','warn','blockWhenSettingIsSupported')] + [System.String] + $MobileThreatDefenseRemediationAction, + + [Parameter()] + [System.UInt32] + $PreviousPinBlockCount, + + [Parameter()] + [ValidateSet('anyApp','anyManagedApp','specificApps','blocked')] + [System.String] + $ProtectedMessagingRedirectAppType, + + [Parameter()] + [System.Boolean] + $ThirdPartyKeyboardsBlocked, + [Parameter()] [System.String] $PeriodOfflineBeforeAccessCheck, @@ -251,46 +355,55 @@ function Get-TargetResource [System.String[]] $AccessTokens ) - Write-Verbose -Message "Checking for the Intune iOS App Protection Policy {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + Write-Verbose -Message "Getting configuration of the Intune iOS App Protection Policy with Id {$Identity} and DisplayName {$DisplayName}" try { - if (-not [System.String]::IsNullOrEmpty($Identity)) - { - [Array]$policy = Get-MgBetaDeviceAppManagementiOSManagedAppProtection -IosManagedAppProtectionId $Identity -ErrorAction SilentlyContinue - } - if ($policy.Length -eq 0) + if (-not $Script:exportedInstance) { - Write-Verbose -Message "No iOS App Protection Policy {$Identity} was found by Identity. Trying to retrieve by DisplayName" - [Array]$policy = Get-MgBetaDeviceAppManagementiOSManagedAppProtection -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue - } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - if ($policy.Length -gt 1) - { - throw "Multiple policies with display name {$DisplayName} were found. Please ensure only one instance exists." - } + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if ($null -eq $policy) + if (-not [System.String]::IsNullOrEmpty($Identity)) + { + [Array]$policy = Get-MgBetaDeviceAppManagementiOSManagedAppProtection -IosManagedAppProtectionId $Identity -ErrorAction SilentlyContinue + } + if ($policy.Length -eq 0) + { + Write-Verbose -Message "No iOS App Protection Policy {$Identity} was found by Identity. Trying to retrieve by DisplayName" + [Array]$policy = Get-MgBetaDeviceAppManagementiOSManagedAppProtection -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue + } + + if ($policy.Length -gt 1) + { + throw "Multiple policies with display name {$DisplayName} were found. Please ensure only one instance exists." + } + + if ($null -eq $policy) + { + Write-Verbose -Message "No iOS App Protection Policy {$DisplayName} was found by Display Name. Instance doesn't exist." + return $nullResult + } + } + else { - Write-Verbose -Message "No iOS App Protection Policy {$DisplayName} was found by Display Name. Instance doesn't exist." - return $nullResult + $policy = $Script:exportedInstance } Write-Verbose -Message "Found iOS App Protection Policy {$DisplayName}" @@ -319,7 +432,6 @@ function Get-TargetResource { $assignmentsArray += $assignmentValue } - if ($policyAssignment.target.'@odata.type' -eq '#microsoft.graph.exclusionGroupAssignmentTarget') { $exclusionArray += $assignmentValue @@ -362,10 +474,40 @@ function Get-TargetResource $myPinRequiredInsteadOfBiometricTimeout = $policy.PinRequiredInsteadOfBiometricTimeout.toString() } + $myGracePeriodToBlockAppsDuringOffClockHours = $policy.gracePeriodToBlockAppsDuringOffClockHours + if ($null -ne $policy.gracePeriodToBlockAppsDuringOffClockHours) + { + $myGracePeriodToBlockAppsDuringOffClockHours = $policy.gracePeriodToBlockAppsDuringOffClockHours.toString() + } + return @{ Identity = $policy.id DisplayName = $policy.DisplayName Description = $policy.Description + AllowedDataIngestionLocations = [String[]]$policy.AllowedDataIngestionLocations + AllowWidgetContentSync = $policy.AllowWidgetContentSync + AppActionIfAccountIsClockedOut = [string]$policy.appActionIfAccountIsClockedOut + AppActionIfUnableToAuthenticateUser = [string]$policy.appActionIfUnableToAuthenticateUser + AppGroupType = [string]$policy.appGroupType + BlockDataIngestionIntoOrganizationDocuments = $policy.blockDataIngestionIntoOrganizationDocuments + CustomDialerAppProtocol = [string]$policy.customDialerAppProtocol + DeployedAppCount = $policy.deployedAppCount + DialerRestrictionLevel = [string]$policy.dialerRestrictionLevel + ExemptedUniversalLinks = $policy.exemptedUniversalLinks + GracePeriodToBlockAppsDuringOffClockHours = $myGracePeriodToBlockAppsDuringOffClockHours + IsAssigned = $policy.isAssigned + ManagedUniversalLinks = $policy.managedUniversalLinks + MaximumAllowedDeviceThreatLevel = [string]$policy.maximumAllowedDeviceThreatLevel + MaximumRequiredOsVersion = [string]$policy.maximumRequiredOsVersion + MaximumWarningOsVersion = [string]$policy.maximumWarningOsVersion + MaximumWipeOsVersion = [string]$policy.maximumWipeOsVersion + MessagingRedirectAppUrlScheme = [string]$policy.messagingRedirectAppUrlScheme + MinimumWarningSdkVersion = [string]$policy.minimumWarningSdkVersion + MobileThreatDefensePartnerPriority = [string]$policy.mobileThreatDefensePartnerPriority + MobileThreatDefenseRemediationAction = [string]$policy.mobileThreatDefenseRemediationAction + PreviousPinBlockCount = $policy.previousPinBlockCount + ProtectedMessagingRedirectAppType = [string]$policy.protectedMessagingRedirectAppType + thirdPartyKeyboardsBlocked = $policy.thirdPartyKeyboardsBlocked PeriodOfflineBeforeAccessCheck = $myPeriodOfflineBeforeAccessCheck PeriodOnlineBeforeAccessCheck = $myPeriodOnlineBeforeAccessCheck AllowedInboundDataTransferSources = [String]$policy.AllowedInboundDataTransferSources @@ -461,6 +603,110 @@ function Set-TargetResource [System.String] $Description, + [Parameter()] + [System.String[]] + $AllowedDataIngestionLocations, + + [Parameter()] + [System.Boolean] + $AllowWidgetContentSync, + + [Parameter()] + [ValidateSet('block', 'wipe', 'warn', 'blockWhenSettingIsSupported')] + [System.String] + $AppActionIfAccountIsClockedOut, + + [Parameter()] + [ValidateSet('block', 'wipe', 'warn', 'blockWhenSettingIsSupported')] + [System.String] + $AppActionIfUnableToAuthenticateUser, + + [Parameter()] + [ValidateSet('selectedPublicApps', 'allCoreMicrosoftApps', 'allMicrosoftApps','allApps')] + [System.String] + $AppGroupType, + + [Parameter()] + [System.Boolean] + $BlockDataIngestionIntoOrganizationDocuments, + + [Parameter()] + [System.String] + $CustomDialerAppProtocol, + + [Parameter()] + [System.UInt32] + $DeployedAppCount, + + [Parameter()] + [ValidateSet('allApps','managedApps','customApp','blocked')] + [System.String] + $DialerRestrictionLevel, + + [Parameter()] + [System.String[]] + $ExemptedUniversalLinks, + + [Parameter()] + [System.String] + $GracePeriodToBlockAppsDuringOffClockHours, + + [Parameter()] + [System.Boolean] + $IsAssigned, + + [Parameter()] + [System.String[]] + $ManagedUniversalLinks, + + [Parameter()] + [ValidateSet('notConfigured', 'secured', 'low', 'medium', 'high')] + [System.String] + $MaximumAllowedDeviceThreatLevel, + + [Parameter()] + [System.String] + $MaximumRequiredOsVersion, + + [Parameter()] + [System.String] + $MaximumWarningOsVersion, + + [Parameter()] + [System.String] + $MaximumWipeOsVersion, + + [Parameter()] + [System.String] + $MessagingRedirectAppUrlScheme, + + [Parameter()] + [System.String] + $MinimumWarningSdkVersion, + + [Parameter()] + [ValidateSet('defenderOverThirdPartyPartner','thirdPartyPartnerOverDefender','unknownFutureValue')] + [System.String] + $MobileThreatDefensePartnerPriority, + + [Parameter()] + [ValidateSet('block','wipe','warn','blockWhenSettingIsSupported')] + [System.String] + $MobileThreatDefenseRemediationAction, + + [Parameter()] + [System.UInt32] + $PreviousPinBlockCount, + + [Parameter()] + [ValidateSet('anyApp','anyManagedApp','specificApps','blocked')] + [System.String] + $ProtectedMessagingRedirectAppType, + + [Parameter()] + [System.Boolean] + $ThirdPartyKeyboardsBlocked, + [Parameter()] [System.String] $PeriodOfflineBeforeAccessCheck, @@ -742,6 +988,7 @@ function Set-TargetResource 'PeriodOfflineBeforeWipeIsEnforced' 'PeriodBeforePinReset' 'PinRequiredInsteadOfBiometricTimeout' + 'GracePeriodToBlockAppsDuringOffClockHours' ) foreach ($duration in $durationParameters) { @@ -769,10 +1016,17 @@ function Set-TargetResource } $createParameters.ExemptedAppProtocols = $myExemptedAppProtocols - $policy = New-MgBetaDeviceAppManagementiOSManagedAppProtection -BodyParameter $createParameters + $arrayTemp = @("minimumWarningSdkVersion","maximumRequiredOsVersion","maximumWarningOsVersion","maximumWipeOsVersion") + Foreach($item in $arrayTemp) + { + if ($createParameters.$item -eq "") + { + $createParameters.Remove($item) #for some reason cmdlet can't handle this being blank, which is annoying as we can't enforce it + } + } + $policy = New-MgBetaDeviceAppManagementiOSManagedAppProtection -BodyParameter $createParameters Update-IntuneAppProtectionPolicyiOSApp -IosManagedAppProtectionId $policy.id -Apps $myApps - Write-Verbose -Message 'Updating policy assignments' Update-IntuneAppProtectionPolicyiOSAssignment -IosManagedAppProtectionId $policy.id -Assignments $myAssignments } @@ -785,6 +1039,15 @@ function Set-TargetResource $updateParameters.Remove('Apps') $updateParameters.TargetedAppManagementLevels = $updateParameters.TargetedAppManagementLevels -join ',' + $arrayTemp = @("minimumWarningSdkVersion","maximumRequiredOsVersion","maximumWarningOsVersion","maximumWipeOsVersion") + Foreach($item in $arrayTemp) + { + if ($updateParameters.$item -eq "") + { + $updateParameters.Remove($item) #for some reason cmdlet can't handle this being blank, which is annoying as we can't enforce it + } + } + $myApps = Get-IntuneAppProtectionPolicyiOSAppsToHashtable -Parameters $PSBoundParameters $myAssignments = Get-IntuneAppProtectionPolicyiOSAssignmentToHashtable -Parameters $PSBoundParameters @@ -794,6 +1057,7 @@ function Set-TargetResource 'PeriodOfflineBeforeWipeIsEnforced' 'PeriodBeforePinReset' 'PinRequiredInsteadOfBiometricTimeout' + 'GracePeriodToBlockAppsDuringOffClockHours' ) foreach ($duration in $durationParameters) { @@ -813,7 +1077,6 @@ function Set-TargetResource $updateParameters.ExemptedAppProtocols = $myExemptedAppProtocols Update-MgBetaDeviceAppManagementiOSManagedAppProtection -IosManagedAppProtectionId $Identity -BodyParameter $updateParameters - Update-IntuneAppProtectionPolicyiOSApp -IosManagedAppProtectionId $Identity -Apps $myApps Write-Verbose -Message "Updating policy assignments: $myassignments" @@ -845,6 +1108,110 @@ function Test-TargetResource [System.String] $Description, + [Parameter()] + [System.String[]] + $AllowedDataIngestionLocations, + + [Parameter()] + [System.Boolean] + $AllowWidgetContentSync, + + [Parameter()] + [ValidateSet('block', 'wipe', 'warn', 'blockWhenSettingIsSupported')] + [System.String] + $AppActionIfAccountIsClockedOut, + + [Parameter()] + [ValidateSet('block', 'wipe', 'warn', 'blockWhenSettingIsSupported')] + [System.String] + $AppActionIfUnableToAuthenticateUser, + + [Parameter()] + [ValidateSet('selectedPublicApps', 'allCoreMicrosoftApps', 'allMicrosoftApps','allApps')] + [System.String] + $AppGroupType, + + [Parameter()] + [System.Boolean] + $BlockDataIngestionIntoOrganizationDocuments, + + [Parameter()] + [System.String] + $CustomDialerAppProtocol, + + [Parameter()] + [System.UInt32] + $DeployedAppCount, + + [Parameter()] + [ValidateSet('allApps','managedApps','customApp','blocked')] + [System.String] + $DialerRestrictionLevel, + + [Parameter()] + [System.String[]] + $ExemptedUniversalLinks, + + [Parameter()] + [System.String] + $GracePeriodToBlockAppsDuringOffClockHours, + + [Parameter()] + [System.Boolean] + $IsAssigned, + + [Parameter()] + [System.String[]] + $ManagedUniversalLinks, + + [Parameter()] + [ValidateSet('notConfigured', 'secured', 'low', 'medium', 'high')] + [System.String] + $MaximumAllowedDeviceThreatLevel, + + [Parameter()] + [System.String] + $MaximumRequiredOsVersion, + + [Parameter()] + [System.String] + $MaximumWarningOsVersion, + + [Parameter()] + [System.String] + $MaximumWipeOsVersion, + + [Parameter()] + [System.String] + $MessagingRedirectAppUrlScheme, + + [Parameter()] + [System.String] + $MinimumWarningSdkVersion, + + [Parameter()] + [ValidateSet('defenderOverThirdPartyPartner','thirdPartyPartnerOverDefender','unknownFutureValue')] + [System.String] + $MobileThreatDefensePartnerPriority, + + [Parameter()] + [ValidateSet('block','wipe','warn','blockWhenSettingIsSupported')] + [System.String] + $MobileThreatDefenseRemediationAction, + + [Parameter()] + [System.UInt32] + $PreviousPinBlockCount, + + [Parameter()] + [ValidateSet('anyApp','anyManagedApp','specificApps','blocked')] + [System.String] + $ProtectedMessagingRedirectAppType, + + [Parameter()] + [System.Boolean] + $ThirdPartyKeyboardsBlocked, + [Parameter()] [System.String] $PeriodOfflineBeforeAccessCheck, @@ -966,23 +1333,19 @@ function Test-TargetResource [System.String] $AppDataEncryptionType, - [Parameter()] [System.String] $MinimumWipeOSVersion, - [Parameter()] [System.String] $MinimumWipeAppVersion, - [Parameter()] [ValidateSet('block', 'wipe', 'warn')] [System.String] $AppActionIfDeviceComplianceRequired, - [Parameter()] [ValidateSet('block', 'wipe', 'warn')] [System.String] @@ -992,12 +1355,10 @@ function Test-TargetResource [System.String] $PinRequiredInsteadOfBiometricTimeout, - [Parameter()] [System.Uint32] $AllowedOutboundClipboardSharingExceptionLength, - [Parameter()] [ValidateSet('allow', 'blockOrganizationalData', 'block')] [System.String] @@ -1020,23 +1381,19 @@ function Test-TargetResource [System.String[]] $AllowedIosDeviceModels, - [Parameter()] [ValidateSet('block', 'wipe', 'warn')] [System.String] $AppActionIfIosDeviceModelNotAllowed, - [Parameter()] [System.Boolean] $FilterOpenInToOnlyManagedApps, - [Parameter()] [System.Boolean] $DisableProtectionOfManagedOutboundOpenInData, - [Parameter()] [System.Boolean] $ProtectInboundDataFromUnknownSources, @@ -1109,7 +1466,6 @@ function Test-TargetResource Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - $ValuesToCheck.Remove('Identity') $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` @@ -1214,6 +1570,8 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + + $Script:exportedInstance = $policy $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof index 1801c4dd5f..c480543983 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.schema.mof @@ -4,6 +4,30 @@ class MSFT_IntuneAppProtectionPolicyiOS : OMI_BaseResource [Key, Description("Display name of the iOS App Protection Policy.")] String DisplayName; [Write, Description("Identity of the iOS App Protection Policy.")] String Identity; [Write, Description("Description of the iOS App Protection Policy.")] String Description; + [Write, Description("Data storage locations where a user may store managed data. Inherited from managedAppProtection.")] String AllowedDataIngestionLocations[]; + [Write, Description("Indicates if content sync for widgets is allowed for iOS on App Protection Policies.")] Boolean AllowWidgetContentSync; + [Write, Description("Defines a managed app behavior, either block or warn, if the user is clocked out (non-working time)."), ValueMap{"block","wipe","warn","blockWhenSettingIsSupported"}, Values{"block","wipe","warn","blockWhenSettingIsSupported"}] String AppActionIfAccountIsClockedOut; + [Write, Description("If set, it will specify what action to take in the case where the user is unable to checkin because their authentication token is invalid. This happens when the user is deleted or disabled in AAD. ."), ValueMap{"block","wipe","warn","blockWhenSettingIsSupported"}, Values{"block","wipe","warn","blockWhenSettingIsSupported"}] String AppActionIfUnableToAuthenticateUser; + [Write, Description("Public Apps selection: group or individual Inherited from targetedManagedAppProtection."), ValueMap{"selectedPublicApps","allCoreMicrosoftApps","allMicrosoftApps","allApps"}, Values{"selectedPublicApps","allCoreMicrosoftApps","allMicrosoftApps","allApps"}] String AppGroupType; + [Write, Description("Indicates whether a user can bring data into org documents.")] boolean BlockDataIngestionIntoOrganizationDocuments; + [Write, Description("Protocol of a custom dialer app to click-to-open a phone number on iOS, for example, skype:.")] String CustomDialerAppProtocol; + [Write, Description("Count of apps to which the current policy is deployed.")] UInt32 DeployedAppCount; + [Write, Description("The classes of dialer apps that are allowed to click-to-open a phone number."), ValueMap{"allApps","managedApps","customApp","blocked"}, Values{"allApps","managedApps","customApp","blocked"}] String DialerRestrictionLevel; + [Write, Description("A list of custom urls that are allowed to invocate an unmanaged app.")] String ExemptedUniversalLinks[]; + [Write, Description("A grace period before blocking app access during off clock hours.")] String GracePeriodToBlockAppsDuringOffClockHours; + [Write, Description("Indicates if the policy is deployed to any inclusion groups or not.")] Boolean IsAssigned; + [Write, Description("A list of custom urls that are allowed to invocate a managed app.")] String managedUniversalLinks[]; + [Write, Description("Maximum allowed device threat level, as reported by the MTD app Inherited from managedAppProtection."), ValueMap{"notConfigured","secured","low","medium","high"}, Values{"notConfigured","secured","low","medium","high"}] String MaximumAllowedDeviceThreatLevel; + [Write, Description("Versions bigger than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection.")] String MaximumRequiredOsVersion; + [Write, Description("Versions bigger than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection.")] String MaximumWarningOsVersion; + [Write, Description("Versions bigger than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection.")] String MaximumWipeOsVersion; + [Write, Description("When a specific app redirection is enforced by protectedMessagingRedirectAppType in an App Protection Policy, this value defines the app url redirect schemes which are allowed to be used.")] String MessagingRedirectAppUrlScheme; + [Write, Description("Versions less than the specified version will result in warning message on the managed app from accessing company data.")] String MinimumWarningSdkVersion; + [Write, Description("Indicates how to prioritize which Mobile Threat Defense (MTD) partner is enabled for a given platform, when more than one is enabled. An app can only be actively using a single Mobile Threat Defense partner. When NULL, Microsoft Defender will be given preference. Otherwise setting the value to defenderOverThirdPartyPartner or thirdPartyPartnerOverDefender will make explicit which partner to prioritize."), ValueMap{"defenderOverThirdPartyPartner","thirdPartyPartnerOverDefender","unknownFutureValue"}, Values{"defenderOverThirdPartyPartner","thirdPartyPartnerOverDefender","unknownFutureValue"}] String MobileThreatDefensePartnerPriority; + [Write, Description("Determines what action to take if the mobile threat defense threat threshold isn't met. Warn isn't a supported value for this property Inherited from managedAppProtection."), ValueMap{"block","wipe","warn","blockWhenSettingIsSupported"}, Values{"block","wipe","warn","blockWhenSettingIsSupported"}] String MobileThreatDefenseRemediationAction; + [Write, Description("Requires a pin to be unique from the number specified in this property. Inherited from managedAppProtection.")] UInt32 PreviousPinBlockCount; + [Write, Description("Defines how app messaging redirection is protected by an App Protection Policy. Default is anyApp. Inherited from managedAppProtection."), ValueMap{"anyApp","anyManagedApp","specificApps","blocked"}, Values{"anyApp","anyManagedApp","specificApps","blocked"}] String ProtectedMessagingRedirectAppType; + [Write, Description("Defines if third party keyboards are allowed while accessing a managed app.")] Boolean ThirdPartyKeyboardsBlocked; [Write, Description("The period after which access is checked when the device is not connected to the internet.")] String PeriodOfflineBeforeAccessCheck; [Write, Description("The period after which access is checked when the device is connected to the internet.")] String PeriodOnlineBeforeAccessCheck; [Write, Description("Sources from which data is allowed to be transferred. Possible values are: allApps, managedApps, none."), ValueMap{"allApps","managedApps", "none"}, Values{"allApps","managedApps", "none"}] String AllowedInboundDataTransferSources; @@ -41,7 +65,7 @@ class MSFT_IntuneAppProtectionPolicyiOS : OMI_BaseResource [Write, Description("Specify the number of characters that may be cut or copied from Org data and accounts to any application. This setting overrides the AllowedOutboundClipboardSharingLevel restriction. Default value of '0' means no exception is allowed.")] Uint32 AllowedOutboundClipboardSharingExceptionLength; [Write, Description("Specify app notification restriction."), ValueMap{"allow","blockOrganizationalData","block"}, Values{"allow","blockOrganizationalData","block"}] String NotificationRestriction; [Write, Description("The intended app management levels for this policy."), ValueMap{"unspecified","unmanaged","mdm","androidEnterprise"}, Values{"unspecified","unmanaged","mdm","androidEnterprise"}] String TargetedAppManagementLevels[]; - [Write, Description("Require app data to be encrypted."), Values{"useDeviceSettings","afterDeviceRestart","whenDeviceLockedExceptOpenFiles","whenDeviceLocked"}, ValueMap{"useDeviceSettings","afterDeviceRestart","whenDeviceLockedExceptOpenFiles","whenDeviceLocked"}] String AppDataEncryptionType; + [Write, Description("Require app data to be encrypted."), Values{"useDeviceSettings","afterDeviceRestart","whenDeviceLockedExceptOpenFiles","whenDeviceLocked"}, ValueMap{"useDeviceSettings","afterDeviceRestart","whenDeviceLockedExceptOpenFiles","whenDeviceLocked"}] String AppDataEncryptionType; [Write, Description("Apps in this list will be exempt from the policy and will be able to receive data from managed apps.")] String ExemptedAppProtocols[]; [Write, Description("Versions less than the specified version will block the managed app from accessing company data.")] String MinimumWipeSdkVersion; [Write, Description("Semicolon seperated list of device models allowed, as a string, for the managed app to work.")] String AllowedIosDeviceModels[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 index b05929a5a0..ef2a99256a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 @@ -58,43 +58,43 @@ function Get-TargetResource $AccessTokens ) - New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters | Out-Null - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + Write-Verbose -Message "Getting configuration of the Intune Apple Push Notification Certificate with Id {$Id}." try { - $instance = $null - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + if (-not $Script:exportedInstance) { - $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } - } + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if ($null -eq $instance) - { # There is only one Apple push notification certificate per tenant so no need to filter by Id - $instance = Get-MgBetaDeviceManagementApplePushNotificationCertificate -ErrorAction Stop + $instance = Get-MgBetaDeviceManagementApplePushNotificationCertificate -ErrorAction SilentlyContinue if ($null -eq $instance) { - Write-Verbose -Message 'Apple push notification certificate.' + Write-Verbose -Message "No Intune Apple MDM Push Notification Certificate with Id {$Id}." return $nullResult } } + else + { + $instance = $Script:exportedInstance + } $results = @{ Id = $instance.Id @@ -408,12 +408,11 @@ function Export-TargetResource try { - $Script:ExportMode = $true - [array] $Script:exportedInstances = Get-MgBetaDeviceManagementApplePushNotificationCertificate -ErrorAction Stop + [array] $getValue = Get-MgBetaDeviceManagementApplePushNotificationCertificate -ErrorAction Stop $i = 1 $dscContent = '' - if ($Script:exportedInstances.Length -eq 0) + if ($getValue.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } @@ -422,10 +421,10 @@ function Export-TargetResource Write-Host "`r`n" -NoNewline } - foreach ($config in $Script:exportedInstances) + foreach ($config in $getValue) { $displayedKey = $config.Id - Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $Params = @{ Id = $config.Id @@ -446,6 +445,7 @@ function Export-TargetResource $consentInstance = Get-MgBetaDeviceManagementDataSharingConsent -DataSharingConsentId 'appleMDMPushCertificate' $Params.Add('DataSharingConsetGranted', $consentInstance.Granted) + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 index 6882d2819b..c4742e48d5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneApplicationControlPolicyWindows10/MSFT_IntuneApplicationControlPolicyWindows10.psm1 @@ -63,40 +63,59 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Endpoint Protection Application Control Policy {$DisplayName}" - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters -ErrorAction Stop - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + Write-Verbose -Message "Getting configuration of the Intune Endpoint Protection Application Control Policy with Id {$Id} and DisplayName {$DisplayName}" try { - #Retrieve policy general settings - $policy = Get-MgBetaDeviceManagementIntent -All -Filter "displayName eq '$DisplayName'" -ErrorAction Stop | Where-Object -FilterScript { $_.TemplateId -eq '63be6324-e3c9-4c97-948a-e7f4b96f0f20' } - - if (([array]$policy).count -gt 1) + if (-not $Script:exportedInstance) { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" - } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters -ErrorAction Stop + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $policy = $null + #Retrieve policy general settings + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $policy = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $Id -ErrorAction Stop + } + + if ($null -eq $policy) + { + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $policy = Get-MgBetaDeviceManagementIntent -All -Filter "displayName eq '$DisplayName'" -ErrorAction Stop | Where-Object -FilterScript { $_.TemplateId -eq '63be6324-e3c9-4c97-948a-e7f4b96f0f20' } + } + } - if ($null -eq $policy) + if (([array]$policy).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } + + if ($null -eq $policy) + { + Write-Verbose -Message "No Endpoint Protection Application Control Policy {$DisplayName} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Endpoint Protection Application Control Policy {$DisplayName} was found" - return $nullResult + $policy = $Script:exportedInstance } #Retrieve policy specific settings @@ -509,6 +528,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $policy $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 index ff70777c6c..8c0d0b110c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 @@ -156,51 +156,62 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Attack Surface Reduction Rules Policy for Windows10 Config Manager with Id {$Identity} and DisplayName {$DisplayName}" + try { - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ErrorAction Stop - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $templateReferenceId = '5dd36540-eb22-4e7e-b19c-2a07772ba627_1' - # Retrieve policy general settings - $policy = $null - $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue - - if ($null -eq $policy) + if (-not $Script:exportedInstance) { - Write-Verbose -Message "No Intune Attack Surface Reduction Rules Policy for Windows10 Config Manager with Id {$Identity} was found" - - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ErrorAction Stop + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $templateReferenceId = '5dd36540-eb22-4e7e-b19c-2a07772ba627_1' + # Retrieve policy general settings + $policy = $null + if (-not [System.String]::IsNullOrEmpty($Identity)) { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" ` - -ErrorAction SilentlyContinue + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue } if ($null -eq $policy) { - Write-Verbose -Message "No Intune Attack Surface Reduction Rules Policy for Windows10 Config Manager with Name {$DisplayName} was found" - return $nullResult + Write-Verbose -Message "No Intune Attack Surface Reduction Rules Policy for Windows10 Config Manager with Id {$Identity} was found" + + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" ` + -ErrorAction SilentlyContinue + } + + if ($null -eq $policy) + { + Write-Verbose -Message "No Intune Attack Surface Reduction Rules Policy for Windows10 Config Manager with Name {$DisplayName} was found" + return $nullResult + } } } + else + { + $policy = $Script:exportedInstance + } $Identity = $policy.Id @@ -820,6 +831,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $policy $Results = Get-TargetResource @params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 index 80a3b01f9c..e2f8c484ff 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 @@ -69,41 +69,41 @@ function Get-TargetResource ) - New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters | Out-Null - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + Write-Verbose -Message "Getting configuration of the Intune Derived Credential with Id {$Id} and DisplayName {$DisplayName}." try { - $instance = $null - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } - } - - if ($null -eq $instance) + if (-not $Script:exportedInstance) { - $instance = Get-MgBetaDeviceManagementDerivedCredential -DeviceManagementDerivedCredentialSettingsId $Id -ErrorAction SilentlyContinue + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $instance = $null + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $instance = Get-MgBetaDeviceManagementDerivedCredential -DeviceManagementDerivedCredentialSettingsId $Id -ErrorAction SilentlyContinue + } if ($null -eq $instance) { Write-Verbose -Message "Could not find Derived Credential by Id {$Id}." - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if (-not [string]::IsNullOrEmpty($DisplayName)) { $instance = Get-MgBetaDeviceManagementDerivedCredential ` -All ` @@ -118,6 +118,10 @@ function Get-TargetResource } } } + else + { + $instance = $Script:exportedInstance + } $results = @{ Ensure = 'Present' @@ -452,11 +456,11 @@ function Export-TargetResource try { $Script:ExportMode = $true - [array] $Script:exportedInstances = Get-MgBetaDeviceManagementDerivedCredential -ErrorAction Stop + [array] $getValue = Get-MgBetaDeviceManagementDerivedCredential -ErrorAction Stop $i = 1 $dscContent = '' - if ($Script:exportedInstances.Length -eq 0) + if ($getValue.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } @@ -464,10 +468,10 @@ function Export-TargetResource { Write-Host "`r`n" -NoNewline } - foreach ($config in $Script:exportedInstances) + foreach ($config in $getValue) { $displayedKey = $config.Id - Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Ensure = 'Present' @@ -486,6 +490,7 @@ function Export-TargetResource ManagedIdentity = $ManagedIdentity.IsPresent } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 index d5503714c8..f3d1c5fa86 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 @@ -59,53 +59,60 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting the Intune Device and App Management Assignment Filter {$DisplayName}" - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ErrorAction Stop - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = @{ - DisplayName = $DisplayName - Ensure = 'Absent' - } + Write-Verbose -Message "Getting configuration of the Intune Device and App Management Assignment Filter with Id {$Identity} and DisplayName {$DisplayName}" try { - if (-not [System.String]::IsNullOrEmpty($Identity)) - { - Write-Verbose -Message "Checking if filter exists with identity {$Identity}." - $assignmentFilter = Get-MgBetaDeviceManagementAssignmentFilter -DeviceAndAppManagementAssignmentFilterId $Identity -ErrorAction 'SilentlyContinue' - } - - if ($null -eq $assignmentFilter) + if (-not $Script:exportedInstance) { - Write-Verbose -Message "No assignment filter with Identity {$Identity} was found." + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ErrorAction Stop + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = @{ + DisplayName = $DisplayName + Ensure = 'Absent' + } - Write-Verbose -Message "Checking if filter exists with DisplayName {$DisplayName}." - [array]$assignmentFilter = Get-MgBetaDeviceManagementAssignmentFilter -All | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } - if ($assignmentFilter.Length -gt 2) + if (-not [System.String]::IsNullOrEmpty($Identity)) { - Write-Error -Message "More than one Assignment Filter found with name {$DisplayName}" + Write-Verbose -Message "Checking if filter exists with identity {$Identity}." + $assignmentFilter = Get-MgBetaDeviceManagementAssignmentFilter -DeviceAndAppManagementAssignmentFilterId $Identity -ErrorAction 'SilentlyContinue' } - elseif ($assignmentFilter.Length -eq 0) + + if ($null -eq $assignmentFilter) { - Write-Verbose -Message "No assignment filter with name {$DisplayName} was found." - return $nullResult + Write-Verbose -Message "No assignment filter with Identity {$Identity} was found." + + Write-Verbose -Message "Checking if filter exists with DisplayName {$DisplayName}." + [array]$assignmentFilter = Get-MgBetaDeviceManagementAssignmentFilter -All | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } + if ($assignmentFilter.Length -gt 2) + { + Write-Error -Message "More than one Assignment Filter found with name {$DisplayName}" + } + elseif ($assignmentFilter.Length -eq 0) + { + Write-Verbose -Message "No assignment filter with name {$DisplayName} was found." + return $nullResult + } } } + else + { + $assignmentFilter = $Script:exportedInstance + } Write-Verbose -Message "Found assignment filter {$($assignmentFilter.displayName)}" @@ -453,6 +460,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $assignmentFilter $Results = Get-TargetResource @params if ($Results.Ensure -eq 'Present') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 index a7d57c5dec..c9056831c9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCategory/MSFT_IntuneDeviceCategory.psm1 @@ -46,33 +46,40 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Device Category {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + Write-Verbose -Message "Getting configuration of the Intune Device Category {$DisplayName}" try { - $category = Get-MgBetaDeviceManagementDeviceCategory -Filter "displayName eq '$DisplayName'" -All - - if ($null -eq $category) + if (-not $Script:exportedInstance) { - Write-Verbose -Message "No Device Category Identity {$Identity} was found" - return $nullResult + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $category = Get-MgBetaDeviceManagementDeviceCategory -Filter "displayName eq '$DisplayName'" -All + if ($null -eq $category) + { + Write-Verbose -Message "No Device Category with DisplayName {$DisplayName} was found" + return $nullResult + } + } + else + { + $category = $Script:exportedInstance } Write-Verbose -Message "Found Device Category with Identity {$Identity}" @@ -351,6 +358,8 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + + $Script:exportedInstance = $category $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 index c9c5895ece..5bfab30d79 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 @@ -57,29 +57,37 @@ function Get-TargetResource throw [System.ArgumentException]::new('DeviceInactivityBeforeRetirementInDays must be greater than 30 and less than 270 when Enabled is set to true.') } - Write-Verbose -Message 'Checking for the Intune Device Cleanup Rule' - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + Write-Verbose -Message 'Getting configuration of the Intune Device Cleanup Rule' try { - $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' - $cleanupRule = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' + $cleanupRule = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop + } + else + { + $cleanupRule = $Script:exportedInstance + } $return = @{ Enabled = $cleanupRule.deviceInactivityBeforeRetirementInDays -gt 0 @@ -379,6 +387,7 @@ function Export-TargetResource $params.Add('DeviceInactivityBeforeRetirementInDays', $cleanupRule.deviceInactivityBeforeRetirementInDays) } + $Script:exportedInstance = $cleanupRule $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 index 5d039b9697..efc6f73646 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 @@ -165,39 +165,48 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Android Device Compliance Policy {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + Write-Verbose -Message "Getting configuration of the Intune Android Device Compliance Policy {$DisplayName}" + try { - $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy -All ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidCompliancePolicy' -and ` - $_.displayName -eq $($DisplayName) } - - if (([array]$devicePolicy).count -gt 1) + if (-not $Script:exportedInstance) { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy -All ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidCompliancePolicy' -and ` + $_.displayName -eq $($DisplayName) } + + if (([array]$devicePolicy).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } + if ($null -eq $devicePolicy) + { + Write-Verbose -Message "No Android Device Compliance Policy with displayName {$DisplayName} was found" + return $nullResult + } } - if ($null -eq $devicePolicy) + else { - Write-Verbose -Message "No Android Device Compliance Policy with displayName {$DisplayName} was found" - return $nullResult + $devicePolicy = $Script:exportedInstance } Write-Verbose -Message "Found Android Device Compliance Policy with displayName {$DisplayName}" @@ -845,6 +854,8 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + + $Script:exportedInstance = $configDeviceAndroidPolicy $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 index 6b3e74cfb3..7bc5760adc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner/MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner.psm1 @@ -117,41 +117,50 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Android Work Profile Device Compliance Policy {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Android Work Profile Device Compliance Policy {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` - -All ` - -ErrorAction Stop | Where-Object ` - -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerCompliancePolicy' -and ` - $_.displayName -eq $($DisplayName) - } - if (([array]$devicePolicy).count -gt 1) + if (-not $Script:exportedInstance) { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerCompliancePolicy' -and ` + $_.displayName -eq $($DisplayName) + } + if (([array]$devicePolicy).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } + if ($null -eq $devicePolicy) + { + Write-Verbose -Message "No Intune Android Device Owner Device Compliance Policy with displayName {$DisplayName} was found" + return $nullResult + } } - if ($null -eq $devicePolicy) + else { - Write-Verbose -Message "No Intune Android Device Owner Device Compliance Policy with displayName {$DisplayName} was found" - return $nullResult + $devicePolicy = $Script:exportedInstance } Write-Verbose -Message "Found Intune Android Device Owner Device Compliance Policy with displayName {$DisplayName}" @@ -698,6 +707,8 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + + $Script:exportedInstance = $configDeviceAndroidPolicy $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 index 22db00a858..5e8d819ee4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 @@ -116,7 +116,6 @@ function Get-TargetResource [ValidateSet('basic', 'hardwareBacked')] $SecurityRequiredAndroidSafetyNetEvaluationType, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -155,39 +154,48 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Android Work Profile Device Compliance Policy {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + Write-Verbose -Message "Getting configuration of the Intune Android Work Profile Device Compliance Policy {$DisplayName}" - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` - -All ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileCompliancePolicy' -and ` - $_.displayName -eq $($DisplayName) } - if (([array]$devicePolicy).count -gt 1) + if (-not $Script:exportedInstance) { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` + -All ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileCompliancePolicy' -and ` + $_.displayName -eq $($DisplayName) } + if (([array]$devicePolicy).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } + if ($null -eq $devicePolicy) + { + Write-Verbose -Message "No Intune Android Work Profile Device Compliance Policy with displayName {$DisplayName} was found" + return $nullResult + } } - if ($null -eq $devicePolicy) + else { - Write-Verbose -Message "No Intune Android Work Profile Device Compliance Policy with displayName {$DisplayName} was found" - return $nullResult + $devicePolicy = $Script:exportedInstance } Write-Verbose -Message "Found Intune Android Work Profile Device Compliance Policy with displayName {$DisplayName}" @@ -809,6 +817,8 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + + $Script:exportedInstance = $configDeviceAndroidPolicy $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 index c7127f5894..b303443476 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyMacOS/MSFT_IntuneDeviceCompliancePolicyMacOS.psm1 @@ -138,39 +138,48 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Device Compliance MacOS Policy {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + Write-Verbose -Message "Getting configuration of the Intune Device Compliance MacOS Policy {$DisplayName}" - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` - -All ` - -ErrorAction Stop | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSCompliancePolicy' -and ` - $_.displayName -eq $($DisplayName) } - if (([array]$devicePolicy).count -gt 1) + if (-not $Script:exportedInstance) { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSCompliancePolicy' -and ` + $_.displayName -eq $($DisplayName) } + if (([array]$devicePolicy).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } + if ($null -eq $devicePolicy) + { + Write-Verbose -Message "No MacOS Device Compliance Policy with displayName {$DisplayName} was found" + return $nullResult + } } - if ($null -eq $devicePolicy) + else { - Write-Verbose -Message "No MacOS Device Compliance Policy with displayName {$DisplayName} was found" - return $nullResult + $devicePolicy = $Script:exportedInstance } Write-Verbose -Message "Found MacOS Device Compliance Policy with displayName {$DisplayName}" @@ -759,6 +768,8 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + + $Script:exportedInstance = $configDeviceMacOsPolicy $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 index c22933a470..8ec8893832 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 @@ -180,39 +180,48 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Device Compliance Windows 10 Policy {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Device Compliance Windows 10 Policy {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` - -All ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10CompliancePolicy' -and ` - $_.displayName -eq $($DisplayName) } - if (([array]$devicePolicy).count -gt 1) + if (-not $Script:exportedInstance) { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` + -All ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10CompliancePolicy' -and ` + $_.displayName -eq $($DisplayName) } + if (([array]$devicePolicy).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } + if ($null -eq $devicePolicy) + { + Write-Verbose -Message "No Windows 10 Device Compliance Policy with displayName {$DisplayName} was found" + return $nullResult + } } - if ($null -eq $devicePolicy) + else { - Write-Verbose -Message "No Windows 10 Device Compliance Policy with displayName {$DisplayName} was found" - return $nullResult + $devicePolicy = $Script:exportedInstance } $complexValidOperatingSystemBuildRanges = @() @@ -924,6 +933,8 @@ function Export-TargetResource ManagedIdentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + + $Script:exportedInstance = $configDeviceWindowsPolicy $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 index da86e30460..5dd9499160 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 @@ -129,39 +129,48 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Device Compliance iOS Policy {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Device Compliance iOS Policy {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` - -All ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosCompliancePolicy' -and ` - $_.displayName -eq $($DisplayName) } - if (([array]$devicePolicy).count -gt 1) + if (-not $Script:exportedInstance) { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` + -All ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosCompliancePolicy' -and ` + $_.displayName -eq $($DisplayName) } + if (([array]$devicePolicy).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } + if ($null -eq $devicePolicy) + { + Write-Verbose -Message "No iOS Device Compliance Policy with displayName {$DisplayName} was found" + return $nullResult + } } - if ($null -eq $devicePolicy) + else { - Write-Verbose -Message "No iOS Device Compliance Policy with displayName {$DisplayName} was found" - return $nullResult + $devicePolicy = $Script:exportedInstance } Write-Verbose -Message "Found iOS Device Compliance Policy with displayName {$DisplayName}" @@ -739,6 +748,8 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + + $Script:exportedInstance = $configDeviceiOsPolicy $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index 3d9afb7b6d..d1cba146aa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -65,52 +65,64 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementGroupPolicyConfiguration -GroupPolicyConfigurationId $Id -ErrorAction SilentlyContinue + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementGroupPolicyConfiguration -GroupPolicyConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementGroupPolicyConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Administrative Template Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult - } - if (([array]$getValue).count -gt 1) + Write-Verbose -Message "Could not find an Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + $getValue = Get-MgBetaDeviceManagementGroupPolicyConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Administrative Template Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + if (([array]$getValue).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } } } + #endregion + } + else + { + $getValue = $Script:exportedInstance } - #endregion $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -854,6 +866,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 index 51e53f4a99..3e96f98a9c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 @@ -64,56 +64,68 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Custom Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Custom Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10CustomConfiguration' ` - } + Write-Verbose -Message "Could not find an Intune Device Configuration Custom Policy for Windows10 with Id {$Id}" - if ($null -eq $getValue) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { - Write-Verbose -Message "Could not find an Intune Device Configuration Custom Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult - } - if (([array]$getValue).count -gt 1) - { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10CustomConfiguration' ` + } + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Custom Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + if (([array]$getValue).