diff --git a/CHANGELOG.md b/CHANGELOG.md index d8c8952a7b..67ee8001c0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,28 @@ # Change log for Microsoft365DSC +# UNRELEASED + +# 1.24.1211.1 + +* AADApplication + * Changed logic to remove all permissions when an empty array is specified. + FIXES [#5534](https://github.com/microsoft/Microsoft365DSC/issues/5534) +* AADFeatureRolloutPolicy + * Fixed policy retrieval + FIXES [#5521](https://github.com/microsoft/Microsoft365DSC/issues/5521) +* IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile + * Fixing issue with the way the QrCodeImage property was exported and handled. +* IntuneFirewallPolicyWindows10 + * Fix export of properties that appear multiple times in subsections. +* M365DSCDRGUtil + * Improve settings catalog handling for nested objects. +* M365DSCResourceGenerator + * Fixes an issue with nested object creation. +* MISC + * Migrate `MSCloudLoginAssistant` authentication context access to cmdlets. +* DEPENDENCIES + * Updated MSCloudLoginAssistant to version 1.1.29. + # 1.24.1204.1 * All resources @@ -29,8 +52,14 @@ FIXES [#5296](https://github.com/microsoft/Microsoft365DSC/issues/5296) * EXOTransportRule * Fixed conditional logic for creation and update. +* PPPowerAppsEnvironmant + * Fixed [[#5508](https://github.com/microsoft/Microsoft365DSC/issues/5508)] * IntuneTrustedRootCertificateIOS * Initial release +* IntuneVPNConfigurationPolicyAndroidDeviceOwner + * Initial release +* IntuneVPNConfigurationPolicyAndroidEnterprise + * Initial release * IntuneVPNConfigurationPolicyIOS * Initial release. * M365DSCRuleEvaluation @@ -40,7 +69,8 @@ * MISC * M365DSCDRGUtil * Add separate check for strings with ordinal comparison and standardized line breaks. - + * M365DSCReport + * Add support for creating report in CSV-format # 1.24.1127.1 @@ -379,7 +409,7 @@ selected * Fixed retrieval of resource when it cannot be found by `Id` * Added a few verbose messages -* IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile +* IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile * Initial release. * IntuneEndpointDetectionAndResponsePolicyWindows10 * Fixes an issue with `AutoFromConnector` as the Configuration package type. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 index 3aa77cfbdb..f888d5f7ea 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 @@ -272,7 +272,7 @@ function Set-TargetResource $updateJSON = ConvertTo-Json $updateParameters Write-Verbose -Message "Updating the Entra Id Admin Consent Request Policy with values: $updateJSON" - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/adminConsentRequestPolicy' + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/adminConsentRequestPolicy' Invoke-MgGraphRequest -Method 'PUT' ` -Uri $Uri ` -Body $updateJSON | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 184a4d6c9c..104f0d3693 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -188,7 +188,7 @@ function Get-TargetResource foreach ($auMember in $auMembers) { $member = @{} - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auMember.Id)" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryobjects/$($auMember.Id)" $memberObject = Invoke-MgGraphRequest -Uri $url if ($memberObject.'@odata.type' -match 'user') { @@ -233,7 +233,7 @@ function Get-TargetResource } } Write-Verbose -Message "AU {$DisplayName} verify RoleMemberInfo.Id {$($auScopedRoleMember.RoleMemberInfo.Id)}" - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)" $memberObject = Invoke-MgGraphRequest -Uri $url Write-Verbose -Message "AU {$DisplayName} @odata.Type={$($memberObject.'@odata.type')}" if (($memberObject.'@odata.type') -match 'user') @@ -563,7 +563,7 @@ function Set-TargetResource foreach ($member in $memberSpecification) { Write-Verbose -Message "Adding new dynamic member {$($member.Id)}" - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($member.Type)/$($member.Id)" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($member.Type)/$($member.Id)" $memberBodyParam = @{ '@odata.id' = $url } @@ -657,7 +657,7 @@ function Set-TargetResource { Write-Verbose -Message "AdministrativeUnit {$DisplayName} Adding member {$($diff.Identity)}, type {$($diff.Type)}" - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$memberType/$($memberObject.Id)" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$memberType/$($memberObject.Id)" $memberBodyParam = @{ '@odata.id' = $url } @@ -789,7 +789,7 @@ function Set-TargetResource Write-Verbose -Message "Removing AU {$DisplayName}" # Workaround since