Merge pull request #1861 from microsoft/Dev

CHANGELOG.md

@@ -1,5 +1,20 @@
 # Change log for Microsoft365DSC
 
+# 1.22.406.1
+
+* EXOMalwareFilterPolicy
+  * Add support for property QuarantineTag
+* PPTenantIsolationSettings
+  * New resource
+* MISC
+  * Updated Convert-M365DscHashtableToString function to also convert
+    Arrays and CimInstances to string.
+  * Updated permissions in settings.json files.
+* DEPENDENCIES
+  * Updated Microsoft.PowerApps.Administration.PowerShell to 2.0.144.
+  * Updated MicrosoftTeams to 4.1.0.
+  * Updated PnP.PowerShell to 1.10.0.
+
 # 1.22.323.1
 
 * EXOAuthenticationPolicy

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/settings.json

@@ -4,9 +4,6 @@
     "permissions": [
         {
             "read": [
-                {
-                    "name": "Agreement.Read.All"
-                },
                 {
                     "name": "DeviceManagementApps.Read.All"
                 },

Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleDefinition/settings.json

@@ -4,8 +4,20 @@
     "permissions": [
         {
             "read": [
+                {
+                    "name": "Directory.AccessAsUser.All"
+                },
+                {
+                    "name": "Directory.Read.All"
+                },
+                {
+                    "name": "Directory.ReadWrite.All"
+                },
                 {
                     "name": "RoleManagement.Read.Directory"
+                },
+                {
+                    "name": "RoleManagement.ReadWrite.Directory"
                 }
             ],
             "update": [

Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxPlan/settings.json

@@ -1,10 +1,10 @@
 {
-  "resourceName": "EXOMailboxPlan",
-  "description": "",
-  "permissions": [
-    {
-      "read": [],
-      "update": []
-    }
-  ]
+    "resourceName": "EXOMailboxPlan",
+    "description": "",
+    "permissions": [
+        {
+            "read": [],
+            "update": []
+        }
+    ]
 }

Modules/Microsoft365DSC/DSCResources/MSFT_EXOMalwareFilterPolicy/MSFT_EXOMalwareFilterPolicy.psm1

@@ -85,6 +85,10 @@ function Get-TargetResource
         [System.Boolean]
         $MakeDefault,
 
+        [Parameter()]
+        [System.String]
+        $QuarantineTag,
+
         [Parameter()]
         [System.Boolean]
         $ZapEnabled,
@@ -188,6 +192,7 @@ function Get-TargetResource
                 ExternalSenderAdminAddress             = $MalwareFilterPolicy.ExternalSenderAdminAddress
                 FileTypes                              = $MalwareFilterPolicy.FileTypes
                 InternalSenderAdminAddress             = $MalwareFilterPolicy.InternalSenderAdminAddress
+                QuarantineTag                          = $MalwareFilterPolicy.QuarantineTag
                 MakeDefault                            = $MalwareFilterPolicy.IsDefault
                 ZapEnabled                             = $MalwareFilterPolicy.ZapEnabled
                 Credential                             = $Credential
@@ -316,6 +321,10 @@ function Set-TargetResource
         [System.Boolean]
         $MakeDefault,
 
+        [Parameter()]
+        [System.String]
+        $QuarantineTag,
+
         [Parameter()]
         [System.Boolean]
         $ZapEnabled,
@@ -488,6 +497,10 @@ function Test-TargetResource
         [System.Boolean]
         $MakeDefault,
 
+        [Parameter()]
+        [System.String]
+        $QuarantineTag,
+
         [Parameter()]
         [System.Boolean]
         $ZapEnabled,

Modules/Microsoft365DSC/DSCResources/MSFT_EXOMalwareFilterPolicy/MSFT_EXOMalwareFilterPolicy.schema.mof

@@ -22,6 +22,7 @@ class MSFT_EXOMalwareFilterPolicy : OMI_BaseResource
     [Write, Description("The FileTypes parameter specifies the file types that are automatically blocked by common attachment blocking (also known as the Common Attachment Types Filter), regardless of content.")] String FileTypes[];
     [Write, Description("The InternalSenderAdminAddress parameter specifies the email address of the administrator who will receive notification messages for malware detections in messages from internal senders.")] String InternalSenderAdminAddress;
     [Write, Description("MakeDefault makes this malware filter policy the default policy. Valid values are: $true, $false.")] Boolean MakeDefault;
+    [Write, Description("The QuarantineTag specifies the quarantine policy that's used on messages that are quarantined as malware.")] String QuarantineTag;
     [Write, Description("The ZapEnabled parameter enables or disables zero-hour auto purge (ZAP) for malware. ZAP detects malware in unread messages that have already been delivered to the user's Inbox. Valid values are: $true, $false.")] Boolean ZapEnabled;
     [Write, Description("Specifies if this MalwareFilterPolicy should exist."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
     [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;

Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportConfig/settings.json

@@ -1,10 +1,10 @@
 {
-  "resourceName": "EXOTransportConfig",
-  "description": "",
-  "permissions": [
-    {
-      "read": [],
-      "update": []
-    }
-  ]
+    "resourceName": "EXOTransportConfig",
+    "description": "",
+    "permissions": [
+        {
+            "read": [],
+            "update": []
+        }
+    ]
 }

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/readme.md

@@ -1,4 +1,4 @@
 
-# IntuneDeviceConfigurationPolicyiOS
+# IntuneAppProtectionPolicyiOS
 
-This resource configures an Intune device configuration profile for an iOS Device.
+This resource configures an Intune app protection policy for an iOS Device.

Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/settings.json

@@ -1,6 +1,6 @@
 {
-    "resourceName": "IntuneDeviceConfigurationPolicyiOS",
-    "description": "This resource configures an Intune device configuration profile for an iOS Device.",
+    "resourceName": "IntuneAppProtectionPolicyiOS",
+    "description": "This resource configures an Intune app protection policy for an iOS Device.",
     "permissions": [
         {
             "read": [

Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/settings.json

@@ -26,7 +26,56 @@
                     "name": "GroupMember.ReadWrite.All"
                 }
             ],
-            "update": []
+            "update": [
+                {
+                    "name": "DeviceManagementApps.Read.All"
+                },
+                {
+                    "name": "DeviceManagementApps.ReadWrite.All"
+                },
+                {
+                    "name": "DeviceManagementManagedDevices.Read.All"
+                },
+                {
+                    "name": "DeviceManagementManagedDevices.ReadWrite.All"
+                },
+                {
+                    "name": "DeviceManagementServiceConfig.Read.All"
+                },
+                {
+                    "name": "DeviceManagementServiceConfig.ReadWrite.All"
+                },
+                {
+                    "name": "Directory.AccessAsUser.All"
+                },
+                {
+                    "name": "Directory.Read.All"
+                },
+                {
+                    "name": "Directory.ReadWrite.All"
+                },
+                {
+                    "name": "Group.Read.All"
+                },
+                {
+                    "name": "Group.ReadWrite.All"
+                },
+                {
+                    "name": "GroupMember.Read.All"
+                },
+                {
+                    "name": "GroupMember.ReadWrite.All"
+                },
+                {
+                    "name": "User.Read.All"
+                },
+                {
+                    "name": "User.ReadBasic.All"
+                },
+                {
+                    "name": "User.ReadWrite.All"
+                }
+            ]
         }
     ]
 }