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } } } + #endregion + } + else + { + $getValue = $Script:exportedInstance } - #endregion $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Custom Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -620,6 +632,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 index fc55b2aea2..f13db8a77c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.psm1 @@ -84,55 +84,67 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Defender For Endpoint Onboarding Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Defender For Endpoint Onboarding Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsDefenderAdvancedThreatProtectionConfiguration' ` - } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Defender For Endpoint Onboarding Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult - } - if (([array]$getValue).count -gt 1) + Write-Verbose -Message "Could not find an Intune Device Configuration Defender For Endpoint Onboarding Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsDefenderAdvancedThreatProtectionConfiguration' ` + } + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Defender For Endpoint Onboarding Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + if (([array]$getValue).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } } } + #endregion + } + else + { + $getValue = $Script:exportedInstance } - #endregion $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Defender For Endpoint Onboarding Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -626,6 +638,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 index 9d52eeba74..fc344e4161 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.psm1 @@ -131,53 +131,65 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Delivery Optimization Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Delivery Optimization Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Device Configuration Delivery Optimization Policy for Windows10 with Id {$Id}" - if ($null -eq $getValue) + if (-not [string]::IsNullOrEmpty($DisplayName)) { - Write-Verbose -Message "Could not find an Intune Device Configuration Delivery Optimization Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult - } - if (([array]$getValue).count -gt 1) - { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Delivery Optimization Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + if (([array]$getValue).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } } } + #endregion + } + else + { + $getValue = $Script:exportedInstance } - #endregion $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Delivery Optimization Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -840,6 +852,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 index 2e55eef151..243fa63050 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10/MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10.psm1 @@ -76,55 +76,67 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Domain Join Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Domain Join Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsDomainJoinConfiguration' ` - } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Domain Join Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult - } - if (([array]$getValue).count -gt 1) + Write-Verbose -Message "Could not find an Intune Device Configuration Domain Join Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsDomainJoinConfiguration' ` + } + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Domain Join Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + if (([array]$getValue).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } } } + #endregion + } + else + { + $getValue = $Script:exportedInstance } - #endregion $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Domain Join Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -581,6 +593,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10.psm1 index 7390040c02..e6964c3c87 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10/MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10.psm1 @@ -114,56 +114,68 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Email Profile Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Email Profile Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10EasEmailProfileConfiguration' ` - } + Write-Verbose -Message "Could not find an Intune Device Configuration Email Profile Policy for Windows10 with Id {$Id}" - if ($null -eq $getValue) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { - Write-Verbose -Message "Could not find an Intune Device Configuration Email Profile Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult - } - if (([array]$getValue).count -gt 1) - { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10EasEmailProfileConfiguration' ` + } + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Email Profile Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + if (([array]$getValue).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } } } + #endregion + } + else + { + $getValue = $Script:exportedInstance } - #endregion $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Email Profile Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -743,6 +755,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 index aa2de10ce6..5627cd5e9e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1 @@ -1025,56 +1025,68 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Endpoint Protection Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}." + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Endpoint Protection Policy for Windows10 with Id {$Id}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if (-Not [string]::IsNullOrEmpty($DisplayName)) + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10EndpointProtectionConfiguration' - } + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Endpoint Protection Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult - } - if (([array]$getValue).count -gt 1) + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Endpoint Protection Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) { - throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10EndpointProtectionConfiguration' + } + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Endpoint Protection Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + if (([array]$getValue).count -gt 1) + { + throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique" + } } } + #endregion + } + else + { + $getValue = $Script:exportedInstance } - #endregion $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Endpoint Protection Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -4990,6 +5002,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @params if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 index 795ff7ce4a..e4e8588758 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.psm1 @@ -165,50 +165,62 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Firmware Interface Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Firmware Interface Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10DeviceFirmwareConfigurationInterface' ` + Write-Verbose -Message "Could not find an Intune Device Configuration Firmware Interface Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10DeviceFirmwareConfigurationInterface' ` + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Firmware Interface Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Firmware Interface Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Firmware Interface Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -983,6 +995,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 index 8cac254daf..3af89828a2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.psm1 @@ -74,47 +74,59 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with Id {$Id}" - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Health Monitoring Configuration Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -578,6 +590,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 index d398679977..3b3c03fedc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.psm1 @@ -119,47 +119,59 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Identity Protection Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Identity Protection Policy for Windows10 with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Identity Protection Policy for Windows10 with Id {$Id}" - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Device Configuration Identity Protection Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Identity Protection Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Identity Protection Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -731,6 +743,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 index e0b433829b..9adcf4fef6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.psm1 @@ -89,50 +89,62 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Imported Pfx Certificate Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Imported Pfx Certificate Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10ImportedPFXCertificateProfile' ` + Write-Verbose -Message "Could not find an Intune Device Configuration Imported Pfx Certificate Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10ImportedPFXCertificateProfile' ` + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Imported Pfx Certificate Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Imported Pfx Certificate Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Imported Pfx Certificate Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -644,6 +656,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 index 9bae201594..c880eb1cd9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10/MSFT_IntuneDeviceConfigurationKioskPolicyWindows10.psm1 @@ -96,50 +96,62 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Kiosk Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Kiosk Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsKioskConfiguration' ` + Write-Verbose -Message "Could not find an Intune Device Configuration Kiosk Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsKioskConfiguration' ` + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Kiosk Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Kiosk Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Kiosk Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -810,6 +822,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 index fe0180b9b4..1ff63a0018 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 @@ -64,49 +64,61 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Network Boundary Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Network Boundary Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' + Write-Verbose -Message "Could not find an Intune Device Configuration Network Boundary Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object -FilterScript { + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Network Boundary Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Network Boundary Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Network Boundary Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -573,6 +585,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 index b8c8708958..9503e909aa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.psm1 @@ -117,50 +117,62 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Pkcs Certificate Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Pkcs Certificate Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10PkcsCertificateProfile' ` + Write-Verbose -Message "Could not find an Intune Device Configuration Pkcs Certificate Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10PkcsCertificateProfile' ` + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Pkcs Certificate Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Pkcs Certificate Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Pkcs Certificate Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -764,6 +776,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS.psm1 index 4c90f2ae55..2d2737885a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS/MSFT_IntuneDeviceConfigurationPlatformScriptMacOS.psm1 @@ -85,6 +85,8 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Platform Script for MacOS with Id {$Id} and DisplayName {$DisplayName}" + try { $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptWindows/MSFT_IntuneDeviceConfigurationPlatformScriptWindows.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptWindows/MSFT_IntuneDeviceConfigurationPlatformScriptWindows.psm1 index 1c5729302c..03e034b5c1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptWindows/MSFT_IntuneDeviceConfigurationPlatformScriptWindows.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPlatformScriptWindows/MSFT_IntuneDeviceConfigurationPlatformScriptWindows.psm1 @@ -81,6 +81,8 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Platform Script for Windows with Id {$Id} and DisplayName {$DisplayName}" + try { $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 index 97fdb3ab42..16da4d3221 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -221,7 +221,6 @@ function Get-TargetResource [System.Boolean] $WiFiBlocked, - [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -261,48 +260,48 @@ function Get-TargetResource $AccessTokens ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Policy Android Device Administrator with Id {$Id} and DisplayName {$DisplayName}" - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - if (-not [System.String]::IsNullOrEmpty($Id)) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - } - else + if (-not $Script:exportedInstance) { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + $getValue = $null - } + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidGeneralDeviceConfiguration' ` + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidGeneralDeviceConfiguration' ` + } } } + else + { + $getValue = $Script:exportedInstance + } #endregion $complexAppsHideList = @() $currentValueArray = $getValue.AdditionalProperties.appsHideList @@ -1295,6 +1294,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 index 20bfc55b21..7bd52fc2a2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner.psm1 @@ -615,52 +615,56 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Policy Android Device Owner with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message $_ - } + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - try - { - $getValue = $null + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + if (-not $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration' ` + } + } + #endregion - if (-not $getValue) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerGeneralDeviceConfiguration' ` + if ($null -eq $getValue) + { + Write-Verbose -Message "Nothing with id {$id} was found" + return $nullResult } } - #endregion - - if ($null -eq $getValue) + else { - Write-Verbose -Message "Nothing with id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } Write-Verbose -Message "Found something with id {$id}" @@ -2522,6 +2526,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 index a1af645dd3..9ee77faaa8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -113,63 +113,63 @@ function Get-TargetResource $AccessTokens ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Policy Android Open Source Project with Id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - if (-not [System.String]::IsNullOrEmpty($Id)) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - } - else + if (-not $Script:exportedInstance) { - $getValue = $null - } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - #region resource generator code - if ($null -eq $getValue) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.aospDeviceOwnerDeviceConfiguration' ` - } - } - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - if ($null -eq $getValue) - { - if (-not [String]::IsNullOrEmpty($Id)) + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [System.String]::IsNullOrEmpty($Id)) { - Write-Verbose -Message "Nothing with id {$Id} was found" + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } - else + + #region resource generator code + if ($null -eq $getValue) { - Write-Verbose -Message "Nothing with display name {$DisplayName} was found" + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.aospDeviceOwnerDeviceConfiguration' ` + } } + #endregion + + if ($null -eq $getValue) + { + if (-not [String]::IsNullOrEmpty($Id)) + { + Write-Verbose -Message "Nothing with id {$Id} was found" + } + else + { + Write-Verbose -Message "Nothing with display name {$DisplayName} was found" + } - return $nullResult + return $nullResult + } + } + else + { + $getValue = $Script:exportedInstance } Write-Verbose -Message "Found something with id {$($getValue.Id)}" @@ -756,6 +756,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 index 204910d7c5..2bd12fd531 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 @@ -236,43 +236,50 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Device Configuration Policy {$DisplayName}" + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Policy Android for Work Profile {$DisplayName}" - $M365DSCConnectionSplat = @{ - Workload = 'MicrosoftGraph' - InboundParameters = $PSBoundParameters - } - $ConnectionMode = New-M365DSCConnection @M365DSCConnectionSplat + try + { + if (-not $Script:exportedInstance) + { + $M365DSCConnectionSplat = @{ + Workload = 'MicrosoftGraph' + InboundParameters = $PSBoundParameters + } + $ConnectionMode = New-M365DSCConnection @M365DSCConnectionSplat - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $data = [System.Collections.Generic.Dictionary[[String], [String]]]::new() - $data.Add('Resource', $ResourceName) - $data.Add('Method', $MyInvocation.MyCommand) - $data.Add('Principal', $Credential.UserName) - $data.Add('TenantId', $TenantId) - $data.Add('ConnectionMode', $ConnectionMode) - Add-M365DSCTelemetryEvent -Data $data - #endregion + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $data = [System.Collections.Generic.Dictionary[[String], [String]]]::new() + $data.Add('Resource', $ResourceName) + $data.Add('Method', $MyInvocation.MyCommand) + $data.Add('Principal', $Credential.UserName) + $data.Add('TenantId', $TenantId) + $data.Add('ConnectionMode', $ConnectionMode) + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - try - { - $policy = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "displayName eq '$DisplayName'" ` - -ErrorAction Stop | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration' } + $policy = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "displayName eq '$DisplayName'" ` + -ErrorAction Stop | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration' } - if ($null -eq $policy) + if ($null -eq $policy) + { + Write-Verbose -Message "No Intune Device Configuration Policy Android for Work Profile with {$DisplayName} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Device Configuration Policy {$DisplayName} was found" - return $nullResult + $policy = $Script:exportedInstance } - Write-Verbose -Message "Found Device Configuration Policy {$DisplayName}" + Write-Verbose -Message "An Intune Device Configuration Policy Android for Work Profile with {$DisplayName} was found" $results = @{ Description = $policy.Description DisplayName = $policy.DisplayName @@ -1069,6 +1076,8 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + + $Script:exportedInstance = $policy $Results = Get-TargetResource @Params if ($Results.Assignments) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 index ca2c35fb20..cffd4816d0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.psm1 @@ -301,59 +301,59 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Policy for MacOS with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - try - { - try - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction Stop - } - catch - { $getValue = $null - } + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSGeneralDeviceConfiguration' ` + } - #region resource generator code - if ($null -eq $getValue) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSGeneralDeviceConfiguration' ` } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Nothing with id {$Id} was found" + return $nullResult + } } - #endregion - - if ($null -eq $getValue) + else { - Write-Verbose -Message "Nothing with id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } - Write-Verbose -Message "Found something with id {$($getValue.id)}" + Write-Verbose -Message "Found something with id {$($getValue.Id)}" $results = @{ #region resource generator code @@ -1348,6 +1348,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 index 992362c18e..7363f4d12a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 @@ -1239,51 +1239,62 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Device Configuration Policy {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Policy for Windows 10 with Id {$Id} and DisplayName {$DisplayName}" try { - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - Write-Verbose -Message "Could not find an Intune Device Configuration Policy for Windows10 with Id {$Id}" + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' ` + Write-Verbose -Message "Could not find an Intune Device Configuration Policy for Windows10 with Id {$Id}" + + if (-not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' ` + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -4776,6 +4787,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 index 56f354bbd8..a22dcb910f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyiOS/MSFT_IntuneDeviceConfigurationPolicyiOS.psm1 @@ -810,50 +810,55 @@ function Get-TargetResource $AccessTokens ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Policy for iOS with Id {$Id} and DisplayName {$DisplayName}" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $getValue = $null + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + if (-not $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosGeneralDeviceConfiguration' ` + } + } + #endregion - if (-not $getValue) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosGeneralDeviceConfiguration' ` + if ($null -eq $getValue) + { + Write-Verbose -Message "Nothing with id {$id} was found" + return $nullResult } } - #endregion - - if ($null -eq $getValue) + else { - Write-Verbose -Message "Nothing with id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } Write-Verbose -Message "Found something with id {$id}" @@ -3086,6 +3091,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 index 0b4497b084..d43b29acb3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 @@ -132,50 +132,62 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Scep Certificate Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Scep Certificate Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows81SCEPCertificateProfile' ` + Write-Verbose -Message "Could not find an Intune Device Configuration Scep Certificate Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows81SCEPCertificateProfile' ` + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Scep Certificate Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Scep Certificate Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Scep Certificate Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -913,6 +925,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 index c69bfe70c8..26373fbead 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.psm1 @@ -89,50 +89,62 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Secure Assessment Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Secure Assessment Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10SecureAssessmentConfiguration' ` + Write-Verbose -Message "Could not find an Intune Device Configuration Secure Assessment Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10SecureAssessmentConfiguration' ` + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Secure Assessment Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Secure Assessment Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Secure Assessment Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -621,6 +633,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 index 41ae7f82e6..0e63b9eacd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.psm1 @@ -135,50 +135,62 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Shared Multi Device Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Shared Multi Device Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.sharedPCConfiguration' ` + Write-Verbose -Message "Could not find an Intune Device Configuration Shared Multi Device Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.sharedPCConfiguration' ` + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Shared Multi Device Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Shared Multi Device Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Shared Multi Device Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -844,6 +856,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 index 8b948dc3c8..a05e57efcf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.psm1 @@ -69,50 +69,62 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Trusted Certificate Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Trusted Certificate Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows81TrustedRootCertificate' ` + Write-Verbose -Message "Could not find an Intune Device Configuration Trusted Certificate Policy for Windows10 with Id {$Id}" + + if (-not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows81TrustedRootCertificate' ` + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Trusted Certificate Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Trusted Certificate Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Trusted Certificate Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -556,6 +568,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 index 81fd5f7ace..b0a08bbd14 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10/MSFT_IntuneDeviceConfigurationVpnPolicyWindows10.psm1 @@ -167,50 +167,62 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Vpn Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Vpn Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10VpnConfiguration' ` + Write-Verbose -Message "Could not find an Intune Device Configuration Vpn Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10VpnConfiguration' ` + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Vpn Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Vpn Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Vpn Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -1084,6 +1096,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 index 96758bfbf8..5beb975699 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10/MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10.psm1 @@ -142,50 +142,62 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Windows Team Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Windows Team Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10TeamGeneralConfiguration' ` + Write-Verbose -Message "Could not find an Intune Device Configuration Windows Team Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10TeamGeneralConfiguration' ` + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Windows Team Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Windows Team Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Windows Team Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -807,6 +819,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 index e8f2cf23e1..11497f756f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 @@ -177,50 +177,62 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Configuration Wired Network Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Configuration Wired Network Policy for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsWiredNetworkConfiguration' ` + Write-Verbose -Message "Could not find an Intune Device Configuration Wired Network Policy for Windows10 with Id {$Id}" + + if (-not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsWiredNetworkConfiguration' ` + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Wired Network Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Configuration Wired Network Policy for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Wired Network Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -1119,6 +1131,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 index e43ef47cfc..9e395afadc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.psm1 @@ -234,55 +234,64 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Control Policy for Windows10 with Id {$Id} and Name {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - if (-not [System.String]::IsNullOrEmpty($Id)) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Control Policy for Windows10 with Id {$Id}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Device Control Policy for Windows10 with Id {$Id}" - if ($getValue.Length -gt 1) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - throw "Duplicate Intune Device Control Policy for Windows10 named $DisplayName exist in tenant" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Device Control Policy for Windows10 named $DisplayName exist in tenant" + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Control Policy for Windows10 with Name {$DisplayName}." + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Device Control Policy for Windows10 with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Control Policy for Windows10 with Id {$Id} and Name {$DisplayName} was found" @@ -1102,6 +1111,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 index de2fe908c7..e25503ede3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentLimitRestriction/MSFT_IntuneDeviceEnrollmentLimitRestriction.psm1 @@ -51,34 +51,42 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Device Enrollment Limit Restriction {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters + Write-Verbose -Message "Getting configuration of the Intune Device Enrollment Limit Restriction {$DisplayName}" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + try + { + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - try - { - $config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -All -Filter "displayName eq '$DisplayName'" ` - | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.deviceEnrollmentLimitConfiguration' } + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if ($null -eq $config) + $config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -All -Filter "displayName eq '$DisplayName'" ` + | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.deviceEnrollmentLimitConfiguration' } + + if ($null -eq $config) + { + Write-Verbose -Message "No Device Enrollment Limit Restriction {$DisplayName} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Device Enrollment Limit Restriction {$DisplayName} was found" - return $nullResult + $config = $Script:exportedInstance } Write-Verbose -Message "Found Device Enrollment Limit Restriction with Name {$DisplayName}" @@ -378,6 +386,8 @@ function Export-TargetResource Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index f3e30f625a..1b382c7597 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -94,72 +94,78 @@ function Get-TargetResource [System.String[]] $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Device Enrollment Restriction {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $PlatformType = '' - $keys = (([Hashtable]$PSBoundParameters).Clone()).Keys - foreach ($key in $keys) - { - if ($null -ne $PSBoundParameters.$key -and $PSBoundParameters.$key.getType().Name -like '*cimInstance*' -and $key -like '*Restriction') - { - if ($DeviceEnrollmentConfigurationType -eq 'singlePlatformRestriction' ) - { - $PlatformType = $key.replace('Restriction', '') - break - } - } - } + Write-Verbose -Message "Getting configuration of the Intune Device Enrollment Restriction with Id {$Identity} and DisplayName {$DisplayName}" try { - try - { - $config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $Identity -ErrorAction Stop - } - catch - { - $config = $null - } - - if ($null -eq $config) + if (-not $Script:exportedInstance) { - Write-Verbose -Message "Could not find an Intune Device Enrollment Platform Restriction with Id {$Identity}" - $config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -All -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object -FilterScript { - $_.AdditionalProperties.'@odata.type' -like '#microsoft.graph.deviceEnrollmentPlatformRestriction*Configuration' -and - $(if ($null -ne $_.AdditionalProperties.platformType) + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $PlatformType = '' + $keys = (([Hashtable]$PSBoundParameters).Clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $PSBoundParameters.$key -and $PSBoundParameters.$key.getType().Name -like '*cimInstance*' -and $key -like '*Restriction') + { + if ($DeviceEnrollmentConfigurationType -eq 'singlePlatformRestriction' ) { - $_.AdditionalProperties.platformType -eq $PlatformType + $PlatformType = $key.replace('Restriction', '') + break } - else - { - $true - }) + } + } + + $config = $null + if (-not [string]::IsNullOrEmpty($Identity)) + { + $config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $Identity -ErrorAction Stop } if ($null -eq $config) { - Write-Verbose -Message "Could not find an Intune Device Enrollment Platform Restriction with DisplayName {$DisplayName}" - return $nullResult + Write-Verbose -Message "Could not find an Intune Device Enrollment Platform Restriction with Id {$Identity}" + $config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -All -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object -FilterScript { + $_.AdditionalProperties.'@odata.type' -like '#microsoft.graph.deviceEnrollmentPlatformRestriction*Configuration' -and + $(if ($null -ne $_.AdditionalProperties.platformType) + { + $_.AdditionalProperties.platformType -eq $PlatformType + } + else + { + $true + }) + } + + if ($null -eq $config) + { + Write-Verbose -Message "Could not find an Intune Device Enrollment Platform Restriction with DisplayName {$DisplayName}" + return $nullResult + } } } + else + { + $config = $Script:exportedInstance + } Write-Verbose -Message "Found Intune Device Enrollment Platform Restriction with Name {$($config.DisplayName)}" $results = @{ @@ -733,6 +739,8 @@ function Export-TargetResource ManagedIdentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } + + $Script:exportedInstance = $config $Results = Get-TargetResource @Params if ($null -ne $Results.Assignments) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 index 445e2d2428..53b5f4ba5e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 @@ -112,63 +112,73 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Enrollment Status Page for Windows 10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - Write-Verbose -Message "Getting configuration of the Intune Device Enrollment Status Page for Windows 10 with Id {$Id} and DisplayName {$DisplayName}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + if ($PSBoundParameters.ContainsKey('SelectedMobileAppIds') -and $PSBoundParameters.ContainsKey('SelectedMobileAppNames')) + { + Write-Verbose -Message '[WARNING] Both SelectedMobileAppIds and SelectedMobileAppNames are specified. SelectedMobileAppNames will be ignored!' + } - if ($PSBoundParameters.ContainsKey('SelectedMobileAppIds') -and $PSBoundParameters.ContainsKey('SelectedMobileAppNames')) - { - Write-Verbose -Message '[WARNING] Both SelectedMobileAppIds and SelectedMobileAppNames are specified. SelectedMobileAppNames will be ignored!' - } + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $Id -ErrorAction SilentlyContinue ` + | Where-Object -FilterScript { $null -ne $_.DisplayName } + } - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $Id -ErrorAction SilentlyContinue ` - | Where-Object -FilterScript { $null -ne $_.DisplayName } + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Enrollment Configuration for Windows10 with Id {$Id}" - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Enrollment Configuration for Windows10 with Id {$Id}" + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10EnrollmentCompletionPageConfiguration' ` + } | Where-Object -FilterScript { $null -ne $_.DisplayName } + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Enrollment Configuration for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($getValue -is [Array] -and $getValue.Length -gt 1) { - $getValue = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10EnrollmentCompletionPageConfiguration' ` - } | Where-Object -FilterScript { $null -ne $_.DisplayName } + Throw "The DisplayName {$DisplayName} returned multiple policies, make sure DisplayName is unique." } } - #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Device Enrollment Configuration for Windows10 with DisplayName {$DisplayName}" - return $nullResult - } - - if ($getValue -is [Array] -and $getValue.Length -gt 1) + else { - Throw "The DisplayName {$DisplayName} returned multiple policies, make sure DisplayName is unique." + $getValue = $Script:exportedInstance } $Id = $getValue.Id @@ -756,6 +766,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 index d2805adee7..2a0ae38b7c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 @@ -116,53 +116,63 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Android Device Owner Enrollment Profile {$DisplayName}" - New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters | Out-Null - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + Write-Verbose -Message "Getting configuration of the Intune Android Device Owner Enrollment Profile with Id {$Id} and DisplayName {$DisplayName}" + try { - if (-not [System.String]::IsNullOrEmpty($Id)) + if (-not $Script:exportedInstance) { - Write-Verbose -Message 'Trying to retrieve profile by Id' - $androidDeviceOwnerEnrollmentProfile = Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile ` - -AndroidDeviceOwnerEnrollmentProfileId $Id - } - if ($null -eq $androidDeviceOwnerEnrollmentProfile) - { - Write-Verbose -Message 'Trying to retrieve profile by DisplayName' - $androidDeviceOwnerEnrollmentProfile = Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile ` - -All ` - -Filter "displayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue - - # Need to do another call by id to get QrCode info. Can't just expand the property. - if ($null -ne $androidDeviceOwnerEnrollmentProfile) + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $androidDeviceOwnerEnrollmentProfile = $null + if (-not [System.String]::IsNullOrEmpty($Id)) { - Write-Verbose -Message 'Found by DisplayName, now retrieving additional details by id.' + Write-Verbose -Message 'Trying to retrieve profile by Id' $androidDeviceOwnerEnrollmentProfile = Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile ` - -AndroidDeviceOwnerEnrollmentProfileId $androidDeviceOwnerEnrollmentProfile.Id + -AndroidDeviceOwnerEnrollmentProfileId $Id } - } + if ($null -eq $androidDeviceOwnerEnrollmentProfile) + { + Write-Verbose -Message 'Trying to retrieve profile by DisplayName' + $androidDeviceOwnerEnrollmentProfile = Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile ` + -All ` + -Filter "displayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue - if ($null -eq $androidDeviceOwnerEnrollmentProfile) + # Need to do another call by id to get QrCode info. Can't just expand the property. + if ($null -ne $androidDeviceOwnerEnrollmentProfile) + { + Write-Verbose -Message 'Found by DisplayName, now retrieving additional details by id.' + $androidDeviceOwnerEnrollmentProfile = Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile ` + -AndroidDeviceOwnerEnrollmentProfileId $androidDeviceOwnerEnrollmentProfile.Id + } + } + + if ($null -eq $androidDeviceOwnerEnrollmentProfile) + { + Write-Verbose -Message "No AndroidDeviceOwnerEnrollmentProfiles with {$Id} was found." + return $nullResult + } + } + else { - Write-Verbose -Message "No AndroidDeviceOwnerEnrollmentProfiles with {$Id} was found." - return $nullResult + $androidDeviceOwnerEnrollmentProfile = $Script:exportedInstance } $QrCodeImageValue = $null @@ -657,6 +667,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 index 56b2d35928..c132737f12 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 @@ -46,27 +46,30 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message 'Checking for the Intune Device Management Compliance Settings' - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message 'Getting configuration of the Intune Device Management Compliance Settings' - $nullResult = $PSBoundParameters try { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/settings' $settings = Invoke-MgGraphRequest -Method 'GET' -Uri $uri + $results = @{ IsSingleInstance = 'Yes' DeviceComplianceCheckinThresholdDays = $settings.deviceComplianceCheckinThresholdDays diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 index 3bc1e3949f..cd1363d554 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 @@ -70,32 +70,45 @@ function Get-TargetResource $AccessTokens ) - New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters | Out-Null + Write-Verbose -Message "Getting configuration of the Intune Device Management Android Google Play Enrollment with Id {$Id} and DisplayName {$DisplayName}" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $allSettings = Get-MgBetaDeviceManagementAndroidManagedStoreAccountEnterpriseSetting - $specificSetting = $allSettings | Where-Object { $_.id -eq $Id } + if (-not $Script:exportedInstance) + { + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if (-not $specificSetting) + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + if (-not [string]::IsNullOrEmpty($Id)) + { + $allSettings = Get-MgBetaDeviceManagementAndroidManagedStoreAccountEnterpriseSetting + $specificSetting = $allSettings | Where-Object { $_.id -eq $Id } + } + + if (-not $specificSetting) + { + Write-Verbose "No Android Managed Store Account Enterprise Setting found with Id $Id." + return $nullResult + } + } + else { - Write-Verbose "No Android Managed Store Account Enterprise Setting found with Id $Id." - return $nullResult + $specificSetting = $Script:exportedInstance } $result = @{ @@ -445,12 +458,12 @@ function Export-TargetResource try { $Script:ExportMode = $true - [array] $Script:getInstances = Get-MgBetaDeviceManagementAndroidManagedStoreAccountEnterpriseSetting ` + [array] $getValue = Get-MgBetaDeviceManagementAndroidManagedStoreAccountEnterpriseSetting ` -ErrorAction Stop $i = 1 $dscContent = '' - if ($Script:getInstances.Length -eq 0) + if ($getValue.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } @@ -459,7 +472,7 @@ function Export-TargetResource Write-Host "`r`n" -NoNewline } - foreach ($config in $Script:getInstances) + foreach ($config in $getValue) { if ($null -ne $Global:M365DSCExportResourceInstancesCount) { @@ -467,7 +480,7 @@ function Export-TargetResource } $displayedKey = $config.Id - Write-Host " |---[$i/$($Script:getInstances.Count)] $displayedKey" -NoNewline + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id @@ -481,6 +494,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceRemediation/MSFT_IntuneDeviceRemediation.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceRemediation/MSFT_IntuneDeviceRemediation.psm1 index 44044a2ca2..98052d262e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceRemediation/MSFT_IntuneDeviceRemediation.