Remove-MgBetaDirectoryAdministrativeUnit is not working with 2.11.1 # https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/2529 - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)" Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null #Remove-MgBetaDirectoryAdministrativeUnit -AdministrativeUnitId $currentInstance.Id } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 index f60e307747..7e2297c501 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 @@ -391,7 +391,7 @@ function Get-TargetResource try { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/applications/$($AADBetaApp.Id)/onPremisesPublishing" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/applications/$($AADBetaApp.Id)/onPremisesPublishing" $oppInfo = Invoke-MgGraphRequest -Method GET ` -Uri $Uri ` -ErrorAction SilentlyContinue @@ -931,7 +931,7 @@ function Set-TargetResource { $Type = 'directoryObjects' } - $ObjectUri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/{0}/{1}' -f $Type, $diff.InputObject + $ObjectUri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/{0}/{1}' -f $Type, $diff.InputObject $ownerObject = @{ '@odata.id' = $ObjectUri } @@ -975,72 +975,81 @@ function Set-TargetResource } } - if ($needToUpdatePermissions -and -not [System.String]::IsNullOrEmpty($Permissions) -and $Permissions.Length -gt 0) + if ($needToUpdatePermissions -and $null -ne $Permissions) { Write-Verbose -Message "Will update permissions for Azure AD Application {$($currentAADApp.DisplayName)}" - $allSourceAPIs = $Permissions.SourceAPI | Select-Object -Unique - $allRequiredAccess = @() - foreach ($sourceAPI in $allSourceAPIs) + if ($Permissions.Length -eq 0) { - Write-Verbose -Message "Adding permissions for API {$($sourceAPI)}" - $permissionsForcurrentAPI = $Permissions | Where-Object -FilterScript { $_.SourceAPI -eq $sourceAPI } - $apiPrincipal = Get-MgServicePrincipal -Filter "DisplayName eq '$($sourceAPI)'" - $currentAPIAccess = @{ - ResourceAppId = $apiPrincipal.AppId - ResourceAccess = @() - } - foreach ($permission in $permissionsForcurrentAPI) + Write-Verbose -Message "Desired set of permissions is empty, removing all permissions on the app." + $allRequiredAccess = @() + } + else + { + $allSourceAPIs = $Permissions.SourceAPI | Select-Object -Unique + $allRequiredAccess = @() + + foreach ($sourceAPI in $allSourceAPIs) { - if ($permission.Type -eq 'Delegated') + Write-Verbose -Message "Adding permissions for API {$($sourceAPI)}" + $permissionsForcurrentAPI = $Permissions | Where-Object -FilterScript { $_.SourceAPI -eq $sourceAPI } + $apiPrincipal = Get-MgServicePrincipal -Filter "DisplayName eq '$($sourceAPI)'" + $currentAPIAccess = @{ + ResourceAppId = $apiPrincipal.AppId + ResourceAccess = @() + } + foreach ($permission in $permissionsForcurrentAPI) { - $scope = $apiPrincipal.Oauth2PermissionScopes | Where-Object -FilterScript { $_.Value -eq $permission.Name } - $scopeId = $null - if ($null -eq $scope) + if ($permission.Type -eq 'Delegated') { - $ObjectGuid = [System.Guid]::empty - if ([System.Guid]::TryParse($permission.Name, [System.Management.Automation.PSReference]$ObjectGuid)) + $scope = $apiPrincipal.Oauth2PermissionScopes | Where-Object -FilterScript { $_.Value -eq $permission.Name } + $scopeId = $null + if ($null -eq $scope) { - $scopeId = $permission.Name + $ObjectGuid = [System.Guid]::empty + if ([System.Guid]::TryParse($permission.Name, [System.Management.Automation.PSReference]$ObjectGuid)) + { + $scopeId = $permission.Name + } } - } - else - { - $scopeId = $scope.Id - } - Write-Verbose -Message "Adding Delegated Permission {$($scopeId)}" - $delPermission = @{ - Id = $scopeId - Type = 'Scope' - } - $currentAPIAccess.ResourceAccess += $delPermission - } - elseif ($permission.Type -eq 'AppOnly') - { - $role = $apiPrincipal.AppRoles | Where-Object -FilterScript { $_.Value -eq $permission.Name } - $roleId = $null - if ($null -eq $role) - { - $ObjectGuid = [System.Guid]::empty - if ([System.Guid]::TryParse($permission.Name, [System.Management.Automation.PSReference]$ObjectGuid)) + else { - $roleId = $permission.Name + $scopeId = $scope.Id } + Write-Verbose -Message "Adding Delegated Permission {$($scopeId)}" + $delPermission = @{ + Id = $scopeId + Type = 'Scope' + } + $currentAPIAccess.ResourceAccess += $delPermission } - else + elseif ($permission.Type -eq 'AppOnly') { - $roleId = $role.Id - } - $appPermission = @{ - Id = $roleId - Type = 'Role' + $role = $apiPrincipal.AppRoles | Where-Object -FilterScript { $_.Value -eq $permission.Name } + $roleId = $null + if ($null -eq $role) + { + $ObjectGuid = [System.Guid]::empty + if ([System.Guid]::TryParse($permission.Name, [System.Management.Automation.PSReference]$ObjectGuid)) + { + $roleId = $permission.Name + } + } + else + { + $roleId = $role.Id + } + $appPermission = @{ + Id = $roleId + Type = 'Role' + } + $currentAPIAccess.ResourceAccess += $appPermission } - $currentAPIAccess.ResourceAccess += $appPermission } - } - if ($null -ne $currentAPIAccess) - { - $allRequiredAccess += $currentAPIAccess + if ($null -ne $currentAPIAccess) + { + $allRequiredAccess += $currentAPIAccess + } } } @@ -1143,7 +1152,7 @@ function Set-TargetResource $onPremisesPayload = ConvertTo-Json $onPremisesPublishingValue -Depth 10 -Compress Write-Verbose -Message "Updating the OnPremisesPublishing settings for application {$($currentAADApp.DisplayName)} with payload: $onPremisesPayload" - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/applications/$($currentAADApp.Id)/onPremisesPublishing" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/applications/$($currentAADApp.Id)/onPremisesPublishing" Invoke-MgGraphRequest -Method 'PATCH' ` -Uri $Uri ` -Body $onPremisesPayload @@ -1298,9 +1307,15 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters - if ($CurrentValues.Permissions.Length -gt 0 -and $null -ne $CurrentValues.Permissions.Name -and $Permissions.Name.Length -gt 0) + if ($CurrentValues.Permissions.Length -gt 0 -and ` + $null -ne $CurrentValues.Permissions.Name) { - $permissionsDiff = Compare-Object -ReferenceObject ($CurrentValues.Permissions.Name) -DifferenceObject ($Permissions.Name) + $differenceObject = $Permissions.Name + if ($null -eq $differenceObject) + { + $differenceObject = @() + } + $permissionsDiff = Compare-Object -ReferenceObject ($CurrentValues.Permissions.Name) -DifferenceObject $differenceObject $driftedParams = @{} if ($null -ne $permissionsDiff) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyExternal/MSFT_AADAuthenticationMethodPolicyExternal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyExternal/MSFT_AADAuthenticationMethodPolicyExternal.psm1 index ecd65ce44b..e5412c6fed 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyExternal/MSFT_AADAuthenticationMethodPolicyExternal.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyExternal/MSFT_AADAuthenticationMethodPolicyExternal.psm1 @@ -96,7 +96,7 @@ function Get-TargetResource } else { - $response = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') + $response = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') $getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } } } @@ -334,7 +334,7 @@ function Set-TargetResource { Write-Verbose -Message "Updating the Azure AD Authentication Method Policy External with name {$($currentInstance.displayName)}" - $response = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') + $response = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') $getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript { $_.displayName -eq $currentInstance.displayName } $params.Remove('displayName') | Out-Null @@ -347,7 +347,7 @@ function Set-TargetResource { Write-Verbose -Message "Removing the Azure AD Authentication Method Policy External with Id {$($currentInstance.displayName)}" - $response = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') + $response = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') $getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript { $_.displayName -eq $currentInstance.displayName } Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $getValue.Id @@ -539,7 +539,7 @@ function Export-TargetResource { #region resource generator code $desiredType = '#microsoft.graph.externalAuthenticationMethodConfiguration' - $getPolicy = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') + $getPolicy = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/') $getValue = $getPolicy.AuthenticationMethodConfigurations | Where-Object -FilterScript { $_.'