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceRemediation/MSFT_IntuneDeviceRemediation.psm1 @@ -102,6 +102,8 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Device Remediation with Id {$Id} and DisplayName {$DisplayName}" + try { $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 index f5d0269441..ae9f6e1ccc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 @@ -95,58 +95,67 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Disk Encryption for MacOS with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - if (-not [System.String]::IsNullOrEmpty($Id)) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $Id -ErrorAction SilentlyContinue - } - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Disk Encryption for macOS with Id {$Id}" + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementIntent ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.TemplateId -eq 'a239407c-698d-4ef8-b314-e3ae409204b8' ` - } + Write-Verbose -Message "Could not find an Intune Disk Encryption for macOS with Id {$Id}" - if ($getValue.Length -gt 1) + if (-Not [string]::IsNullOrEmpty($DisplayName)) { - throw "Duplicate Intune Disk Encryption for macOS named $DisplayName exist in tenant" + $getValue = Get-MgBetaDeviceManagementIntent ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.TemplateId -eq 'a239407c-698d-4ef8-b314-e3ae409204b8' ` + } + + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Disk Encryption for macOS named $DisplayName exist in tenant" + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Disk Encryption for macOS with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Disk Encryption for macOS with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Disk Encryption for macOS with Id {$Id} and DisplayName {$DisplayName} was found." @@ -709,6 +718,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionPDEPolicyWindows10/MSFT_IntuneDiskEncryptionPDEPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionPDEPolicyWindows10/MSFT_IntuneDiskEncryptionPDEPolicyWindows10.psm1 index ae6b01ee6c..b95952ed97 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionPDEPolicyWindows10/MSFT_IntuneDiskEncryptionPDEPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionPDEPolicyWindows10/MSFT_IntuneDiskEncryptionPDEPolicyWindows10.psm1 @@ -80,47 +80,59 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Disk Encryption PDE Policy with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Disk Encryption PDE Policy for Windows10 with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Disk Encryption PDE Policy for Windows10 with Id {$Id}" - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter "Name eq '$DisplayName'" ` + -All ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -Filter "Name eq '$DisplayName'" ` - -All ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Disk Encryption PDE Policy for Windows10 with Name {$DisplayName}." + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Disk Encryption PDE Policy for Windows10 with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Disk Encryption PDE Policy for Windows10 with Id {$Id} and Name {$DisplayName} was found" @@ -600,6 +612,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/MSFT_IntuneDiskEncryptionWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/MSFT_IntuneDiskEncryptionWindows10.psm1 index 3be406b180..ba376ad5b4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/MSFT_IntuneDiskEncryptionWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionWindows10/MSFT_IntuneDiskEncryptionWindows10.psm1 @@ -335,56 +335,65 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Disk Encryption PDE Policy for Windows10 with Id {$Id} and Name {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $templateReferenceId = '46ddfc50-d10f-4867-b852-9434254b3bff_1' - $getValue = $null - #region resource generator code - if (-not [System.String]::IsNullOrEmpty($Id)) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Disk Encryption for Windows10 with Id {$Id}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + $templateReferenceId = '46ddfc50-d10f-4867-b852-9434254b3bff_1' + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" ` - -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Disk Encryption for Windows10 with Id {$Id}" - if ($getValue.Length -gt 1) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - throw "Duplicate Intune Disk Encryption for Windows10 named $DisplayName exist in tenant" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" ` + -ErrorAction SilentlyContinue + + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Disk Encryption for Windows10 named $DisplayName exist in tenant" + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Disk Encryption for Windows10 with Name {$DisplayName}." + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Disk Encryption for Windows10 with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Disk Encryption for Windows10 with Id {$Id} and Name {$DisplayName} was found" @@ -1380,6 +1389,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux.psm1 index 29559422b4..881d0d227d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux/MSFT_IntuneEndpointDetectionAndResponsePolicyLinux.psm1 @@ -69,55 +69,64 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Endpoint Detection And Response Policy Linux with Id {$Id} and Name {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - if (-not [System.String]::IsNullOrEmpty($Id)) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy Linux with Id {$Id}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy Linux with Id {$Id}" - if ($getValue.Length -gt 1) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - throw "Duplicate Intune Endpoint Detection And Response Policy Linux named $DisplayName exist in tenant" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Endpoint Detection And Response Policy Linux named $DisplayName exist in tenant" + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy Linux with Name {$DisplayName}." + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy Linux with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Endpoint Detection And Response Policy Linux with Id {$Id} and Name {$DisplayName} was found" @@ -581,6 +590,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS.psm1 index 2adb73292c..1ed4dc5a13 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS/MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS.psm1 @@ -69,55 +69,64 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Endpoint Detection And Response Policy MacOS with Id {$Id} and Name {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - if (-not [System.String]::IsNullOrEmpty($Id)) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy MacOS with Id {$Id}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy MacOS with Id {$Id}" - if ($getValue.Length -gt 1) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - throw "Duplicate Intune Endpoint Detection And Response Policy MacOS named $DisplayName exist in tenant" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Endpoint Detection And Response Policy MacOS named $DisplayName exist in tenant" + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy MacOS with Name {$DisplayName}." + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy MacOS with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Endpoint Detection And Response Policy MacOS with Id {$Id} and Name {$DisplayName} was found" @@ -581,6 +590,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 index 8261bdd11b..29f8235de5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 @@ -72,58 +72,65 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Endpoint Protection And Response Policy for Windows10 with Id {$Identity} and Name {$DisplayName}" + try { - Write-Verbose -Message "Checking for the Intune Endpoint Protection Policy {$DisplayName}" - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ErrorAction Stop - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ErrorAction Stop - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - # Retrieve policy general settings - $policy = $null - if (-not [System.String]::IsNullOrEmpty($Identity)) - { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue - } + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $policy) - { - Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy for Windows10 with Id {$Identity}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + # Retrieve policy general settings + $policy = $null + if (-not [System.String]::IsNullOrEmpty($Identity)) { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue + } + + if ($null -eq $policy) + { + Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy for Windows10 with Id {$Identity}" - if ($policy.Length -gt 1) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - throw "Duplicate Intune Endpoint Detection And Response Policy for Windows10 named $DisplayName exist in tenant" + $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + + if ($policy.Length -gt 1) + { + throw "Duplicate Intune Endpoint Detection And Response Policy for Windows10 named $DisplayName exist in tenant" + } } } - } - if ($null -eq $policy) + if ($null -eq $policy) + { + Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy for Windows10 with Name {$DisplayName}." + return $nullResult + } + } + else { - Write-Verbose -Message "Could not find an Intune Endpoint Detection And Response Policy for Windows10 with Name {$DisplayName}." - return $nullResult + $policy = $Script:exportedInstance } $Identity = $policy.Id Write-Verbose -Message "An Intune Endpoint Detection And Response Policy for Windows10 with Id {$Identity} and Name {$DisplayName} was found" @@ -624,6 +631,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $policy $Results = Get-TargetResource @params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 index 73b4515c4c..51591619bc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 @@ -62,52 +62,63 @@ function Get-TargetResource [System.String[]] $AccessTokens ) + + Write-Verbose -Message "Getting configuration of the Intune Endpoint Protection And Response Policy for Windows10 with Id {$Identity} and Name {$DisplayName}" try { + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ErrorAction Stop + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $templateReferenceId = 'd02f2162-fcac-48db-9b7b-b0a3f160d2c2_1' + + #Retrieve policy general settings + $policy = $null + if (-not [System.String]::IsNullOrEmpty($Identity)) + { + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue + } - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ErrorAction Stop - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $templateReferenceId = 'd02f2162-fcac-48db-9b7b-b0a3f160d2c2_1' - - #Retrieve policy general settings - $policy = $null - $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue + if ($null -eq $policy) + { + Write-Verbose -Message "No Exploit Protection Policy for Windows10 Setting Catalog {$Identity} was found" - if ($null -eq $policy) - { - Write-Verbose -Message "No Exploit Protection Policy for Windows10 Setting Catalog {$Identity} was found" + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" ` + -ErrorAction SilentlyContinue + } + } - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if ($null -eq $policy) { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "No Exploit Protection Policy for Windows10 Setting Catalog {$DisplayName} was found" + return $nullResult } } - - if ($null -eq $policy) + else { - Write-Verbose -Message "No Exploit Protection Policy for Windows10 Setting Catalog {$DisplayName} was found" - return $nullResult + $policy = $Script:exportedInstance } $Identity = $policy.Id Write-Verbose "Found Exploit Protection Policy for Windows10 Setting Catalog with Id {$Identity} and Name {$DisplayName}" @@ -563,6 +574,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $policy $Results = Get-TargetResource @params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 index f1d369e7f9..3f9e31fd58 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 @@ -445,55 +445,64 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Firewall Policy for Windows10 with Id {$Id} and Name {$DisplayName}." + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $getValue = $null - #region resource generator code - if (-not [System.String]::IsNullOrEmpty($Id)) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue - } + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Firewall Policy for Windows10 with Id {$Id}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Firewall Policy for Windows10 with Id {$Id}" - if ($getValue.Length -gt 1) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - throw "Duplicate Intune Firewall Policy for Windows10 named $DisplayName exist in tenant" + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + + if ($getValue.Length -gt 1) + { + throw "Duplicate Intune Firewall Policy for Windows10 named $DisplayName exist in tenant" + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Firewall Policy for Windows10 with Name {$DisplayName}." + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Firewall Policy for Windows10 with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Firewall Policy for Windows10 with Id {$Id} and Name {$DisplayName} was found" @@ -1716,6 +1725,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesHyperVPolicyWindows10/MSFT_IntuneFirewallRulesHyperVPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesHyperVPolicyWindows10/MSFT_IntuneFirewallRulesHyperVPolicyWindows10.psm1 index 79536879db..6e07f1a1c1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesHyperVPolicyWindows10/MSFT_IntuneFirewallRulesHyperVPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesHyperVPolicyWindows10/MSFT_IntuneFirewallRulesHyperVPolicyWindows10.psm1 @@ -64,47 +64,59 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Firewall Policy for Windows10 with Id {$Id} and Name {$DisplayName}." + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Firewall Rules Hyper-V Policy for Windows10 with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Firewall Rules Hyper-V Policy for Windows10 with Id {$Id}" - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Firewall Rules Hyper-V Policy for Windows10 with Name {$DisplayName}." + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Firewall Rules Hyper-V Policy for Windows10 with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Firewall Rules Hyper-V Policy for Windows10 with Id {$Id} and Name {$DisplayName} was found" @@ -570,6 +582,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10/MSFT_IntuneFirewallRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10/MSFT_IntuneFirewallRulesPolicyWindows10.psm1 index 6fe340d3e6..d3dbd7bf0e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10/MSFT_IntuneFirewallRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10/MSFT_IntuneFirewallRulesPolicyWindows10.psm1 @@ -64,47 +64,59 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Firewall Rules Policy for Windows10 with Id {$Id} and Name {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Firewall Rules Policy for Windows10 with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Firewall Rules Policy for Windows10 with Id {$Id}" - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter "Name eq '$DisplayName'" ` + -All ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -Filter "Name eq '$DisplayName'" ` - -All ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Firewall Rules Policy for Windows10 with Name {$DisplayName}." + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Firewall Rules Policy for Windows10 with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Firewall Rules Policy for Windows10 with Id {$Id} and Name {$DisplayName} was found" @@ -586,6 +598,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr.psm1 index 652b8b094b..521fe38a72 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr/MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr.psm1 @@ -68,45 +68,55 @@ function Get-TargetResource try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Firewall Rules Policy for Windows10 ConfigMgr with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Firewall Rules Policy for Windows10 ConfigMgr with Id {$Id}" - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter "Name eq '$DisplayName'" ` + -All ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -Filter "Name eq '$DisplayName'" ` - -All ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Firewall Rules Policy for Windows10 ConfigMgr with Name {$DisplayName}." + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Firewall Rules Policy for Windows10 ConfigMgr with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Firewall Rules Policy for Windows10 ConfigMgr with Id {$Id} and Name {$DisplayName} was found" @@ -574,6 +584,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 index 615b33c648..b393c39c36 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 @@ -89,7 +89,6 @@ function Get-TargetResource [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $LargeIcon, - #endregion [Parameter()] @@ -126,25 +125,28 @@ function Get-TargetResource $AccessTokens ) - New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters | Out-Null - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune MacOS Lob App with Id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + $instance = Get-MgBetaDeviceAppManagementMobileApp -MobileAppId $Id ` -ExpandProperty 'categories' ` -ErrorAction SilentlyContinue @@ -796,13 +798,13 @@ function Export-TargetResource try { $Script:ExportMode = $true - [array] $Script:getInstances = Get-MgBetaDeviceAppManagementMobileApp ` + [array] $getValue = Get-MgBetaDeviceAppManagementMobileApp ` -Filter "isof('microsoft.graph.macOSLobApp')" ` -ErrorAction Stop $i = 1 $dscContent = '' - if ($Script:getInstances.Length -eq 0) + if ($getValue.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } @@ -811,7 +813,7 @@ function Export-TargetResource Write-Host "`r`n" -NoNewline } - foreach ($config in $Script:getInstances) + foreach ($config in $getValue) { if ($null -ne $Global:M365DSCExportResourceInstancesCount) { @@ -819,7 +821,7 @@ function Export-TargetResource } $displayedKey = $config.Id - Write-Host " |---[$i/$($Script:getInstances.Count)] $displayedKey" -NoNewline + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id @@ -834,6 +836,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 index 1368a66c89..f6ef900d08 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 @@ -143,25 +143,28 @@ function Get-TargetResource $AccessTokens ) - New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters | Out-Null + Write-Verbose -Message "Getting configuration of the Intune Windows Office Suite App with Id {$Id} and DisplayName {$DisplayName}" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + $instance = Get-MgBetaDeviceAppManagementMobileApp -MobileAppId $Id ` -ExpandProperty 'categories' ` -ErrorAction SilentlyContinue @@ -854,13 +857,13 @@ function Export-TargetResource try { $Script:ExportMode = $true - [array] $Script:getInstances = Get-MgBetaDeviceAppManagementMobileApp ` + [array] $getValue = Get-MgBetaDeviceAppManagementMobileApp ` -Filter "isof('microsoft.graph.officeSuiteApp')" ` -ErrorAction Stop $i = 1 $dscContent = '' - if ($Script:getInstances.Length -eq 0) + if ($getValue.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } @@ -869,7 +872,7 @@ function Export-TargetResource Write-Host "`r`n" -NoNewline } - foreach ($config in $Script:getInstances) + foreach ($config in $getValue) { if ($null -ne $Global:M365DSCExportResourceInstancesCount) { @@ -877,7 +880,7 @@ function Export-TargetResource } $displayedKey = $config.Id - Write-Host " |---[$i/$($Script:getInstances.Count)] $displayedKey" -NoNewline + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id @@ -892,6 +895,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileThreatDefenseConnector/MSFT_IntuneMobileThreatDefenseConnector.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileThreatDefenseConnector/MSFT_IntuneMobileThreatDefenseConnector.psm1 index a9bbed5e3e..82dda55132 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileThreatDefenseConnector/MSFT_IntuneMobileThreatDefenseConnector.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileThreatDefenseConnector/MSFT_IntuneMobileThreatDefenseConnector.psm1 @@ -113,32 +113,35 @@ function Get-TargetResource $AccessTokens ) - New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters | Out-Null + Write-Verbose -Message "Getting configuration of the Intune Mobile Threat Defense Connector with Id {$Id}." - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + if (-not $Script:exportedInstance) { - $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Id -eq $Id } + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $instance = Get-MgBetaDeviceManagementMobileThreatDefenseConnector -MobileThreatDefenseConnectorId $Id -ErrorAction SilentlyContinue } else { - $instance = Get-MgBetaDeviceManagementMobileThreatDefenseConnector -MobileThreatDefenseConnectorId $Id -ErrorAction SilentlyContinue + $instance = $Script:exportedInstance } if ($null -eq $instance) @@ -172,7 +175,6 @@ function Get-TargetResource $results = @{ Id = $instance.Id DisplayName = $DisplayName - ResponseHeadersVariable = $instance.ResponseHeadersVariable AllowPartnerToCollectIosApplicationMetadata = $instance.AllowPartnerToCollectIosApplicationMetadata AllowPartnerToCollectIosPersonalApplicationMetadata = $instance.AllowPartnerToCollectIosPersonalApplicationMetadata AndroidDeviceBlockedOnMissingPartnerData = $instance.AndroidDeviceBlockedOnMissingPartnerData @@ -557,11 +559,11 @@ function Export-TargetResource try { $Script:ExportMode = $true - [array] $Script:exportedInstances = Get-MgBetaDeviceManagementMobileThreatDefenseConnector -ErrorAction Stop + [array] $getValue = Get-MgBetaDeviceManagementMobileThreatDefenseConnector -ErrorAction Stop $i = 1 $dscContent = '' - if ($Script:exportedInstances.Length -eq 0) + if ($getValue.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } @@ -570,10 +572,10 @@ function Export-TargetResource Write-Host "`r`n" -NoNewline } - foreach ($config in $Script:exportedInstances) + foreach ($config in $getValue) { $displayedKey = $config.Id - Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id DisplayName = $config.DisplayName @@ -603,6 +605,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 index f44b492b8a..e77fb05500 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 @@ -68,6 +68,8 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Policy Sets with Id {$Id} and DisplayName {$DisplayName}" + try { $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` @@ -90,7 +92,7 @@ function Get-TargetResource $getValue = $null #region resource generator code - if ($id -ne $null) + if (-not [string]::IsNullOrEmpty($Id)) { $getValue = Get-MgBetaDeviceAppManagementPolicySet -PolicySetId $Id -ExpandProperty * -ErrorAction SilentlyContinue } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 index e70d0bdb77..6f0ed33215 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 @@ -82,41 +82,51 @@ function Get-TargetResource try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementRoleAssignment -DeviceAndAppManagementRoleAssignmentId $Id -ErrorAction SilentlyContinue + } - $getValue = $null - $getValue = Get-MgBetaDeviceManagementRoleAssignment -DeviceAndAppManagementRoleAssignmentId $Id -ErrorAction SilentlyContinue + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Role Assignment with Id {$Id}" - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Role Assignment with Id {$Id}" + $getValue = Get-MgBetaDeviceManagementRoleAssignment ` + -All ` + -Filter "displayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } - $getValue = Get-MgBetaDeviceManagementRoleAssignment ` - -All ` - -Filter "displayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Role Assignment with DisplayName {$DisplayName}" + return $nullResult + } } - - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Role Assignment with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id @@ -675,6 +685,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 index 942c53f253..47a073d597 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 @@ -66,56 +66,60 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Checking for the Intune Role Definition {$DisplayName}" + Write-Verbose -Message "Getting configuration of the Intune Role Definition {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = @{ - DisplayName = $DisplayName - } - - $nullResult.Ensure = 'Absent' try { - $getValue = $null - - if ($Id -match '^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$') + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementRoleDefinition -RoleDefinitionId $id -ErrorAction SilentlyContinue - if ($null -ne $getValue) + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if ($Id -match '^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$') { - Write-Verbose -Message "Found an Intune Role Definition with id {$id}" + $getValue = Get-MgBetaDeviceManagementRoleDefinition -RoleDefinitionId $Id -ErrorAction SilentlyContinue + if ($null -ne $getValue) + { + Write-Verbose -Message "Found an Intune Role Definition with Id {$Id}" + } } - } - if ($null -eq $getValue) - { - Write-Verbose -Message "No Intune Role Definition with id {$id} was found" - $Filter = "displayName eq '$DisplayName'" - $getValue = Get-MgBetaDeviceManagementRoleDefinition -All -Filter $Filter -ErrorAction SilentlyContinue - if ($null -ne $getValue) - { - Write-Verbose -Message "Found an Intune Role Definition with displayname {$DisplayName}" - } - else + if ($null -eq $getValue) { - Write-Verbose -Message "No Intune Role Definition with displayname {$DisplayName} was found" - return $nullResult + Write-Verbose -Message "No Intune Role Definition with Id {$Id} was found" + $Filter = "displayName eq '$DisplayName'" + $getValue = Get-MgBetaDeviceManagementRoleDefinition -All -Filter $Filter -ErrorAction SilentlyContinue + if ($null -ne $getValue) + { + Write-Verbose -Message "Found an Intune Role Definition with displayname {$DisplayName}" + } + else + { + Write-Verbose -Message "No Intune Role Definition with displayname {$DisplayName} was found" + return $nullResult + } } } + else + { + $getValue = $Script:exportedInstance + } $results = @{ Id = $getValue.Id @@ -529,14 +533,14 @@ function Export-TargetResource $Global:M365DSCExportResourceInstancesCount++ } - $displayedKey = $config.id + $displayedKey = $config.Id if (-not [String]::IsNullOrEmpty($config.displayName)) { $displayedKey = $config.displayName } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - id = $config.id + Id = $config.Id DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential @@ -548,6 +552,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleScopeTag/MSFT_IntuneRoleScopeTag.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleScopeTag/MSFT_IntuneRoleScopeTag.psm1 index fae310b236..7464f8018e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleScopeTag/MSFT_IntuneRoleScopeTag.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleScopeTag/MSFT_IntuneRoleScopeTag.psm1 @@ -60,48 +60,55 @@ function Get-TargetResource try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - if ($PSBoundParameters.ContainsKey('Id')) - { - $getValue = Get-MgBetaDeviceManagementRoleScopeTag -RoleScopeTagId $Id -ErrorAction SilentlyContinue - } + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementRoleScopeTag -RoleScopeTagId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Role Scope Tag with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Role Scope Tag with Id {$Id}" - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementRoleScopeTag ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementRoleScopeTag ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Role Scope Tag with DisplayName {$DisplayName}." + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Role Scope Tag with DisplayName {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id @@ -509,6 +516,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/MSFT_IntuneSecurityBaselineDefenderForEndpoint.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/MSFT_IntuneSecurityBaselineDefenderForEndpoint.psm1 index c2978345e7..99de1df41b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/MSFT_IntuneSecurityBaselineDefenderForEndpoint.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/MSFT_IntuneSecurityBaselineDefenderForEndpoint.psm1 @@ -68,47 +68,59 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Security Baseline Defender For Endpoint with Id {$Id} and DisplayName {$DisplayName}." + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Security Baseline Defender For Endpoint with Id {$Id}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Security Baseline Defender For Endpoint with Id {$Id}" + + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Security Baseline Defender For Endpoint with Name {$DisplayName}." + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Security Baseline Defender For Endpoint with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Security Baseline Defender For Endpoint with Id {$Id} and Name {$DisplayName} was found" @@ -1102,6 +1114,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise.psm1 index 46375977e8..053a2761ee 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise.psm1 @@ -68,47 +68,59 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Security Baseline Microsoft365 Apps For Enterprise with Id {$Id} and DisplayName {$DisplayName}." + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Security Baseline Microsoft365 Apps For Enterprise with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Security Baseline Microsoft365 Apps For Enterprise with Id {$Id}" - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Security Baseline Microsoft365 Apps For Enterprise with Name {$DisplayName}." + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Security Baseline Microsoft365 Apps For Enterprise with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Security Baseline Microsoft365 Apps For Enterprise with Id {$Id} and Name {$DisplayName} was found" @@ -1022,6 +1034,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.psm1 index 27be5e2cbb..a9f8424be2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.psm1 @@ -168,47 +168,59 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Security Baseline Microsoft Edge with Id {$Id} and Name {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Security Baseline Microsoft Edge with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Security Baseline Microsoft Edge with Id {$Id}" - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Security Baseline Microsoft Edge with Name {$DisplayName}." + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Security Baseline Microsoft Edge with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Security Baseline Microsoft Edge with Id {$Id} and Name {$DisplayName} was found" @@ -882,6 +894,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/MSFT_IntuneSecurityBaselineWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/MSFT_IntuneSecurityBaselineWindows10.psm1 index 7a15e4a535..ca3e266532 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/MSFT_IntuneSecurityBaselineWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/MSFT_IntuneSecurityBaselineWindows10.psm1 @@ -72,44 +72,54 @@ function Get-TargetResource try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Security Baseline for Windows10 with Id {$Id}" + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` - -Filter "Name eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + } + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Security Baseline for Windows10 with Id {$Id}" + + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Security Baseline for Windows10 with Name {$DisplayName}." + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Security Baseline for Windows10 with Name {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Security Baseline for Windows10 with Id {$Id} and Name {$DisplayName} was found" @@ -2526,6 +2536,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 index 8167947641..5273e9c2bf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 @@ -238,60 +238,68 @@ function Get-TargetResource $AccessTokens ) + + Write-Verbose -Message "Getting configuration of the Intune Endpoint Protection Attack Surface Protection rules Policy with Id {$Id} and DisplayName {$DisplayName}" + try { - Write-Verbose -Message "Checking for the Intune Endpoint Protection Attack Surface Protection rules Policy {$DisplayName}" - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ErrorAction Stop - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - - $templateReferenceId = 'e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1' - - # Retrieve policy general settings - $policy = $null - if (-not [System.String]::IsNullOrEmpty($Identity)) + if (-not $Script:exportedInstance) { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue - } - - if ($null -eq $policy) - { - Write-Verbose -Message "No Endpoint Protection Attack Surface Reduction Rules Policy {$Identity} was found" + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ErrorAction Stop + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $templateReferenceId = 'e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1' + + # Retrieve policy general settings + $policy = $null + if (-not [System.String]::IsNullOrEmpty($Identity)) + { + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue + } - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if ($null -eq $policy) { - $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` - -All ` - -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "No Endpoint Protection Attack Surface Reduction Rules Policy {$Identity} was found" - if ($getValue.Length -gt 1) + if (-not [System.String]::IsNullOrEmpty($DisplayName)) { - throw "Duplicate Endpoint Protection Attack Surface Reduction Rules Policy named $DisplayName exist in tenant" + $policy = Get-MgBetaDeviceManagementConfigurationPolicy ` + -All ` + -Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" ` + -ErrorAction SilentlyContinue + + if ($getValue.Length -gt 1) + { + throw "Duplicate Endpoint Protection Attack Surface Reduction Rules Policy named $DisplayName exist in tenant" + } } } - } - if ($null -eq $policy) + if ($null -eq $policy) + { + Write-Verbose -Message "No Endpoint Protection Attack Surface Reduction Rules Policy {$DisplayName} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Endpoint Protection Attack Surface Reduction Rules Policy {$DisplayName} was found" - return $nullResult + $policy = $Script:exportedInstance } $Identity = $policy.Id Write-Verbose -Message "Found Endpoint Protection Attack Surface Reduction Rules Policy with Id {$Identity} and Name {$DisplayName)}." @@ -1084,6 +1092,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $policy $Results = Get-TargetResource @params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 index 23203de188..9f0053b621 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 @@ -74,6 +74,8 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Setting Catalog Custom Policy for Windows10 with Id {$Id} and Name {$Name}" + try { $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` @@ -95,14 +97,11 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' #region resource generator code - try - { - $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ExpandProperty 'settings' -ErrorAction Stop - } - catch + if (-not [string]::IsNullOrEmpty($Id)) { - $getValue = $null + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ExpandProperty 'settings' -ErrorAction SilentlyContinue } + if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Setting Catalog Custom Policy for Windows10 with Id {$Id}" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 index 0576afe7e7..2a61ef4477 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner/MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner.psm1 @@ -65,51 +65,54 @@ function Get-TargetResource ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } + Write-Verbose -Message "Getting configuration of the Intune Trusted Root Certificate Policy for Android Device Owner with Id {$id} and DisplayName {$DisplayName}" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - if (-not [string]::IsNullOrWhiteSpace($id)) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - } - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + if (-not [string]::IsNullOrWhiteSpace($id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } - } - #endregion + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerTrustedRootCertificate' ` + } + } + #endregion - if ($null -eq $getValue) + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Trusted Root Certificate Policy for Android Device Owner with Id {$id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune Trusted Root Certificate Policy for Android Device Owner with Id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id @@ -579,6 +582,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 index c410ccb865..41e417c633 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidEnterprise/MSFT_IntuneTrustedRootCertificateAndroidEnterprise.psm1 @@ -65,53 +65,55 @@ function Get-TargetResource ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Trusted Root Certificate Policy for Android with Id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - if (-not [string]::IsNullOrWhiteSpace($id)) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - } - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidTrustedRootCertificate' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + if (-not [string]::IsNullOrWhiteSpace($id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } - } - #endregion + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidTrustedRootCertificate' ` + } + } + #endregion - if ($null -eq $getValue) + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Trusted Root Certificate Policy for Android with Id {$id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune Trusted Root Certificate Policy for Android with Id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } - $Id = $getValue.Id Write-Verbose -Message "An Intune Trusted Root Certificate Policy for Android with id {$id} and DisplayName {$DisplayName} was found" @@ -579,6 +581,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidWork/MSFT_IntuneTrustedRootCertificateAndroidWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidWork/MSFT_IntuneTrustedRootCertificateAndroidWork.psm1 index 0fa0f59232..bb7dcb7d09 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidWork/MSFT_IntuneTrustedRootCertificateAndroidWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateAndroidWork/MSFT_IntuneTrustedRootCertificateAndroidWork.psm1 @@ -62,54 +62,57 @@ function Get-TargetResource [Parameter()] [System.String[]] $AccessTokens - ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Trusted Root Certificate Policy for Android Work with Id {$id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - if (-not [string]::IsNullOrWhiteSpace($id)) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - } - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileTrustedRootCertificate' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrWhiteSpace($id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue } - } - #endregion + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileTrustedRootCertificate' ` + } + } + #endregion - if ($null -eq $getValue) + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Trusted Root Certificate Policy for Android Work with Id {$id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune Trusted Root Certificate Policy for Android Work with Id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id @@ -579,6 +582,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/MSFT_IntuneTrustedRootCertificateIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/MSFT_IntuneTrustedRootCertificateIOS.psm1 index dcb274fdc9..9158430db4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/MSFT_IntuneTrustedRootCertificateIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneTrustedRootCertificateIOS/MSFT_IntuneTrustedRootCertificateIOS.psm1 @@ -65,56 +65,60 @@ function Get-TargetResource ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } + Write-Verbose -Message "Getting configuration of the Intune Trusted Root Certificate Policy for iOS with Id {$Id} and DisplayName {$DisplayName}" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - if (-not [string]::IsNullOrWhiteSpace($id)) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - } - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosTrustedRootCertificate' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrWhiteSpace($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue } - } - #endregion + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosTrustedRootCertificate' ` + } + } + #endregion - if ($null -eq $getValue) + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Trusted Root Certificate Policy for iOS with Id {$Id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune Trusted Root Certificate Policy for iOS with Id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id - Write-Verbose -Message "An Intune Trusted Root Certificate Policy for iOS with id {$id} and DisplayName {$DisplayName} was found" + Write-Verbose -Message "An Intune Trusted Root Certificate Policy for iOS with id {$Id} and DisplayName {$DisplayName} was found" $results = @{ #region resource generator code @@ -579,6 +583,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 index 7cce954857..1327115a38 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 @@ -118,56 +118,60 @@ function Get-TargetResource $AccessTokens ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune VPN Policy for Android Device Owner with Id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - if (-not [string]::IsNullOrWhiteSpace($id)) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - } - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerVpnConfiguration' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrWhiteSpace($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue } - } - #endregion - if ($null -eq $getValue) + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerVpnConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune VPN Policy for Android Device Owner with Id {$Id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune VPN Policy for Android Device Owner with Id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id - Write-Verbose -Message "An Intune VPN Policy for Android Device Owner with id {$id} and DisplayName {$DisplayName} was found" + Write-Verbose -Message "An Intune VPN Policy for Android Device Owner with id {$Id} and DisplayName {$DisplayName} was found" $complexServers = @() foreach ($currentservers in $getValue.AdditionalProperties.servers) @@ -841,6 +845,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 index 26830190cb..325aa5d726 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 @@ -118,56 +118,60 @@ function Get-TargetResource $AccessTokens ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune VPN Policy for Android Enterprise with Id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - if (-not [string]::IsNullOrWhiteSpace($id)) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - } - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidVpnConfiguration' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrWhiteSpace($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue } - } - #endregion - if ($null -eq $getValue) + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidVpnConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune VPN Policy for Android Enterprise with Id {$Id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune VPN Policy for Android Enterprise with Id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id - Write-Verbose -Message "An Intune VPN Policy for Android Enterprise with id {$id} and DisplayName {$DisplayName} was found" + Write-Verbose -Message "An Intune VPN Policy for Android Enterprise with id {$Id} and DisplayName {$DisplayName} was found" $complexServers = @() foreach ($currentservers in $getValue.AdditionalProperties.servers) @@ -841,6 +845,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidWork/MSFT_IntuneVPNConfigurationPolicyAndroidWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidWork/MSFT_IntuneVPNConfigurationPolicyAndroidWork.psm1 index e379d26cb9..3fdd7f33c0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidWork/MSFT_IntuneVPNConfigurationPolicyAndroidWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidWork/MSFT_IntuneVPNConfigurationPolicyAndroidWork.psm1 @@ -118,56 +118,60 @@ function Get-TargetResource $AccessTokens ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune VPN Policy for Android Work with Id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - if (-not [string]::IsNullOrWhiteSpace($id)) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - } - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileVpnConfiguration' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrWhiteSpace($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue } - } - #endregion - if ($null -eq $getValue) + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileVpnConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune VPN Policy for Android Work with Id {$Id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune VPN Policy for Android Work with Id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id - Write-Verbose -Message "An Intune VPN Policy for Android Work with id {$id} and DisplayName {$DisplayName} was found" + Write-Verbose -Message "An Intune VPN Policy for Android Work with id {$Id} and DisplayName {$DisplayName} was found" $complexServers = @() foreach ($currentservers in $getValue.AdditionalProperties.servers) @@ -687,7 +691,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of {$id}" + Write-Verbose -Message "Testing configuration of {$Id}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -841,6 +845,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/MSFT_IntuneVPNConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/MSFT_IntuneVPNConfigurationPolicyIOS.psm1 index e9ea013384..c5cb186097 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/MSFT_IntuneVPNConfigurationPolicyIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyIOS/MSFT_IntuneVPNConfigurationPolicyIOS.psm1 @@ -176,56 +176,60 @@ function Get-TargetResource $userDomain ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune VPN Policy for iOS with Id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - if (-not [string]::IsNullOrWhiteSpace($id)) - { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - } - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosVpnConfiguration' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrWhiteSpace($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue } - } - #endregion - if ($null -eq $getValue) + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosVpnConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune VPN Policy for iOS with Id {$Id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune VPN Policy for iOS with Id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id - Write-Verbose -Message "An Intune VPN Policy for iOS with id {$id} and DisplayName {$DisplayName} was found" + Write-Verbose -Message "An Intune VPN Policy for iOS with id {$Id} and DisplayName {$DisplayName} was found" $complexServers = @() foreach ($currentservers in $getValue.AdditionalProperties.server) @@ -899,7 +903,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of {$id}" + Write-Verbose -Message "Testing configuration of {$Id}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -1053,6 +1057,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.psm1 index 85633926f6..26cedf5f0b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -77,51 +77,58 @@ function Get-TargetResource $AccessTokens ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Wifi Configuration Policy Android Device Administrator with id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWiFiConfiguration' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue } - } - #endregion - if ($null -eq $getValue) + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWiFiConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Wifi Configuration Policy Android Device Administrator with id {$Id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune Wifi Configuration Policy Android Device Administrator with id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } - Write-Verbose -Message "Found an Intune Wifi Configuration Policy Android Device Administrator with id {$id}" + Write-Verbose -Message "Found an Intune Wifi Configuration Policy Android Device Administrator with id {$Id}" $results = @{ #region resource generator code Id = $getValue.Id @@ -469,7 +476,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of {$id}" + Write-Verbose -Message "Testing configuration of {$Id}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -643,6 +650,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 index e040f4a3cc..268e786469 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 @@ -106,51 +106,58 @@ function Get-TargetResource $AccessTokens ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Wifi Configuration Policy Android Enterprise Device Owner with Id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerWiFiConfiguration' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue } - } - #endregion - if ($null -eq $getValue) + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerWiFiConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "Nothing with id {$Id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "Nothing with id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } - Write-Verbose -Message "Found something with id {$id}" + Write-Verbose -Message "Found something with id {$Id}" $results = @{ #region resource generator code Id = $getValue.Id @@ -561,7 +568,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of {$id}" + Write-Verbose -Message "Testing configuration of {$Id}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -732,6 +739,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 index ad0a462077..3038e4d2e3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 @@ -77,51 +77,58 @@ function Get-TargetResource $AccessTokens ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Wifi Configuration Policy Android Enterprise Work Profile with Id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - - #region resource generator code - if ($null -ne $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileWiFiConfiguration' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue } - } - #endregion - if ($null -eq $getValue) + #region resource generator code + if ($null -ne $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileWiFiConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Wifi Configuration Policy Android Enterprise Work Profile with id {$Id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune Wifi Configuration Policy Android Enterprise Work Profile with id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } - Write-Verbose -Message "Found an Intune Wifi Configuration Policy Android Enterprise Work Profile with id {$id}" + Write-Verbose -Message "Found an Intune Wifi Configuration Policy Android Enterprise Work Profile with id {$Id}" $results = @{ #region resource generator code Id = $getValue.Id @@ -468,7 +475,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of {$id}" + Write-Verbose -Message "Testing configuration of {$Id}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -640,6 +647,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 index 2f64b743c3..d0f64fe7dd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 @@ -77,51 +77,58 @@ function Get-TargetResource $AccessTokens ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Wifi Configuration Policy Android For Work with Id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidForWorkWiFiConfiguration' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue } - } - #endregion - if ($null -eq $getValue) + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidForWorkWiFiConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Wifi Configuration Policy Android For Work with id {$Id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune Wifi Configuration Policy Android For Work with id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } - Write-Verbose -Message "Found an Intune Wifi Configuration Policy Android For Work with id {$id}" + Write-Verbose -Message "Found an Intune Wifi Configuration Policy Android For Work with id {$Id}" $results = @{ #region resource generator code Id = $getValue.Id @@ -467,7 +474,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of {$id}" + Write-Verbose -Message "Testing configuration of {$Id}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -639,6 +646,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 index ff45215fab..59242f9739 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -85,51 +85,58 @@ function Get-TargetResource $AccessTokens ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Wifi Configuration Policy Android Open Source Project with Id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.aospDeviceOwnerWiFiConfiguration' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue } - } - #endregion - if ($null -eq $getValue) + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.aospDeviceOwnerWiFiConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Wifi Configuration Policy Android Open Source Project with id {$Id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune Wifi Configuration Policy Android Open Source Project with id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } - Write-Verbose -Message "Found an Intune Wifi Configuration Policy Android Open Source Project with id {$id}" + Write-Verbose -Message "Found an Intune Wifi Configuration Policy Android Open Source Project with id {$Id}" $results = @{ #region resource generator code Id = $getValue.Id @@ -493,7 +500,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of {$id}" + Write-Verbose -Message "Testing configuration of {$Id}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -665,6 +672,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 index 628cd3fc7c..9c23c81c77 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 @@ -102,51 +102,58 @@ function Get-TargetResource $AccessTokens ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Wifi Configuration Policy for iOS with id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosWiFiConfiguration' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue } - } - #endregion - if ($null -eq $getValue) + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosWiFiConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Wifi Configuration Policy for iOS with id {$Id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune Wifi Configuration Policy for iOS with id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } - Write-Verbose -Message "Found an Intune Wifi Configuration Policy for iOS with id {$id}" + Write-Verbose -Message "Found an Intune Wifi Configuration Policy for iOS with id {$Id}" $results = @{ #region resource generator code Id = $getValue.Id @@ -547,7 +554,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of {$id}" + Write-Verbose -Message "Testing configuration of {$Id}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -720,6 +727,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 index 5fae242f57..32d7c09911 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 @@ -98,51 +98,58 @@ function Get-TargetResource $AccessTokens ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Wifi Configuration Policy for MacOS with id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSWiFiConfiguration' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue } - } - #endregion - if ($null -eq $getValue) + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.macOSWiFiConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Wifi Configuration Policy for MacOS with id {$Id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune Wifi Configuration Policy for MacOS with id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } - Write-Verbose -Message "Found an Intune Wifi Configuration Policy for MacOS with id {$id}" + Write-Verbose -Message "Found an Intune Wifi Configuration Policy for MacOS with id {$Id}" $results = @{ #region resource generator code Id = $getValue.Id @@ -534,7 +541,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of {$id}" + Write-Verbose -Message "Testing configuration of {$Id}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -706,6 +713,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 index 801c8bd986..e1ea86ecac 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 @@ -111,51 +111,58 @@ function Get-TargetResource $AccessTokens ) - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - } - catch - { - Write-Verbose -Message 'Connection to the workload failed.' - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + Write-Verbose -Message "Getting configuration of the Intune Wifi Configuration Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' try { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue - - #region resource generator code - if ($null -eq $getValue) + if (-not $Script:exportedInstance) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsWifiConfiguration' ` + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue } - } - #endregion - if ($null -eq $getValue) + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windowsWifiConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune Wifi Configuration Policy for Windows10 with id {$Id} was found" + return $nullResult + } + } + else { - Write-Verbose -Message "No Intune Wifi Configuration Policy for Windows10 with id {$id} was found" - return $nullResult + $getValue = $Script:exportedInstance } - Write-Verbose -Message "Found an Intune Wifi Configuration Policy for Windows10 with id {$id}" + Write-Verbose -Message "Found an Intune Wifi Configuration Policy for Windows10 with id {$Id}" $results = @{ #region resource generator code Id = $getValue.Id @@ -577,7 +584,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of {$id}" + Write-Verbose -Message "Testing configuration of {$Id}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() @@ -749,6 +756,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 index 0bb5e68907..c6eb4abbe9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.psm1 @@ -93,47 +93,59 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$Id}" - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with DisplayName {$DisplayName}" + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined with Id {$Id} and DisplayName {$DisplayName} was found." @@ -701,6 +713,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 index 8850cc0c2d..2a8279e127 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 @@ -89,54 +89,66 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Windows Autopilot Deployment Profile Azure AD Joined with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue ` - | Where-Object -FilterScript { $null -ne $_.DisplayName } + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile -WindowsAutopilotDeploymentProfileId $Id -ErrorAction SilentlyContinue ` + | Where-Object -FilterScript { $null -ne $_.DisplayName } + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure AD Joined with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure AD Joined with Id {$Id}" + + if (-not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue ` + | Where-Object -FilterScript { $null -ne $_.DisplayName } + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure AD Joined with DisplayName {$DisplayName}" + return $nullResult + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($getValue -is [array]) { - $getValue = Get-MgBetaDeviceManagementWindowsAutopilotDeploymentProfile ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue ` - | Where-Object -FilterScript { $null -ne $_.DisplayName } + throw "The DisplayName {$DisplayName} returned multiple policies, make sure DisplayName is unique." } } - #endregion - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Windows Autopilot Deployment Profile Azure AD Joined with DisplayName {$DisplayName}" - return $nullResult - } - - if ($getValue -is [Array]) + else { - Throw "The DisplayName {$DisplayName} returned multiple policies, make sure DisplayName is unique." + $getValue = $Script:exportedInstance } $Id = $getValue.Id @@ -697,6 +709,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 index e1cc0cf279..0f496cf9ed 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 @@ -141,6 +141,8 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Windows Information Protection Policy for Windows10 Mdm Enrolled with Id {$Id} and DisplayName {$DisplayName}" + try { $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` @@ -162,13 +164,9 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' #region resource generator code - try - { - $getValue = Get-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy -MdmWindowsInformationProtectionPolicyId $Id -ExpandProperty assignments -ErrorAction Stop - } - catch + if (-not [string]::IsNullOrEmpty($Id)) { - $getValue = $null + $getValue = Get-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy -MdmWindowsInformationProtectionPolicyId $Id -ExpandProperty assignments -ErrorAction SilentlyContinue } if ($null -eq $getValue) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10.psm1 index 84996211bf..be7ad7bb96 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10.psm1 @@ -69,49 +69,61 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Windows Update For Business Driver Update Profile for Windows 10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $uri = "/beta/deviceManagement/windowsDriverUpdateProfiles/$Id" - $getValue = (Invoke-MgGraphRequest -Method GET -Uri $uri -SkipHttpErrorCheck).value - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Windows Update For Business Driver Update Profile for Windows 10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $uri = "/beta/deviceManagement/windowsDriverUpdateProfiles/$Id" + $getValue = (Invoke-MgGraphRequest -Method GET -Uri $uri -SkipHttpErrorCheck).value + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - # Potentially add support for -All parameter (@odata.nextLink) if needed - $uri = '/beta/deviceManagement/windowsDriverUpdateProfiles' - $getValue = (Invoke-MgGraphRequest -Method GET -Uri $uri).value | Where-Object -FilterScript { - $_.displayName -eq $DisplayName + Write-Verbose -Message "Could not find an Intune Windows Update For Business Driver Update Profile for Windows 10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + # Potentially add support for -All parameter (@odata.nextLink) if needed + $uri = '/beta/deviceManagement/windowsDriverUpdateProfiles' + $getValue = (Invoke-MgGraphRequest -Method GET -Uri $uri).value | Where-Object -FilterScript { + $_.displayName -eq $DisplayName + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Windows Update For Business Driver Update Profie for Windows 10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Windows Update For Business Driver Update Profie for Windows 10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Windows Update For Business Driver Update Profile for Windows 10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -140,6 +152,7 @@ function Get-TargetResource AccessTokens = $AccessTokens #endregion } + $uri = "/beta/deviceManagement/windowsDriverUpdateProfiles/$($Id)/assignments" $assignmentsValues = (Invoke-MgGraphRequest -Method GET -Uri $uri).value $assignmentResult = @() @@ -553,6 +566,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 index 6b747bf972..f344407386 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.psm1 @@ -72,48 +72,60 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Windows Update For Business Feature Update Profile for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementWindowsFeatureUpdateProfile -WindowsFeatureUpdateProfileId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Windows Update For Business Feature Update Profile for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementWindowsFeatureUpdateProfile -WindowsFeatureUpdateProfileId $Id -ErrorAction SilentlyContinue + } - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementWindowsFeatureUpdateProfile ` - -All ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { - $_.DisplayName -eq $DisplayName + Write-Verbose -Message "Could not find an Intune Windows Update For Business Feature Update Profile for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementWindowsFeatureUpdateProfile ` + -All ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { + $_.DisplayName -eq $DisplayName + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Windows Update For Business Feature Update Profile for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Windows Update For Business Feature Update Profile for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Windows Update For Business Feature Update Profile for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -788,6 +800,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10.psm1 index 7a774e7197..28c1b3d756 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10.psm1 @@ -64,48 +64,60 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Windows Update For Business Quality Update Profile for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementWindowsQualityUpdateProfile -WindowsQualityUpdateProfileId $Id -ErrorAction SilentlyContinue - - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Windows Update For Business Quality Update Profile for Windows10 with Id {$Id}" + $getValue = $null + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementWindowsQualityUpdateProfile -WindowsQualityUpdateProfileId $Id -ErrorAction SilentlyContinue + } - if (-not [System.String]::IsNullOrEmpty($DisplayName)) + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementWindowsQualityUpdateProfile ` - -All ` - -ErrorAction SilentlyContinue | Where-Object -FilterScript { - $_.DisplayName -eq $DisplayName + Write-Verbose -Message "Could not find an Intune Windows Update For Business Quality Update Profile for Windows10 with Id {$Id}" + + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementWindowsQualityUpdateProfile ` + -All ` + -ErrorAction SilentlyContinue | Where-Object -FilterScript { + $_.DisplayName -eq $DisplayName + } } } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Windows Update For Business Quality Update Profile for Windows10 with DisplayName {$DisplayName}." + return $nullResult + } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Windows Update For Business Quality Update Profile for Windows10 with DisplayName {$DisplayName}." - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Windows Update For Business Quality Update Profile for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found" @@ -548,6 +560,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 index c6f949c65e..ad02d7fd78 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.psm1 @@ -201,47 +201,59 @@ function Get-TargetResource $AccessTokens ) + Write-Verbose -Message "Getting configuration of the Intune Window Update For Business Ring Update Profile for Windows10 with Id {$Id} and DisplayName {$DisplayName}" + try { - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + if (-not $Script:exportedInstance) + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' - $getValue = $null - #region resource generator code - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + $getValue = $null + #region resource generator code + if (-not [string]::IsNullOrEmpty($Id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + } - if ($null -eq $getValue) - { - Write-Verbose -Message "Could not find an Intune Window Update For Business Ring Update Profile for Windows10 with Id {$Id}" + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Window Update For Business Ring Update Profile for Windows10 with Id {$Id}" - if (-Not [string]::IsNullOrEmpty($DisplayName)) + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` + -All ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) { - $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + Write-Verbose -Message "Could not find an Intune Window Update For Business Ring Update Profile for Windows10 with DisplayName {$DisplayName}" + return $nullResult } } - #endregion - if ($null -eq $getValue) + else { - Write-Verbose -Message "Could not find an Intune Window Update For Business Ring Update Profile for Windows10 with DisplayName {$DisplayName}" - return $nullResult + $getValue = $Script:exportedInstance } $Id = $getValue.Id Write-Verbose -Message "An Intune Window Update For Business Ring Update Profile for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." @@ -1130,6 +1142,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 index 43d40e0b40..3b2e779975 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 @@ -58,54 +58,62 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Setting configuration of Office 365 Group $DisplayName" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try { - Write-Verbose -Message "Retrieving AzureADGroup by MailNickName {$MailNickName}" - [array]$ADGroup = Get-MgGroup -All:$true | Where-Object -FilterScript { $_.MailNickName -eq $MailNickName } - if ($null -eq $ADGroup) + if (-not $Script:exportedInstance) { - Write-Verbose -Message "Retrieving AzureADGroup by DisplayName {$DisplayName}" - [array]$ADGroup = Get-MgGroup -All:$true | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } + Write-Verbose -Message "Setting configuration of Office 365 Group $DisplayName" + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + Write-Verbose -Message "Retrieving AzureADGroup by MailNickName {$MailNickName}" + [array]$ADGroup = Get-MgGroup -All:$true | Where-Object -FilterScript { $_.MailNickName -eq $MailNickName } if ($null -eq $ADGroup) { - Write-Verbose -Message "Office 365 Group {$DisplayName} was not found." - return $nullReturn + Write-Verbose -Message "Retrieving AzureADGroup by DisplayName {$DisplayName}" + [array]$ADGroup = Get-MgGroup -All:$true | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } + if ($null -eq $ADGroup) + { + Write-Verbose -Message "Office 365 Group {$DisplayName} was not found." + return $nullReturn + } } - elseif ($ADGroup.Length -gt 1) + if ($ADGroup.Length -gt 1) { $Message = "Multiple O365 groups were found with DisplayName {$DisplayName}. Please specify the MailNickName parameter to uniquely identify the group." New-M365DSCLogEntry -Message $Message ` -Exception $_ ` -Source $MyInvocation.MyCommand.ModuleName } + $ADGroup = $ADGroup[0] + } + else + { + $ADGroup = $Script:exportedInstance } Write-Verbose -Message "Found Existing Instance of Group {$($ADGroup.DisplayName)}" try { - $membersList = Get-MgGroupMember -GroupId $ADGroup[0].Id - Write-Verbose -Message "Found Members for Group {$($ADGroup[0].DisplayName)}" - $owners = Get-MgGroupOwner -GroupId $ADGroup[0].Id - Write-Verbose -Message "Found Owners for Group {$($ADGroup[0].DisplayName)}" + $membersList = Get-MgGroupMember -GroupId $ADGroup.Id + Write-Verbose -Message "Found Members for Group {$($ADGroup.DisplayName)}" + $owners = Get-MgGroupOwner -GroupId $ADGroup.Id + Write-Verbose -Message "Found Owners for Group {$($ADGroup.DisplayName)}" $ownersUPN = @() if ($null -ne $owners) { @@ -129,14 +137,14 @@ function Get-TargetResource } $description = '' - if ($null -ne $ADGroup[0].Description) + if ($null -ne $ADGroup.Description) { - $description = $ADGroup[0].Description.ToString() + $description = $ADGroup.Description.ToString() } $returnValue = @{ - DisplayName = $ADGroup[0].DisplayName - MailNickName = $ADGroup[0].MailNickName + DisplayName = $ADGroup.DisplayName + MailNickName = $ADGroup.MailNickName Members = $newMemberList ManagedBy = $ownersUPN Description = $description @@ -612,6 +620,7 @@ function Export-TargetResource MailNickName = $group.MailNickName AccessTokens = $AccessTokens } + $Script:exportedInstance = $group $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 index d8a9cd9b03..1f84087395 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAuditConfigurationPolicy/MSFT_SCAuditConfigurationPolicy.psm1 @@ -43,72 +43,69 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of SCAuditConfigurationPolicy for Workload {$Workload}" - Write-Verbose -Message 'Connecting to Security and Compliance Center' - - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of SCAuditConfigurationPolicy for Workload {$Workload}" + Write-Verbose -Message 'Connecting to Security and Compliance Center' - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - try - { - $PolicyObject = $null - Write-Verbose -Message "Current Workload = {$Workload}" + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($Workload -eq 'OneDriveForBusiness') - { - $PolicyObject = Get-AuditConfigurationPolicy | Where-Object -FilterScript { $_.Name -eq 'a415dcce-19a0-4153-b137-eb6fd67995b5' } + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + $PolicyObject = $null + Write-Verbose -Message "Current Workload = {$Workload}" + + if ($Workload -eq 'OneDriveForBusiness') + { + $PolicyObject = Get-AuditConfigurationPolicy | Where-Object -FilterScript { $_.Name -eq 'a415dcce-19a0-4153-b137-eb6fd67995b5' } + } + else + { + $PolicyObject = Get-AuditConfigurationPolicy | Where-Object -FilterScript { $_.Workload -eq $Workload } + } + + if ($null -eq $PolicyObject) + { + Write-Verbose -Message "SCAuditConfigurationPolicy $Workload does not exist." + return $nullReturn + } } else { - $PolicyObject = Get-AuditConfigurationPolicy | Where-Object -FilterScript { $_.Workload -eq $Workload } + $PolicyObject = $Script:exportedInstance } - if ($null -eq $PolicyObject) - { - Write-Verbose -Message "SCAuditConfigurationPolicy $Workload does not exist." - return $nullReturn + Write-Verbose -Message "Found existing SCAuditConfigurationPolicy $Workload" + $result = @{ + Ensure = 'Present' + Workload = $Workload + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } - else - { - Write-Verbose -Message "Found existing SCAuditConfigurationPolicy $Workload" - $result = @{ - Ensure = 'Present' - Workload = $Workload - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - AccessTokens = $AccessTokens - } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result - } + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -366,6 +363,7 @@ function Export-TargetResource Write-Host " |---[$i/$($policies.Length)] $($policy.Workload)" -NoNewline + $Script:exportedInstance = $policy $Results = Get-TargetResource @PSBoundParameters -Workload $policy.Workload $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 index 94d0e7ceab..dc659bae0e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 @@ -135,90 +135,86 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of Auto sensitivity Label Policy for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' try { - try + if (-not $Script:exportedInstance) { - # There is a bug with the Get-AutoSensitivityLabelPolicy where if you get by Identity, the priority is an invalid number. - # Threfore we get it by name. - $policy = Get-AutoSensitivityLabelPolicy | Where-Object -FilterScript { $_.Name -eq $Name } - } - catch - { - throw $_ - } + Write-Verbose -Message "Getting configuration of Auto sensitivity Label Policy for $Name" - if ($null -eq $policy) - { - Write-Verbose -Message "Auto Sensitivity label policy $($Name) does not exist." - return $nullReturn - } - else - { + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - Write-Verbose "Found existing Auto Sensitivity label policy $($Name)" - $result = @{ - Name = $policy.Name - Comment = $policy.Comment - ApplySensitivityLabel = $policy.ApplySensitivityLabel - Credential = $Credential - Ensure = 'Present' - ExchangeSender = $policy.ExchangeSender - ExchangeSenderException = $policy.ExchangeSenderException - ExchangeSenderMemberOf = $policy.ExchangeSenderMemberOf - ExchangeSenderMemberOfException = $policy.ExchangeSenderMemberOfException - ExchangeLocation = $policy.ExchangeLocation - AddExchangeLocation = $policy.AddExchangeLocation - RemoveExchangeLocation = $policy.RemoveExchangeLocation - Mode = $policy.Mode - OneDriveLocation = $policy.OneDriveLocation - AddOneDriveLocation = $policy.AddOneDriveLocation - RemoveOneDriveLocation = $policy.RemoveOneDriveLocation - OneDriveLocationException = $policy.OneDriveLocationException - AddOneDriveLocationException = $policy.AddOneDriveLocationException - RemoveOneDriveLocationException = $policy.RemoveOneDriveLocationException - Priority = $policy.Priority - SharePointLocation = $policy.SharePointLocation - SharePointLocationException = $policy.SharePointLocationException - AddSharePointLocationException = $policy.AddSharePointLocationException - RemoveSharePointLocationException = $policy.RemoveSharePointLocationException - AddSharePointLocation = $policy.AddSharePointLocation - RemoveSharePointLocation = $policy.RemoveSharePointLocation - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - AccessTokens = $AccessTokens + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + try + { + # There is a bug with the Get-AutoSensitivityLabelPolicy where if you get by Identity, the priority is an invalid number. + # Threfore we get it by name. + $policy = Get-AutoSensitivityLabelPolicy | Where-Object -FilterScript { $_.Name -eq $Name } + } + catch + { + throw $_ } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + if ($null -eq $policy) + { + Write-Verbose -Message "Auto Sensitivity label policy $($Name) does not exist." + return $nullReturn + } } + else + { + $policy = $Script:exportedInstance + } + + Write-Verbose "Found existing Auto Sensitivity label policy $($Name)" + $result = @{ + Name = $policy.Name + Comment = $policy.Comment + ApplySensitivityLabel = $policy.ApplySensitivityLabel + Credential = $Credential + Ensure = 'Present' + ExchangeSender = $policy.ExchangeSender + ExchangeSenderException = $policy.ExchangeSenderException + ExchangeSenderMemberOf = $policy.ExchangeSenderMemberOf + ExchangeSenderMemberOfException = $policy.ExchangeSenderMemberOfException + ExchangeLocation = $policy.ExchangeLocation + AddExchangeLocation = $policy.AddExchangeLocation + RemoveExchangeLocation = $policy.RemoveExchangeLocation + Mode = $policy.Mode + OneDriveLocation = $policy.OneDriveLocation + AddOneDriveLocation = $policy.AddOneDriveLocation + RemoveOneDriveLocation = $policy.RemoveOneDriveLocation + OneDriveLocationException = $policy.OneDriveLocationException + AddOneDriveLocationException = $policy.AddOneDriveLocationException + RemoveOneDriveLocationException = $policy.RemoveOneDriveLocationException + Priority = $policy.Priority + SharePointLocation = $policy.SharePointLocation + SharePointLocationException = $policy.SharePointLocationException + AddSharePointLocationException = $policy.AddSharePointLocationException + RemoveSharePointLocationException = $policy.RemoveSharePointLocationException + AddSharePointLocation = $policy.AddSharePointLocation + RemoveSharePointLocation = $policy.RemoveSharePointLocation + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens + } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -777,7 +773,7 @@ function Test-TargetResource $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $ValuesToCheck ` + -DesiredValues $PSBoundParameters ` -ValuesToCheck $ValuesToCheck.Keys Write-Verbose -Message "Test-TargetResource returned $TestResult" @@ -855,6 +851,7 @@ function Export-TargetResource Write-Host " |---[$i/$($policies.Count)] $($policy.Name)" -NoNewline + $Script:exportedInstance = $policy $Results = Get-TargetResource @PSBoundParameters -Name $policy.Name $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 index ccca329b0f..8460c67ed5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelRule/MSFT_SCAutoSensitivityLabelRule.psm1 @@ -225,156 +225,152 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of DLPCompliancePolicy for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' try { - $PolicyRule = Get-AutoSensitivityLabelRule -Identity $Name -ErrorAction SilentlyContinue - - if ($null -eq $PolicyRule) + if (-not $Script:exportedInstance) { - Write-Verbose -Message "AutoSensitivityLabelRule $($Name) does not exist." - return $nullReturn + Write-Verbose -Message "Getting configuration of DLPCompliancePolicy for $Name" + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + $PolicyRule = Get-AutoSensitivityLabelRule -Identity $Name -ErrorAction SilentlyContinue + + if ($null -eq $PolicyRule) + { + Write-Verbose -Message "AutoSensitivityLabelRule $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing AutoSensitivityLabelRule $($Name)" + $PolicyRule = $Script:exportedInstance + } - if ($null -ne $PolicyRule.AnyOfRecipientAddressContainsWords -and $PolicyRule.AnyOfRecipientAddressContainsWords.count -gt 0) - { - $AnyOfRecipientAddressContainsWords = $PolicyRule.AnyOfRecipientAddressContainsWords.Replace(' ', '').Split(',') - } + Write-Verbose "Found existing AutoSensitivityLabelRule $($Name)" - if ($null -ne $PolicyRule.AnyOfRecipientAddressMatchesPatterns -and $PolicyRule.AnyOfRecipientAddressMatchesPatterns -gt 0) - { - $AnyOfRecipientAddressMatchesPatterns = $PolicyRule.AnyOfRecipientAddressMatchesPatterns.Replace(' ', '').Split(',') - } + if ($null -ne $PolicyRule.AnyOfRecipientAddressContainsWords -and $PolicyRule.AnyOfRecipientAddressContainsWords.count -gt 0) + { + $AnyOfRecipientAddressContainsWords = $PolicyRule.AnyOfRecipientAddressContainsWords.Replace(' ', '').Split(',') + } - if ($null -ne $PolicyRule.ContentExtensionMatchesWords -and $PolicyRule.ContentExtensionMatchesWords.count -gt 0) - { - $ContentExtensionMatchesWords = $PolicyRule.ContentExtensionMatchesWords.Replace(' ', '').Split(',') - } + if ($null -ne $PolicyRule.AnyOfRecipientAddressMatchesPatterns -and $PolicyRule.AnyOfRecipientAddressMatchesPatterns -gt 0) + { + $AnyOfRecipientAddressMatchesPatterns = $PolicyRule.AnyOfRecipientAddressMatchesPatterns.Replace(' ', '').Split(',') + } - if ($null -ne $PolicyRule.ExceptIfContentExtensionMatchesWords -and $PolicyRule.ExceptIfContentExtensionMatchesWords.count -gt 0) - { - $ExceptIfContentExtensionMatchesWords = $PolicyRule.ExceptIfContentExtensionMatchesWords.Replace(' ', '').Split(',') - } - if ($null -ne $HeaderMatchesPatterns -and $null -ne $HeaderMatchesPatterns.Name) + if ($null -ne $PolicyRule.ContentExtensionMatchesWords -and $PolicyRule.ContentExtensionMatchesWords.count -gt 0) + { + $ContentExtensionMatchesWords = $PolicyRule.ContentExtensionMatchesWords.Replace(' ', '').Split(',') + } + + if ($null -ne $PolicyRule.ExceptIfContentExtensionMatchesWords -and $PolicyRule.ExceptIfContentExtensionMatchesWords.count -gt 0) + { + $ExceptIfContentExtensionMatchesWords = $PolicyRule.ExceptIfContentExtensionMatchesWords.Replace(' ', '').Split(',') + } + if ($null -ne $HeaderMatchesPatterns -and $null -ne $HeaderMatchesPatterns.Name) + { + $HeaderMatchesPatternsValue = @{} + foreach ($value in $HeaderMatchesPatterns[($HeaderMatchesPatterns.Name)]) { - $HeaderMatchesPatternsValue = @{} - foreach ($value in $HeaderMatchesPatterns[($HeaderMatchesPatterns.Name)]) + if ($HeaderMatchesPatternsValue.ContainsKey($HeaderMatchesPatterns.Name)) { - if ($HeaderMatchesPatternsValue.ContainsKey($HeaderMatchesPatterns.Name)) - { - $HeaderMatchesPatternsValue[$HeaderMatchesPatterns.Name] += $value - } - else - { - $HeaderMatchesPatternsValue.Add($HeaderMatchesPatterns.Name, @($value)) - } + $HeaderMatchesPatternsValue[$HeaderMatchesPatterns.Name] += $value } - } - foreach ($pattern in $PolicyRule.HeaderMatchesPatterns.Keys) - { - $HeaderMatchesPatternsValue += @{ - Name = $pattern - Value = $PolicyRule.HeaderMatchesPatterns.$pattern + else + { + $HeaderMatchesPatternsValue.Add($HeaderMatchesPatterns.Name, @($value)) } } - - $result = @{ - Name = $PolicyRule.Name - Policy = $PolicyRule.ParentPolicyName - Workload = $Workload - AccessScope = $PolicyRule.AccessScope - AnyOfRecipientAddressContainsWords = $AnyOfRecipientAddressContainsWords - AnyOfRecipientAddressMatchesPatterns = $AnyOfRecipientAddressMatchesPatterns - Comment = $PolicyRule.Comment - ContentContainsSensitiveInformation = $PolicyRule.ContentContainsSensitiveInformation - ContentExtensionMatchesWords = $ContentExtensionMatchesWords - Disabled = $PolicyRule.Disabled - DocumentIsPasswordProtected = $PolicyRule.DocumentIsPasswordProtected - DocumentIsUnsupported = $PolicyRule.DocumentIsUnsupported - ExceptIfAccessScope = $PolicyRule.ExceptIfAccessScope - ExceptIfAnyOfRecipientAddressContainsWords = $PolicyRule.ExceptIfAnyOfRecipientAddressContainsWords - ExceptIfAnyOfRecipientAddressMatchesPatterns = $PolicyRule.ExceptIfAnyOfRecipientAddressMatchesPatterns - ExceptIfContentContainsSensitiveInformation = $PolicyRule.ExceptIfContentContainsSensitiveInformation - ExceptIfContentExtensionMatchesWords = $ExceptIfContentExtensionMatchesWords - ExceptIfDocumentIsPasswordProtected = $PolicyRule.ExceptIfDocumentIsPasswordProtected - ExceptIfDocumentIsUnsupported = $PolicyRule.ExceptIfDocumentIsUnsupported - ExceptIfFrom = $PolicyRule.ExceptIfFrom - ExceptIfFromAddressContainsWords = $PolicyRule.ExceptIfFromAddressContainsWords - ExceptIfFromAddressMatchesPatterns = $PolicyRule.ExceptIfFromAddressMatchesPatterns - ExceptIfFromMemberOf = $PolicyRule.ExceptIfFromMemberOf - ExceptIfHeaderMatchesPatterns = $PolicyRule.ExceptIfHeaderMatchesPatterns - ExceptIfProcessingLimitExceeded = $PolicyRule.ExceptIfProcessingLimitExceeded - ExceptIfRecipientDomainIs = $PolicyRule.ExceptIfRecipientDomainIs - ExceptIfSenderDomainIs = $PolicyRule.ExceptIfSenderDomainIs - ExceptIfSenderIPRanges = $PolicyRule.ExceptIfSenderIPRanges - ExceptIfSentTo = $PolicyRule.ExceptIfSentTo - ExceptIfSentToMemberOf = $PolicyRule.ExceptIfSentToMemberOf - ExceptIfSubjectMatchesPatterns = $PolicyRule.ExceptIfSubjectMatchesPatterns - FromAddressContainsWords = $PolicyRule.FromAddressContainsWords - FromAddressMatchesPatterns = $PolicyRule.FromAddressMatchesPatterns - HeaderMatchesPatterns = $HeaderMatchesPatternsValue - ProcessingLimitExceeded = $PolicyRule.ProcessingLimitExceeded - RecipientDomainIs = $PolicyRule.RecipientDomainIs - ReportSeverityLevel = $PolicyRule.ReportSeverityLevel - RuleErrorAction = $PolicyRule.RuleErrorAction - SenderDomainIs = $PolicyRule.SenderDomainIs - SenderIPRanges = $PolicyRule.SenderIPRanges - SentTo = $PolicyRule.SentTo - SentToMemberOf = $PolicyRule.SentToMemberOf - SubjectMatchesPatterns = $PolicyRule.SubjectMatchesPatterns - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - AccessTokens = $AccessTokens + } + foreach ($pattern in $PolicyRule.HeaderMatchesPatterns.Keys) + { + $HeaderMatchesPatternsValue += @{ + Name = $pattern + Value = $PolicyRule.HeaderMatchesPatterns.$pattern } + } - $paramsToRemove = @() - foreach ($paramName in $result.Keys) - { - if ($null -eq $result[$paramName] -or '' -eq $result[$paramName] -or @() -eq $result[$paramName]) - { - $paramsToRemove += $paramName - } - } + $result = @{ + Name = $PolicyRule.Name + Policy = $PolicyRule.ParentPolicyName + Workload = $Workload + AccessScope = $PolicyRule.AccessScope + AnyOfRecipientAddressContainsWords = $AnyOfRecipientAddressContainsWords + AnyOfRecipientAddressMatchesPatterns = $AnyOfRecipientAddressMatchesPatterns + Comment = $PolicyRule.Comment + ContentContainsSensitiveInformation = $PolicyRule.ContentContainsSensitiveInformation + ContentExtensionMatchesWords = $ContentExtensionMatchesWords + Disabled = $PolicyRule.Disabled + DocumentIsPasswordProtected = $PolicyRule.DocumentIsPasswordProtected + DocumentIsUnsupported = $PolicyRule.DocumentIsUnsupported + ExceptIfAccessScope = $PolicyRule.ExceptIfAccessScope + ExceptIfAnyOfRecipientAddressContainsWords = $PolicyRule.ExceptIfAnyOfRecipientAddressContainsWords + ExceptIfAnyOfRecipientAddressMatchesPatterns = $PolicyRule.ExceptIfAnyOfRecipientAddressMatchesPatterns + ExceptIfContentContainsSensitiveInformation = $PolicyRule.ExceptIfContentContainsSensitiveInformation + ExceptIfContentExtensionMatchesWords = $ExceptIfContentExtensionMatchesWords + ExceptIfDocumentIsPasswordProtected = $PolicyRule.ExceptIfDocumentIsPasswordProtected + ExceptIfDocumentIsUnsupported = $PolicyRule.ExceptIfDocumentIsUnsupported + ExceptIfFrom = $PolicyRule.ExceptIfFrom + ExceptIfFromAddressContainsWords = $PolicyRule.ExceptIfFromAddressContainsWords + ExceptIfFromAddressMatchesPatterns = $PolicyRule.ExceptIfFromAddressMatchesPatterns + ExceptIfFromMemberOf = $PolicyRule.ExceptIfFromMemberOf + ExceptIfHeaderMatchesPatterns = $PolicyRule.ExceptIfHeaderMatchesPatterns + ExceptIfProcessingLimitExceeded = $PolicyRule.ExceptIfProcessingLimitExceeded + ExceptIfRecipientDomainIs = $PolicyRule.ExceptIfRecipientDomainIs + ExceptIfSenderDomainIs = $PolicyRule.ExceptIfSenderDomainIs + ExceptIfSenderIPRanges = $PolicyRule.ExceptIfSenderIPRanges + ExceptIfSentTo = $PolicyRule.ExceptIfSentTo + ExceptIfSentToMemberOf = $PolicyRule.ExceptIfSentToMemberOf + ExceptIfSubjectMatchesPatterns = $PolicyRule.ExceptIfSubjectMatchesPatterns + FromAddressContainsWords = $PolicyRule.FromAddressContainsWords + FromAddressMatchesPatterns = $PolicyRule.FromAddressMatchesPatterns + HeaderMatchesPatterns = $HeaderMatchesPatternsValue + ProcessingLimitExceeded = $PolicyRule.ProcessingLimitExceeded + RecipientDomainIs = $PolicyRule.RecipientDomainIs + ReportSeverityLevel = $PolicyRule.ReportSeverityLevel + RuleErrorAction = $PolicyRule.RuleErrorAction + SenderDomainIs = $PolicyRule.SenderDomainIs + SenderIPRanges = $PolicyRule.SenderIPRanges + SentTo = $PolicyRule.SentTo + SentToMemberOf = $PolicyRule.SentToMemberOf + SubjectMatchesPatterns = $PolicyRule.SubjectMatchesPatterns + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens + } - foreach ($paramName in $paramsToRemove) + $paramsToRemove = @() + foreach ($paramName in $result.Keys) + { + if ($null -eq $result[$paramName] -or '' -eq $result[$paramName] -or @() -eq $result[$paramName]) { - $result.Remove($paramName) + $paramsToRemove += $paramName } + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + foreach ($paramName in $paramsToRemove) + { + $result.Remove($paramName) } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -1149,6 +1145,7 @@ function Export-TargetResource } Write-Host " |---[$i/$($rules.Length)] $($rule.Name)" -NoNewline + $Script:exportedInstance = $rule $Results = Get-TargetResource @PSBoundParameters ` -Name $rule.name ` -Policy $rule.ParentPolicyName ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 index cc98385f55..6420562be2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldPolicy/MSFT_SCCaseHoldPolicy.psm1 @@ -66,67 +66,63 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of SCCaseHoldPolicy for $Name" - - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of SCCaseHoldPolicy for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - $PolicyObject = Get-CaseHoldPolicy -Case $Case -Identity $Name -ErrorAction SilentlyContinue + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $PolicyObject) - { - Write-Verbose -Message "SCCaseHoldPolicy $Name does not exist." - return $nullReturn + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + $PolicyObject = Get-CaseHoldPolicy -Case $Case -Identity $Name -ErrorAction SilentlyContinue + + if ($null -eq $PolicyObject) + { + Write-Verbose -Message "SCCaseHoldPolicy $Name does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing SCCaseHoldPolicy $($Name)" - $result = @{ - Ensure = 'Present' - Name = $PolicyObject.Name - Case = $Case - Enabled = $PolicyObject.Enabled - Comment = $PolicyObject.Comment - ExchangeLocation = $PolicyObject.ExchangeLocation.Name - PublicFolderLocation = $PolicyObject.PublicFolderLocation.Name - SharePointLocation = $PolicyObject.SharePointLocation.Name - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - AccessTokens = $AccessTokens - } + $PolicyObject = $Script:exportedInstance + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing SCCaseHoldPolicy $($Name)" + $result = @{ + Ensure = 'Present' + Name = $PolicyObject.Name + Case = $Case + Enabled = $PolicyObject.Enabled + Comment = $PolicyObject.Comment + ExchangeLocation = $PolicyObject.ExchangeLocation.Name + PublicFolderLocation = $PolicyObject.PublicFolderLocation.Name + SharePointLocation = $PolicyObject.SharePointLocation.Name + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -517,6 +513,7 @@ function Export-TargetResource Write-Host " |---[$j/$($policies.Count)] $($policy.Name)" -NoNewline + $Script:exportedInstance = $policy $Results = Get-TargetResource @PSBoundParameters ` -Name $policy.Name ` -Case $case.Name diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 index a5e9e1ed8e..ef9f56b911 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCCaseHoldRule/MSFT_SCCaseHoldRule.psm1 @@ -58,70 +58,65 @@ function Get-TargetResource $AccessTokens ) - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - Write-Verbose -Message "Getting configuration of SCCaseHoldRule for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' try { - $Rules = Get-CaseHoldRule -Policy $Policy -ErrorAction 'SilentlyContinue' - $Rule = $Rules | Where-Object { $_.Name -eq $Name } - - if ($null -eq $Rule) + if (-not $Script:exportedInstance) { - Write-Verbose -Message "SCCaseHoldRule $($Name) does not exist." - return $nullReturn + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + Write-Verbose -Message "Getting configuration of SCCaseHoldRule for $Name" + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + $Rules = Get-CaseHoldRule -Policy $Policy -ErrorAction 'SilentlyContinue' + $Rule = $Rules | Where-Object { $_.Name -eq $Name } + + if ($null -eq $Rule) + { + Write-Verbose -Message "SCCaseHoldRule $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing SCCaseHoldRule $($Name)" - - $result = @{ - Name = $Rule.Name - Policy = $Policy - Comment = $Rule.Comment - Disabled = $Rule.Disabled - ContentMatchQuery = $Rule.ContentMatchQuery - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - AccessTokens = $AccessTokens - } + $Rule = $Script:exportedInstance + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing SCCaseHoldRule $($Name)" + + $result = @{ + Name = $Rule.Name + Policy = $Policy + Comment = $Rule.Comment + Disabled = $Rule.Disabled + ContentMatchQuery = $Rule.ContentMatchQuery + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { - New-M365DSCLogEntry -Message 'Error retrieving data:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` @@ -412,6 +407,7 @@ function Export-TargetResource { $policy = Get-CaseHoldPolicy -Identity $Rule.Policy -ErrorAction Stop + $Script:exportedInstance = $Rule $Results = Get-TargetResource @PSBoundParameters ` -Name $Rule.Name ` -Policy $policy.Name diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 index 765c2e59f0..a7428b5b52 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceCase/MSFT_SCComplianceCase.psm1 @@ -51,67 +51,65 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of SCComplianceCase for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of SCComplianceCase for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - $Case = Get-ComplianceCase -Identity $Name -ErrorAction SilentlyContinue + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $Case) - { - Write-Verbose -Message "SCComplianceCase $($Name) does not exist." - return $nullReturn + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + $Case = Get-ComplianceCase -Identity $Name -ErrorAction SilentlyContinue + + if ($null -eq $Case) + { + Write-Verbose -Message "SCComplianceCase $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing SCComplianceCase $($Name)" - $Status = $Case.Status - if ('Closing' -eq $Status) - { - $Status = 'Closed' - } - $result = @{ - Name = $Case.Name - Description = $Case.Description - Status = $Status - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - AccessTokens = $AccessTokens - } + $Case = $Script:exportedInstance + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing SCComplianceCase $($Name)" + $Status = $Case.Status + if ('Closing' -eq $Status) + { + $Status = 'Closed' + } + $result = @{ + Name = $Case.Name + Description = $Case.Description + Status = $Status + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -405,6 +403,7 @@ function Export-TargetResource Write-Host " eDiscovery: [$i/$($Cases.Count)] $($Case.Name)" -NoNewline + $Script:exportedInstance = $Case $Results = Get-TargetResource @PSBoundParameters -Name $Case.Name $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 index 7cf411e732..983dba9f12 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearch/MSFT_SCComplianceSearch.psm1 @@ -90,93 +90,98 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of SCComplianceSearch for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try { - if ($null -eq $Case) + if (-not $Script:exportedInstance) { - $Search = Get-ComplianceSearch -Identity $Name -ErrorAction SilentlyContinue + Write-Verbose -Message "Getting configuration of SCComplianceSearch for $Name" + if ($Global:CurrentModeIsExport) + { + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + } + else + { + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters + } + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + if ($null -eq $Case) + { + $Search = Get-ComplianceSearch -Identity $Name -ErrorAction SilentlyContinue + } + else + { + $Search = Get-ComplianceSearch -Identity $Name -Case $Case -ErrorAction SilentlyContinue + } + + if ($null -eq $Search) + { + Write-Verbose -Message "SCComplianceSearch $($Name) does not exist." + return $nullReturn + } } else { - $Search = Get-ComplianceSearch -Identity $Name -Case $Case -ErrorAction SilentlyContinue + $Search = $Script:exportedInstance } - if ($null -eq $Search) - { - Write-Verbose -Message "SCComplianceSearch $($Name) does not exist." - return $nullReturn + Write-Verbose "Found existing SCComplianceSearch $($Name)" + $result = @{ + Name = $Name + Case = $Case + AllowNotFoundExchangeLocationsEnabled = $Search.AllowNotFoundExchangeLocationsEnabled + ContentMatchQuery = $Search.ContentMatchQuery + Description = $Search.Description + ExchangeLocation = $Search.ExchangeLocation + ExchangeLocationExclusion = $Search.ExchangeLocationExclusion + HoldNames = $Search.HoldNames + IncludeUserAppContent = $Search.IncludeUserAppContent + Language = $Search.Language.TwoLetterISOLanguageName + PublicFolderLocation = $Search.PublicFolderLocation + SharePointLocation = $Search.SharePointLocation + SharePointLocationExclusion = $Search.SharePointLocationExclusion + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + AccessTokens = $AccessTokens } - else - { - Write-Verbose "Found existing SCComplianceSearch $($Name)" - $result = @{ - Name = $Name - Case = $Case - AllowNotFoundExchangeLocationsEnabled = $Search.AllowNotFoundExchangeLocationsEnabled - ContentMatchQuery = $Search.ContentMatchQuery - Description = $Search.Description - ExchangeLocation = $Search.ExchangeLocation - ExchangeLocationExclusion = $Search.ExchangeLocationExclusion - HoldNames = $Search.HoldNames - IncludeUserAppContent = $Search.IncludeUserAppContent - Language = $Search.Language.TwoLetterISOLanguageName - PublicFolderLocation = $Search.PublicFolderLocation - SharePointLocation = $Search.SharePointLocation - SharePointLocationExclusion = $Search.SharePointLocationExclusion - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - AccessTokens = $AccessTokens - } - - $nullParams = @() - foreach ($parameter in $result.Keys) - { - if ($null -eq $result.$parameter) - { - $nullParams += $parameter - } - } - foreach ($paramToRemove in $nullParams) + $nullParams = @() + foreach ($parameter in $result.Keys) + { + if ($null -eq $result.$parameter) { - $result.Remove($paramToRemove) + $nullParams += $parameter } + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + foreach ($paramToRemove in $nullParams) + { + $result.Remove($paramToRemove) } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -543,6 +548,7 @@ function Export-TargetResource Write-Host " |---[$i/$($searches.Name.Count)] $($search.Name)" -NoNewline + $Script:exportedInstance = $search $Results = Get-TargetResource @PSBoundParameters -Name $search.Name $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 index 1c1e7d4495..36aaea95cf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceSearchAction/MSFT_SCComplianceSearchAction.psm1 @@ -76,115 +76,111 @@ function Get-TargetResource [System.String[]] $AccessTokens ) - Write-Verbose -Message "Getting configuration of SCComplianceSearchAction for $SearchName - $Action" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try { - $currentAction = Get-CurrentAction -SearchName $SearchName -Action $Action ` - -ErrorAction Stop - - if ($null -eq $currentAction) - { - Write-Verbose -Message "SCComplianceSearchAction $ActionName does not exist." - return $nullReturn + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of SCComplianceSearchAction for $SearchName - $Action" + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + $currentAction = Get-CurrentAction -SearchName $SearchName -Action $Action ` + -ErrorAction Stop + + if ($null -eq $currentAction) + { + Write-Verbose -Message "SCComplianceSearchAction $ActionName does not exist." + return $nullReturn + } } else { - if ('Purge' -ne $Action) - { - $Scenario = Get-ResultProperty -ResultString $currentAction.Results -PropertyName 'Scenario' - $FileTypeExclusion = Get-ResultProperty -ResultString $currentAction.Results -PropertyName 'File type exclusions for unindexed' - $EnableDedupe = Get-ResultProperty -ResultString $currentAction.Results -PropertyName 'Enable dedupe' - $IncludeCreds = Get-ResultProperty -ResultString $currentAction.Results -PropertyName 'SAS token' - $IncludeSP = Get-ResultProperty -ResultString $currentAction.Results -PropertyName 'Include SharePoint versions' - $ScopeValue = Get-ResultProperty -ResultString $currentAction.Results -PropertyName 'Scope' - - $ActionName = $Action - if ('RetentionReports' -eq $Scenario) - { - $ActionName = 'Retention' - } + $currentAction = $Script:exportedInstance + } - $result = @{ - Action = $ActionName - SearchName = $currentAction.SearchName - FileTypeExclusionsForUnindexedItems = $FileTypeExclusion - EnableDedupe = $EnableDedupe - IncludeSharePointDocumentVersions = $IncludeSP - RetryOnError = $currentAction.Retry - ActionScope = $ScopeValue - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - AccessTokens = $AccessTokens - } - if ($ActionName -eq 'Preview') - { - $result.Remove('EnableDedupe') | Out-Null - } - } - else + if ('Purge' -ne $Action) + { + $Scenario = Get-ResultProperty -ResultString $currentAction.Results -PropertyName 'Scenario' + $FileTypeExclusion = Get-ResultProperty -ResultString $currentAction.Results -PropertyName 'File type exclusions for unindexed' + $EnableDedupe = Get-ResultProperty -ResultString $currentAction.Results -PropertyName 'Enable dedupe' + $IncludeCreds = Get-ResultProperty -ResultString $currentAction.Results -PropertyName 'SAS token' + $IncludeSP = Get-ResultProperty -ResultString $currentAction.Results -PropertyName 'Include SharePoint versions' + $ScopeValue = Get-ResultProperty -ResultString $currentAction.Results -PropertyName 'Scope' + + $ActionName = $Action + if ('RetentionReports' -eq $Scenario) { - $PurgeTP = Get-ResultProperty -ResultString $currentAction.Results -PropertyName 'Purge Type' - $result = @{ - Action = $currentAction.Action - SearchName = $currentAction.SearchName - PurgeType = $PurgeTP - RetryOnError = $currentAction.Retry - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - AccessTokens = $AccessTokens - } + $ActionName = 'Retention' } - if ('' -eq $IncludeCreds -or 'Purge' -eq $Action) - { - $result.Add('IncludeCredential', $false) + $result = @{ + Action = $ActionName + SearchName = $currentAction.SearchName + FileTypeExclusionsForUnindexedItems = $FileTypeExclusion + EnableDedupe = $EnableDedupe + IncludeSharePointDocumentVersions = $IncludeSP + RetryOnError = $currentAction.Retry + ActionScope = $ScopeValue + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + AccessTokens = $AccessTokens } - elseif ('Purge' -ne $Action) + if ($ActionName -eq 'Preview') { - $result.Add('IncludeCredential', $true) + $result.Remove('EnableDedupe') | Out-Null } + } + else + { + $PurgeTP = Get-ResultProperty -ResultString $currentAction.Results -PropertyName 'Purge Type' + $result = @{ + Action = $currentAction.Action + SearchName = $currentAction.SearchName + PurgeType = $PurgeTP + RetryOnError = $currentAction.Retry + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + AccessTokens = $AccessTokens + } + } - Write-Verbose "Found existing $Action SCComplianceSearchAction for Search $SearchName" - - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + if ('' -eq $IncludeCreds -or 'Purge' -eq $Action) + { + $result.Add('IncludeCredential', $false) + } + elseif ('Purge' -ne $Action) + { + $result.Add('IncludeCredential', $true) } + + Write-Verbose "Found existing $Action SCComplianceSearchAction for Search $SearchName" + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch @@ -582,6 +578,7 @@ function Export-TargetResource { $Params.Action = 'Retention' } + $Script:exportedInstance = $action $Results = Get-TargetResource @PSBoundParameters @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 index 89ca1e87d3..dc98e40394 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCComplianceTag/MSFT_SCComplianceTag.psm1 @@ -84,75 +84,73 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of ComplianceTag for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of ComplianceTag for $Name" - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - try - { - $tagObject = Get-ComplianceTag -Identity $Name -ErrorAction SilentlyContinue + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $tagObject) - { - Write-Verbose -Message "ComplianceTag $($Name) does not exist." - return $nullReturn + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + $tagObject = Get-ComplianceTag -Identity $Name -ErrorAction SilentlyContinue + + if ($null -eq $tagObject) + { + Write-Verbose -Message "ComplianceTag $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing ComplianceTag $($Name)" - $result = @{ - Name = $tagObject.Name - Comment = $tagObject.Comment - RetentionDuration = $tagObject.RetentionDuration - IsRecordLabel = $tagObject.IsRecordLabel - Regulatory = $tagObject.Regulatory - Notes = $tagObject.Notes - ReviewerEmail = $tagObject.ReviewerEmail - RetentionAction = $tagObject.RetentionAction - EventType = $tagObject.EventType - RetentionType = $tagObject.RetentionType - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - AccessTokens = $AccessTokens - } + $tagObject = $Script:exportedInstance + } - if (-not [System.String]::IsNullOrEmpty($tagObject.FilePlanMetadata)) - { - $ConvertedFilePlanProperty = Get-SCFilePlanProperty $tagObject.FilePlanMetadata - $result.Add('FilePlanProperty', $ConvertedFilePlanProperty) - } + Write-Verbose "Found existing ComplianceTag $($Name)" + $result = @{ + Name = $tagObject.Name + Comment = $tagObject.Comment + RetentionDuration = $tagObject.RetentionDuration + IsRecordLabel = $tagObject.IsRecordLabel + Regulatory = $tagObject.Regulatory + Notes = $tagObject.Notes + ReviewerEmail = $tagObject.ReviewerEmail + RetentionAction = $tagObject.RetentionAction + EventType = $tagObject.EventType + RetentionType = $tagObject.RetentionType + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + AccessTokens = $AccessTokens + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + if (-not [System.String]::IsNullOrEmpty($tagObject.FilePlanMetadata)) + { + $ConvertedFilePlanProperty = Get-SCFilePlanProperty $tagObject.FilePlanMetadata + $result.Add('FilePlanProperty', $ConvertedFilePlanProperty) } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -564,6 +562,7 @@ function Export-TargetResource } Write-Host " |---[$i/$($totalTags)] $($tag.Name)" -NoNewline + $Script:exportedInstance = $tag $Results = Get-TargetResource @PSBoundParameters -Name $tag.Name $Results.FilePlanProperty = Get-SCFilePlanPropertyAsString $Results.FilePlanProperty $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 index f4f0c868b8..b1838b303d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPCompliancePolicy/MSFT_SCDLPCompliancePolicy.psm1 @@ -123,99 +123,97 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of DLPCompliancePolicy for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of DLPCompliancePolicy for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - $PolicyObject = Get-DlpCompliancePolicy -Identity $Name -ErrorAction SilentlyContinue + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $PolicyObject) - { - Write-Verbose -Message "DLPCompliancePolicy $($Name) does not exist." - return $nullReturn + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + $PolicyObject = Get-DlpCompliancePolicy -Identity $Name -ErrorAction SilentlyContinue + + if ($null -eq $PolicyObject) + { + Write-Verbose -Message "DLPCompliancePolicy $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing DLPCompliancePolicy $($Name)" - - $ExchangeSenderMemberOfValue = @() - if ($null -ne $PolicyObject.ExchangeSenderMemberOf) - { - foreach ($member in $PolicyObject.ExchangeSenderMemberOf) - { - $ExchangeSenderMemberOfValue += (ConvertFrom-Json $member).PrimarySmtpAddress - } - } - - $ExchangeSenderMemberOfExceptionValue = @() - if ($null -ne $PolicyObject.ExchangeSenderMemberOfException) - { - foreach ($member in $PolicyObject.ExchangeSenderMemberOfException) - { - $ExchangeSenderMemberOfExceptionValue += (ConvertFrom-Json $member).PrimarySmtpAddress - } - } - - $result = @{ - Ensure = 'Present' - Name = $PolicyObject.Name - Comment = $PolicyObject.Comment - EndpointDlpLocation = $PolicyObject.EndpointDlpLocation.Name - EndpointDlpLocationException = $PolicyObject.EndpointDlpLocationException - ExchangeLocation = $PolicyObject.ExchangeLocation.Name - ExchangeSenderMemberOf = $ExchangeSenderMemberOfValue - ExchangeSenderMemberOfException = $ExchangeSenderMemberOfExceptionValue - Mode = $PolicyObject.Mode - OneDriveLocation = $PolicyObject.OneDriveLocation.Name - OneDriveLocationException = $PolicyObject.OneDriveLocationException - OnPremisesScannerDlpLocation = $PolicyObject.OnPremisesScannerDlpLocation.Name - OnPremisesScannerDlpLocationException = $PolicyObject.OnPremisesScannerDlpLocationException - PowerBIDlpLocation = $PolicyObject.PowerBIDlpLocation.Name - PowerBIDlpLocationException = $PolicyObject.PowerBIDlpLocationException - Priority = $PolicyObject.Priority - SharePointLocation = $PolicyObject.SharePointLocation.Name - SharePointLocationException = $PolicyObject.SharePointLocationException - TeamsLocation = $PolicyObject.TeamsLocation.Name - TeamsLocationException = $PolicyObject.TeamsLocationException - ThirdPartyAppDlpLocation = $PolicyObject.ThirdPartyAppDlpLocation.Name - ThirdPartyAppDlpLocationException = $PolicyObject.ThirdPartyAppDlpLocationException - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - AccessTokens = $AccessTokens - } - - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + $PolicyObject = $Script:exportedInstance + } + + Write-Verbose "Found existing DLPCompliancePolicy $($Name)" + + $ExchangeSenderMemberOfValue = @() + if ($null -ne $PolicyObject.ExchangeSenderMemberOf) + { + foreach ($member in $PolicyObject.ExchangeSenderMemberOf) + { + $ExchangeSenderMemberOfValue += (ConvertFrom-Json $member).PrimarySmtpAddress + } + } + + $ExchangeSenderMemberOfExceptionValue = @() + if ($null -ne $PolicyObject.ExchangeSenderMemberOfException) + { + foreach ($member in $PolicyObject.ExchangeSenderMemberOfException) + { + $ExchangeSenderMemberOfExceptionValue += (ConvertFrom-Json $member).PrimarySmtpAddress + } + } + + $result = @{ + Ensure = 'Present' + Name = $PolicyObject.Name + Comment = $PolicyObject.Comment + EndpointDlpLocation = $PolicyObject.EndpointDlpLocation.Name + EndpointDlpLocationException = $PolicyObject.EndpointDlpLocationException + ExchangeLocation = $PolicyObject.ExchangeLocation.Name + ExchangeSenderMemberOf = $ExchangeSenderMemberOfValue + ExchangeSenderMemberOfException = $ExchangeSenderMemberOfExceptionValue + Mode = $PolicyObject.Mode + OneDriveLocation = $PolicyObject.OneDriveLocation.Name + OneDriveLocationException = $PolicyObject.OneDriveLocationException + OnPremisesScannerDlpLocation = $PolicyObject.OnPremisesScannerDlpLocation.Name + OnPremisesScannerDlpLocationException = $PolicyObject.OnPremisesScannerDlpLocationException + PowerBIDlpLocation = $PolicyObject.PowerBIDlpLocation.Name + PowerBIDlpLocationException = $PolicyObject.PowerBIDlpLocationException + Priority = $PolicyObject.Priority + SharePointLocation = $PolicyObject.SharePointLocation.Name + SharePointLocationException = $PolicyObject.SharePointLocationException + TeamsLocation = $PolicyObject.TeamsLocation.Name + TeamsLocationException = $PolicyObject.TeamsLocationException + ThirdPartyAppDlpLocation = $PolicyObject.ThirdPartyAppDlpLocation.Name + ThirdPartyAppDlpLocationException = $PolicyObject.ThirdPartyAppDlpLocationException + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -974,6 +972,7 @@ function Export-TargetResource } Write-Host " |---[$i/$($policies.Count)] $($policy.Name)" -NoNewline + $Script:exportedInstance = $policy $Results = Get-TargetResource @PSBoundParameters -Name $policy.Name $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 index f4b5814d2a..57eddccd1c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 @@ -318,202 +318,200 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of DLPCompliancePolicy for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of DLPCompliancePolicy for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - $PolicyRule = Get-DlpComplianceRule -Identity $Name -ErrorAction SilentlyContinue + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $PolicyRule) - { - Write-Verbose -Message "DLPComplianceRule $($Name) does not exist." - return $nullReturn - } - else - { - Write-Verbose "Found existing DLPComplianceRule $($Name)" + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - # Cmdlet returns a string, but in order to properly validate valid values, we need to convert - # to a String array - $ArrayIncidentReportContent = @() + $PolicyRule = Get-DlpComplianceRule -Identity $Name -ErrorAction SilentlyContinue - if ($null -ne $PolicyRule.IncidentReportContent) + if ($null -eq $PolicyRule) { - $ArrayIncidentReportContent = $PolicyRule.IncidentReportContent.Replace(' ', '').Split(',') + Write-Verbose -Message "DLPComplianceRule $($Name) does not exist." + return $nullReturn } + } + else + { + $PolicyRule = $Script:exportedInstance + } - if ($null -ne $PolicyRule.NotifyAllowOverride) - { - $NotifyAllowOverrideValue = $PolicyRule.NotifyAllowOverride.Replace(' ', '').Split(',') - } + Write-Verbose "Found existing DLPComplianceRule $($Name)" - if ($null -ne $PolicyRule.AnyOfRecipientAddressContainsWords -and $PolicyRule.AnyOfRecipientAddressContainsWords.count -gt 0) - { - $AnyOfRecipientAddressContainsWords = $PolicyRule.AnyOfRecipientAddressContainsWords.Replace(' ', '').Split(',') - } + # Cmdlet returns a string, but in order to properly validate valid values, we need to convert + # to a String array + $ArrayIncidentReportContent = @() - if ($null -ne $PolicyRule.ExceptIfAnyOfRecipientAddressContainsWords -and $PolicyRule.ExceptIfAnyOfRecipientAddressContainsWords.count -gt 0) - { - $ExceptIfAnyOfRecipientAddressContainsWords = $PolicyRule.ExceptIfAnyOfRecipientAddressContainsWords.Replace(' ', '').Split(',') - } + if ($null -ne $PolicyRule.IncidentReportContent) + { + $ArrayIncidentReportContent = $PolicyRule.IncidentReportContent.Replace(' ', '').Split(',') + } - if ($null -ne $PolicyRule.AnyOfRecipientAddressMatchesPatterns -and $PolicyRule.AnyOfRecipientAddressMatchesPatterns -gt 0) - { - $AnyOfRecipientAddressMatchesPatterns = $PolicyRule.AnyOfRecipientAddressMatchesPatterns.Replace(' ', '').Split(',') - } + if ($null -ne $PolicyRule.NotifyAllowOverride) + { + $NotifyAllowOverrideValue = $PolicyRule.NotifyAllowOverride.Replace(' ', '').Split(',') + } - if ($null -ne $PolicyRule.ContentExtensionMatchesWords -and $PolicyRule.ContentExtensionMatchesWords.count -gt 0) - { - $ContentExtensionMatchesWords = $PolicyRule.ContentExtensionMatchesWords.Replace(' ', '').Split(',') - } + if ($null -ne $PolicyRule.AnyOfRecipientAddressContainsWords -and $PolicyRule.AnyOfRecipientAddressContainsWords.count -gt 0) + { + $AnyOfRecipientAddressContainsWords = $PolicyRule.AnyOfRecipientAddressContainsWords.Replace(' ', '').Split(',') + } - if ($null -ne $PolicyRule.ExceptIfContentExtensionMatchesWords -and $PolicyRule.ExceptIfContentExtensionMatchesWords.count -gt 0) - { - $ExceptIfContentExtensionMatchesWords = $PolicyRule.ExceptIfContentExtensionMatchesWords.Replace(' ', '').Split(',') - } + if ($null -ne $PolicyRule.ExceptIfAnyOfRecipientAddressContainsWords -and $PolicyRule.ExceptIfAnyOfRecipientAddressContainsWords.count -gt 0) + { + $ExceptIfAnyOfRecipientAddressContainsWords = $PolicyRule.ExceptIfAnyOfRecipientAddressContainsWords.Replace(' ', '').Split(',') + } - if ($null -ne $PolicyRule.AdvancedRule -and $PolicyRule.AdvancedRule.Count -gt 0) - { - $ruleobject = $PolicyRule.AdvancedRule | ConvertFrom-Json - $index = $ruleobject.Condition.SubConditions.ConditionName.IndexOf('ContentContainsSensitiveInformation') - if ($index -ne -1) - { - if ($null -eq $ruleobject.Condition.SubConditions[$index].value.groups) - { - $ruleobject.Condition.SubConditions[$index].Value = $ruleobject.Condition.SubConditions[$index].Value | Select-Object * -ExcludeProperty Id - } - elseif ($null -ne $ruleObject.Condition.SubConditions[$index].Value.Groups.Sensitivetypes) - { - $ruleobject.Condition.SubConditions[$index].Value.Groups.Sensitivetypes = @($ruleobject.Condition.SubConditions[$index].Value.Groups.Sensitivetypes | Select-Object * -ExcludeProperty Id) - } - } + if ($null -ne $PolicyRule.AnyOfRecipientAddressMatchesPatterns -and $PolicyRule.AnyOfRecipientAddressMatchesPatterns -gt 0) + { + $AnyOfRecipientAddressMatchesPatterns = $PolicyRule.AnyOfRecipientAddressMatchesPatterns.Replace(' ', '').Split(',') + } - $newAdvancedRule = $ruleobject | ConvertTo-Json -Depth 32 | Format-Json - $newAdvancedRule = $newAdvancedRule | ConvertTo-Json -Compress - } - else - { - $newAdvancedRule = $null - } + if ($null -ne $PolicyRule.ContentExtensionMatchesWords -and $PolicyRule.ContentExtensionMatchesWords.count -gt 0) + { + $ContentExtensionMatchesWords = $PolicyRule.ContentExtensionMatchesWords.Replace(' ', '').Split(',') + } - $fancyDoubleQuotes = '[\u201C\u201D]' - $result = @{ - Ensure = 'Present' - Name = $PolicyRule.Name - Policy = $PolicyRule.ParentPolicyName - AccessScope = $PolicyRule.AccessScope - BlockAccess = $PolicyRule.BlockAccess - BlockAccessScope = $PolicyRule.BlockAccessScope - Comment = $PolicyRule.Comment - AdvancedRule = $newAdvancedRule - ContentContainsSensitiveInformation = $PolicyRule.ContentContainsSensitiveInformation - ExceptIfContentContainsSensitiveInformation = $PolicyRule.ExceptIfContentContainsSensitiveInformation - ContentPropertyContainsWords = $PolicyRule.ContentPropertyContainsWords - Disabled = $PolicyRule.Disabled - GenerateAlert = $PolicyRule.GenerateAlert - GenerateIncidentReport = $PolicyRule.GenerateIncidentReport - IncidentReportContent = $ArrayIncidentReportContent - NotifyAllowOverride = $NotifyAllowOverrideValue - NotifyEmailCustomText = [regex]::Replace($PolicyRule.NotifyEmailCustomText, $fancyDoubleQuotes, "`"") - NotifyPolicyTipCustomText = [regex]::Replace($PolicyRule.NotifyPolicyTipCustomText, $fancyDoubleQuotes, "`"") - NotifyUser = $PolicyRule.NotifyUser - ReportSeverityLevel = $PolicyRule.ReportSeverityLevel - RuleErrorAction = $PolicyRule.RuleErrorAction - RemoveRMSTemplate = $PolicyRule.RemoveRMSTemplate - StopPolicyProcessing = $PolicyRule.StopPolicyProcessing - DocumentIsUnsupported = $PolicyRule.DocumentIsUnsupported - ExceptIfDocumentIsUnsupported = $PolicyRule.ExceptIfDocumentIsUnsupported - HasSenderOverride = $PolicyRule.HasSenderOverride - ExceptIfHasSenderOverride = $PolicyRule.ExceptIfHasSenderOverride - ProcessingLimitExceeded = $PolicyRule.ProcessingLimitExceeded - ExceptIfProcessingLimitExceeded = $PolicyRule.ExceptIfProcessingLimitExceeded - DocumentIsPasswordProtected = $PolicyRule.DocumentIsPasswordProtected - ExceptIfDocumentIsPasswordProtected = $PolicyRule.ExceptIfDocumentIsPasswordProtected - MessageTypeMatches = $PolicyRule.MessageTypeMatches - ExceptIfMessageTypeMatches = $PolicyRule.ExceptIfMessageTypeMatches - FromScope = $PolicyRule.FromScope - ExceptIfFromScope = $PolicyRule.ExceptIfFromScope - SubjectContainsWords = $PolicyRule.SubjectContainsWords - SubjectMatchesPatterns = $PolicyRule.SubjectMatchesPatterns - SubjectOrBodyContainsWords = $PolicyRule.SubjectOrBodyContainsWords - SubjectOrBodyMatchesPatterns = $PolicyRule.SubjectOrBodyMatchesPatterns - ContentCharacterSetContainsWords = $PolicyRule.ContentCharacterSetContainsWords - DocumentNameMatchesPatterns = $PolicyRule.DocumentNameMatchesPatterns - DocumentNameMatchesWords = $PolicyRule.DocumentNameMatchesWords - ExceptIfAnyOfRecipientAddressMatchesPatterns = $PolicyRule.ExceptIfAnyOfRecipientAddressMatchesPatterns - ExceptIfContentCharacterSetContainsWords = $PolicyRule.ExceptIfContentCharacterSetContainsWords - ExceptIfContentPropertyContainsWords = $PolicyRule.ExceptIfContentPropertyContainsWords - ExceptIfDocumentNameMatchesPatterns = $PolicyRule.ExceptIfDocumentNameMatchesPatterns - ExceptIfDocumentNameMatchesWords = $PolicyRule.ExceptIfDocumentNameMatchesWords - RecipientDomainIs = $PolicyRule.RecipientDomainIs - ExceptIfRecipientDomainIs = $PolicyRule.ExceptIfRecipientDomainIs - ExceptIfSenderDomainIs = $PolicyRule.ExceptIfSenderDomainIs - ExceptIfSenderIPRanges = $PolicyRule.ExceptIfSenderIPRanges - ExceptIfSentTo = $PolicyRule.ExceptIfSentTo - ExceptIfSubjectContainsWords = $PolicyRule.ExceptIfSubjectContainsWords - ExceptIfSubjectMatchesPatterns = $PolicyRule.ExceptIfSubjectMatchesPatterns - ExceptIfSubjectOrBodyContainsWords = $PolicyRule.ExceptIfSubjectOrBodyContainsWords - ExceptIfSubjectOrBodyMatchesPatterns = $PolicyRule.ExceptIfSubjectOrBodyMatchesPatterns - FromAddressMatchesPatterns = $PolicyRule.FromAddressMatchesPatterns - SentToMemberOf = $PolicyRule.FromAddressMatchesPatterns - DocumentContainsWords = $PolicyRule.DocumentContainsWords - ContentIsNotLabeled = $PolicyRule.ContentIsNotLabeled - SetHeader = $PolicyRule.SetHeader - AnyOfRecipientAddressContainsWords = $AnyOfRecipientAddressContainsWords - AnyOfRecipientAddressMatchesPatterns = $AnyOfRecipientAddressMatchesPatterns - ContentExtensionMatchesWords = $ContentExtensionMatchesWords - ExceptIfContentExtensionMatchesWords = $ExceptIfContentExtensionMatchesWords - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - AccessTokens = $AccessTokens - } + if ($null -ne $PolicyRule.ExceptIfContentExtensionMatchesWords -and $PolicyRule.ExceptIfContentExtensionMatchesWords.count -gt 0) + { + $ExceptIfContentExtensionMatchesWords = $PolicyRule.ExceptIfContentExtensionMatchesWords.Replace(' ', '').Split(',') + } - $paramsToRemove = @() - foreach ($paramName in $result.Keys) + if ($null -ne $PolicyRule.AdvancedRule -and $PolicyRule.AdvancedRule.Count -gt 0) + { + $ruleobject = $PolicyRule.AdvancedRule | ConvertFrom-Json + $index = $ruleobject.Condition.SubConditions.ConditionName.IndexOf('ContentContainsSensitiveInformation') + if ($index -ne -1) { - if ($null -eq $result[$paramName] -or '' -eq $result[$paramName] -or @() -eq $result[$paramName]) + if ($null -eq $ruleobject.Condition.SubConditions[$index].value.groups) { - $paramsToRemove += $paramName + $ruleobject.Condition.SubConditions[$index].Value = $ruleobject.Condition.SubConditions[$index].Value | Select-Object * -ExcludeProperty Id + } + elseif ($null -ne $ruleObject.Condition.SubConditions[$index].Value.Groups.Sensitivetypes) + { + $ruleobject.Condition.SubConditions[$index].Value.Groups.Sensitivetypes = @($ruleobject.Condition.SubConditions[$index].Value.Groups.Sensitivetypes | Select-Object * -ExcludeProperty Id) } } - foreach ($paramName in $paramsToRemove) + $newAdvancedRule = $ruleobject | ConvertTo-Json -Depth 32 | Format-Json + $newAdvancedRule = $newAdvancedRule | ConvertTo-Json -Compress + } + else + { + $newAdvancedRule = $null + } + + $fancyDoubleQuotes = '[\u201C\u201D]' + $result = @{ + Ensure = 'Present' + Name = $PolicyRule.Name + Policy = $PolicyRule.ParentPolicyName + AccessScope = $PolicyRule.AccessScope + BlockAccess = $PolicyRule.BlockAccess + BlockAccessScope = $PolicyRule.BlockAccessScope + Comment = $PolicyRule.Comment + AdvancedRule = $newAdvancedRule + ContentContainsSensitiveInformation = $PolicyRule.ContentContainsSensitiveInformation + ExceptIfContentContainsSensitiveInformation = $PolicyRule.ExceptIfContentContainsSensitiveInformation + ContentPropertyContainsWords = $PolicyRule.ContentPropertyContainsWords + Disabled = $PolicyRule.Disabled + GenerateAlert = $PolicyRule.GenerateAlert + GenerateIncidentReport = $PolicyRule.GenerateIncidentReport + IncidentReportContent = $ArrayIncidentReportContent + NotifyAllowOverride = $NotifyAllowOverrideValue + NotifyEmailCustomText = [regex]::Replace($PolicyRule.NotifyEmailCustomText, $fancyDoubleQuotes, "`"") + NotifyPolicyTipCustomText = [regex]::Replace($PolicyRule.NotifyPolicyTipCustomText, $fancyDoubleQuotes, "`"") + NotifyUser = $PolicyRule.NotifyUser + ReportSeverityLevel = $PolicyRule.ReportSeverityLevel + RuleErrorAction = $PolicyRule.RuleErrorAction + RemoveRMSTemplate = $PolicyRule.RemoveRMSTemplate + StopPolicyProcessing = $PolicyRule.StopPolicyProcessing + DocumentIsUnsupported = $PolicyRule.DocumentIsUnsupported + ExceptIfDocumentIsUnsupported = $PolicyRule.ExceptIfDocumentIsUnsupported + HasSenderOverride = $PolicyRule.HasSenderOverride + ExceptIfHasSenderOverride = $PolicyRule.ExceptIfHasSenderOverride + ProcessingLimitExceeded = $PolicyRule.ProcessingLimitExceeded + ExceptIfProcessingLimitExceeded = $PolicyRule.ExceptIfProcessingLimitExceeded + DocumentIsPasswordProtected = $PolicyRule.DocumentIsPasswordProtected + ExceptIfDocumentIsPasswordProtected = $PolicyRule.ExceptIfDocumentIsPasswordProtected + MessageTypeMatches = $PolicyRule.MessageTypeMatches + ExceptIfMessageTypeMatches = $PolicyRule.ExceptIfMessageTypeMatches + FromScope = $PolicyRule.FromScope + ExceptIfFromScope = $PolicyRule.ExceptIfFromScope + SubjectContainsWords = $PolicyRule.SubjectContainsWords + SubjectMatchesPatterns = $PolicyRule.SubjectMatchesPatterns + SubjectOrBodyContainsWords = $PolicyRule.SubjectOrBodyContainsWords + SubjectOrBodyMatchesPatterns = $PolicyRule.SubjectOrBodyMatchesPatterns + ContentCharacterSetContainsWords = $PolicyRule.ContentCharacterSetContainsWords + DocumentNameMatchesPatterns = $PolicyRule.DocumentNameMatchesPatterns + DocumentNameMatchesWords = $PolicyRule.DocumentNameMatchesWords + ExceptIfAnyOfRecipientAddressMatchesPatterns = $PolicyRule.ExceptIfAnyOfRecipientAddressMatchesPatterns + ExceptIfContentCharacterSetContainsWords = $PolicyRule.ExceptIfContentCharacterSetContainsWords + ExceptIfContentPropertyContainsWords = $PolicyRule.ExceptIfContentPropertyContainsWords + ExceptIfDocumentNameMatchesPatterns = $PolicyRule.ExceptIfDocumentNameMatchesPatterns + ExceptIfDocumentNameMatchesWords = $PolicyRule.ExceptIfDocumentNameMatchesWords + RecipientDomainIs = $PolicyRule.RecipientDomainIs + ExceptIfRecipientDomainIs = $PolicyRule.ExceptIfRecipientDomainIs + ExceptIfSenderDomainIs = $PolicyRule.ExceptIfSenderDomainIs + ExceptIfSenderIPRanges = $PolicyRule.ExceptIfSenderIPRanges + ExceptIfSentTo = $PolicyRule.ExceptIfSentTo + ExceptIfSubjectContainsWords = $PolicyRule.ExceptIfSubjectContainsWords + ExceptIfSubjectMatchesPatterns = $PolicyRule.ExceptIfSubjectMatchesPatterns + ExceptIfSubjectOrBodyContainsWords = $PolicyRule.ExceptIfSubjectOrBodyContainsWords + ExceptIfSubjectOrBodyMatchesPatterns = $PolicyRule.ExceptIfSubjectOrBodyMatchesPatterns + FromAddressMatchesPatterns = $PolicyRule.FromAddressMatchesPatterns + SentToMemberOf = $PolicyRule.FromAddressMatchesPatterns + DocumentContainsWords = $PolicyRule.DocumentContainsWords + ContentIsNotLabeled = $PolicyRule.ContentIsNotLabeled + SetHeader = $PolicyRule.SetHeader + AnyOfRecipientAddressContainsWords = $AnyOfRecipientAddressContainsWords + AnyOfRecipientAddressMatchesPatterns = $AnyOfRecipientAddressMatchesPatterns + ContentExtensionMatchesWords = $ContentExtensionMatchesWords + ExceptIfContentExtensionMatchesWords = $ExceptIfContentExtensionMatchesWords + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens + } + + $paramsToRemove = @() + foreach ($paramName in $result.Keys) + { + if ($null -eq $result[$paramName] -or '' -eq $result[$paramName] -or @() -eq $result[$paramName]) { - $result.Remove($paramName) + $paramsToRemove += $paramName } + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + foreach ($paramName in $paramsToRemove) + { + $result.Remove($paramName) } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -1477,6 +1475,7 @@ function Export-TargetResource Write-Host " |---[$i/$($rules.Length)] $($rule.Name)" -NoNewline + $Script:exportedInstance = $rule $Results = Get-TargetResource @PSBoundParameters ` -Name $rule.name ` -Policy $rule.ParentPolicyName diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 index 22a8b59815..35e85c6136 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessPolicy/MSFT_SCDeviceConditionalAccessPolicy.psm1 @@ -50,65 +50,60 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of Device Conditional Access Policy for $Name" - - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of Device Conditional Access Policy for $Name" - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - try - { - $PolicyObject = Get-DeviceConditionalAccessPolicy -Identity $Name ` - -ErrorAction SilentlyContinue + $PolicyObject = Get-DeviceConditionalAccessPolicy -Identity $Name ` + -ErrorAction SilentlyContinue - if ($null -eq $PolicyObject) - { - Write-Verbose -Message "Device Conditional Access Policy $($Name) does not exist." - return $nullReturn + if ($null -eq $PolicyObject) + { + Write-Verbose -Message "Device Conditional Access Policy $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing Device Conditional Access Policy $($Name)" - $result = @{ - Ensure = 'Present' - Name = $PolicyObject.Name - Comment = $PolicyObject.Comment - Enabled = $PolicyObject.Enabled - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - AccessTokens = $AccessTokens - } + $PolicyObject = $Script:exportedInstance + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing Device Conditional Access Policy $($Name)" + $result = @{ + Ensure = 'Present' + Name = $PolicyObject.Name + Comment = $PolicyObject.Comment + Enabled = $PolicyObject.Enabled + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -394,6 +389,7 @@ function Export-TargetResource Write-Host " |---[$i/$($policies.Length)] $($policy.Name)" -NoNewline + $Script:exportedInstance = $policy $Results = Get-TargetResource @PSBoundParameters -Name $policy.Name $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/MSFT_SCDeviceConditionalAccessRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/MSFT_SCDeviceConditionalAccessRule.psm1 index b1932e3bef..dc887d1bf9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/MSFT_SCDeviceConditionalAccessRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConditionalAccessRule/MSFT_SCDeviceConditionalAccessRule.psm1 @@ -238,44 +238,45 @@ function Get-TargetResource $AccessTokens ) - New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters | Out-Null + try + { + if (-not $Script:exportedInstance) + { + New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters | Out-Null - New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters | Out-Null + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - try - { - $policyObj = Get-DeviceConditionalAccessPolicy | Where-Object -FilterScript { $_.Name -eq $Policy } - if ($null -ne $policyObj) - { - Write-Verbose -Message "Found policy object {$Policy}" - if ($null -ne $Script:exportedInstances -and $Script:ExportMode -and $null) + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $policyObj = Get-DeviceConditionalAccessPolicy | Where-Object -FilterScript { $_.Name -eq $Policy } + if ($null -ne $policyObj) { - $instance = $Script:exportedInstances | Where-Object -FilterScript { $_.Policy -eq $policyObj.ExchangeObjectId } + Write-Verbose -Message "Found policy object {$Policy}" + $instance = Get-DeviceConditionalAccessRule | Where-Object -FilterScript { $_.Policy -eq $policyObj.ExchangeObjectId } } - else + if ($null -eq $instance) { - $instance = Get-DeviceConditionalAccessRule | Where-Object -FilterScript { $_.Policy -eq $policyObj.ExchangeObjectId } + return $nullResult } } - if ($null -eq $instance) + else { - return $nullResult + $instance = $Script:exportedInstance } $groupNames = @() @@ -1039,6 +1040,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 index 716a316834..ed9e1de087 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDeviceConfigurationPolicy/MSFT_SCDeviceConfigurationPolicy.psm1 @@ -50,65 +50,61 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of Device Configuration Policy for $Name" - - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of Device Configuration Policy for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - try - { - $PolicyObject = Get-DeviceConfigurationPolicy -Identity $Name ` - -ErrorAction SilentlyContinue + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - if ($null -eq $PolicyObject) - { - Write-Verbose -Message "Device Configuration Policy $($Name) does not exist." - return $nullReturn + $PolicyObject = Get-DeviceConfigurationPolicy -Identity $Name ` + -ErrorAction SilentlyContinue + + if ($null -eq $PolicyObject) + { + Write-Verbose -Message "Device Configuration Policy $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing Device Configuration Policy $($Name)" - $result = @{ - Ensure = 'Present' - Name = $PolicyObject.Name - Comment = $PolicyObject.Comment - Enabled = $PolicyObject.Enabled - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - AccessTokens = $AccessTokens - } + $PolicyObject = $Script:exportedInstance + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing Device Configuration Policy $($Name)" + $result = @{ + Ensure = 'Present' + Name = $PolicyObject.Name + Comment = $PolicyObject.Comment + Enabled = $PolicyObject.Enabled + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -395,6 +391,7 @@ function Export-TargetResource Write-Host " |---[$i/$($policies.Length)] $($policy.Name)" -NoNewline + $Script:exportedInstance = $policy $Results = Get-TargetResource @PSBoundParameters -Name $policy.Name $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 index 7a9429b79e..0b2b70ffa6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyAuthority/MSFT_SCFilePlanPropertyAuthority.psm1 @@ -42,62 +42,59 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of SCFilePlanPropertyAuthority for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of SCFilePlanPropertyAuthority for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - try - { - $property = Get-FilePlanPropertyAuthority -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $Name } + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - if ($null -eq $property) - { - Write-Verbose -Message "SCFilePlanPropertyAuthority $($Name) does not exist." - return $nullReturn + $property = Get-FilePlanPropertyAuthority -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $Name } + + if ($null -eq $property) + { + Write-Verbose -Message "SCFilePlanPropertyAuthority $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing SCFilePlanPropertyAuthority $($Name)" - - $result = @{ - Name = $property.DisplayName - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - AccessTokens = $AccessTokens - } + $property = $Script:exportedInstance + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing SCFilePlanPropertyAuthority $($Name)" + + $result = @{ + Name = $property.DisplayName + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -363,6 +360,7 @@ function Export-TargetResource Write-Host " |---[$i/$($Properties.Length)] $($Property.Name)" -NoNewline + $Script:exportedInstance = $Property $Results = Get-TargetResource @PSBoundParameters -Name $Property.DisplayName $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 index d70c4433f5..5dd84e82ba 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCategory/MSFT_SCFilePlanPropertyCategory.psm1 @@ -42,61 +42,59 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of SCFilePlanPropertyCategory for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of SCFilePlanPropertyCategory for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - $property = Get-FilePlanPropertyCategory -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $Name } + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $property) - { - Write-Verbose -Message "SCFilePlanPropertyCategory $($Name) does not exist." - return $nullReturn + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + $property = Get-FilePlanPropertyCategory -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $Name } + + if ($null -eq $property) + { + Write-Verbose -Message "SCFilePlanPropertyCategory $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing SCFilePlanPropertyCategory $($Name)" - - $result = @{ - Name = $property.DisplayName - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - AccessTokens = $AccessTokens - } + $property = $Script:exportedInstance + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing SCFilePlanPropertyCategory $($Name)" + + $result = @{ + Name = $property.DisplayName + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -364,6 +362,7 @@ function Export-TargetResource Write-Host " |---[$i/$($Properties.Length)] $($Property.Name)" -NoNewline + $Script:exportedInstance = $Property $Results = Get-TargetResource @PSBoundParameters -Name $Property.DisplayName $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 index 5ca55e538b..5fb975d4dd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyCitation/MSFT_SCFilePlanPropertyCitation.psm1 @@ -50,65 +50,61 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of SCFilePlanPropertyCitation for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of SCFilePlanPropertyCitation for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - try - { - $property = Get-FilePlanPropertyCitation -ErrorAction Stop | Where-Object -FilterScript { $_.Name -eq $Name } + $property = Get-FilePlanPropertyCitation -ErrorAction Stop | Where-Object -FilterScript { $_.Name -eq $Name } - if ($null -eq $property) - { - Write-Verbose -Message "SCFilePlanPropertyCitation $($Name) does not exist." - return $nullReturn + if ($null -eq $property) + { + Write-Verbose -Message "SCFilePlanPropertyCitation $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing SCFilePlanPropertyCitation $($Name)" - - $result = @{ - Name = $property.Name - CitationUrl = $property.CitationUrl - CitationJurisdiction = $property.CitationJurisdiction - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - AccessTokens = $AccessTokens - } + $property = $Script:exportedInstance + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing SCFilePlanPropertyCitation $($Name)" + + $result = @{ + Name = $property.Name + CitationUrl = $property.CitationUrl + CitationJurisdiction = $property.CitationJurisdiction + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -391,6 +387,7 @@ function Export-TargetResource Write-Host " |---[$i/$($Properties.Length)] $($Property.Name)" -NoNewline + $Script:exportedInstance = $Property $Results = Get-TargetResource @PSBoundParameters -Name $Property.Name $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 index d1a851107c..5caf4b1160 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyDepartment/MSFT_SCFilePlanPropertyDepartment.psm1 @@ -42,62 +42,59 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of SCFilePlanPropertyDepartment for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of SCFilePlanPropertyDepartment for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - $property = Get-FilePlanPropertyDepartment -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $Name } + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - if ($null -eq $property) - { - Write-Verbose -Message "SCFilePlanPropertyDepartment $($Name) does not exist." - return $nullReturn + $property = Get-FilePlanPropertyDepartment -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $Name } + + if ($null -eq $property) + { + Write-Verbose -Message "SCFilePlanPropertyDepartment $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing SCFilePlanPropertyDepartment $($Name)" - - $result = @{ - Name = $property.DisplayName - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - AccessTokens = $AccessTokens - } + $property = $Script:exportedInstance + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing SCFilePlanPropertyDepartment $($Name)" + + $result = @{ + Name = $property.DisplayName + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -364,6 +361,7 @@ function Export-TargetResource Write-Host " |---[$i/$($Properties.Length)] $($Property.Name)" -NoNewline + $Script:exportedInstance = $Property $Results = Get-TargetResource @PSBoundParameters -Name $Property.DisplayName $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 index c1461d3661..422737c0d0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertyReferenceId/MSFT_SCFilePlanPropertyReferenceId.psm1 @@ -42,62 +42,59 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of SCFilePlanPropertyReferenceId for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of SCFilePlanPropertyReferenceId for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - try - { - $property = Get-FilePlanPropertyReferenceId -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $Name } + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - if ($null -eq $property) - { - Write-Verbose -Message "SCFilePlanPropertyReferenceId $($Name) does not exist." - return $nullReturn + $property = Get-FilePlanPropertyReferenceId -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $Name } + + if ($null -eq $property) + { + Write-Verbose -Message "SCFilePlanPropertyReferenceId $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing SCFilePlanPropertyReferenceId $($Name)" - - $result = @{ - Name = $property.DisplayName - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - AccessTokens = $AccessTokens - } + $property = $Script:exportedInstance + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing SCFilePlanPropertyReferenceId $($Name)" + + $result = @{ + Name = $property.DisplayName + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -364,6 +361,7 @@ function Export-TargetResource Write-Host " |---[$i/$($Properties.Length)] $($Property.Name)" -NoNewline + $Script:exportedInstance = $Property $Results = Get-TargetResource @PSBoundParameters -Name $Property.DisplayName $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 index 5302a4acc8..1c787d68db 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCFilePlanPropertySubCategory/MSFT_SCFilePlanPropertySubCategory.psm1 @@ -46,73 +46,70 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of SCFilePlanPropertySubCategory for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of SCFilePlanPropertySubCategory for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - $parent = Get-FilePlanPropertyCategory -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $Category } + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - if ($null -eq $parent) - { - Write-Warning "Invalid Parent Category {$Category} detected in the Get-TargetResource" - return $nullReturn - } + $parent = Get-FilePlanPropertyCategory -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $Category } - $parentId = $parent.Guid - $property = Get-FilePlanPropertySubCategory | Where-Object -FilterScript { $_.DisplayName -eq $Name -and ` - $_.ParentId -eq $parentId } + if ($null -eq $parent) + { + Write-Warning "Invalid Parent Category {$Category} detected in the Get-TargetResource" + return $nullReturn + } - if ($null -eq $property) - { - Write-Verbose -Message "SCFilePlanPropertySubCategory $($Name) does not exist." - return $nullReturn + $parentId = $parent.Guid + $property = Get-FilePlanPropertySubCategory | Where-Object -FilterScript { $_.DisplayName -eq $Name -and ` + $_.ParentId -eq $parentId } + + if ($null -eq $property) + { + Write-Verbose -Message "SCFilePlanPropertySubCategory $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing SCFilePlanPropertySubCategory $($Name)" - - $result = @{ - Name = $property.DisplayName - Category = $parent.DisplayName - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - AccessTokens = $AccessTokens - } + $property = $Script:exportedInstance + } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing SCFilePlanPropertySubCategory $($Name)" + + $result = @{ + Name = $property.DisplayName + Category = $Category + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -391,6 +388,7 @@ function Export-TargetResource $parent = Get-FilePlanPropertyCategory | Where-Object -FilterScript { $_.Guid -like "*$($property.ParentId)*" } Write-Host " |---[$i/$($Properties.Length)] $($Property.Name)" -NoNewline + $Script:exportedInstance = $Property $Results = Get-TargetResource @PSBoundParameters ` -Name $Property.DisplayName ` -Category $parent.DisplayName diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 index e2d2bfefe0..8251861bbc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 @@ -110,96 +110,93 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of Sensitivity Label Policy for $Name" - - if ($PSBoundParameters.ContainsKey('Labels') -and ` - ($PSBoundParameters.ContainsKey('AddLabels') -or $PSBoundParameters.ContainsKey('RemoveLabels'))) - { - throw 'You cannot use the Labels parameter and the AddLabels or RemoveLabels parameters at the same time.' - } - - if ($PSBoundParameters.ContainsKey('AddLabels') -and $PSBoundParameters.ContainsKey('RemoveLabels')) + try { - # Check if AddLabels and RemoveLabels contain the same labels - [array]$diff = Compare-Object -ReferenceObject $AddLabels -DifferenceObject $RemoveLabels -ExcludeDifferent -IncludeEqual - if ($diff.Count -gt 0) + if (-not $Script:exportedInstance) { - throw 'Parameters AddLabels and RemoveLabels cannot contain the same labels. Make sure labels are not present in both parameters.' - } - } + Write-Verbose -Message "Getting configuration of Sensitivity Label Policy for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if ($PSBoundParameters.ContainsKey('Labels') -and ` + ($PSBoundParameters.ContainsKey('AddLabels') -or $PSBoundParameters.ContainsKey('RemoveLabels'))) + { + throw 'You cannot use the Labels parameter and the AddLabels or RemoveLabels parameters at the same time.' + } - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + if ($PSBoundParameters.ContainsKey('AddLabels') -and $PSBoundParameters.ContainsKey('RemoveLabels')) + { + # Check if AddLabels and RemoveLabels contain the same labels + [array]$diff = Compare-Object -ReferenceObject $AddLabels -DifferenceObject $RemoveLabels -ExcludeDifferent -IncludeEqual + if ($diff.Count -gt 0) + { + throw 'Parameters AddLabels and RemoveLabels cannot contain the same labels. Make sure labels are not present in both parameters.' + } + } - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - try - { - $policy = Get-LabelPolicy -Identity $Name -ErrorAction SilentlyContinue -WarningAction Ignore + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + try + { + $policy = Get-LabelPolicy -Identity $Name -ErrorAction SilentlyContinue -WarningAction Ignore + } + catch + { + throw $_ + } + + if ($null -eq $policy) + { + Write-Verbose -Message "Sensitivity label policy $($Name) does not exist." + return $nullReturn + } } - catch + else { - throw $_ + $policy = $Script:exportedInstance } - if ($null -eq $policy) + if ($null -ne $policy.Settings) { - Write-Verbose -Message "Sensitivity label policy $($Name) does not exist." - return $nullReturn + $advancedSettingsValue = Convert-StringToAdvancedSettings -AdvancedSettings $policy.Settings } - else - { - if ($null -ne $policy.Settings) - { - $advancedSettingsValue = Convert-StringToAdvancedSettings -AdvancedSettings $policy.Settings - } - Write-Verbose "Found existing Sensitivity Label policy $($Name)" - $result = @{ - Name = $policy.Name - Comment = $policy.Comment - AdvancedSettings = $advancedSettingsValue - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - Labels = $policy.Labels - ExchangeLocation = Convert-ArrayList -CurrentProperty $policy.ExchangeLocation - ExchangeLocationException = Convert-ArrayList -CurrentProperty $policy.ExchangeLocationException - ModernGroupLocation = Convert-ArrayList -CurrentProperty $policy.ModernGroupLocation - ModernGroupLocationException = Convert-ArrayList -CurrentProperty $policy.ModernGroupLocationException - AccessTokens = $AccessTokens - } - - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing Sensitivity Label policy $($Name)" + $result = @{ + Name = $policy.Name + Comment = $policy.Comment + AdvancedSettings = $advancedSettingsValue + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + Labels = $policy.Labels + ExchangeLocation = Convert-ArrayList -CurrentProperty $policy.ExchangeLocation + ExchangeLocationException = Convert-ArrayList -CurrentProperty $policy.ExchangeLocationException + ModernGroupLocation = Convert-ArrayList -CurrentProperty $policy.ModernGroupLocation + ModernGroupLocationException = Convert-ArrayList -CurrentProperty $policy.ModernGroupLocationException + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -774,7 +771,7 @@ function Test-TargetResource $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $ValuesToCheck ` + -DesiredValues $PSBoundParameters ` -ValuesToCheck $ValuesToCheck.Keys Write-Verbose -Message "Test-TargetResource returned $TestResult" @@ -854,6 +851,7 @@ function Export-TargetResource Write-Host " |---[$i/$($policies.Count)] $($policy.Name)" -NoNewline + $Script:exportedInstance = $policy $Results = Get-TargetResource @PSBoundParameters -Name $policy.Name if ($null -ne $Results.AdvancedSettings) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 index 92f7516c3c..29e58bf67b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 @@ -139,83 +139,80 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of SCProtectionAlert for $Name" - - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of SCProtectionAlert for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - $AlertObject = Get-ProtectionAlert -Identity $Name -ErrorAction SilentlyContinue + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $AlertObject) - { - Write-Verbose -Message "SCProtectionAlert $Name does not exist." - return $nullReturn + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + $AlertObject = Get-ProtectionAlert -Identity $Name -ErrorAction SilentlyContinue + + if ($null -eq $AlertObject) + { + Write-Verbose -Message "SCProtectionAlert $Name does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing SCProtectionAlert $($Name)" - $result = @{ - Ensure = 'Present' - AlertBy = $AlertObject.AlertBy - AlertFor = $AlertObject.AlertFor - AggregationType = $AlertObject.AggregationType - Category = $AlertObject.Category - Comment = $AlertObject.Comment - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Disabled = $AlertObject.Disabled - Filter = $AlertObject.Filter - Name = $AlertObject.Name - NotificationCulture = $AlertObject.NotificationCulture - NotificationEnabled = $AlertObject.NotificationEnabled - NotifyUserOnFilterMatch = $AlertObject.NotifyUserOnFilterMatch - NotifyUserSuppressionExpiryDate = $AlertObject.NotifyUserSuppressionExpiryDate - NotifyUserThrottleThreshold = $AlertObject.NotifyUserThrottleThreshold - NotifyUserThrottleWindow = $AlertObject.NotifyUserThrottleWindow - NotifyUser = $AlertObject.NotifyUser - Operation = $AlertObject.Operation - PrivacyManagementScopedSensitiveInformationTypes = $AlertObject.PrivacyManagementScopedSensitiveInformationTypes - PrivacyManagementScopedSensitiveInformationTypesForCounting = $AlertObject.PrivacyManagementScopedSensitiveInformationTypesForCounting - PrivacyManagementScopedSensitiveInformationTypesThreshold = $AlertObject.PrivacyManagementScopedSensitiveInformationTypesThreshold - Severity = $AlertObject.Severity - ThreatType = $AlertObject.ThreatType - Threshold = $AlertObject.Threshold - TimeWindow = $AlertObject.TimeWindow - VolumeThreshold = $AlertObject.VolumeThreshold - AccessTokens = $AccessTokens - } - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + $AlertObject = $Script:exportedInstance + } + + Write-Verbose "Found existing SCProtectionAlert $($Name)" + $result = @{ + Ensure = 'Present' + AlertBy = $AlertObject.AlertBy + AlertFor = $AlertObject.AlertFor + AggregationType = $AlertObject.AggregationType + Category = $AlertObject.Category + Comment = $AlertObject.Comment + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Disabled = $AlertObject.Disabled + Filter = $AlertObject.Filter + Name = $AlertObject.Name + NotificationCulture = $AlertObject.NotificationCulture + NotificationEnabled = $AlertObject.NotificationEnabled + NotifyUserOnFilterMatch = $AlertObject.NotifyUserOnFilterMatch + NotifyUserSuppressionExpiryDate = $AlertObject.NotifyUserSuppressionExpiryDate + NotifyUserThrottleThreshold = $AlertObject.NotifyUserThrottleThreshold + NotifyUserThrottleWindow = $AlertObject.NotifyUserThrottleWindow + NotifyUser = $AlertObject.NotifyUser + Operation = $AlertObject.Operation + PrivacyManagementScopedSensitiveInformationTypes = $AlertObject.PrivacyManagementScopedSensitiveInformationTypes + PrivacyManagementScopedSensitiveInformationTypesForCounting = $AlertObject.PrivacyManagementScopedSensitiveInformationTypesForCounting + PrivacyManagementScopedSensitiveInformationTypesThreshold = $AlertObject.PrivacyManagementScopedSensitiveInformationTypesThreshold + Severity = $AlertObject.Severity + ThreatType = $AlertObject.ThreatType + Threshold = $AlertObject.Threshold + TimeWindow = $AlertObject.TimeWindow + VolumeThreshold = $AlertObject.VolumeThreshold + AccessTokens = $AccessTokens } + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -673,6 +670,7 @@ function Export-TargetResource } Write-Host " |---[$i/$($totalAlerts)] $($alert.Name)" -NoNewline + $Script:exportedInstance = $alert $Results = Get-TargetResource @PSBoundParameters -Name $Alert.Name $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 index f8626b0ad5..c972c13b56 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionCompliancePolicy/MSFT_SCRetentionCompliancePolicy.psm1 @@ -118,167 +118,165 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of RetentionCompliancePolicy for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of RetentionCompliancePolicy for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - $PolicyObject = Get-RetentionCompliancePolicy $Name -DistributionDetail -ErrorAction SilentlyContinue + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $PolicyObject) - { - Write-Verbose -Message "RetentionCompliancePolicy $($Name) does not exist." - return $nullReturn + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + $PolicyObject = Get-RetentionCompliancePolicy $Name -DistributionDetail -ErrorAction SilentlyContinue + + if ($null -eq $PolicyObject) + { + Write-Verbose -Message "RetentionCompliancePolicy $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing RetentionCompliancePolicy $($Name)" + $PolicyObject = $Script:exportedInstance + } - if ($PolicyObject.TeamsPolicy) - { - $result = @{ - Ensure = 'Present' - Name = $PolicyObject.Name - Comment = $PolicyObject.Comment - Enabled = $PolicyObject.Enabled - RestrictiveRetention = $PolicyObject.RestrictiveRetention - TeamsChannelLocation = @() - TeamsChannelLocationException = @() - TeamsChatLocation = @() - TeamsChatLocationException = @() - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - AccessTokens = $AccessTokens - } + Write-Verbose "Found existing RetentionCompliancePolicy $($Name)" - if ($PolicyObject.TeamsChannelLocation.Count -gt 0) - { - $result.TeamsChannelLocation = [array]$PolicyObject.TeamsChannelLocation.Name - } - if ($PolicyObject.TeamsChatLocation.Count -gt 0) - { - $result.TeamsChatLocation = [array]$PolicyObject.TeamsChatLocation.Name - } - if ($PolicyObject.TeamsChannelLocationException.Count -gt 0) - { - $result.TeamsChannelLocationException = [array]$PolicyObject.TeamsChannelLocationException.Name - } - if ($PolicyObject.TeamsChatLocationException.Count -gt 0) - { - $result.TeamsChatLocationException = $PolicyObject.TeamsChatLocationException.Name - } + if ($PolicyObject.TeamsPolicy) + { + $result = @{ + Ensure = 'Present' + Name = $PolicyObject.Name + Comment = $PolicyObject.Comment + Enabled = $PolicyObject.Enabled + RestrictiveRetention = $PolicyObject.RestrictiveRetention + TeamsChannelLocation = @() + TeamsChannelLocationException = @() + TeamsChatLocation = @() + TeamsChatLocationException = @() + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } - else - { - $result = @{ - Ensure = 'Present' - Name = $PolicyObject.Name - Comment = $PolicyObject.Comment - DynamicScopeLocation = @() - Enabled = $PolicyObject.Enabled - ExchangeLocation = @() - ExchangeLocationException = @() - ModernGroupLocation = @() - ModernGroupLocationException = @() - OneDriveLocation = @() - OneDriveLocationException = @() - PublicFolderLocation = @() - RestrictiveRetention = $PolicyObject.RestrictiveRetention - SharePointLocation = @() - SharePointLocationException = @() - SkypeLocation = @() - SkypeLocationException = @() - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - AccessTokens = $AccessTokens - } - if ($PolicyObject.DynamicScopeLocation.Count -gt 0) - { - $result.DynamicScopeLocation = [array]$PolicyObject.DynamicScopeLocation.Name - } - if ($PolicyObject.ExchangeLocation.Count -gt 0) - { - $result.ExchangeLocation = [array]$PolicyObject.ExchangeLocation.Name - } - if ($PolicyObject.ModernGroupLocation.Count -gt 0) - { - $result.ModernGroupLocation = [array]$PolicyObject.ModernGroupLocation.Name - } - if ($PolicyObject.OneDriveLocation.Count -gt 0) - { - $result.OneDriveLocation = [array]$PolicyObject.OneDriveLocation.Name - } - if ($PolicyObject.PublicFolderLocation.Count -gt 0) - { - $result.PublicFolderLocation = [array]$PolicyObject.PublicFolderLocation.Name - } - if ($PolicyObject.SharePointLocation.Count -gt 0) - { - $result.SharePointLocation = [array]$PolicyObject.SharePointLocation.Name - } - if ($PolicyObject.SkypeLocation.Count -gt 0) - { - $result.SkypeLocation = [array]$PolicyObject.SkypeLocation.Name - } - if ($PolicyObject.ExchangeLocationException.Count -gt 0) - { - $result.ExchangeLocationException = [array]$PolicyObject.ExchangeLocationException.Name - } - if ($PolicyObject.ModernGroupLocationException.Count -gt 0) - { - $result.ModernGroupLocationException = [array]$PolicyObject.ModernGroupLocationException.Name - } - if ($PolicyObject.OneDriveLocationException.Count -gt 0) - { - $result.OneDriveLocationException = [array]$PolicyObject.OneDriveLocationException.Name - } - if ($PolicyObject.SharePointLocationException.Count -gt 0) - { - $result.SharePointLocationException = [array]$PolicyObject.SharePointLocationException.Name - } - if ($PolicyObject.SkypeLocationException.Count -gt 0) - { - $result.SkypeLocationException = [array]$PolicyObject.SkypeLocationException.Name - } + if ($PolicyObject.TeamsChannelLocation.Count -gt 0) + { + $result.TeamsChannelLocation = [array]$PolicyObject.TeamsChannelLocation.Name + } + if ($PolicyObject.TeamsChatLocation.Count -gt 0) + { + $result.TeamsChatLocation = [array]$PolicyObject.TeamsChatLocation.Name + } + if ($PolicyObject.TeamsChannelLocationException.Count -gt 0) + { + $result.TeamsChannelLocationException = [array]$PolicyObject.TeamsChannelLocationException.Name + } + if ($PolicyObject.TeamsChatLocationException.Count -gt 0) + { + $result.TeamsChatLocationException = $PolicyObject.TeamsChatLocationException.Name + } + } + else + { + $result = @{ + Ensure = 'Present' + Name = $PolicyObject.Name + Comment = $PolicyObject.Comment + DynamicScopeLocation = @() + Enabled = $PolicyObject.Enabled + ExchangeLocation = @() + ExchangeLocationException = @() + ModernGroupLocation = @() + ModernGroupLocationException = @() + OneDriveLocation = @() + OneDriveLocationException = @() + PublicFolderLocation = @() + RestrictiveRetention = $PolicyObject.RestrictiveRetention + SharePointLocation = @() + SharePointLocationException = @() + SkypeLocation = @() + SkypeLocationException = @() + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } - Write-Verbose -Message "Found RetentionCompliancePolicy $($Name)" - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + if ($PolicyObject.DynamicScopeLocation.Count -gt 0) + { + $result.DynamicScopeLocation = [array]$PolicyObject.DynamicScopeLocation.Name + } + if ($PolicyObject.ExchangeLocation.Count -gt 0) + { + $result.ExchangeLocation = [array]$PolicyObject.ExchangeLocation.Name + } + if ($PolicyObject.ModernGroupLocation.Count -gt 0) + { + $result.ModernGroupLocation = [array]$PolicyObject.ModernGroupLocation.Name + } + if ($PolicyObject.OneDriveLocation.Count -gt 0) + { + $result.OneDriveLocation = [array]$PolicyObject.OneDriveLocation.Name + } + if ($PolicyObject.PublicFolderLocation.Count -gt 0) + { + $result.PublicFolderLocation = [array]$PolicyObject.PublicFolderLocation.Name + } + if ($PolicyObject.SharePointLocation.Count -gt 0) + { + $result.SharePointLocation = [array]$PolicyObject.SharePointLocation.Name + } + if ($PolicyObject.SkypeLocation.Count -gt 0) + { + $result.SkypeLocation = [array]$PolicyObject.SkypeLocation.Name + } + if ($PolicyObject.ExchangeLocationException.Count -gt 0) + { + $result.ExchangeLocationException = [array]$PolicyObject.ExchangeLocationException.Name + } + if ($PolicyObject.ModernGroupLocationException.Count -gt 0) + { + $result.ModernGroupLocationException = [array]$PolicyObject.ModernGroupLocationException.Name + } + if ($PolicyObject.OneDriveLocationException.Count -gt 0) + { + $result.OneDriveLocationException = [array]$PolicyObject.OneDriveLocationException.Name + } + if ($PolicyObject.SharePointLocationException.Count -gt 0) + { + $result.SharePointLocationException = [array]$PolicyObject.SharePointLocationException.Name + } + if ($PolicyObject.SkypeLocationException.Count -gt 0) + { + $result.SkypeLocationException = [array]$PolicyObject.SkypeLocationException.Name + } } + + Write-Verbose -Message "Found RetentionCompliancePolicy $($Name)" + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -1071,7 +1069,7 @@ function Export-TargetResource try { - [array]$policies = Get-RetentionCompliancePolicy -ErrorAction Stop + [array]$policies = Get-RetentionCompliancePolicy -DistributionDetail -ErrorAction Stop $i = 1 if ($policies.Length -eq 0) @@ -1092,6 +1090,7 @@ function Export-TargetResource Write-Host " |---[$i/$($policies.Length)] $($policy.Name)" -NoNewline + $Script:exportedInstance = $policy $Results = Get-TargetResource @PSBoundParameters -Name $policy.Name $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 index b38cc365f2..6ac1ecce7a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionComplianceRule/MSFT_SCRetentionComplianceRule.psm1 @@ -77,80 +77,78 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of RetentionComplianceRule for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of RetentionComplianceRule for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - $RuleObject = Get-RetentionComplianceRule -Identity $Name ` - -ErrorAction SilentlyContinue - if ($null -eq $RuleObject) - { - Write-Verbose -Message "RetentionComplianceRule $($Name) does not exist." - return $nullReturn + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + $RuleObject = Get-RetentionComplianceRule -Identity $Name ` + -ErrorAction SilentlyContinue + + if ($null -eq $RuleObject) + { + Write-Verbose -Message "RetentionComplianceRule $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing RetentionComplianceRule $($Name)" - $AssociatedPolicy = Get-RetentionCompliancePolicy $RuleObject.Policy - $RetentionComplianceActionValue = $null - if (-not [System.String]::IsNullOrEmpty($ruleObject.RetentionComplianceAction)) - { - $RetentionComplianceActionValue = $RuleObject.RetentionComplianceAction - } - $result = @{ - Name = $RuleObject.Name - Comment = $RuleObject.Comment - Policy = $AssociatedPolicy.Name - RetentionDuration = $RuleObject.RetentionDuration - RetentionComplianceAction = $RetentionComplianceActionValue - RetentionDurationDisplayHint = $RuleObject.RetentionDurationDisplayHint - ExpirationDateOption = $RuleObject.ExpirationDateOption - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - AccessTokens = $AccessTokens - } - if (-not $associatedPolicy.TeamsPolicy) - { - $result.Add('ExcludedItemClasses', $RuleObject.ExcludedItemClasses) - $result.Add('ContentMatchQuery', $RuleObject.ContentMatchQuery) - } + $RuleObject = $Script:exportedInstance + } - Write-Verbose -Message "Found RetentionComplianceRule $($Name)" - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing RetentionComplianceRule $($Name)" + $AssociatedPolicy = Get-RetentionCompliancePolicy $RuleObject.Policy + $RetentionComplianceActionValue = $null + if (-not [System.String]::IsNullOrEmpty($ruleObject.RetentionComplianceAction)) + { + $RetentionComplianceActionValue = $RuleObject.RetentionComplianceAction } + $result = @{ + Name = $RuleObject.Name + Comment = $RuleObject.Comment + Policy = $AssociatedPolicy.Name + RetentionDuration = $RuleObject.RetentionDuration + RetentionComplianceAction = $RetentionComplianceActionValue + RetentionDurationDisplayHint = $RuleObject.RetentionDurationDisplayHint + ExpirationDateOption = $RuleObject.ExpirationDateOption + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + AccessTokens = $AccessTokens + } + if (-not $associatedPolicy.TeamsPolicy) + { + $result.Add('ExcludedItemClasses', $RuleObject.ExcludedItemClasses) + $result.Add('ContentMatchQuery', $RuleObject.ContentMatchQuery) + } + + Write-Verbose -Message "Found RetentionComplianceRule $($Name)" + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -596,6 +594,7 @@ function Export-TargetResource Write-Host " |---[$i/$($rules.Length)] $($rule.Name)" -NoNewline + $Script:exportedInstance = $rule $Results = Get-TargetResource @PSBoundParameters ` -Name $rule.Name ` -Policy $rule.Policy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 index 847519cbfa..f74a1393ea 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRetentionEventType/MSFT_SCRetentionEventType.psm1 @@ -46,64 +46,62 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of Retention Event Type for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of Retention Event Type for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - $EventTypeObject = Get-ComplianceRetentionEventType -Identity $Name ` - -ErrorAction SilentlyContinue - if ($null -eq $EventTypeObject) - { - Write-Verbose -Message "RetentionComplianceEventType $($Name) does not exist." - return $nullReturn + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + $EventTypeObject = Get-ComplianceRetentionEventType -Identity $Name ` + -ErrorAction SilentlyContinue + + if ($null -eq $EventTypeObject) + { + Write-Verbose -Message "RetentionComplianceEventType $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing RetentionComplianceEventType $($Name)" - $result = @{ - Name = $EventTypeObject.Name - Comment = $EventTypeObject.Comment - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - AccessTokens = $AccessTokens - } + $EventTypeObject = $Script:exportedInstance + } - Write-Verbose -Message "Found RetentionComplianceEventType $($Name)" - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing RetentionComplianceEventType $($Name)" + $result = @{ + Name = $EventTypeObject.Name + Comment = $EventTypeObject.Comment + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Found RetentionComplianceEventType $($Name)" + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -380,6 +378,7 @@ function Export-TargetResource Write-Host " |---[$i/$($EventTypes.Length)] $($eventType.Name)" -NoNewline + $Script:exportedInstance = $eventType $Results = Get-TargetResource @PSBoundParameters -Name $eventType.Name $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 index acc49ae62f..517628bec6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroup/MSFT_SCRoleGroup.psm1 @@ -60,63 +60,61 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting Role Group configuration for $Name" - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters + try + { + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting Role Group configuration for $Name" + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - try - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $RoleGroup = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } - } - else - { $AllRoleGroups = Get-RoleGroup -ErrorAction Stop $RoleGroup = $AllRoleGroups | Where-Object -FilterScript { $_.Name -eq $Name } - } - if ($null -eq $RoleGroup) - { - Write-Verbose -Message "Role Group $($Name) does not exist." - return $nullReturn + if ($null -eq $RoleGroup) + { + Write-Verbose -Message "Role Group $($Name) does not exist." + return $nullReturn + } } else { - $result = @{ - Name = $RoleGroup.Name - DisplayName = $RoleGroup.DisplayName - Description = $RoleGroup.Description - Roles = $RoleGroup.Roles -replace '^.*\/(?=[^\/]*$)' - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Managedidentity = $ManagedIdentity.IsPresent - TenantId = $TenantId - AccessTokens = $AccessTokens - } + $RoleGroup = $Script:exportedInstance + } - Write-Verbose -Message "Found Role Group $($Name)" - return $result + $result = @{ + Name = $RoleGroup.Name + DisplayName = $RoleGroup.DisplayName + Description = $RoleGroup.Description + Roles = $RoleGroup.Roles -replace '^.*\/(?=[^\/]*$)' + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Found Role Group $($Name)" + return $result } catch { @@ -431,6 +429,7 @@ function Export-TargetResource CertificatePath = $CertificatePath AccessTokens = $AccessTokens } + $Script:exportedInstance = $RoleGroup $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 index fbd769032c..64e0ac78e1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCRoleGroupMember/MSFT_SCRoleGroupMember.psm1 @@ -51,73 +51,63 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting Role Group configuration for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting Role Group configuration for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - try - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $RoleGroup = $Script:exportedInstances | Where-Object -FilterScript { $_.Name -eq $Name } - } - else - { $AllRoleGroups = Get-RoleGroup -ErrorAction Stop $RoleGroup = $AllRoleGroups | Where-Object -FilterScript { $_.Name -eq $Name } - } - if ($null -eq $RoleGroup) - { - Write-Verbose -Message "Role Group $($Name) does not exist." - return $nullReturn + if ($null -eq $RoleGroup) + { + Write-Verbose -Message "Role Group $($Name) does not exist." + return $nullReturn + } } else { - # Get RoleGroup Members if RoleGroup exists. - $roleGroupMember = Get-RoleGroupMember -Identity $Name | Select-Object Name - - $result = @{ - Name = $RoleGroup.Name - Description = $RoleGroup.Description - Members = $roleGroupMember.Name - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - TenantId = $TenantId - AccessTokens = $AccessTokens - } + $RoleGroup = $Script:exportedInstance + } - Write-Verbose -Message "Found Role Group $($Name)" - return $result + # Get RoleGroup Members if RoleGroup exists. + $roleGroupMember = Get-RoleGroupMember -Identity $Name | Select-Object Name + + $result = @{ + Name = $RoleGroup.Name + Description = $RoleGroup.Description + Members = $roleGroupMember.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + TenantId = $TenantId + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Found Role Group $($Name)" + return $result } catch { @@ -389,12 +379,10 @@ function Export-TargetResource } Write-Host " |---[$i/$($Script:exportedInstances.Count)] $($RoleGroup.Name)" -NoNewline - $roleGroupMember = Get-RoleGroupMember -Identity $RoleGroup.Name | Select-Object Name $Params = @{ Name = $RoleGroup.Name Description = $RoleGroup.Description - Members = $roleGroupMember.Name Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId @@ -403,6 +391,7 @@ function Export-TargetResource CertificatePath = $CertificatePath AccessTokens = $AccessTokens } + $Script:exportedInstance = $RoleGroup $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 index 777360615c..dc60cd9e3e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSecurityFilter/MSFT_SCSecurityFilter.psm1 @@ -466,7 +466,7 @@ function Test-TargetResource $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $ValuesToCheck ` + -DesiredValues $PSBoundParameters ` -ValuesToCheck $ValuesToCheck.Keys Write-Verbose -Message "Test-TargetResource returned $TestResult" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 index c09fdbd22c..7a1f174e2c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 @@ -301,390 +301,387 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of Sensitivity Label for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of Sensitivity Label for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - try - { - try + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + try + { + $label = Get-Label -Identity $Name -ErrorAction SilentlyContinue ` + -IncludeDetailedLabelActions + } + catch + { + throw $_ + } + + if ($null -eq $label) + { + Write-Verbose -Message "Sensitivity label $($Name) does not exist." + return $nullReturn + } + } + else { - $label = Get-Label -Identity $Name -ErrorAction SilentlyContinue ` - -IncludeDetailedLabelActions + $label = $Script:exportedInstance } - catch + + $parentLabelID = $null + if ($null -ne $label.ParentId) { - throw $_ + $parentLabel = Get-Label -Identity $label.ParentId -IncludeDetailedLabelActions -ErrorAction 'SilentlyContinue' + $parentLabelID = $parentLabel.Name } + if ($null -ne $label.LocaleSettings) + { + $localeSettingsValue = Convert-JSONToLocaleSettings -JSONLocalSettings $label.LocaleSettings + } + if ($null -ne $label.Settings) + { + $advancedSettingsValue = Convert-StringToAdvancedSettings -AdvancedSettings $label.Settings + } + Write-Verbose "Found existing Sensitivity Label $($Name)" - if ($null -eq $label) + [Array]$labelActions = $label.LabelActions + $actions = @() + foreach ($labelAction in $labelActions) { - Write-Verbose -Message "Sensitivity label $($Name) does not exist." - return $nullReturn + $action = ConvertFrom-Json ($labelAction | Out-String) + $actions += $action } - else + + $encryption = ($actions | Where-Object -FilterScript { $_.Type -eq 'encrypt' }).Settings + $header = ($actions | Where-Object -FilterScript { $_.Type -eq 'applycontentmarking' -and $_.Subtype -eq 'header' }).Settings + $footer = ($actions | Where-Object -FilterScript { $_.Type -eq 'applycontentmarking' -and $_.Subtype -eq 'footer' }).Settings + $watermark = ($actions | Where-Object -FilterScript { $_.Type -eq 'applywatermarking' }).Settings + $protectgroup = ($actions | Where-Object -FilterScript { $_.Type -eq 'protectgroup' }).Settings + $protectsite = ($actions | Where-Object -FilterScript { $_.Type -eq 'protectsite' }).Settings + + $ApplyContentMarkingFooterTextValue = $null + $footerText = ($footer | Where-Object -FilterScript { $_.Key -eq 'text' }).Value + if ([System.String]::IsNullOrEmpty($footerText) -eq $false) { - $parentLabelID = $null - if ($null -ne $label.ParentId) + $ApplyContentMarkingFooterTextValue = $footerText.Replace('$', '`$') + } + + $ApplyContentMarkingHeaderTextValue = $null + $headerText = ($header | Where-Object -FilterScript { $_.Key -eq 'text' }).Value + if ([System.String]::IsNullOrEmpty($headerText) -eq $false) + { + $ApplyContentMarkingHeaderTextValue = $headerText.Replace('$', '`$') + } + + $ApplyWaterMarkingTextValue = $null + $watermarkText = ($watermark | Where-Object -FilterScript { $_.Key -eq 'text' }).Value + if ([System.String]::IsNullOrEmpty($watermarkText) -eq $false) + { + $ApplyWaterMarkingTextValue = $watermarkText.Replace('$', '`$') + } + + $currentContentType = @() + switch -Regex ($label.ContentType) + { + 'File, Email' { - $parentLabel = Get-Label -Identity $label.ParentId -IncludeDetailedLabelActions -ErrorAction 'SilentlyContinue' - $parentLabelID = $parentLabel.Name + $currentContentType += 'File, Email' } - if ($null -ne $label.LocaleSettings) + 'Site, UnifiedGroup' { - $localeSettingsValue = Convert-JSONToLocaleSettings -JSONLocalSettings $label.LocaleSettings + $currentContentType += 'Site, UnifiedGroup' } - if ($null -ne $label.Settings) + 'PurviewAssets' { - $advancedSettingsValue = Convert-StringToAdvancedSettings -AdvancedSettings $label.Settings + $currentContentType += 'PurviewAssets' } - Write-Verbose "Found existing Sensitivity Label $($Name)" - - [Array]$labelActions = $label.LabelActions - $actions = @() - foreach ($labelAction in $labelActions) + 'Teamwork' { - $action = ConvertFrom-Json ($labelAction | Out-String) - $actions += $action + $currentContentType += 'Teamwork' } - - $encryption = ($actions | Where-Object -FilterScript { $_.Type -eq 'encrypt' }).Settings - $header = ($actions | Where-Object -FilterScript { $_.Type -eq 'applycontentmarking' -and $_.Subtype -eq 'header' }).Settings - $footer = ($actions | Where-Object -FilterScript { $_.Type -eq 'applycontentmarking' -and $_.Subtype -eq 'footer' }).Settings - $watermark = ($actions | Where-Object -FilterScript { $_.Type -eq 'applywatermarking' }).Settings - $protectgroup = ($actions | Where-Object -FilterScript { $_.Type -eq 'protectgroup' }).Settings - $protectsite = ($actions | Where-Object -FilterScript { $_.Type -eq 'protectsite' }).Settings - - $ApplyContentMarkingFooterTextValue = $null - $footerText = ($footer | Where-Object -FilterScript { $_.Key -eq 'text' }).Value - if ([System.String]::IsNullOrEmpty($footerText) -eq $false) + 'SchematizedData' { - $ApplyContentMarkingFooterTextValue = $footerText.Replace('$', '`$') + $currentContentType += 'SchematizedData' } + } - $ApplyContentMarkingHeaderTextValue = $null - $headerText = ($header | Where-Object -FilterScript { $_.Key -eq 'text' }).Value - if ([System.String]::IsNullOrEmpty($headerText) -eq $false) - { - $ApplyContentMarkingHeaderTextValue = $headerText.Replace('$', '`$') - } + # Encryption + $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'disabled' } + if ($null -ne $entry) + { + $encryptionEnabledValue = -not [Boolean]::Parse($entry.Value) + } - $ApplyWaterMarkingTextValue = $null - $watermarkText = ($watermark | Where-Object -FilterScript { $_.Key -eq 'text' }).Value - if ([System.String]::IsNullOrEmpty($watermarkText) -eq $false) - { - $ApplyWaterMarkingTextValue = $watermarkText.Replace('$', '`$') - } + $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'contentexpiredondateindaysornever' } + if ($null -ne $entry) + { + $contentExpiredOnDateValue = $entry.Value + } - $currentContentType = @() - switch -Regex ($label.ContentType) - { - 'File, Email' - { - $currentContentType += 'File, Email' - } - 'Site, UnifiedGroup' - { - $currentContentType += 'Site, UnifiedGroup' - } - 'PurviewAssets' - { - $currentContentType += 'PurviewAssets' - } - 'Teamwork' - { - $currentContentType += 'Teamwork' - } - 'SchematizedData' - { - $currentContentType += 'SchematizedData' - } - } + $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'protectiontype' } + if ($null -ne $entry) + { + $protectionTypeValue = $entry.Value + } - # Encryption - $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'disabled' } - if ($null -ne $entry) - { - $encryptionEnabledValue = -not [Boolean]::Parse($entry.Value) - } + $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'offlineaccessdays' } + if ($null -ne $entry) + { + $offlineAccessDaysValue = $entry.Value + } - $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'contentexpiredondateindaysornever' } - if ($null -ne $entry) - { - $contentExpiredOnDateValue = $entry.Value - } + $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'rightsdefinitions' } + if ($null -ne $entry) + { + $EncryptionRightsDefinitionsValue = Convert-EncryptionRightDefinition -RightsDefinition $entry.Value + } - $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'protectiontype' } - if ($null -ne $entry) - { - $protectionTypeValue = $entry.Value - } + $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'donotforward' } + if ($null -ne $entry) + { + $encryptionDoNotForwardValue = [Boolean]::Parse($entry.Value) + } - $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'offlineaccessdays' } - if ($null -ne $entry) - { - $offlineAccessDaysValue = $entry.Value - } + $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'encryptonly' } + if ($null -ne $entry) + { + $encryptionEncryptOnlyValue = [Boolean]::Parse($entry.Value) + } - $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'rightsdefinitions' } - if ($null -ne $entry) - { - $EncryptionRightsDefinitionsValue = Convert-EncryptionRightDefinition -RightsDefinition $entry.Value - } + $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'promptuser' } + if ($null -ne $entry) + { + $encryptionPromptUserValue = [Boolean]::Parse($entry.Value) + } - $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'donotforward' } - if ($null -ne $entry) - { - $encryptionDoNotForwardValue = [Boolean]::Parse($entry.Value) - } + # Watermark + $entry = $watermark | Where-Object -FilterScript { $_.Key -eq 'disabled' } + if ($null -ne $entry) + { + $watermarkEnabledValue = -not [Boolean]::Parse($entry.Value) + } - $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'encryptonly' } - if ($null -ne $entry) - { - $encryptionEncryptOnlyValue = [Boolean]::Parse($entry.Value) - } + # Watermark Footer + $entry = $footer | Where-Object -FilterScript { $_.Key -eq 'disabled' } + if ($null -ne $entry) + { + $footerEnabledValue = -not [Boolean]::Parse($entry.Value) + } - $entry = $encryption | Where-Object -FilterScript { $_.Key -eq 'promptuser' } - if ($null -ne $entry) - { - $encryptionPromptUserValue = [Boolean]::Parse($entry.Value) - } + # Watermark Header + $entry = $header | Where-Object -FilterScript { $_.Key -eq 'disabled' } + if ($null -ne $entry) + { + $headerEnabledValue = -not [Boolean]::Parse($entry.Value) + } - # Watermark - $entry = $watermark | Where-Object -FilterScript { $_.Key -eq 'disabled' } - if ($null -ne $entry) - { - $watermarkEnabledValue = -not [Boolean]::Parse($entry.Value) - } + # Site and Group + $entry = $protectgroup | Where-Object -FilterScript { $_.Key -eq 'disabled' } + if ($null -ne $entry) + { + $siteAndGroupEnabledValue = -not [Boolean]::Parse($entry.Value) + } - # Watermark Footer - $entry = $footer | Where-Object -FilterScript { $_.Key -eq 'disabled' } - if ($null -ne $entry) - { - $footerEnabledValue = -not [Boolean]::Parse($entry.Value) - } + $entry = $protectgroup | Where-Object -FilterScript { $_.Key -eq 'allowaccesstoguestusers' } + if ($null -ne $entry) + { + $siteAndGroupAccessToGuestUsersValue = [Boolean]::Parse($entry.Value) + } - # Watermark Header - $entry = $header | Where-Object -FilterScript { $_.Key -eq 'disabled' } - if ($null -ne $entry) - { - $headerEnabledValue = -not [Boolean]::Parse($entry.Value) - } + $entry = $protectgroup | Where-Object -FilterScript { $_.Key -eq 'allowemailfromguestusers' } + if ($null -ne $entry) + { + $siteAndGroupAllowEmailFromGuestUsers = [Boolean]::Parse($entry.Value) + } - # Site and Group - $entry = $protectgroup | Where-Object -FilterScript { $_.Key -eq 'disabled' } - if ($null -ne $entry) - { - $siteAndGroupEnabledValue = -not [Boolean]::Parse($entry.Value) - } + $entry = $protectsite | Where-Object -FilterScript { $_.Key -eq 'allowfullaccess' } + if ($null -ne $entry) + { + $siteAndGroupAllowFullAccess = [Boolean]::Parse($entry.Value) + } - $entry = $protectgroup | Where-Object -FilterScript { $_.Key -eq 'allowaccesstoguestusers' } - if ($null -ne $entry) - { - $siteAndGroupAccessToGuestUsersValue = [Boolean]::Parse($entry.Value) - } + $entry = $protectsite | Where-Object -FilterScript { $_.Key -eq 'allowlimitedaccess' } + if ($null -ne $entry) + { + $siteAndGroupAllowLimitedAccess = [Boolean]::Parse($entry.Value) + } - $entry = $protectgroup | Where-Object -FilterScript { $_.Key -eq 'allowemailfromguestusers' } - if ($null -ne $entry) - { - $siteAndGroupAllowEmailFromGuestUsers = [Boolean]::Parse($entry.Value) - } + $entry = $protectsite | Where-Object -FilterScript { $_.Key -eq 'blockaccess' } + if ($null -ne $entry) + { + $siteAndGroupBlockAccess = [Boolean]::Parse($entry.Value) + } - $entry = $protectsite | Where-Object -FilterScript { $_.Key -eq 'allowfullaccess' } - if ($null -ne $entry) - { - $siteAndGroupAllowFullAccess = [Boolean]::Parse($entry.Value) - } + # Auto Labelling Conditions + $getConditions = $null + if ([System.String]::IsNullOrEmpty($label.Conditions) -eq $false) + { + $currConditions = $label.Conditions | ConvertFrom-Json - $entry = $protectsite | Where-Object -FilterScript { $_.Key -eq 'allowlimitedaccess' } - if ($null -ne $entry) - { - $siteAndGroupAllowLimitedAccess = [Boolean]::Parse($entry.Value) + $getConditions = @{ + Groups = @() + Operator = '' } - $entry = $protectsite | Where-Object -FilterScript { $_.Key -eq 'blockaccess' } - if ($null -ne $entry) - { - $siteAndGroupBlockAccess = [Boolean]::Parse($entry.Value) - } + $operator = $currConditions.PSObject.Properties.Name + $getConditions.Operator = $operator - # Auto Labelling Conditions - $getConditions = $null - if ([System.String]::IsNullOrEmpty($label.Conditions) -eq $false) + $autoApplyType = '' + $policyTip = '' + $groups = foreach ($group in $currConditions.$($operator)) { - $currConditions = $label.Conditions | ConvertFrom-Json - - $getConditions = @{ - Groups = @() + $grpObject = @{ + Name = '' Operator = '' } - $operator = $currConditions.PSObject.Properties.Name - $getConditions.Operator = $operator + $grpOperator = $group.PSObject.Properties.Name + $grpObject.Operator = $grpOperator - $autoApplyType = '' - $policyTip = '' - $groups = foreach ($group in $currConditions.$($operator)) + $grpName = '' + [array]$sensitiveInformationTypes = foreach ($item in $group.$grpOperator | Where-Object { $_.Key -eq 'CCSI' }) { - $grpObject = @{ - Name = '' - Operator = '' + if ([String]::IsNullOrEmpty($grpName)) + { + $grpName = ($item.Settings | Where-Object { $_.Key -eq 'groupname' }).Value } - $grpOperator = $group.PSObject.Properties.Name - $grpObject.Operator = $grpOperator - - $grpName = '' - [array]$sensitiveInformationTypes = foreach ($item in $group.$grpOperator | Where-Object { $_.Key -eq 'CCSI' }) + if ([String]::IsNullOrEmpty($policyTip)) { - if ([String]::IsNullOrEmpty($grpName)) - { - $grpName = ($item.Settings | Where-Object { $_.Key -eq 'groupname' }).Value - } - - if ([String]::IsNullOrEmpty($policyTip)) - { - $policyTip = ($item.Settings | Where-Object { $_.Key -eq 'policytip' }).Value - } - - if ([String]::IsNullOrEmpty($autoApplyType)) - { - $autoApplyType = ($item.Settings | Where-Object { $_.Key -eq 'autoapplytype' }).Value - } - - $settingsObject = @{ - name = ($item.Settings | Where-Object { $_.Key -eq 'name' }).Value - confidencelevel = ($item.Settings | Where-Object { $_.Key -eq 'confidencelevel' }).Value - mincount = ($item.Settings | Where-Object { $_.Key -eq 'mincount' }).Value - maxcount = ($item.Settings | Where-Object { $_.Key -eq 'maxcount' }).Value - } - - if ($null -ne ($item.Settings | Where-Object { $_.Key -eq 'classifiertype' })) - { - $settingsObject.classifiertype = ($item.Settings | Where-Object { $_.Key -eq 'classifiertype' }).Value - } - - # return the settings object as output to the sensitiveInformationTypes array - $settingsObject + $policyTip = ($item.Settings | Where-Object { $_.Key -eq 'policytip' }).Value } - [array]$trainableClassifiers = foreach ($item in $group.$grpOperator | Where-Object { $_.Key -eq 'ContentMatchesModule' }) + if ([String]::IsNullOrEmpty($autoApplyType)) { - if ([String]::IsNullOrEmpty($grpName)) - { - $grpName = ($item.Settings | Where-Object { $_.Key -eq 'groupname' }).Value - } - - @{ - name = ($item.Settings | Where-Object { $_.Key -eq 'name' }).Value - id = $item.Value - } + $autoApplyType = ($item.Settings | Where-Object { $_.Key -eq 'autoapplytype' }).Value } - $grpObject.Name = $grpName - $grpObject.SensitiveInformationType = $sensitiveInformationTypes - $grpObject.TrainableClassifier = $trainableClassifiers + $settingsObject = @{ + name = ($item.Settings | Where-Object { $_.Key -eq 'name' }).Value + confidencelevel = ($item.Settings | Where-Object { $_.Key -eq 'confidencelevel' }).Value + mincount = ($item.Settings | Where-Object { $_.Key -eq 'mincount' }).Value + maxcount = ($item.Settings | Where-Object { $_.Key -eq 'maxcount' }).Value + } - # return the group object as output to the groups array - $grpObject - } - $getConditions.Groups = $groups - if ([System.String]::IsNullOrEmpty($policyTip) -eq $false) - { - $getConditions.PolicyTip = $policyTip - } - if ([System.String]::IsNullOrEmpty($autoApplyType) -eq $false) - { - $getConditions.AutoApplyType = $autoApplyType + if ($null -ne ($item.Settings | Where-Object { $_.Key -eq 'classifiertype' })) + { + $settingsObject.classifiertype = ($item.Settings | Where-Object { $_.Key -eq 'classifiertype' }).Value + } + + # return the settings object as output to the sensitiveInformationTypes array + $settingsObject } - else + + [array]$trainableClassifiers = foreach ($item in $group.$grpOperator | Where-Object { $_.Key -eq 'ContentMatchesModule' }) { - $getConditions.AutoApplyType = 'Automatic' + if ([String]::IsNullOrEmpty($grpName)) + { + $grpName = ($item.Settings | Where-Object { $_.Key -eq 'groupname' }).Value + } + + @{ + name = ($item.Settings | Where-Object { $_.Key -eq 'name' }).Value + id = $item.Value + } } - } - $result = @{ - Name = $label.Name - Comment = $label.Comment - ParentId = $parentLabelID - AdvancedSettings = $advancedSettingsValue - DisplayName = $label.DisplayName - LocaleSettings = $localeSettingsValue - Priority = $label.Priority - Tooltip = $label.Tooltip - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - Ensure = 'Present' - ApplyContentMarkingFooterAlignment = ($footer | Where-Object { $_.Key -eq 'alignment' }).Value - ApplyContentMarkingFooterEnabled = $footerEnabledValue - ApplyContentMarkingFooterFontColor = ($footer | Where-Object { $_.Key -eq 'fontcolor' }).Value - ApplyContentMarkingFooterFontSize = ($footer | Where-Object { $_.Key -eq 'fontsize' }).Value - ApplyContentMarkingFooterMargin = ($footer | Where-Object { $_.Key -eq 'margin' }).Value - ApplyContentMarkingFooterText = $ApplyContentMarkingFooterTextValue - ApplyContentMarkingHeaderAlignment = ($header | Where-Object { $_.Key -eq 'alignment' }).Value - ApplyContentMarkingHeaderEnabled = $headerEnabledValue - ApplyContentMarkingHeaderFontColor = ($header | Where-Object { $_.Key -eq 'fontcolor' }).Value - ApplyContentMarkingHeaderFontSize = ($header | Where-Object { $_.Key -eq 'fontsize' }).Value - ApplyContentMarkingHeaderMargin = ($header | Where-Object { $_.Key -eq 'margin' }).Value - #TODO ADD HEADER PLACEMENT? - ApplyContentMarkingHeaderText = $ApplyContentMarkingHeaderTextValue - ApplyWaterMarkingEnabled = $watermarkEnabledValue - ApplyWaterMarkingFontColor = ($watermark | Where-Object { $_.Key -eq 'fontcolor' }).Value - ApplyWaterMarkingFontSize = ($watermark | Where-Object { $_.Key -eq 'fontsize' }).Value - ApplyWaterMarkingLayout = ($watermark | Where-Object { $_.Key -eq 'layout' }).Value - ApplyWaterMarkingText = $ApplyWaterMarkingTextValue - ContentType = $currentContentType - EncryptionContentExpiredOnDateInDaysOrNever = $contentExpiredOnDateValue - EncryptionDoNotForward = $encryptionDoNotForwardValue - EncryptionEncryptOnly = $encryptionEncryptOnlyValue - EncryptionEnabled = $encryptionEnabledValue - EncryptionOfflineAccessDays = $offlineAccessDaysValue - EncryptionPromptUser = $encryptionPromptUserValue - EncryptionProtectionType = $protectionTypeValue - EncryptionRightsDefinitions = $EncryptionRightsDefinitionsValue - EncryptionRightsUrl = ($encryption | Where-Object { $_.Key -eq 'doublekeyencryptionurl' }).Value - SiteAndGroupProtectionAllowAccessToGuestUsers = $siteAndGroupAccessToGuestUsersValue - SiteAndGroupProtectionAllowEmailFromGuestUsers = $siteAndGroupAllowEmailFromGuestUsers - SiteAndGroupProtectionPrivacy = ($protectgroup | Where-Object { $_.Key -eq 'privacy' }).Value - SiteAndGroupProtectionAllowFullAccess = $siteAndGroupAllowFullAccess - SiteAndGroupProtectionAllowLimitedAccess = $siteAndGroupAllowLimitedAccess - SiteAndGroupProtectionBlockAccess = $siteAndGroupBlockAccess - SiteAndGroupProtectionEnabled = $siteAndGroupEnabledValue - SiteAndGroupExternalSharingControlType = ($protectsite | Where-Object { $_.Key -eq 'externalsharingcontroltype' }).Value - AccessTokens = $AccessTokens - AutoLabelingSettings = $getConditions + $grpObject.Name = $grpName + $grpObject.SensitiveInformationType = $sensitiveInformationTypes + $grpObject.TrainableClassifier = $trainableClassifiers + + # return the group object as output to the groups array + $grpObject } + $getConditions.Groups = $groups + if ([System.String]::IsNullOrEmpty($policyTip) -eq $false) + { + $getConditions.PolicyTip = $policyTip + } + if ([System.String]::IsNullOrEmpty($autoApplyType) -eq $false) + { + $getConditions.AutoApplyType = $autoApplyType + } + else + { + $getConditions.AutoApplyType = 'Automatic' + } + } - return $result + $result = @{ + Name = $label.Name + Comment = $label.Comment + ParentId = $parentLabelID + AdvancedSettings = $advancedSettingsValue + DisplayName = $label.DisplayName + LocaleSettings = $localeSettingsValue + Priority = $label.Priority + Tooltip = $label.Tooltip + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Ensure = 'Present' + ApplyContentMarkingFooterAlignment = ($footer | Where-Object { $_.Key -eq 'alignment' }).Value + ApplyContentMarkingFooterEnabled = $footerEnabledValue + ApplyContentMarkingFooterFontColor = ($footer | Where-Object { $_.Key -eq 'fontcolor' }).Value + ApplyContentMarkingFooterFontSize = ($footer | Where-Object { $_.Key -eq 'fontsize' }).Value + ApplyContentMarkingFooterMargin = ($footer | Where-Object { $_.Key -eq 'margin' }).Value + ApplyContentMarkingFooterText = $ApplyContentMarkingFooterTextValue + ApplyContentMarkingHeaderAlignment = ($header | Where-Object { $_.Key -eq 'alignment' }).Value + ApplyContentMarkingHeaderEnabled = $headerEnabledValue + ApplyContentMarkingHeaderFontColor = ($header | Where-Object { $_.Key -eq 'fontcolor' }).Value + ApplyContentMarkingHeaderFontSize = ($header | Where-Object { $_.Key -eq 'fontsize' }).Value + ApplyContentMarkingHeaderMargin = ($header | Where-Object { $_.Key -eq 'margin' }).Value + #TODO ADD HEADER PLACEMENT? + ApplyContentMarkingHeaderText = $ApplyContentMarkingHeaderTextValue + ApplyWaterMarkingEnabled = $watermarkEnabledValue + ApplyWaterMarkingFontColor = ($watermark | Where-Object { $_.Key -eq 'fontcolor' }).Value + ApplyWaterMarkingFontSize = ($watermark | Where-Object { $_.Key -eq 'fontsize' }).Value + ApplyWaterMarkingLayout = ($watermark | Where-Object { $_.Key -eq 'layout' }).Value + ApplyWaterMarkingText = $ApplyWaterMarkingTextValue + ContentType = $currentContentType + EncryptionContentExpiredOnDateInDaysOrNever = $contentExpiredOnDateValue + EncryptionDoNotForward = $encryptionDoNotForwardValue + EncryptionEncryptOnly = $encryptionEncryptOnlyValue + EncryptionEnabled = $encryptionEnabledValue + EncryptionOfflineAccessDays = $offlineAccessDaysValue + EncryptionPromptUser = $encryptionPromptUserValue + EncryptionProtectionType = $protectionTypeValue + EncryptionRightsDefinitions = $EncryptionRightsDefinitionsValue + EncryptionRightsUrl = ($encryption | Where-Object { $_.Key -eq 'doublekeyencryptionurl' }).Value + SiteAndGroupProtectionAllowAccessToGuestUsers = $siteAndGroupAccessToGuestUsersValue + SiteAndGroupProtectionAllowEmailFromGuestUsers = $siteAndGroupAllowEmailFromGuestUsers + SiteAndGroupProtectionPrivacy = ($protectgroup | Where-Object { $_.Key -eq 'privacy' }).Value + SiteAndGroupProtectionAllowFullAccess = $siteAndGroupAllowFullAccess + SiteAndGroupProtectionAllowLimitedAccess = $siteAndGroupAllowLimitedAccess + SiteAndGroupProtectionBlockAccess = $siteAndGroupBlockAccess + SiteAndGroupProtectionEnabled = $siteAndGroupEnabledValue + SiteAndGroupExternalSharingControlType = ($protectsite | Where-Object { $_.Key -eq 'externalsharingcontroltype' }).Value + AccessTokens = $AccessTokens + AutoLabelingSettings = $getConditions } + + return $result } catch { @@ -1596,6 +1593,7 @@ function Export-TargetResource Write-Host " |---[$i/$($labels.Count)] $($label.Name)" -NoNewline + $Script:exportedInstance = $label $Results = Get-TargetResource @PSBoundParameters -Name $label.Name if ($null -ne $Results.AdvancedSettings) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 index 33c183c554..8811df299b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewPolicy/MSFT_SCSupervisoryReviewPolicy.psm1 @@ -52,34 +52,31 @@ function Get-TargetResource ) Write-Verbose -Message "Getting configuration of SupervisoryReviewPolicy for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + if (-not $Global:CurrentModeIsExport) { $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` -InboundParameters $PSBoundParameters - } - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + } $nullReturn = $PSBoundParameters $nullReturn.Ensure = 'Absent' try { + <# + Note: 'exportedInstance(s)' approach does not work for this resource; + command does not return Reviewers unless the policy name is specified + #> $PolicyObject = Get-SupervisoryReviewPolicyV2 $Name -ErrorAction SilentlyContinue if ($null -eq $PolicyObject) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 index d5c4a93186..ad755078a8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSupervisoryReviewRule/MSFT_SCSupervisoryReviewRule.psm1 @@ -56,66 +56,64 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of SupervisoryReviewRule for $Name" - if ($Global:CurrentModeIsExport) - { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters ` - -SkipModuleReload $true - } - else + try { - $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` - -InboundParameters $PSBoundParameters - } + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration of SupervisoryReviewRule for $Name" - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + $ConnectionMode = New-M365DSCConnection -Workload 'SecurityComplianceCenter' ` + -InboundParameters $PSBoundParameters - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' - try - { - $RuleObject = Get-SupervisoryReviewRule -Identity $Name -ErrorAction SilentlyContinue + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - if ($null -eq $RuleObject) - { - Write-Verbose -Message "SupervisoryReviewRule $($Name) does not exist." - return $nullReturn + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + $RuleObject = Get-SupervisoryReviewRule -Identity $Name -ErrorAction SilentlyContinue + + if ($null -eq $RuleObject) + { + Write-Verbose -Message "SupervisoryReviewRule $($Name) does not exist." + return $nullReturn + } } else { - Write-Verbose "Found existing SupervisoryReviewRule $($Name)" - $PolicyName = (Get-SupervisoryReviewPolicyV2 -Identity $RuleObject.Policy).Name - - $result = @{ - Name = $RuleObject.Name - Policy = $PolicyName - Condition = $RuleObject.Condition - SamplingRate = $RuleObject.SamplingRate - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword - AccessTokens = $AccessTokens - } + $RuleObject = $Script:exportedInstance + } - Write-Verbose -Message "Found SupervisoryReviewRule $($Name)" - Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" - return $result + Write-Verbose "Found existing SupervisoryReviewRule $($Name)" + $PolicyName = (Get-SupervisoryReviewPolicyV2 -Identity $RuleObject.Policy).Name + + $result = @{ + Name = $RuleObject.Name + Policy = $PolicyName + Condition = $RuleObject.Condition + SamplingRate = $RuleObject.SamplingRate + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + AccessTokens = $AccessTokens } + + Write-Verbose -Message "Found SupervisoryReviewRule $($Name)" + Write-Verbose -Message "Get-TargetResource Result: `n $(Convert-M365DscHashtableToString -Hashtable $result)" + return $result } catch { @@ -393,6 +391,7 @@ function Export-TargetResource } Write-Host " |---[$i/$($rules.Length)] $($rule.Name)" -NoNewline + $Script:exportedInstance = $rule $Results = Get-TargetResource @PSBoundParameters ` -Name $rule.Name ` -Policy $rule.Policy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOBrowserIdleSignout/MSFT_SPOBrowserIdleSignout.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOBrowserIdleSignout/MSFT_SPOBrowserIdleSignout.psm1 index ac82c4feae..35fa74917c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOBrowserIdleSignout/MSFT_SPOBrowserIdleSignout.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOBrowserIdleSignout/MSFT_SPOBrowserIdleSignout.psm1 @@ -88,8 +88,8 @@ function Get-TargetResource return @{ IsSingleInstance = 'Yes' Enabled = $BrowserIdleSignout.Enabled - SignOutAfter = $BrowserIdleSignout.SignOutAfter - WarnAfter = $BrowserIdleSignout.WarnAfter + SignOutAfter = $BrowserIdleSignout.SignOutAfter.ToString() + WarnAfter = $BrowserIdleSignout.WarnAfter.ToString() Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHubSite/MSFT_SPOHubSite.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHubSite/MSFT_SPOHubSite.psm1 index 2a705aedbf..9ac76e9940 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHubSite/MSFT_SPOHubSite.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOHubSite/MSFT_SPOHubSite.psm1 @@ -74,101 +74,106 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration for hub site collection $Url" + try + { + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration for hub site collection $Url" - $ConnectionModeGraph = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters + $ConnectionModeGraph = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters - $ConnectionMode = New-M365DSCConnection -Workload 'PnP' ` - -InboundParameters $PSBoundParameters + $ConnectionMode = New-M365DSCConnection -Workload 'PnP' ` + -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - try - { - Write-Verbose -Message "Getting hub site collection $Url" - $site = Get-PnPTenantSite -Identity $Url -ErrorAction SilentlyContinue - if ($null -eq $site) - { - Write-Verbose -Message "The specified Site Collection doesn't already exist." - return $nullReturn - } + Write-Verbose -Message "Getting hub site collection $Url" + $site = Get-PnPTenantSite -Identity $Url -ErrorAction SilentlyContinue + if ($null -eq $site) + { + Write-Verbose -Message "The specified Site Collection doesn't already exist." + return $nullReturn + } - if ($site.IsHubSite -eq $false) - { - Write-Verbose -Message "The specified Site Collection isn't a hub site." - return $nullReturn + if ($site.IsHubSite -eq $false) + { + Write-Verbose -Message "The specified Site Collection isn't a hub site." + return $nullReturn + } } else { - $hubSite = Get-PnPHubSite -Identity $Url - $principals = @() - foreach ($permission in $hubSite.Permissions.PrincipalName) + $hubSite = $Script:exportedInstance + } + + $hubSite = Get-PnPHubSite -Identity $Url + $principals = @() + foreach ($permission in $hubSite.Permissions.PrincipalName) + { + $result = $permission.Split('|') + if ($result[0].StartsWith('c') -eq $true) { - $result = $permission.Split('|') - if ($result[0].StartsWith('c') -eq $true) - { - # Group permissions - $group = Get-MgGroup -GroupId $result[2] + # Group permissions + $group = Get-MgGroup -GroupId $result[2] - if ($null -eq $group.EmailAddress) - { - $principal = $group.DisplayName - } - else - { - $principal = $group.EmailAddress - } - $principals += $principal + if ($null -eq $group.EmailAddress) + { + $principal = $group.DisplayName } else { - # User permissions - $principals += $result[2] + $principal = $group.EmailAddress } - } - - if ($LogoUrl.StartsWith('http')) - { - $configuredLogo = $hubSite.LogoUrl + $principals += $principal } else { - $configuredLogo = ([System.Uri]$hubSite.LogoUrl).AbsolutePath + # User permissions + $principals += $result[2] } + } - $result = @{ - Url = $Url - Title = $hubSite.Title - Description = $hubSite.Description - LogoUrl = $configuredLogo - RequiresJoinApproval = $hubSite.RequiresJoinApproval - AllowedToJoin = $principals - SiteDesignId = $hubSite.SiteDesignId - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } - return $result + if ($LogoUrl.StartsWith('http')) + { + $configuredLogo = $hubSite.LogoUrl + } + else + { + $configuredLogo = ([System.Uri]$hubSite.LogoUrl).AbsolutePath + } + + $result = @{ + Url = $Url + Title = $hubSite.Title + Description = $hubSite.Description + LogoUrl = $configuredLogo + RequiresJoinApproval = $hubSite.RequiresJoinApproval + AllowedToJoin = $principals + SiteDesignId = $hubSite.SiteDesignId + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } + return $result } catch { @@ -680,6 +685,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $hub $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 index d5ff15a26c..0b0153d63e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 @@ -200,7 +200,7 @@ function Get-TargetResource } $results = @{ IsSingleInstance = 'Yes' - SharingCapability = $SPOSharingSettings.SharingCapability + SharingCapability = $SPOSharingSettings.SharingCapability.ToString() ShowEveryoneClaim = $SPOSharingSettings.ShowEveryoneClaim ShowAllUsersClaim = $SPOSharingSettings.ShowAllUsersClaim ShowEveryoneExceptExternalUsersClaim = $SPOSharingSettings.ShowEveryoneExceptExternalUsersClaim @@ -213,12 +213,12 @@ function Get-TargetResource ExternalUserExpirationRequired = $SPOSharingSettings.ExternalUserExpirationRequired SharingAllowedDomainList = $allowDomains SharingBlockedDomainList = $blockDomains - SharingDomainRestrictionMode = $SPOSharingSettings.SharingDomainRestrictionMode - DefaultSharingLinkType = $SPOSharingSettings.DefaultSharingLinkType + SharingDomainRestrictionMode = $SPOSharingSettings.SharingDomainRestrictionMode.ToString() + DefaultSharingLinkType = $SPOSharingSettings.DefaultSharingLinkType.ToString() PreventExternalUsersFromResharing = $SPOSharingSettings.PreventExternalUsersFromResharing ShowPeoplePickerSuggestionsForGuestUsers = $SPOSharingSettings.ShowPeoplePickerSuggestionsForGuestUsers - FileAnonymousLinkType = $SPOSharingSettings.FileAnonymousLinkType - FolderAnonymousLinkType = $SPOSharingSettings.FolderAnonymousLinkType + FileAnonymousLinkType = $SPOSharingSettings.FileAnonymousLinkType.ToString() + FolderAnonymousLinkType = $SPOSharingSettings.FolderAnonymousLinkType.ToString() NotifyOwnersWhenItemsReshared = $SPOSharingSettings.NotifyOwnersWhenItemsReshared DefaultLinkPermission = $DefaultLinkPermission diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSite/MSFT_SPOSite.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSite/MSFT_SPOSite.psm1 index 9c398a741b..0e036b3634 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSite/MSFT_SPOSite.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSite/MSFT_SPOSite.psm1 @@ -157,35 +157,42 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration for site collection $Url" + try + { + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting configuration for site collection $Url" - $ConnectionMode = New-M365DSCConnection -Workload 'PnP' ` - -InboundParameters $PSBoundParameters + $ConnectionMode = New-M365DSCConnection -Workload 'PnP' ` + -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - try - { - Write-Verbose -Message "Getting site collection $Url" + Write-Verbose -Message "Getting site collection $Url" - $site = Get-PnPTenantSite -Identity $Url -ErrorAction 'SilentlyContinue' - if ($null -eq $site) + $site = Get-PnPTenantSite -Identity $Url -ErrorAction 'SilentlyContinue' + if ($null -eq $site) + { + Write-Verbose -Message "The specified Site Collection {$Url} doesn't exist." + return $nullReturn + } + } + else { - Write-Verbose -Message "The specified Site Collection {$Url} doesn't exist." - return $nullReturn + $site = $Script:exportedInstance } $web = Get-PnPWeb -Includes RegionalSettings.TimeZone @@ -974,6 +981,7 @@ function Export-TargetResource try { + $Script:exportedInstance = $site $Results = Get-TargetResource @Params if ([System.String]::IsNullOrEmpty($Results.SharingDomainRestrictionMode)) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteGroup/MSFT_SPOSiteGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteGroup/MSFT_SPOSiteGroup.psm1 index f1822fa249..9d3ff9c03f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteGroup/MSFT_SPOSiteGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSiteGroup/MSFT_SPOSiteGroup.psm1 @@ -61,61 +61,68 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting SPOSiteGroups for {$Url}" + try + { + if (-not $Script:exportedInstance) + { + Write-Verbose -Message "Getting SPOSiteGroups for {$Url}" - $ConnectionMode = New-M365DSCConnection -Workload 'PNP' ` - -InboundParameters $PSBoundParameters + $ConnectionMode = New-M365DSCConnection -Workload 'PNP' ` + -InboundParameters $PSBoundParameters - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion - $nullReturn = $PSBoundParameters - $nullReturn.Ensure = 'Absent' + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' - try - { - #checking if the site actually exists - try - { - $site = Get-PnPTenantSite $Url - } - catch - { - $Message = "The specified site collection doesn't exist." - New-M365DSCLogEntry -Message $Message ` - -Exception $_ ` - -Source $MyInvocation.MyCommand.ModuleName - throw $Message - return $nullReturn - } - try - { - $ConnectionMode = New-M365DSCConnection -Workload 'PNP' ` - -InboundParameters $PSBoundParameters ` - -Url $Url - $siteGroup = Get-PnPGroup -Identity $Identity ` - -ErrorAction Stop - } - catch - { - if ($Error[0].Exception.Message -eq 'Group cannot be found.') + #checking if the site actually exists + try + { + $site = Get-PnPTenantSite $Url + } + catch + { + $Message = "The specified site collection doesn't exist." + New-M365DSCLogEntry -Message $Message ` + -Exception $_ ` + -Source $MyInvocation.MyCommand.ModuleName + throw $Message + return $nullReturn + } + try { - Write-Verbose -Message "Site group $($Identity) could not be found on site $($Url)" + $ConnectionMode = New-M365DSCConnection -Workload 'PNP' ` + -InboundParameters $PSBoundParameters ` + -Url $Url + $siteGroup = Get-PnPGroup -Identity $Identity ` + -ErrorAction Stop + } + catch + { + if ($Error[0].Exception.Message -eq 'Group cannot be found.') + { + Write-Verbose -Message "Site group $($Identity) could not be found on site $($Url)" + } + } + if ($null -eq $siteGroup) + { + return $nullReturn } } - if ($null -eq $siteGroup) + else { - return $nullReturn + $siteGroup = $Script:exportedInstance } try @@ -548,15 +555,6 @@ function Export-TargetResource foreach ($siteGroup in $siteGroups) { Write-Host " |---[$j/$($siteGroups.Length)] $($siteGroup.Title)" -NoNewline - try - { - [array]$sitePerm = Get-PnPGroupPermissions -Identity $siteGroup.Title -ErrorAction Stop - } - catch - { - Write-Warning -Message "The specified account does not have access to the permissions list for {$($siteGroup.Title)}" - break - } $Params = @{ Url = $site.Url Identity = $siteGroup.Title @@ -572,6 +570,7 @@ function Export-TargetResource } try { + $Script:exportedInstance = $siteGroup $Results = Get-TargetResource @Params if ($Results.Ensure -eq 'Present') { diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 2a2c09df83..f29dde0e95 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2025-01-15 +# Generated on: 2025-01-22 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.25.115.1' + ModuleVersion = '1.25.122.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -26,7 +26,7 @@ CompanyName = 'Microsoft Corporation' # Copyright statement for this module - Copyright = '(c) 2024 Microsoft Corporation. All rights reserved.' + Copyright = '(c) 2025 Microsoft Corporation. All rights reserved.' # Description of the functionality provided by this module Description = 'This DSC module is used to configure and monitor Microsoft tenants, including SharePoint Online, Exchange, Teams, etc.' @@ -147,60 +147,73 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = ' AADAuthenticationRequirement - * Filtered guests from the export, to prevent errors during export - FIXES [#5625](https://github.com/microsoft/Microsoft365DSC/issues/5625) -* AADCustomAuthenticationExtension - * Fixes an issue extracting instances due to the OrganizationName being null. -* AADGroup - * Only get Members & GroupAsMembers when a static group is defined. -* AADGroupEligibilitySchedule - * New resource for Privileged Identity Management (PIM) for Groups -* AADNamingLocationPolicy - * Improved logging and fixed issue that caused creation of duplicate - locations with same name. -* EXOSmtpDaneInbound - * Initial release -* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy - * Fixed creation of policy while it was found by name, now it updates existing policies correctly. -* IntuneAccountProtectionPolicyWindows10 - * Fixed creation of policy while it was found by name, now it updates existing policies correctly. -* IntuneAntivirusPolicyLinux - * Fixed creation of policy while it was found by name, now it updates existing policies correctly. -* IntuneAntivirusPolicyMacOS - * Fixed creation of policy while it was found by name, now it updates existing policies correctly. -* IntuneAntivirusPolicyWindows10SettingCatalog - * Fixed creation of policy while it was found by name, now it updates existing policies correctly. -* IntuneAppAndBrowserIsolationPolicyWindows10 - * Fixed creation of policy while it was found by name, now it updates existing policies correctly. -* IntuneDeviceControlPolicyWindows10 - * Fixed creation of policy while it was found by name, now it updates existing policies correctly. -* IntuneDiskEncryptionMacOS - * Fixed creation of policy while it was found by name, now it updates existing policies correctly. -* IntuneDiskEncryptionWindows10 - * Fixed creation of policy while it was found by name, now it updates existing policies correctly. -* IntuneEndpointDetectionAndResponsePolicyLinux - * Fixed creation of policy while it was found by name, now it updates existing policies correctly. -* IntuneEndpointDetectionAndResponsePolicyMacOS - * Fixed creation of policy while it was found by name, now it updates existing policies correctly. -* IntuneEndpointDetectionAndResponsePolicyWindows10 - * Fixed creation of policy while it was found by name, now it updates existing policies correctly. -* IntuneFirewallPolicyWindows10 - * Fixed creation of policy while it was found by name, now it updates existing policies correctly. -* IntuneSettingCatalogASRRulesPolicyWindows10 - * Fixed creation of policy while it was found by name, now it updates existing policies correctly. -* IntuneVPNConfigurationPolicyAndroidWork - * Initial release -* M365DSCRuleEvaluation - * Making RuleDefinition a key of the resource to allow multiple - rules for the same resource type to be provided in the same config. - * Adding a new RuleName parameter to make it easier to understand - the results in the event logs. -* TeamsGroupPolicyAssignment - * FIXES [[#5527](https://github.com/microsoft/Microsoft365DSC/issues/5527)] -* DEPENDENCIES - * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.203. - * Updated MSCloudLoginAssistant to version 1.1.34.' + ReleaseNotes = '* AADConditionalAccessPolicy + * Fixes CA policy deployment errors when deploying policies based for workload identities. + * Fixed DisableResilienceDefaults result + * Add DisableResilienceDefaults false szenario +* AADDeviceRegistrationPolicy + * Fixes an error when trying to disable AAD join. +* AADGroupsNamingPolicy + * Use correct parameter `DesiredValues` given to `Test-M365DSCParameterState`, + contrary to `EXOTenantAllowBlockListItems` these resources are not affected + but we still should use the correct parameter +* AADRoleSetting + * Fixed issue where missing settings object for a role caused errors. + FIXES [#5602](https://github.com/microsoft/Microsoft365DSC/issues/5602) +* AADServicePrincipal + * FIXES [#5549](https://github.com/microsoft/Microsoft365DSC/issues/5549) +* EXOAvailabilityConfig + * Removed dependency on Microsoft Graph to retrieve user information. +* EXODistributionGroup + * Removed dependency on Microsoft Graph to retrieve user information. +* EXOHostedContentFilterPolicy + * Use correct parameter `DesiredValues` given to `Test-M365DSCParameterState`, + contrary to `EXOTenantAllowBlockListItems` these resources are not affected + but we still should use the correct parameter +* EXOTenantAllowBlockListItems + * Fixed `Test-TargetResource` by using the correct parameter `DesiredValues` + given to `Test-M365DSCParameterState` +* EXOTransportRule + * Fix type of `SenderInRecipientList` in schema +* FabricAdminTenantSettings + * Added support for the AllowGetOneLakeUDK, AllowMountDfCreation, AllowOneLakeUDK, + ArtifactOrgAppPreview properties. + * Fix values that have a zero length whitespace character. +* IntuneAppProtectionPolicyiOS + * Fixes [#5589] https://github.com/microsoft/Microsoft365DSC/issues/5589 +* SCAutoSensitivityLabelPolicy + * Use correct parameter `DesiredValues` given to `Test-M365DSCParameterState`, + contrary to `EXOTenantAllowBlockListItems` these resources are not affected + but we still should use the correct parameter +* SCLabelPolicy + * Use correct parameter `DesiredValues` given to `Test-M365DSCParameterState`, + contrary to `EXOTenantAllowBlockListItems` these resources are not affected + but we still should use the correct parameter +* SCSecurityFilter + * Use correct parameter `DesiredValues` given to `Test-M365DSCParameterState`, + contrary to `EXOTenantAllowBlockListItems` these resources are not affected + but we still should use the correct parameter +* SPOSPOBrowserIdleSignout + * Corrected export types where the schema expected a String, but received a different type + FIXES [#5648](https://github.com/microsoft/Microsoft365DSC/issues/5648) +* SPOSharingSettings + * Corrected export types where the schema expected a String, but received a different type + FIXES [#5648](https://github.com/microsoft/Microsoft365DSC/issues/5648) +* M365DSCReport + * Fix missing delimiter when called without the parameter. + FIXES [#5634](https://github.com/microsoft/Microsoft365DSC/issues/5634) + * Add configuration validation to inform about comparisons against empty or invalid configurations. + FIXES [#5658](https://github.com/microsoft/Microsoft365DSC/issues/5658) +* M365DSCTelemetryEngine + * Report LCM details only if running as administrator. +* M365DSCUtil + * In `Test-M365DSCParameterState` try to replace the line endings before + making the comparison otherwise it may fail as it did for a few resources + FIXES [#5648](https://github.com/microsoft/Microsoft365DSC/issues/5648) +* MISC + * Export Performance Improvements + Implements the changes described in [#5615](https://github.com/microsoft/Microsoft365DSC/issues/5615) + Improved resource caching behavior across Intune resources.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index 50d924d40c..839ed51456 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -709,6 +709,7 @@ function New-M365DSCReportFromConfiguration $delimiterParam = [System.Management.Automation.RuntimeDefinedParameter]::New("Delimiter", [System.String], $attributeCollection) $delimiterParam.Value = ';' # default value, comma makes a mess when importing a CSV-file in Excel $paramDictionary.Add("Delimiter", $delimiterParam) + $PSBoundParameters.Add("Delimiter", $delimiterParam.Value) } return $paramDictionary } @@ -2072,8 +2073,12 @@ function Initialize-M365DSCReporting $parsedContent = ConvertTo-DSCObject -Content $fileContent } - return $parsedContent + if ($null -eq $parsedContent) + { + Write-Warning -Message "No configuration found in $ConfigurationPath. Either the configuration was empty or the file was not a valid DSC configuration." + } + return $parsedContent } Export-ModuleMember -Function @( diff --git a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 index a99991adbe..795b7ff6dd 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 @@ -108,14 +108,7 @@ function Add-M365DSCTelemetryEvent { if ($null -eq $Script:M365DSCCurrentRoles -or $Script:M365DSCCurrentRoles.Length -eq 0) { - try - { - Connect-M365Tenant -Workload 'MicrosoftGraph' @Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction SilentlyContinue - } - catch - { - Write-Verbose -Message $_ - } + Connect-M365Tenant -Workload 'MicrosoftGraph' $Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction SilentlyContinue $Script:M365DSCCurrentRoles = @() $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/me?$select=id' @@ -151,7 +144,7 @@ function Add-M365DSCTelemetryEvent { try { - Connect-M365Tenant -Workload 'MicrosoftGraph' @Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction Stop + Connect-M365Tenant -Workload 'MicrosoftGraph' $Global:M365DSCTelemetryConnectionToGraphParams -ErrorAction Stop $Script:M365DSCCurrentRoles = @() $sp = Get-MgServicePrincipal -Filter "AppId eq '$($Global:M365DSCTelemetryConnectionToGraphParams.ApplicationId)'" ` @@ -372,54 +365,63 @@ function Add-M365DSCTelemetryEvent # LCM Metadata Information try { - if ($null -eq $Script:LCMInfo) + if ($null -eq $Script:M365DSCCurrentPrincipalIsAdmin) { - $Script:LCMInfo = Get-DscLocalConfigurationManager -ErrorAction Stop + $currentPrincipal = New-Object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent()) + $Script:M365DSCCurrentPrincipalIsAdmin = $currentPrincipal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator) } - $certificateConfigured = $false - if (-not [System.String]::IsNullOrEmpty($LCMInfo.CertificateID)) + if ($Script:M365DSCCurrentPrincipalIsAdmin) { - $certificateConfigured = $true - } - - $partialConfiguration = $false - if (-not [System.String]::IsNullOrEmpty($Script:LCMInfo.PartialConfigurations)) - { - $partialConfiguration = $true - } - $Data.Add('LCMUsesPartialConfigurations', $partialConfiguration) - $Data.Add('LCMCertificateConfigured', $certificateConfigured) - $Data.Add('LCMConfigurationMode', $Script:LCMInfo.ConfigurationMode) - $Data.Add('LCMConfigurationModeFrequencyMins', $Script:LCMInfo.ConfigurationModeFrequencyMins) - $Data.Add('LCMRefreshMode', $Script:LCMInfo.RefreshMode) - $Data.Add('LCMState', $Script:LCMInfo.LCMState) - $Data.Add('LCMStateDetail', $Script:LCMInfo.LCMStateDetail) - - if ([System.String]::IsNullOrEmpty($Type)) - { - if ($Global:M365DSCExportInProgress) - { - $Type = 'Export' - } - elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is performing a consistency check.' -or ` - $Script:LCMInfo.LCMStateDetail -eq 'LCM exécute une vérification de cohérence.' -or ` - $Script:LCMInfo.LCMStateDetail -eq 'LCM führt gerade eine Konsistenzüberprüfung durch.') + if ($null -eq $Script:LCMInfo) { - $Type = 'MonitoringScheduled' + $Script:LCMInfo = Get-DscLocalConfigurationManager -ErrorAction Stop } - elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is testing node against the configuration.') + + $certificateConfigured = $false + if (-not [System.String]::IsNullOrEmpty($LCMInfo.CertificateID)) { - $Type = 'MonitoringManual' + $certificateConfigured = $true } - elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is applying a new configuration.' -or ` - $Script:LCMInfo.LCMStateDetail -eq 'LCM applique une nouvelle configuration.') + + $partialConfiguration = $false + if (-not [System.String]::IsNullOrEmpty($Script:LCMInfo.PartialConfigurations)) { - $Type = 'ApplyingConfiguration' + $partialConfiguration = $true } - else + $Data.Add('LCMUsesPartialConfigurations', $partialConfiguration) + $Data.Add('LCMCertificateConfigured', $certificateConfigured) + $Data.Add('LCMConfigurationMode', $Script:LCMInfo.ConfigurationMode) + $Data.Add('LCMConfigurationModeFrequencyMins', $Script:LCMInfo.ConfigurationModeFrequencyMins) + $Data.Add('LCMRefreshMode', $Script:LCMInfo.RefreshMode) + $Data.Add('LCMState', $Script:LCMInfo.LCMState) + $Data.Add('LCMStateDetail', $Script:LCMInfo.LCMStateDetail) + + if ([System.String]::IsNullOrEmpty($Type)) { - $Type = 'Undetermined' + if ($Global:M365DSCExportInProgress) + { + $Type = 'Export' + } + elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is performing a consistency check.' -or ` + $Script:LCMInfo.LCMStateDetail -eq 'LCM exécute une vérification de cohérence.' -or ` + $Script:LCMInfo.LCMStateDetail -eq 'LCM führt gerade eine Konsistenzüberprüfung durch.') + { + $Type = 'MonitoringScheduled' + } + elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is testing node against the configuration.') + { + $Type = 'MonitoringManual' + } + elseif ($Script:LCMInfo.LCMStateDetail -eq 'LCM is applying a new configuration.' -or ` + $Script:LCMInfo.LCMStateDetail -eq 'LCM applique une nouvelle configuration.') + { + $Type = 'ApplyingConfiguration' + } + else + { + $Type = 'Undetermined' + } } } } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 76e01728c3..f59acc102a 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -839,16 +839,36 @@ function Test-M365DSCParameterState { 'String' { - if ([string]::IsNullOrEmpty($CurrentValues.$fieldName) ` - -and [string]::IsNullOrEmpty($DesiredValues.$fieldName)) + if (-not [string]::IsNullOrEmpty($CurrentValues.$fieldName)) + { + try + { + $CurrentValues.$fieldName = $CurrentValues.$fieldName.Replace("`r`n", "`n") + } + catch + { + } + } + if (-not [string]::IsNullOrEmpty($DesiredValues.$fieldName)) + { + try + { + $DesiredValues.$fieldName = $DesiredValues.$fieldName.Replace("`r`n", "`n") + } + catch + { + } + } + + if ([string]::IsNullOrEmpty($CurrentValues.$fieldName) -and + [string]::IsNullOrEmpty($DesiredValues.$fieldName)) { } # Align line breaks - elseif (-not [string]::IsNullOrEmpty($CurrentValues.$fieldName) ` - -and -not [string]::IsNullOrEmpty($DesiredValues.$fieldName) ` - -and [string]::Equals($CurrentValues.$fieldName.Replace("`r`n", "`n"), ` - $DesiredValues.$fieldName.Replace("`r`n", "`n"), ` - [System.StringComparison]::Ordinal)) + elseif (-not [string]::IsNullOrEmpty($CurrentValues.$fieldName) -and + -not [string]::IsNullOrEmpty($DesiredValues.$fieldName) -and + [string]::Equals($CurrentValues.$fieldName, $DesiredValues.$fieldName, + [System.StringComparison]::Ordinal)) { } else diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 0df07c2807..abe8ff458d 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -23739,7 +23739,7 @@ "Option": "Write" }, { - "CIMType": "String", + "CIMType": "String[]", "Name": "SenderInRecipientList", "Option": "Write" }, @@ -24028,6 +24028,11 @@ "Name": "AllowExternalDataSharingSwitch", "Option": "Write" }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowGetOneLakeUDK", + "Option": "Write" + }, { "CIMType": "MSFT_FabricTenantSetting", "Name": "AllowFreeTrial", @@ -24043,6 +24048,16 @@ "Name": "AllowGuestUserToAccessSharedContent", "Option": "Write" }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowMountDfCreation", + "Option": "Write" + }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "AllowOneLakeUDK", + "Option": "Write" + }, { "CIMType": "MSFT_FabricTenantSetting", "Name": "AllowPowerBIASDQOnTenant", @@ -24073,6 +24088,11 @@ "Name": "AppPush", "Option": "Write" }, + { + "CIMType": "MSFT_FabricTenantSetting", + "Name": "ArtifactOrgAppPreview", + "Option": "Write" + }, { "CIMType": "MSFT_FabricTenantSetting", "Name": "ArtifactSearchTenant", @@ -27523,6 +27543,126 @@ "Name": "Description", "Option": "Write" }, + { + "CIMType": "String[]", + "Name": "AllowedDataIngestionLocations", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "AllowWidgetContentSync", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AppActionIfAccountIsClockedOut", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AppActionIfUnableToAuthenticateUser", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AppGroupType", + "Option": "Write" + }, + { + "CIMType": "boolean", + "Name": "BlockDataIngestionIntoOrganizationDocuments", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CustomDialerAppProtocol", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "DeployedAppCount", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DialerRestrictionLevel", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ExemptedUniversalLinks", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "GracePeriodToBlockAppsDuringOffClockHours", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "IsAssigned", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "managedUniversalLinks", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MaximumAllowedDeviceThreatLevel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MaximumRequiredOsVersion", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MaximumWarningOsVersion", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MaximumWipeOsVersion", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MessagingRedirectAppUrlScheme", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MinimumWarningSdkVersion", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MobileThreatDefensePartnerPriority", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MobileThreatDefenseRemediationAction", + "Option": "Write" + }, + { + "CIMType": "UInt32", + "Name": "PreviousPinBlockCount", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ProtectedMessagingRedirectAppType", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ThirdPartyKeyboardsBlocked", + "Option": "Write" + }, { "CIMType": "String", "Name": "PeriodOfflineBeforeAccessCheck", @@ -53291,7 +53431,12 @@ { "CIMType": "String", "Name": "RuleDefinition", - "Option": "Required" + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "RuleName", + "Option": "Write" }, { "CIMType": "String", diff --git a/ResourceGenerator/Module.Template.psm1 b/ResourceGenerator/Module.Template.psm1 index 1a58061fe1..f0ae11bb3f 100644 --- a/ResourceGenerator/Module.Template.psm1 +++ b/ResourceGenerator/Module.Template.psm1 @@ -41,7 +41,7 @@ function Get-TargetResource $AccessTokens ) - Write-Verbose -Message "Getting configuration of the with {$} and {$}" + Write-Verbose -Message "Getting configuration for the with {$} and {$}" try { @@ -63,21 +63,33 @@ function Get-TargetResource $nullResult = $PSBoundParameters $nullResult.Ensure = 'Absent' - $getValue = $null<#ResourceGenerator - #region resource generator code - $getValue = -ErrorAction SilentlyContinue - - if ($null -eq $getValue) + $getValue = $null + if (-not $Script:exportedInstance) { - Write-Verbose -Message "Could not find an with {$}" - - if (-not [System.String]::IsNullOrEmpty($)) + <#ResourceGenerator + #region resource generator code + if (-not [System.String]::IsNullOrEmpty($)) { - $getValue = ` - + $getValue = -ErrorAction SilentlyContinue } + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an with {$}" + + if (-not [System.String]::IsNullOrEmpty($)) + { + $getValue = ` + + } + } + #endregionResourceGenerator#> } - #endregionResourceGenerator#> + else + { + $getValue = $Script:exportedInstance + } + if ($null -eq $getValue) { Write-Verbose -Message "Could not find an with {$}." @@ -391,6 +403,7 @@ function Export-TargetResource AccessTokens = $AccessTokens } + $Script:exportedInstance = $config $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 index d603524a7d..b00ef17dec 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 @@ -215,7 +215,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'The app exists and values are already in the desired state' -Fixture { BeforeAll { $testParams = @{ - AppId = 'App1' + AppId = 'b4f08c68-7276-4cb8-b9ae-e75fca5ff834' DisplayName = 'App1' AlternativeNames = 'AlternativeName1', 'AlternativeName2' AccountEnabled = $true diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODistributionGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODistributionGroup.Tests.ps1 index a8d1d20a0b..e1d1a2ec5a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODistributionGroup.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODistributionGroup.Tests.ps1 @@ -123,7 +123,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } - Mock -CommandName Get-MgUser -MockWith { + Mock -CommandName Get-User -MockWith { return @{ UserPrincipalName = 'john.smith@contoso.com' } @@ -189,7 +189,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential } - Mock -CommandName Get-MgUser -MockWith { + Mock -CommandName Get-User -MockWith { return @{ UserPrincipalName = 'john.smith@contoso.com' } @@ -250,7 +250,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential } - Mock -CommandName Get-MgUser -MockWith { + Mock -CommandName Get-User -MockWith { return @{ UserPrincipalName = 'john.smith@contoso.com' } @@ -301,7 +301,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential } - Mock -CommandName Get-MgUser -MockWith { + Mock -CommandName Get-User -MockWith { return @{ UserPrincipalName = 'john.smith@contoso.com' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOGlobalAddressList.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOGlobalAddressList.Tests.ps1 index b6391269c9..5249126b83 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOGlobalAddressList.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOGlobalAddressList.Tests.ps1 @@ -58,13 +58,20 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } Mock -CommandName Get-GlobalAddressList -MockWith { - return @{ + param($Identity) + $return = @{ Name = 'Contoso Different GAL' ConditionalCompany = 'Contoso' ConditionalDepartment = 'Finance' ConditionalStateOrProvince = 'DE' IncludedRecipients = 'AllRecipients' } + if ($Identity -eq $return.Name) { + return $return + } + else { + return $null + } } Mock -CommandName Set-GlobalAddressList -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppConfigurationDevicePolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppConfigurationDevicePolicy.Tests.ps1 index 37b613ff24..d3666158df 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppConfigurationDevicePolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppConfigurationDevicePolicy.Tests.ps1 @@ -334,7 +334,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { AdditionalProperties = @{ appSupportsOemConfig = $True '@odata.type' = "#microsoft.graph.androidManagedStoreAppConfiguration" - payloadJson = "{`"test`":`"value`"}" + payloadJson = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("{`"test`":`"value`"}")) profileApplicability = "default" permissionActions = @( @{ diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 index f9816cfe26..90e6e2a2d3 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 @@ -77,45 +77,73 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name "When the Policy doesn't already exist" -Fixture { BeforeAll { $testParams = @{ - AllowedDataStorageLocations = @('sharePoint') - AllowedInboundDataTransferSources = 'managedApps' - AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' - AllowedOutboundDataTransferDestinations = 'managedApps' - AppDataEncryptionType = 'whenDeviceLocked' - Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') - Assignments = @('6ee86c9f-2b3c-471d-ad38-ff4673ed723e') - ContactSyncBlocked = $False - DataBackupBlocked = $False - Description = '' - DeviceComplianceRequired = $True - DisplayName = 'DSC Policy' - Ensure = 'Present' - ExcludedGroups = @('3eacc231-d77b-4efb-bb5f-310f68bd6198') - FaceIdBlocked = $False - FingerprintBlocked = $False - Credential = $Credential - ManagedBrowser = 'microsoftEdge' - MinimumRequiredAppVersion = '0.2' - MinimumRequiredOSVersion = '0.2' - MinimumRequiredSdkVersion = '0.1' - MinimumWarningAppVersion = '0.1' - MinimumWarningOSVersion = '0.1' - ManagedBrowserToOpenLinksRequired = $True - MaximumPinRetries = 5 - MinimumPinLength = 4 - OrganizationalCredentialsRequired = $False - PeriodBeforePinReset = '90.00:00:00' - PeriodOfflineBeforeAccessCheck = '12:00:00' - PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' - PeriodOnlineBeforeAccessCheck = '00:30:00' - PinCharacterSet = 'alphanumericAndSymbol' - PinRequired = $True - DisableAppPinIfDevicePinIsSet = $False - PrintBlocked = $False - SaveAsBlocked = $True - SimplePinBlocked = $False - Identity = '12345-12345-12345-12345-12345' - TargetedAppManagementLevels = @('unmanaged') + AllowedDataIngestionLocations = @("oneDriveForBusiness","sharePoint","camera"); + AllowedOutboundClipboardSharingExceptionLength = 0; + AllowWidgetContentSync = $True; + AppActionIfDeviceComplianceRequired = "wipe"; + AppActionIfIosDeviceModelNotAllowed = "block"; + AppActionIfUnableToAuthenticateUser = "block"; + AppGroupType = "selectedPublicApps"; + BlockDataIngestionIntoOrganizationDocuments = $True; + CustomBrowserProtocol = "access://open?url=http"; + CustomDialerAppProtocol = "skype"; + DeployedAppCount = 3; + DialerRestrictionLevel = "allApps"; + DisableProtectionOfManagedOutboundOpenInData = $False; + ExemptedUniversalLinks = @("http://facetime.apple.com","http://maps.apple.com","https://facetime.apple.com","https://maps.apple.com"); + FilterOpenInToOnlyManagedApps = $False; + IsAssigned = $True; + ManagedUniversalLinks = @("http://*.appsplatform.us/*","http://*.onedrive.com/*","http://*.powerapps.cn/*"); + MaximumAllowedDeviceThreatLevel = "low"; + MaximumRequiredOsVersion = "1"; + MaximumWarningOsVersion = "1"; + MaximumWipeOsVersion = "1"; + MessagingRedirectAppUrlScheme = "https://www.fakesite.com"; + MobileThreatDefenseRemediationAction = "block"; + NotificationRestriction = "blockOrganizationalData"; + PreviousPinBlockCount = 0; + ProtectedMessagingRedirectAppType = "anyApp"; + ProtectInboundDataFromUnknownSources = $False; + ThirdPartyKeyboardsBlocked = $True; + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + AppDataEncryptionType = 'whenDeviceLocked' + Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') + Assignments = @('6ee86c9f-2b3c-471d-ad38-ff4673ed723e') + ContactSyncBlocked = $False + DataBackupBlocked = $False + Description = '' + DeviceComplianceRequired = $True + DisplayName = 'DSC Policy' + Ensure = 'Present' + ExcludedGroups = @('3eacc231-d77b-4efb-bb5f-310f68bd6198') + FaceIdBlocked = $False + FingerprintBlocked = $False + Credential = $Credential + ManagedBrowser = 'microsoftEdge' + MinimumRequiredAppVersion = '0.2' + MinimumRequiredOSVersion = '0.2' + MinimumRequiredSdkVersion = '0.1' + MinimumWarningAppVersion = '0.1' + MinimumWarningOSVersion = '0.1' + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 5 + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $False + PeriodBeforePinReset = '90.00:00:00' + PeriodOfflineBeforeAccessCheck = '12:00:00' + PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' + PeriodOnlineBeforeAccessCheck = '00:30:00' + PinCharacterSet = 'alphanumericAndSymbol' + PinRequired = $True + DisableAppPinIfDevicePinIsSet = $False + PrintBlocked = $False + SaveAsBlocked = $True + SimplePinBlocked = $False + Identity = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = @('unmanaged') } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtection -MockWith { return $null @@ -139,84 +167,140 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'When the policy already exists and is NOT in the Desired State' -Fixture { BeforeAll { $testParams = @{ - AllowedDataStorageLocations = @('sharePoint') - AllowedInboundDataTransferSources = 'managedApps' - AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' - AllowedOutboundDataTransferDestinations = 'managedApps' - AppDataEncryptionType = 'whenDeviceLocked' - Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') - Assignments = @('6ee86c9f-2b3c-471d-ad38-ff4673ed723e') - ContactSyncBlocked = $False - DataBackupBlocked = $False - Description = '' - DeviceComplianceRequired = $True - DisplayName = 'DSC Policy' - Ensure = 'Present' - ExcludedGroups = @('3eacc231-d77b-4efb-bb5f-310f68bd6198') - FaceIdBlocked = $False - FingerprintBlocked = $False - Credential = $Credential - ManagedBrowser = 'microsoftEdge' - MinimumRequiredAppVersion = '0.2' - MinimumRequiredOSVersion = '0.2' - MinimumRequiredSdkVersion = '0.1' - MinimumWarningAppVersion = '0.1' - MinimumWarningOSVersion = '0.1' - ManagedBrowserToOpenLinksRequired = $False; #Drift - MaximumPinRetries = 5 - MinimumPinLength = 4 - OrganizationalCredentialsRequired = $False - PeriodBeforePinReset = '90.00:00:00' - PeriodOfflineBeforeAccessCheck = '12:00:00' - PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' - PeriodOnlineBeforeAccessCheck = '00:30:00' - PinCharacterSet = 'alphanumericAndSymbol' - PinRequired = $True - DisableAppPinIfDevicePinIsSet = $False - PrintBlocked = $False - SaveAsBlocked = $True - SimplePinBlocked = $False - Identity = '12345-12345-12345-12345-12345' - TargetedAppManagementLevels = @('unmanaged') + AllowedDataIngestionLocations = @("oneDriveForBusiness","sharePoint","camera"); + AllowedOutboundClipboardSharingExceptionLength = 0; + AllowWidgetContentSync = $True; + AppActionIfDeviceComplianceRequired = "wipe"; + AppActionIfIosDeviceModelNotAllowed = "block"; + AppActionIfUnableToAuthenticateUser = "block"; + AppGroupType = "selectedPublicApps"; + BlockDataIngestionIntoOrganizationDocuments = $True; + CustomBrowserProtocol = "access://open?url=http"; + CustomDialerAppProtocol = "skype"; + DeployedAppCount = 3; + DialerRestrictionLevel = "allApps"; + DisableProtectionOfManagedOutboundOpenInData = $False; + ExemptedUniversalLinks = @("http://facetime.apple.com","http://maps.apple.com","https://facetime.apple.com","https://maps.apple.com"); + FilterOpenInToOnlyManagedApps = $False; + IsAssigned = $True; + ManagedUniversalLinks = @("http://*.appsplatform.us/*","http://*.onedrive.com/*","http://*.powerapps.cn/*"); + MaximumAllowedDeviceThreatLevel = "low"; + MaximumRequiredOsVersion = "1"; + MaximumWarningOsVersion = "1"; + MaximumWipeOsVersion = "1"; + MessagingRedirectAppUrlScheme = "https://www.fakesite.com"; + MobileThreatDefenseRemediationAction = "block"; + NotificationRestriction = "blockOrganizationalData"; + PreviousPinBlockCount = 0; + ProtectedMessagingRedirectAppType = "anyApp"; + ProtectInboundDataFromUnknownSources = $False; + ThirdPartyKeyboardsBlocked = $True; + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + AppDataEncryptionType = 'whenDeviceLocked' + Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') + Assignments = @('6ee86c9f-2b3c-471d-ad38-ff4673ed723e') + ContactSyncBlocked = $False + DataBackupBlocked = $False + Description = '' + DeviceComplianceRequired = $True + DisplayName = 'DSC Policy' + Ensure = 'Present' + ExcludedGroups = @('3eacc231-d77b-4efb-bb5f-310f68bd6198') + FaceIdBlocked = $False + FingerprintBlocked = $False + Credential = $Credential + ManagedBrowser = 'microsoftEdge' + MinimumRequiredAppVersion = '0.2' + MinimumRequiredOSVersion = '0.2' + MinimumRequiredSdkVersion = '0.1' + MinimumWarningAppVersion = '0.1' + MinimumWarningOSVersion = '0.1' + ManagedBrowserToOpenLinksRequired = $False; #Drift + MaximumPinRetries = 5 + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $False + PeriodBeforePinReset = '90.00:00:00' + PeriodOfflineBeforeAccessCheck = '12:00:00' + PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' + PeriodOnlineBeforeAccessCheck = '00:30:00' + PinCharacterSet = 'alphanumericAndSymbol' + PinRequired = $True + DisableAppPinIfDevicePinIsSet = $False + PrintBlocked = $False + SaveAsBlocked = $True + SimplePinBlocked = $False + Identity = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = @('unmanaged') } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtection -MockWith { return @{ '@odata.type' = '#microsoft.graph.iosManagedAppProtection' - AllowedDataStorageLocations = @('sharePoint') - AllowedInboundDataTransferSources = 'managedApps' - AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' - AllowedOutboundDataTransferDestinations = 'managedApps' - AppDataEncryptionType = 'whenDeviceLocked' - ContactSyncBlocked = $False - DataBackupBlocked = $False - Description = '' - DeviceComplianceRequired = $True - DisplayName = 'DSC Policy' - FaceIdBlocked = $False - FingerprintBlocked = $False - ManagedBrowser = 'microsoftEdge' - MinimumRequiredAppVersion = '0.2' - MinimumRequiredOSVersion = '0.2' - MinimumRequiredSdkVersion = '0.1' - MinimumWarningAppVersion = '0.1' - MinimumWarningOSVersion = '0.1' - ManagedBrowserToOpenLinksRequired = $True - MaximumPinRetries = 5 - MinimumPinLength = 4 - OrganizationalCredentialsRequired = $False - PeriodBeforePinReset = '90.00:00:00' - PeriodOfflineBeforeAccessCheck = '12:00:00' - PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' - PeriodOnlineBeforeAccessCheck = '00:30:00' - PinCharacterSet = 'alphanumericAndSymbol' - PinRequired = $True - DisableAppPinIfDevicePinIsSet = $False - PrintBlocked = $False - SaveAsBlocked = $True - SimplePinBlocked = $False - id = '12345-12345-12345-12345-12345' - TargetedAppManagementLevels = 'unmanaged' + AllowedDataIngestionLocations = @("oneDriveForBusiness","sharePoint","camera"); + AllowedOutboundClipboardSharingExceptionLength = 0; + AllowWidgetContentSync = $True; + AppActionIfDeviceComplianceRequired = "wipe"; + AppActionIfIosDeviceModelNotAllowed = "block"; + AppActionIfUnableToAuthenticateUser = "block"; + AppGroupType = "selectedPublicApps"; + BlockDataIngestionIntoOrganizationDocuments = $True; + CustomBrowserProtocol = "access://open?url=http"; + CustomDialerAppProtocol = "skype"; + DeployedAppCount = 3; + DialerRestrictionLevel = "allApps"; + DisableProtectionOfManagedOutboundOpenInData = $False; + ExemptedUniversalLinks = @("http://facetime.apple.com","http://maps.apple.com","https://facetime.apple.com","https://maps.apple.com"); + FilterOpenInToOnlyManagedApps = $False; + IsAssigned = $True; + ManagedUniversalLinks = @("http://*.appsplatform.us/*","http://*.onedrive.com/*","http://*.powerapps.cn/*"); + MaximumAllowedDeviceThreatLevel = "low"; + MaximumRequiredOsVersion = "1"; + MaximumWarningOsVersion = "1"; + MaximumWipeOsVersion = "1"; + MessagingRedirectAppUrlScheme = "https://www.fakesite.com"; + MobileThreatDefenseRemediationAction = "block"; + NotificationRestriction = "blockOrganizationalData"; + PreviousPinBlockCount = 0; + ProtectedMessagingRedirectAppType = "anyApp"; + ProtectInboundDataFromUnknownSources = $False; + ThirdPartyKeyboardsBlocked = $True; + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + AppDataEncryptionType = 'whenDeviceLocked' + ContactSyncBlocked = $False + DataBackupBlocked = $False + Description = '' + DeviceComplianceRequired = $True + DisplayName = 'DSC Policy' + FaceIdBlocked = $False + FingerprintBlocked = $False + ManagedBrowser = 'microsoftEdge' + MinimumRequiredAppVersion = '0.2' + MinimumRequiredOSVersion = '0.2' + MinimumRequiredSdkVersion = '0.1' + MinimumWarningAppVersion = '0.1' + MinimumWarningOSVersion = '0.1' + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 5 + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $False + PeriodBeforePinReset = '90.00:00:00' + PeriodOfflineBeforeAccessCheck = '12:00:00' + PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' + PeriodOnlineBeforeAccessCheck = '00:30:00' + PinCharacterSet = 'alphanumericAndSymbol' + PinRequired = $True + DisableAppPinIfDevicePinIsSet = $False + PrintBlocked = $False + SaveAsBlocked = $True + SimplePinBlocked = $False + id = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = 'unmanaged' } } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtectionApp -MockWith { @@ -286,82 +370,138 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { BeforeAll { $testParams = @{ - AllowedDataStorageLocations = @('sharePoint') - AllowedInboundDataTransferSources = 'managedApps' - AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' - AllowedOutboundDataTransferDestinations = 'managedApps' - AppDataEncryptionType = 'whenDeviceLocked' - Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') - ContactSyncBlocked = $False - DataBackupBlocked = $False - Description = '' - DeviceComplianceRequired = $True - DisplayName = 'DSC Policy' - Ensure = 'Present' - FaceIdBlocked = $False - FingerprintBlocked = $False - Credential = $Credential - ManagedBrowser = 'microsoftEdge' - MinimumRequiredAppVersion = '0.2' - MinimumRequiredOsVersion = '0.2' - MinimumRequiredSdkVersion = '0.1' - MinimumWarningAppVersion = '0.1' - MinimumWarningOsVersion = '0.1' - ManagedBrowserToOpenLinksRequired = $True - MaximumPinRetries = 5 - MinimumPinLength = 4 - OrganizationalCredentialsRequired = $False - PeriodBeforePinReset = '90.00:00:00' - PeriodOfflineBeforeAccessCheck = '12:00:00' - PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' - PeriodOnlineBeforeAccessCheck = '00:30:00' - PinCharacterSet = 'alphanumericAndSymbol' - PinRequired = $True - DisableAppPinIfDevicePinIsSet = $False - PrintBlocked = $False - SaveAsBlocked = $True - SimplePinBlocked = $False - Identity = '12345-12345-12345-12345-12345' - TargetedAppManagementLevels = @('unmanaged') + AllowedDataIngestionLocations = @("oneDriveForBusiness","sharePoint","camera"); + AllowedOutboundClipboardSharingExceptionLength = 0; + AllowWidgetContentSync = $True; + AppActionIfDeviceComplianceRequired = "wipe"; + AppActionIfIosDeviceModelNotAllowed = "block"; + AppActionIfUnableToAuthenticateUser = "block"; + AppGroupType = "selectedPublicApps"; + BlockDataIngestionIntoOrganizationDocuments = $True; + CustomBrowserProtocol = "access://open?url=http"; + CustomDialerAppProtocol = "skype"; + DeployedAppCount = 3; + DialerRestrictionLevel = "allApps"; + DisableProtectionOfManagedOutboundOpenInData = $False; + ExemptedUniversalLinks = @("http://facetime.apple.com","http://maps.apple.com","https://facetime.apple.com","https://maps.apple.com"); + FilterOpenInToOnlyManagedApps = $False; + IsAssigned = $True; + ManagedUniversalLinks = @("http://*.appsplatform.us/*","http://*.onedrive.com/*","http://*.powerapps.cn/*"); + MaximumAllowedDeviceThreatLevel = "low"; + MaximumRequiredOsVersion = "1"; + MaximumWarningOsVersion = "1"; + MaximumWipeOsVersion = "1"; + MessagingRedirectAppUrlScheme = "https://www.fakesite.com"; + MobileThreatDefenseRemediationAction = "block"; + NotificationRestriction = "blockOrganizationalData"; + PreviousPinBlockCount = 0; + ProtectedMessagingRedirectAppType = "anyApp"; + ProtectInboundDataFromUnknownSources = $False; + ThirdPartyKeyboardsBlocked = $True; + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + AppDataEncryptionType = 'whenDeviceLocked' + Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') + ContactSyncBlocked = $False + DataBackupBlocked = $False + Description = '' + DeviceComplianceRequired = $True + DisplayName = 'DSC Policy' + Ensure = 'Present' + FaceIdBlocked = $False + FingerprintBlocked = $False + Credential = $Credential + ManagedBrowser = 'microsoftEdge' + MinimumRequiredAppVersion = '0.2' + MinimumRequiredOsVersion = '0.2' + MinimumRequiredSdkVersion = '0.1' + MinimumWarningAppVersion = '0.1' + MinimumWarningOsVersion = '0.1' + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 5 + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $False + PeriodBeforePinReset = '90.00:00:00' + PeriodOfflineBeforeAccessCheck = '12:00:00' + PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' + PeriodOnlineBeforeAccessCheck = '00:30:00' + PinCharacterSet = 'alphanumericAndSymbol' + PinRequired = $True + DisableAppPinIfDevicePinIsSet = $False + PrintBlocked = $False + SaveAsBlocked = $True + SimplePinBlocked = $False + Identity = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = @('unmanaged') } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtection -MockWith { return @{ '@odata.type' = '#microsoft.graph.iosManagedAppProtection' - AllowedDataStorageLocations = @('sharePoint') - AllowedInboundDataTransferSources = 'managedApps' - AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' - AllowedOutboundDataTransferDestinations = 'managedApps' - AppDataEncryptionType = 'whenDeviceLocked' - ContactSyncBlocked = $False - DataBackupBlocked = $False - Description = '' - DeviceComplianceRequired = $True - DisplayName = 'DSC Policy' - FaceIdBlocked = $False - FingerprintBlocked = $False - ManagedBrowser = 'microsoftEdge' - MinimumRequiredAppVersion = '0.2' - MinimumRequiredOsVersion = '0.2' - MinimumRequiredSdkVersion = '0.1' - MinimumWarningAppVersion = '0.1' - MinimumWarningOsVersion = '0.1' - ManagedBrowserToOpenLinksRequired = $True - MaximumPinRetries = 5 - MinimumPinLength = 4 - OrganizationalCredentialsRequired = $False - PeriodBeforePinReset = '90.00:00:00' - PeriodOfflineBeforeAccessCheck = '12:00:00' - PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' - PeriodOnlineBeforeAccessCheck = '00:30:00' - PinCharacterSet = 'alphanumericAndSymbol' - PinRequired = $True - DisableAppPinIfDevicePinIsSet = $False - PrintBlocked = $False - SaveAsBlocked = $True - SimplePinBlocked = $False - id = '12345-12345-12345-12345-12345' - TargetedAppManagementLevels = 'unmanaged' + AllowedDataIngestionLocations = @("oneDriveForBusiness","sharePoint","camera"); + AllowedOutboundClipboardSharingExceptionLength = 0; + AllowWidgetContentSync = $True; + AppActionIfDeviceComplianceRequired = "wipe"; + AppActionIfIosDeviceModelNotAllowed = "block"; + AppActionIfUnableToAuthenticateUser = "block"; + AppGroupType = "selectedPublicApps"; + BlockDataIngestionIntoOrganizationDocuments = $True; + CustomBrowserProtocol = "access://open?url=http"; + CustomDialerAppProtocol = "skype"; + DeployedAppCount = 3; + DialerRestrictionLevel = "allApps"; + DisableProtectionOfManagedOutboundOpenInData = $False; + ExemptedUniversalLinks = @("http://facetime.apple.com","http://maps.apple.com","https://facetime.apple.com","https://maps.apple.com"); + FilterOpenInToOnlyManagedApps = $False; + IsAssigned = $True; + ManagedUniversalLinks = @("http://*.appsplatform.us/*","http://*.onedrive.com/*","http://*.powerapps.cn/*"); + MaximumAllowedDeviceThreatLevel = "low"; + MaximumRequiredOsVersion = "1"; + MaximumWarningOsVersion = "1"; + MaximumWipeOsVersion = "1"; + MessagingRedirectAppUrlScheme = "https://www.fakesite.com"; + MobileThreatDefenseRemediationAction = "block"; + NotificationRestriction = "blockOrganizationalData"; + PreviousPinBlockCount = 0; + ProtectedMessagingRedirectAppType = "anyApp"; + ProtectInboundDataFromUnknownSources = $False; + ThirdPartyKeyboardsBlocked = $True; + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + AppDataEncryptionType = 'whenDeviceLocked' + ContactSyncBlocked = $False + DataBackupBlocked = $False + Description = '' + DeviceComplianceRequired = $True + DisplayName = 'DSC Policy' + FaceIdBlocked = $False + FingerprintBlocked = $False + ManagedBrowser = 'microsoftEdge' + MinimumRequiredAppVersion = '0.2' + MinimumRequiredOsVersion = '0.2' + MinimumRequiredSdkVersion = '0.1' + MinimumWarningAppVersion = '0.1' + MinimumWarningOsVersion = '0.1' + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 5 + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $False + PeriodBeforePinReset = '90.00:00:00' + PeriodOfflineBeforeAccessCheck = '12:00:00' + PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' + PeriodOnlineBeforeAccessCheck = '00:30:00' + PinCharacterSet = 'alphanumericAndSymbol' + PinRequired = $True + DisableAppPinIfDevicePinIsSet = $False + PrintBlocked = $False + SaveAsBlocked = $True + SimplePinBlocked = $False + id = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = 'unmanaged' } } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtectionApp -MockWith { @@ -422,84 +562,140 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { BeforeAll { $testParams = @{ - AllowedDataStorageLocations = @('sharePoint') - AllowedInboundDataTransferSources = 'managedApps' - AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' - AllowedOutboundDataTransferDestinations = 'managedApps' - AppDataEncryptionType = 'whenDeviceLocked' - Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') - Assignments = @('6ee86c9f-2b3c-471d-ad38-ff4673ed723e') - ContactSyncBlocked = $False - DataBackupBlocked = $False - Description = '' - DeviceComplianceRequired = $True - DisplayName = 'DSC Policy' - Ensure = 'Absent' - ExcludedGroups = @('3eacc231-d77b-4efb-bb5f-310f68bd6198') - FaceIdBlocked = $False - FingerprintBlocked = $False - Credential = $Credential - ManagedBrowser = 'microsoftEdge' - MinimumRequiredAppVersion = '0.2' - MinimumRequiredOSVersion = '0.2' - MinimumRequiredSdkVersion = '0.1' - MinimumWarningAppVersion = '0.1' - MinimumWarningOSVersion = '0.1' - ManagedBrowserToOpenLinksRequired = $True - MaximumPinRetries = 5 - MinimumPinLength = 4 - OrganizationalCredentialsRequired = $False - PeriodBeforePinReset = '90.00:00:00' - PeriodOfflineBeforeAccessCheck = '12:00:00' - PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' - PeriodOnlineBeforeAccessCheck = '00:30:00' - PinCharacterSet = 'alphanumericAndSymbol' - PinRequired = $True - DisableAppPinIfDevicePinIsSet = $False - PrintBlocked = $False - SaveAsBlocked = $True - SimplePinBlocked = $False - Identity = '12345-12345-12345-12345-12345' - TargetedAppManagementLevels = @('unmanaged') + AllowedDataIngestionLocations = @("oneDriveForBusiness","sharePoint","camera"); + AllowedOutboundClipboardSharingExceptionLength = 0; + AllowWidgetContentSync = $True; + AppActionIfDeviceComplianceRequired = "wipe"; + AppActionIfIosDeviceModelNotAllowed = "block"; + AppActionIfUnableToAuthenticateUser = "block"; + AppGroupType = "selectedPublicApps"; + BlockDataIngestionIntoOrganizationDocuments = $True; + CustomBrowserProtocol = "access://open?url=http"; + CustomDialerAppProtocol = "skype"; + DeployedAppCount = 3; + DialerRestrictionLevel = "allApps"; + DisableProtectionOfManagedOutboundOpenInData = $False; + ExemptedUniversalLinks = @("http://facetime.apple.com","http://maps.apple.com","https://facetime.apple.com","https://maps.apple.com"); + FilterOpenInToOnlyManagedApps = $False; + IsAssigned = $True; + ManagedUniversalLinks = @("http://*.appsplatform.us/*","http://*.onedrive.com/*","http://*.powerapps.cn/*"); + MaximumAllowedDeviceThreatLevel = "low"; + MaximumRequiredOsVersion = "1"; + MaximumWarningOsVersion = "1"; + MaximumWipeOsVersion = "1"; + MessagingRedirectAppUrlScheme = "https://www.fakesite.com"; + MobileThreatDefenseRemediationAction = "block"; + NotificationRestriction = "blockOrganizationalData"; + PreviousPinBlockCount = 0; + ProtectedMessagingRedirectAppType = "anyApp"; + ProtectInboundDataFromUnknownSources = $False; + ThirdPartyKeyboardsBlocked = $True; + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + AppDataEncryptionType = 'whenDeviceLocked' + Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') + Assignments = @('6ee86c9f-2b3c-471d-ad38-ff4673ed723e') + ContactSyncBlocked = $False + DataBackupBlocked = $False + Description = '' + DeviceComplianceRequired = $True + DisplayName = 'DSC Policy' + Ensure = 'Absent' + ExcludedGroups = @('3eacc231-d77b-4efb-bb5f-310f68bd6198') + FaceIdBlocked = $False + FingerprintBlocked = $False + Credential = $Credential + ManagedBrowser = 'microsoftEdge' + MinimumRequiredAppVersion = '0.2' + MinimumRequiredOSVersion = '0.2' + MinimumRequiredSdkVersion = '0.1' + MinimumWarningAppVersion = '0.1' + MinimumWarningOSVersion = '0.1' + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 5 + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $False + PeriodBeforePinReset = '90.00:00:00' + PeriodOfflineBeforeAccessCheck = '12:00:00' + PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' + PeriodOnlineBeforeAccessCheck = '00:30:00' + PinCharacterSet = 'alphanumericAndSymbol' + PinRequired = $True + DisableAppPinIfDevicePinIsSet = $False + PrintBlocked = $False + SaveAsBlocked = $True + SimplePinBlocked = $False + Identity = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = @('unmanaged') } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtection -MockWith { return @{ - '@odata.type' = '#microsoft.graph.iosManagedAppProtection' - AllowedDataStorageLocations = @('sharePoint') - AllowedInboundDataTransferSources = 'managedApps' - AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' - AllowedOutboundDataTransferDestinations = 'managedApps' - AppDataEncryptionType = 'whenDeviceLocked' - ContactSyncBlocked = $False - DataBackupBlocked = $False - Description = '' - DeviceComplianceRequired = $True - DisplayName = 'DSC Policy' - FaceIdBlocked = $False - FingerprintBlocked = $False - ManagedBrowser = 'microsoftEdge' - MinimumRequiredAppVersion = '0.2' - MinimumRequiredOSVersion = '0.2' - MinimumRequiredSdkVersion = '0.1' - MinimumWarningAppVersion = '0.1' - MinimumWarningOSVersion = '0.1' - ManagedBrowserToOpenLinksRequired = $True - MaximumPinRetries = 5 - MinimumPinLength = 4 - OrganizationalCredentialsRequired = $False - PeriodBeforePinReset = '90.00:00:00' - PeriodOfflineBeforeAccessCheck = '12:00:00' - PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' - PeriodOnlineBeforeAccessCheck = '00:30:00' - PinCharacterSet = 'alphanumericAndSymbol' - PinRequired = $True - DisableAppPinIfDevicePinIsSet = $False - PrintBlocked = $False - SaveAsBlocked = $True - SimplePinBlocked = $False - id = '12345-12345-12345-12345-12345' - TargetedAppManagementLevels = 'unmanaged' + '@odata.type' = '#microsoft.graph.iosManagedAppProtection' + AllowedDataIngestionLocations = @("oneDriveForBusiness","sharePoint","camera"); + AllowedOutboundClipboardSharingExceptionLength = 0; + AllowWidgetContentSync = $True; + AppActionIfDeviceComplianceRequired = "wipe"; + AppActionIfIosDeviceModelNotAllowed = "block"; + AppActionIfUnableToAuthenticateUser = "block"; + AppGroupType = "selectedPublicApps"; + BlockDataIngestionIntoOrganizationDocuments = $True; + CustomBrowserProtocol = "access://open?url=http"; + CustomDialerAppProtocol = "skype"; + DeployedAppCount = 3; + DialerRestrictionLevel = "allApps"; + DisableProtectionOfManagedOutboundOpenInData = $False; + ExemptedUniversalLinks = @("http://facetime.apple.com","http://maps.apple.com","https://facetime.apple.com","https://maps.apple.com"); + FilterOpenInToOnlyManagedApps = $False; + IsAssigned = $True; + ManagedUniversalLinks = @("http://*.appsplatform.us/*","http://*.onedrive.com/*","http://*.powerapps.cn/*"); + MaximumAllowedDeviceThreatLevel = "low"; + MaximumRequiredOsVersion = "1"; + MaximumWarningOsVersion = "1"; + MaximumWipeOsVersion = "1"; + MessagingRedirectAppUrlScheme = "https://www.fakesite.com"; + MobileThreatDefenseRemediationAction = "block"; + NotificationRestriction = "blockOrganizationalData"; + PreviousPinBlockCount = 0; + ProtectedMessagingRedirectAppType = "anyApp"; + ProtectInboundDataFromUnknownSources = $False; + ThirdPartyKeyboardsBlocked = $True; + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + AppDataEncryptionType = 'whenDeviceLocked' + ContactSyncBlocked = $False + DataBackupBlocked = $False + Description = '' + DeviceComplianceRequired = $True + DisplayName = 'DSC Policy' + FaceIdBlocked = $False + FingerprintBlocked = $False + ManagedBrowser = 'microsoftEdge' + MinimumRequiredAppVersion = '0.2' + MinimumRequiredOSVersion = '0.2' + MinimumRequiredSdkVersion = '0.1' + MinimumWarningAppVersion = '0.1' + MinimumWarningOSVersion = '0.1' + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 5 + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $False + PeriodBeforePinReset = '90.00:00:00' + PeriodOfflineBeforeAccessCheck = '12:00:00' + PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' + PeriodOnlineBeforeAccessCheck = '00:30:00' + PinCharacterSet = 'alphanumericAndSymbol' + PinRequired = $True + DisableAppPinIfDevicePinIsSet = $False + PrintBlocked = $False + SaveAsBlocked = $True + SimplePinBlocked = $False + id = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = 'unmanaged' } } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtectionApp -MockWith { @@ -577,40 +773,68 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtection -MockWith { return @{ '@odata.type' = '#microsoft.graph.iosManagedAppProtection' - AllowedDataStorageLocations = @('sharePoint') - AllowedInboundDataTransferSources = 'managedApps' - AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' - AllowedOutboundDataTransferDestinations = 'managedApps' - AppDataEncryptionType = 'whenDeviceLocked' - ContactSyncBlocked = $False - DataBackupBlocked = $False - Description = '' - DeviceComplianceRequired = $True - DisplayName = 'DSC Policy' - FaceIdBlocked = $False - FingerprintBlocked = $False - ManagedBrowser = 'microsoftEdge' - MinimumRequiredAppVersion = '0.2' - MinimumRequiredOSVersion = '0.2' - MinimumRequiredSdkVersion = '0.1' - MinimumWarningAppVersion = '0.1' - MinimumWarningOSVersion = '0.1' - ManagedBrowserToOpenLinksRequired = $True - MaximumPinRetries = 5 - MinimumPinLength = 4 - OrganizationalCredentialsRequired = $False - PeriodBeforePinReset = '90.00:00:00' - PeriodOfflineBeforeAccessCheck = '12:00:00' - PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' - PeriodOnlineBeforeAccessCheck = '00:30:00' - PinCharacterSet = 'alphanumericAndSymbol' - PinRequired = $True - DisableAppPinIfDevicePinIsSet = $False - PrintBlocked = $False - SaveAsBlocked = $True - SimplePinBlocked = $False - id = '12345-12345-12345-12345-12345' - TargetedAppManagementLevels = 'unmanaged' + AllowedDataIngestionLocations = @("oneDriveForBusiness","sharePoint","camera"); + AllowedOutboundClipboardSharingExceptionLength = 0; + AllowWidgetContentSync = $True; + AppActionIfDeviceComplianceRequired = "wipe"; + AppActionIfIosDeviceModelNotAllowed = "block"; + AppActionIfUnableToAuthenticateUser = "block"; + AppGroupType = "selectedPublicApps"; + BlockDataIngestionIntoOrganizationDocuments = $True; + CustomBrowserProtocol = "access://open?url=http"; + CustomDialerAppProtocol = "skype"; + DeployedAppCount = 3; + DialerRestrictionLevel = "allApps"; + DisableProtectionOfManagedOutboundOpenInData = $False; + ExemptedUniversalLinks = @("http://facetime.apple.com","http://maps.apple.com","https://facetime.apple.com","https://maps.apple.com"); + FilterOpenInToOnlyManagedApps = $False; + IsAssigned = $True; + ManagedUniversalLinks = @("http://*.appsplatform.us/*","http://*.onedrive.com/*","http://*.powerapps.cn/*"); + MaximumAllowedDeviceThreatLevel = "low"; + MaximumRequiredOsVersion = "1"; + MaximumWarningOsVersion = "1"; + MaximumWipeOsVersion = "1"; + MessagingRedirectAppUrlScheme = "https://www.fakesite.com"; + MobileThreatDefenseRemediationAction = "block"; + NotificationRestriction = "blockOrganizationalData"; + PreviousPinBlockCount = 0; + ProtectedMessagingRedirectAppType = "anyApp"; + ProtectInboundDataFromUnknownSources = $False; + ThirdPartyKeyboardsBlocked = $True; + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + AppDataEncryptionType = 'whenDeviceLocked' + ContactSyncBlocked = $False + DataBackupBlocked = $False + Description = '' + DeviceComplianceRequired = $True + DisplayName = 'DSC Policy' + FaceIdBlocked = $False + FingerprintBlocked = $False + ManagedBrowser = 'microsoftEdge' + MinimumRequiredAppVersion = '0.2' + MinimumRequiredOSVersion = '0.2' + MinimumRequiredSdkVersion = '0.1' + MinimumWarningAppVersion = '0.1' + MinimumWarningOSVersion = '0.1' + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 5 + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $False + PeriodBeforePinReset = '90.00:00:00' + PeriodOfflineBeforeAccessCheck = '12:00:00' + PeriodOfflineBeforeWipeIsEnforced = '90.00:00:00' + PeriodOnlineBeforeAccessCheck = '00:30:00' + PinCharacterSet = 'alphanumericAndSymbol' + PinRequired = $True + DisableAppPinIfDevicePinIsSet = $False + PrintBlocked = $False + SaveAsBlocked = $True + SimplePinBlocked = $False + id = '12345-12345-12345-12345-12345' + TargetedAppManagementLevels = 'unmanaged' } } Mock -CommandName Get-MgBetaDeviceAppManagementiosManagedAppProtectionApp -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.Tests.ps1 index 39c8c9f38f..4b6915bd2d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.Tests.ps1 @@ -296,35 +296,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } } } - - Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicySetting -MockWith { - return @{ - Id = 0 - SettingDefinitions = $null - SettingInstance = @{ - SettingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' - SettingInstanceTemplateReference = @{ - SettingInstanceTemplateId = 'd770fcd1-62cd-4217-9b20-9ee2a12062ff' - } - AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' - groupSettingCollectionValue = @(@{ - children = @( - @{ - "@odata.type" = "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance" - "settingDefinitionId" = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware" - "choiceSettingValue" = @{ - "@odata.type" = "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue" - "value" = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware_block" - } - } - ) - }) - } - } - AdditionalProperties = $null - } - } } It 'Should Reverse Engineer resource from the Export method' { diff --git a/Tests/Unit/Stubs/Generic.psm1 b/Tests/Unit/Stubs/Generic.psm1 index 7d18926ab1..24744131f2 100644 --- a/Tests/Unit/Stubs/Generic.psm1 +++ b/Tests/Unit/Stubs/Generic.psm1 @@ -207,6 +207,68 @@ function New-MGServicePrincipal ) } +function Get-MgServicePrincipalOwner +{ + [CmdletBinding()] + param( + [Parameter()] + [String] + $ServicePrincipalId, + + [Parameter()] + [String[]] + $ExpandProperty, + + [Parameter()] + [String] + $Filter, + + [Parameter()] + [String[]] + $Property, + + [Parameter()] + [String] + $Search, + + [Parameter()] + [Int32] + $Skip, + + [Parameter()] + [String[]] + $Sort, + + [Parameter()] + [Int32] + $Top, + + [Parameter()] + [String] + $ConsistencyLevel, + + [Parameter()] + [String] + $ResponseHeadersVariable, + + [Parameter()] + [hashtable] + $Headers, + + [Parameter()] + [Int32] + $PageSize, + + [Parameter()] + [switch] + $All, + + [Parameter()] + [String] + $CountVariable + ) +} + function New-MgBetaRoleManagementDirectoryRoleDefinition { [CmdletBinding()] @@ -737,7 +799,9 @@ function Get-GlobalAddressList [OutputType([System.Collections.Hashtable])] param ( - + [Parameter()] + [System.String] + $Identity ) } diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index fae2f3e556..fd4e223e19 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -50200,6 +50200,75 @@ function Get-MgUserLicenseDetail $HttpPipelineAppend ) } +function Get-MgUserMemberOfAsGroup +{ + [CmdletBinding()] + param( + [Parameter()] + [String] + $UserId, + + [Parameter()] + [String] + $DirectoryObjectId, + + [Parameter()] + [Object] + $InputObject, + + [Parameter()] + [String[]] + $ExpandProperty, + + [Parameter()] + [String[]] + $Property, + + [Parameter()] + [String] + $Filter, + + [Parameter()] + [String] + $Search, + + [Parameter()] + [Int32] + $Skip, + + [Parameter()] + [String[]] + $Sort, + + [Parameter()] + [Int32] + $Top, + + [Parameter()] + [String] + $ConsistencyLevel, + + [Parameter()] + [String] + $ResponseHeadersVariable, + + [Parameter()] + [hashtable] + $Headers, + + [Parameter()] + [Int32] + $PageSize, + + [Parameter()] + [switch] + $All, + + [Parameter()] + [String] + $CountVariable + ) +} function New-MgUser { [CmdletBinding()] @@ -105845,3 +105914,170 @@ function Update-MgPolicyRoleManagementPolicyRule } #endregion +#region Microsoft.Graph.Sites +function Get-MgAdminSharepointSetting +{ + [CmdletBinding()] + param + ( + [Parameter()] + [String[]] + $ExpandProperty, + + [Parameter()] + [String[]] + $Property, + + [Parameter()] + [String] + $ResponseHeadersVariable, + + [Parameter()] + [hashtable] + $Headers + ) +} +function Update-MgAdminSharepointSetting +{ + [CmdletBinding()] + param + ( + [Parameter()] + [Object] + $BodyParameter, + + [Parameter()] + [String] + $ResponseHeadersVariable, + + [Parameter()] + [Hashtable] + $AdditionalProperties, + + [Parameter()] + [String[]] + $AllowedDomainGuidsForSyncApp, + + [Parameter()] + [String[]] + $AvailableManagedPathsForSiteCreation, + + [Parameter()] + [Int32] + $DeletedUserPersonalSiteRetentionPeriodInDays, + + [Parameter()] + [String[]] + $ExcludedFileExtensionsForSyncApp, + + [Parameter()] + [String] + $Id, + + [Parameter()] + [Object] + $IdleSessionSignOut, + + [Parameter()] + [String] + $ImageTaggingOption, + + [Parameter()] + [switch] + $IsCommentingOnSitePagesEnabled, + + [Parameter()] + [switch] + $IsFileActivityNotificationEnabled, + + [Parameter()] + [switch] + $IsLegacyAuthProtocolsEnabled, + + [Parameter()] + [switch] + $IsLoopEnabled, + + [Parameter()] + [switch] + $IsMacSyncAppEnabled, + + [Parameter()] + [switch] + $IsRequireAcceptingUserToMatchInvitedUserEnabled, + + [Parameter()] + [switch] + $IsResharingByExternalUsersEnabled, + + [Parameter()] + [switch] + $IsSharePointMobileNotificationEnabled, + + [Parameter()] + [switch] + $IsSharePointNewsfeedEnabled, + + [Parameter()] + [switch] + $IsSiteCreationEnabled, + + [Parameter()] + [switch] + $IsSiteCreationUiEnabled, + + [Parameter()] + [switch] + $IsSitePagesCreationEnabled, + + [Parameter()] + [switch] + $IsSitesStorageLimitAutomatic, + + [Parameter()] + [switch] + $IsSyncButtonHiddenOnPersonalSite, + + [Parameter()] + [switch] + $IsUnmanagedSyncAppForTenantRestricted, + + [Parameter()] + [Int64] + $PersonalSiteDefaultStorageLimitInMb, + + [Parameter()] + [String[]] + $SharingAllowedDomainList, + + [Parameter()] + [String[]] + $SharingBlockedDomainList, + + [Parameter()] + [String] + $SharingCapability, + + [Parameter()] + [String] + $SharingDomainRestrictionMode, + + [Parameter()] + [String] + $SiteCreationDefaultManagedPath, + + [Parameter()] + [Int32] + $SiteCreationDefaultStorageLimitInMb, + + [Parameter()] + [String] + $TenantDefaultTimezone, + + [Parameter()] + [hashtable] + $Headers + ) +} + +#endregion diff --git a/docs/docs/resources/exchange/EXOTransportRule.md b/docs/docs/resources/exchange/EXOTransportRule.md index 16270f8937..166d79f8c3 100644 --- a/docs/docs/resources/exchange/EXOTransportRule.md +++ b/docs/docs/resources/exchange/EXOTransportRule.md @@ -156,7 +156,7 @@ | **SenderADAttributeMatchesPatterns** | Write | StringArray[] | The SenderADAttributeMatchesPatterns parameter specifies a condition that looks for text patterns in Active Directory attributes of message senders by using regular expressions. | | | **SenderAddressLocation** | Write | String | The SenderAddressLocation parameter specifies where to look for sender addresses in conditions and exceptions that examine sender email addresses. | `Header`, `Envelope`, `HeaderOrEnvelope` | | **SenderDomainIs** | Write | StringArray[] | The SenderDomainIs parameter specifies a condition that looks for senders with email address in the specified domains. | | -| **SenderInRecipientList** | Write | String | This parameter is reserved for internal Microsoft use. | | +| **SenderInRecipientList** | Write | StringArray[] | This parameter is reserved for internal Microsoft use. | | | **SenderIpRanges** | Write | StringArray[] | The SenderIpRanges parameter specifies a condition that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges. | | | **SenderManagementRelationship** | Write | String | The SenderManagementRelationship parameter specifies a condition that looks for the relationship between the sender and recipients in messages. | `Manager`, `DirectReport` | | **SentTo** | Write | StringArray[] | The SentTo parameter specifies a condition that looks for recipients in messages. | | diff --git a/docs/docs/resources/fabric/FabricAdminTenantSettings.md b/docs/docs/resources/fabric/FabricAdminTenantSettings.md index 01041f2bb0..e728cbc140 100644 --- a/docs/docs/resources/fabric/FabricAdminTenantSettings.md +++ b/docs/docs/resources/fabric/FabricAdminTenantSettings.md @@ -17,15 +17,19 @@ | **AllowEndorsementMasterDataSwitch** | Write | MSFT_FabricTenantSetting | Endorse master data (preview) | | | **AllowExternalDataSharingReceiverSwitch** | Write | MSFT_FabricTenantSetting | Users can accept external data shares (preview) | | | **AllowExternalDataSharingSwitch** | Write | MSFT_FabricTenantSetting | External data sharing (preview) | | +| **AllowGetOneLakeUDK** | Write | MSFT_FabricTenantSetting | Use short-lived user-delegated SAS tokens (preview). | | | **AllowFreeTrial** | Write | MSFT_FabricTenantSetting | Users can try Microsoft Fabric paid features | | | **AllowGuestLookup** | Write | MSFT_FabricTenantSetting | Users can see guest users in lists of suggested people | | | **AllowGuestUserToAccessSharedContent** | Write | MSFT_FabricTenantSetting | Guest users can access Microsoft Fabric | | +| **AllowMountDfCreation** | Write | MSFT_FabricTenantSetting | Users can create and use ADF Mount items (preview). | | +| **AllowOneLakeUDK** | Write | MSFT_FabricTenantSetting | Authenticate with OneLake user-delegated SAS tokens (preview). | | | **AllowPowerBIASDQOnTenant** | Write | MSFT_FabricTenantSetting | Allow DirectQuery connections to Power BI semantic models | | | **AllowSendAOAIDataToOtherRegions** | Write | MSFT_FabricTenantSetting | Data sent to Azure OpenAI can be processed outside your capacity's geographic region, compliance boundary, or national cloud instance | | | **AllowSendNLToDaxDataToOtherRegions** | Write | MSFT_FabricTenantSetting | Allow user data to leave their geography | | | **AllowServicePrincipalsCreateAndUseProfiles** | Write | MSFT_FabricTenantSetting | Allow service principals to create and use profiles | | | **AllowServicePrincipalsUseReadAdminAPIs** | Write | MSFT_FabricTenantSetting | Service principals can access read-only admin APIs | | | **AppPush** | Write | MSFT_FabricTenantSetting | Push apps to end users | | +| **ArtifactOrgAppPreview** | Write | MSFT_FabricTenantSetting | Users can discover and create org apps (preview). | | | **ArtifactSearchTenant** | Write | MSFT_FabricTenantSetting | Use global search for Power BI | | | **ASCollectQueryTextTelemetryTenantSwitch** | Write | MSFT_FabricTenantSetting | Microsoft can store query text to aid in support investigations | | | **ASShareableCloudConnectionBindingSecurityModeTenant** | Write | MSFT_FabricTenantSetting | Enable granular access control for all data connections | | diff --git a/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md b/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md index d35a55f973..b7ff3ff2cf 100644 --- a/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md +++ b/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md @@ -7,6 +7,30 @@ | **DisplayName** | Key | String | Display name of the iOS App Protection Policy. | | | **Identity** | Write | String | Identity of the iOS App Protection Policy. | | | **Description** | Write | String | Description of the iOS App Protection Policy. | | +| **AllowedDataIngestionLocations** | Write | StringArray[] | Data storage locations where a user may store managed data. Inherited from managedAppProtection. | | +| **AllowWidgetContentSync** | Write | Boolean | Indicates if content sync for widgets is allowed for iOS on App Protection Policies. | | +| **AppActionIfAccountIsClockedOut** | Write | String | Defines a managed app behavior, either block or warn, if the user is clocked out (non-working time). | `block`, `wipe`, `warn`, `blockWhenSettingIsSupported` | +| **AppActionIfUnableToAuthenticateUser** | Write | String | If set, it will specify what action to take in the case where the user is unable to checkin because their authentication token is invalid. This happens when the user is deleted or disabled in AAD. . | `block`, `wipe`, `warn`, `blockWhenSettingIsSupported` | +| **AppGroupType** | Write | String | Public Apps selection: group or individual Inherited from targetedManagedAppProtection. | `selectedPublicApps`, `allCoreMicrosoftApps`, `allMicrosoftApps`, `allApps` | +| **BlockDataIngestionIntoOrganizationDocuments** | Write | Boolean | Indicates whether a user can bring data into org documents. | | +| **CustomDialerAppProtocol** | Write | String | Protocol of a custom dialer app to click-to-open a phone number on iOS, for example, skype:. | | +| **DeployedAppCount** | Write | UInt32 | Count of apps to which the current policy is deployed. | | +| **DialerRestrictionLevel** | Write | String | The classes of dialer apps that are allowed to click-to-open a phone number. | `allApps`, `managedApps`, `customApp`, `blocked` | +| **ExemptedUniversalLinks** | Write | StringArray[] | A list of custom urls that are allowed to invocate an unmanaged app. | | +| **GracePeriodToBlockAppsDuringOffClockHours** | Write | String | A grace period before blocking app access during off clock hours. | | +| **IsAssigned** | Write | Boolean | Indicates if the policy is deployed to any inclusion groups or not. | | +| **managedUniversalLinks** | Write | StringArray[] | A list of custom urls that are allowed to invocate a managed app. | | +| **MaximumAllowedDeviceThreatLevel** | Write | String | Maximum allowed device threat level, as reported by the MTD app Inherited from managedAppProtection. | `notConfigured`, `secured`, `low`, `medium`, `high` | +| **MaximumRequiredOsVersion** | Write | String | Versions bigger than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection. | | +| **MaximumWarningOsVersion** | Write | String | Versions bigger than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection. | | +| **MaximumWipeOsVersion** | Write | String | Versions bigger than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection. | | +| **MessagingRedirectAppUrlScheme** | Write | String | When a specific app redirection is enforced by protectedMessagingRedirectAppType in an App Protection Policy, this value defines the app url redirect schemes which are allowed to be used. | | +| **MinimumWarningSdkVersion** | Write | String | Versions less than the specified version will result in warning message on the managed app from accessing company data. | | +| **MobileThreatDefensePartnerPriority** | Write | String | Indicates how to prioritize which Mobile Threat Defense (MTD) partner is enabled for a given platform, when more than one is enabled. An app can only be actively using a single Mobile Threat Defense partner. When NULL, Microsoft Defender will be given preference. Otherwise setting the value to defenderOverThirdPartyPartner or thirdPartyPartnerOverDefender will make explicit which partner to prioritize. | `defenderOverThirdPartyPartner`, `thirdPartyPartnerOverDefender`, `unknownFutureValue` | +| **MobileThreatDefenseRemediationAction** | Write | String | Determines what action to take if the mobile threat defense threat threshold isn't met. Warn isn't a supported value for this property Inherited from managedAppProtection. | `block`, `wipe`, `warn`, `blockWhenSettingIsSupported` | +| **PreviousPinBlockCount** | Write | UInt32 | Requires a pin to be unique from the number specified in this property. Inherited from managedAppProtection. | | +| **ProtectedMessagingRedirectAppType** | Write | String | Defines how app messaging redirection is protected by an App Protection Policy. Default is anyApp. Inherited from managedAppProtection. | `anyApp`, `anyManagedApp`, `specificApps`, `blocked` | +| **ThirdPartyKeyboardsBlocked** | Write | Boolean | Defines if third party keyboards are allowed while accessing a managed app. | | | **PeriodOfflineBeforeAccessCheck** | Write | String | The period after which access is checked when the device is not connected to the internet. | | | **PeriodOnlineBeforeAccessCheck** | Write | String | The period after which access is checked when the device is connected to the internet. | | | **AllowedInboundDataTransferSources** | Write | String | Sources from which data is allowed to be transferred. Possible values are: allApps, managedApps, none. | `allApps`, `managedApps`, `none` |