@odata.type' -eq $desiredType } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 index a858c0fc4d..bb76b820b1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 @@ -62,7 +62,7 @@ function Get-TargetResource $nullResult = $PSBoundParameters $getValue = $null - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements" $getValue = Invoke-MgGraphRequest -Method Get -Uri $url if ($null -eq $getValue) @@ -155,7 +155,7 @@ function Set-TargetResource #endregion $currentInstance = Get-TargetResource @PSBoundParameters - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements" $params = @{} if ($PerUserMfaState -eq 'enabled' -and $currentInstance.PerUserMfaState -eq 'disabled') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index d7e0d55a4e..7f81b5de49 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -1457,7 +1457,7 @@ function Set-TargetResource if ($currentParameters.ContainsKey('ServicePrincipalFilterMode') -and $currentParameters.ContainsKey('ServicePrincipalFilterRule')) { #check if the custom attribute exist. - $customattribute = Invoke-MgGraphRequest -Method GET -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/directory/customSecurityAttributeDefinitions') + $customattribute = Invoke-MgGraphRequest -Method GET -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/directory/customSecurityAttributeDefinitions') $ServicePrincipalFilterRule -match 'CustomSecurityAttribute.(?<attribute>.*) -.*' $attrinrule = $matches.attribute if ($customattribute.value.id -contains $attrinrule) @@ -1817,7 +1817,7 @@ function Set-TargetResource { Write-Verbose -Message "Updating existing policy with values: $(Convert-M365DscHashtableToString -Hashtable $NewParameters)" - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/conditionalAccess/policies/$($currentPolicy.Id)" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identity/conditionalAccess/policies/$($currentPolicy.Id)" Invoke-MgGraphRequest -Method PATCH -Uri $Uri -Body $NewParameters } catch @@ -1841,7 +1841,7 @@ function Set-TargetResource { try { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identity/conditionalAccess/policies' + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/identity/conditionalAccess/policies' Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $NewParameters } catch diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 index 70c85ef25f..5a427827ca 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 @@ -428,7 +428,7 @@ function Set-TargetResource } } } - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/deviceRegistrationPolicy' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/deviceRegistrationPolicy' Write-Verbose -Message "Updating Device Registration Policy with payload:`r`n$(ConvertTo-Json $updateParameters -Depth 10)" Invoke-MgGraphRequest -Method PUT -Uri $uri -Body $updateParameters } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1 index 3b82984982..d6ec9888e5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1 @@ -176,7 +176,7 @@ function Set-TargetResource } } $body = ConvertTo-Json $values -Depth 10 -Compress - Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/networkAccess/settings/enrichedAuditLogs') -Method PATCH -Body $body + Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/networkAccess/settings/enrichedAuditLogs') -Method PATCH -Body $body } function Test-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 index 2ef5d6db5a..8a3aa932e3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 @@ -355,7 +355,7 @@ function Set-TargetResource foreach ($incompatibleAccessPackage in $IncompatibleAccessPackages) { $ref = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage" } New-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef ` @@ -368,7 +368,7 @@ function Set-TargetResource foreach ($IncompatibleGroup in $IncompatibleGroups) { $ref = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/groups/$IncompatibleGroup" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/groups/$IncompatibleGroup" } New-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef ` @@ -485,7 +485,7 @@ function Set-TargetResource foreach ($incompatibleAccessPackage in $toBeAdded.InputObject) { $ref = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage" } New-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef ` @@ -522,7 +522,7 @@ function Set-TargetResource { $ref = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/groups/$incompatibleGroup" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/groups/$incompatibleGroup" } New-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 index 1e50576601..dbc861052d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 @@ -436,7 +436,7 @@ function Set-TargetResource } Write-Verbose -Message "Create Parameters: $(Convert-M365DscHashtableToString -Hashtable $CreateParameters)" $TenantIdValue = $CreateParameters.IdentitySources.TenantId - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/tenantRelationships/microsoft.graph.findTenantInformationByTenantId(tenantId='$TenantIdValue')" + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/tenantRelationships/microsoft.graph.findTenantInformationByTenantId(tenantId='$TenantIdValue')" $DomainName = (Invoke-MgGraphRequest -Method 'GET' -Uri $url).defaultDomainName $newConnectedOrganization = New-MgBetaEntitlementManagementConnectedOrganization -Description $CreateParameters.Description -DisplayName $CreateParameters.DisplayName -State $CreateParameters.State -DomainName $DomainName @@ -446,7 +446,7 @@ function Set-TargetResource $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 $directoryObjectRef = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" } New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef ` @@ -459,7 +459,7 @@ function Set-TargetResource $directoryObject = Get-MgBetaDirectoryObject -DirectoryObjectId $sponsor $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 $directoryObjectRef = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" } New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef ` @@ -515,7 +515,7 @@ function Set-TargetResource $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 $directoryObjectRef = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" } New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef ` @@ -553,7 +553,7 @@ function Set-TargetResource $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type' $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1 $directoryObjectRef = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)" } New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 index 26944c5c3c..68edefd6e3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 @@ -98,10 +98,7 @@ function Get-TargetResource { $getValue = Get-MgBetaPolicyFeatureRolloutPolicy ` -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.FeatureRolloutPolicy' - } + -ErrorAction SilentlyContinue } } #endregion diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1 index 47bd688e1b..ba7d827343 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1 @@ -102,7 +102,7 @@ function Get-TargetResource } else { - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation' $instances = Invoke-MgGraphRequest $uri -Method Get if (-not [System.String]::IsNullOrEmpty($Id)) { @@ -256,7 +256,7 @@ function Set-TargetResource # CREATE if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation' Write-Verbose -Message "Creating federation configuration {$DisplayName}" $body = ConvertTo-Json $instanceParams -Depth 10 -Compress Invoke-MgGraphRequest -Uri $uri -Method POST -Body $body @@ -264,7 +264,7 @@ function Set-TargetResource # UPDATE elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/$currentInstance.Id' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/$currentInstance.Id' Write-Verbose -Message "Updating federation configuration {$DisplayName}" $body = ConvertTo-Json $instanceParams -Depth 10 -Compress Invoke-MgGraphRequest -Uri $uri -Method PATCH -Body $body @@ -272,7 +272,7 @@ function Set-TargetResource # REMOVE elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/$currentInstance.Id' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/$currentInstance.Id' Write-Verbose -Message "Removing federation configuration {$DisplayName}" Invoke-MgGraphRequest -Uri $uri -Method DELETE } @@ -431,7 +431,7 @@ function Export-TargetResource try { $Script:ExportMode = $true - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation' [array] $Script:exportedInstances = Invoke-MgGraphRequest $uri -Method Get $i = 1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 538b67f9f6..780169150e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -266,7 +266,7 @@ function Get-TargetResource # Licenses $assignedLicensesValues = $null - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/groups/$($Group.Id)/assignedLicenses" + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/groups/$($Group.Id)/assignedLicenses" $assignedLicensesRequest = Invoke-MgGraphRequest -Method 'GET' ` -Uri $uri @@ -689,7 +689,7 @@ function Set-TargetResource { Write-Verbose -Message "Adding new owner {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}" $ownerObject = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" } try { @@ -751,7 +751,7 @@ function Set-TargetResource { Write-Verbose -Message "Adding new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}" $memberObject = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" } New-MgGroupMemberByRef -GroupId ($currentGroup.Id) -BodyParameter $memberObject | Out-Null } @@ -759,7 +759,7 @@ function Set-TargetResource { Write-Verbose -Message "Removing new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}" $memberObject = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" } Remove-MgGroupMemberDirectoryObjectByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($directoryObject.Id) | Out-Null } @@ -809,7 +809,7 @@ function Set-TargetResource { Write-Verbose -Message "Adding AAD group {$($groupAsMember.DisplayName)} as member of AAD group {$($currentGroup.DisplayName)}" $groupAsMemberObject = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($groupAsMember.Id)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/$($groupAsMember.Id)" } New-MgBetaGroupMemberByRef -GroupId ($currentGroup.Id) -Body $groupAsMemberObject | Out-Null } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 index c0973a0bee..68ef0c9491 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 @@ -269,7 +269,7 @@ function Set-TargetResource foreach ($provider in $IdentityProviders) { $params = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identityProviders/$($provider)" } Write-Verbose -Message "Adding the Identity Provider with Id {$provider} to the newly created Azure AD Identity B2X User Flow with Id {$($newObj.Id)}" @@ -318,7 +318,7 @@ function Set-TargetResource { $getConnector = Get-MgBetaIdentityApiConnector -Filter "DisplayName eq '$($ApiConnectorConfiguration.postFederationSignupConnectorName)'" $params = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)" } Write-Verbose -Message "Updating the Post Federation Signup connector for Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}" @@ -330,7 +330,7 @@ function Set-TargetResource { $getConnector = Get-MgBetaIdentityApiConnector -Filter "DisplayName eq '$($ApiConnectorConfiguration.postAttributeCollectionConnectorName)'" $params = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)" } Write-Verbose -Message "Updating the Post Attribute Collection connector for Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}" @@ -344,7 +344,7 @@ function Set-TargetResource foreach ($provider in $providersToAdd) { $params = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identityProviders/$($provider)" } Write-Verbose -Message "Adding the Identity Provider with Id {$provider} to the Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1 index bdc8f788a7..3758dbb64b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1 @@ -59,7 +59,7 @@ function Get-TargetResource $nullResult = $PSBoundParameters try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identityProtection/policy' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/identityProtection/policy' $instance = Invoke-MgGraphRequest -Method Get -Uri $url if ($null -eq $instance) @@ -153,7 +153,7 @@ function Set-TargetResource $updateJSON = ConvertTo-Json $updateParameters Write-Verbose -Message "Updating the AAD Identity Protection Policy settings with values: $updateJSON" - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identityProtection/policy' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/identityProtection/policy' Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $updateJSON } @@ -283,7 +283,7 @@ function Export-TargetResource { $Script:ExportMode = $true - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identityProtection/policy' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/identityProtection/policy' [array] $Script:exportedInstances = Invoke-MgGraphRequest -Method Get -Uri $url $i = 1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 index 7a1aab4d46..abd58c3f0c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 @@ -315,7 +315,7 @@ function Set-TargetResource Write-Verbose -Message "Creating New AAD Named Location {$Displayname)} with attributes: $VerboseAttributes" $JSONValue = ConvertTo-Json $desiredValues | Out-String Write-Verbose -Message "JSON: $JSONValue" - $APIUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/identity/conditionalAccess/namedLocations' + $APIUrl = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/identity/conditionalAccess/namedLocations' Invoke-MgGraphRequest -Method POST ` -Uri $APIUrl ` -Body $JSONValue | Out-Null @@ -330,7 +330,7 @@ function Set-TargetResource Write-Verbose -Message "Updating AAD Named Location {$Displayname)} with attributes: $VerboseAttributes" $JSONValue = ConvertTo-Json $desiredValues | Out-String Write-Verbose -Message "JSON: $JSONValue" - $APIUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/identity/conditionalAccess/namedLocations/$($currentAADNamedLocation.Id)" + $APIUrl = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/identity/conditionalAccess/namedLocations/$($currentAADNamedLocation.Id)" Invoke-MgGraphRequest -Method PATCH ` -Uri $APIUrl ` -Body $JSONValue | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1 index 4233abf5fa..60713f2585 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1 @@ -221,7 +221,7 @@ function Set-TargetResource rules = $rulesParam } - Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/networkAccess/forwardingPolicies/$($currentPolicy.ID)/updatePolicyRules") -Method Post -Body $updateParams + Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/networkAccess/forwardingPolicies/$($currentPolicy.ID)/updatePolicyRules") -Method Post -Body $updateParams } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1 index 87c5b715b6..c73a60ed8f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1 @@ -59,7 +59,7 @@ function Get-TargetResource $nullResult = $PSBoundParameters try { - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/onPremisesPublishingProfiles('applicationProxy')" + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/onPremisesPublishingProfiles('applicationProxy')" $instance = Invoke-MgGraphRequest -Uri $uri -Method Get if ($null -eq $instance) { @@ -151,7 +151,7 @@ function Set-TargetResource isEnabled = $IsEnabled } $body = ConvertTo-Json $settings - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/onPremisesPublishingProfiles('applicationProxy')" + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/onPremisesPublishingProfiles('applicationProxy')" Invoke-MgGraphRequest -Uri $uri -Method PATCH -Body $Body | Out-Null } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1 index f0bb93c5de..109cc8b9a6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1 @@ -201,7 +201,7 @@ function Set-TargetResource # Delete the old configuration Write-Verbose -Message 'Removing the current Azure AD Organization Certificate Based Auth Configuration.' - Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/$CertificateBasedAuthConfigurationId") -Method DELETE + Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/$CertificateBasedAuthConfigurationId") -Method DELETE if ($Ensure -eq 'Present') { @@ -225,7 +225,7 @@ function Set-TargetResource certificateAuthorities = $createCertAuthorities } - $policy = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/") -Method POST -Body $params + $policy = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/") -Method POST -Body $params } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 index d18a49b234..09860c448d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 @@ -267,7 +267,7 @@ function Set-TargetResource '@context' = '#$delta' value = @(@{}) } - Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params + Invoke-MgGraphRequest -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params #adding forwarding profiles if required if ($forwardingProfilesList.Count -gt 0) @@ -276,7 +276,7 @@ function Set-TargetResource '@context' = '#$delta' value = $forwardingProfilesList } - Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params + Invoke-MgGraphRequest -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params } } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 index dea562de05..0ec87681ed 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 @@ -237,7 +237,7 @@ function Get-TargetResource } [Array]$complexDelegatedPermissionClassifications = @() - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/servicePrincipals/$($AADServicePrincipal.Id)/delegatedPermissionClassifications" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/servicePrincipals/$($AADServicePrincipal.Id)/delegatedPermissionClassifications" $permissionClassifications = Invoke-MgGraphRequest -Uri $Uri -Method Get foreach ($permissionClassification in $permissionClassifications.Value) { @@ -553,7 +553,7 @@ function Set-TargetResource { $userInfo = Get-MgUser -UserId $owner $body = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($userInfo.Id)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/$($userInfo.Id)" } Write-Verbose -Message "Adding new owner {$owner}" $newOwner = New-MgServicePrincipalOwnerByRef -ServicePrincipalId $newSP.Id -BodyParameter $body @@ -568,7 +568,7 @@ function Set-TargetResource classification = $permissionClassification.Classification permissionName = $permissionClassification.permissionName } - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/servicePrincipals(appId='$($currentParameters.AppId)')/delegatedPermissionClassifications" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/servicePrincipals(appId='$($currentParameters.AppId)')/delegatedPermissionClassifications" Invoke-MgGraphRequest -Uri $Uri -Method Post -Body $params } } @@ -601,7 +601,7 @@ function Set-TargetResource $CSAParams = @{ customSecurityAttributes = $currentAADServicePrincipal.CustomSecurityAttributes } - Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/servicePrincipals(appId='$($currentParameters.AppId)')") -Method Patch -Body $CSAParams + Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/servicePrincipals(appId='$($currentParameters.AppId)')") -Method Patch -Body $CSAParams } Update-MgServicePrincipal -ServicePrincipalId $currentAADServicePrincipal.ObjectID @currentParameters @@ -709,7 +709,7 @@ function Set-TargetResource if ($diff.SideIndicator -eq '=>') { $body = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($userInfo.Id)" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/$($userInfo.Id)" } Write-Verbose -Message "Adding owner {$($userInfo.Id)}" New-MgServicePrincipalOwnerByRef -ServicePrincipalId $currentAADServicePrincipal.ObjectId ` @@ -728,7 +728,7 @@ function Set-TargetResource if ($null -ne $DelegatedPermissionClassifications) { # removing old perm classifications - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/servicePrincipals(appId='$($currentParameters.AppId)')/delegatedPermissionClassifications" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/servicePrincipals(appId='$($currentParameters.AppId)')/delegatedPermissionClassifications" $permissionClassificationList = Invoke-MgGraphRequest -Uri $Uri -Method Get foreach ($permissionClassification in $permissionClassificationList.Value) { @@ -1250,7 +1250,7 @@ function Get-CustomSecurityAttributes [String]$ServicePrincipalId ) - $customSecurityAttributes = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/servicePrincipals/$($ServicePrincipalId)`?`$select=customSecurityAttributes") -Method Get + $customSecurityAttributes = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/servicePrincipals/$($ServicePrincipalId)`?`$select=customSecurityAttributes") -Method Get $customSecurityAttributes = $customSecurityAttributes.customSecurityAttributes $newCustomSecurityAttributes = @() diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1 index 841db686a5..8da0f80edd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1 @@ -568,7 +568,7 @@ function Invoke-M365DSCVerifiedIdWebRequest ) $headers = @{ - Authorization = $Global:MSCloudLoginConnectionProfile.AdminAPI.AccessToken + Authorization = (Get-MSCloudLoginConnectionProfile -Workload AdminAPI).AccessToken 'Content-Type' = 'application/json' } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1 index 798db5e0fb..0ff063c803 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1 @@ -915,7 +915,7 @@ function Invoke-M365DSCVerifiedIdWebRequest ) $headers = @{ - Authorization = $Global:MSCloudLoginConnectionProfile.AdminAPI.AccessToken + Authorization = (Get-MSCloudLoginConnectionProfile -Workload AdminAPI).AccessToken 'Content-Type' = 'application/json' } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 index 2198e9fce0..467f46d674 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 @@ -342,7 +342,7 @@ function Export-TargetResource try { $headers = @{ - Authorization = $Global:MSCloudLoginConnectionProfile.AdminAPI.AccessToken + Authorization = (Get-MSCloudLoginConnectionProfile -Workload AdminAPI).AccessToken } $uri = 'https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities' $response = Invoke-WebRequest -Uri $uri -Method Get -Headers $headers diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/settings.json index ea3b134fe1..e2cda87a9c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/settings.json @@ -15,6 +15,20 @@ "read": [], "update": [] } + }, + "WindowsDefenderATP":{ + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [ + "Machine.Read.All" + ], + "update": [ + "Machine.ReadWrite.All" + ] + } } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 index fd2489cdf2..8563e58c42 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 @@ -382,12 +382,12 @@ function Set-TargetResource } while (-not $testResults -and $retries -gt 0) # Need to force reconnect to Exchange for the new permissions to kick in. - if ($null -ne $Global:MSCloudLoginConnectionProfile.ExchangeOnline) + if ($null -ne (Get-MSCloudLoginConnectionProfile -Workload ExchangeOnline)) { Write-Verbose -Message 'Waiting for 20 seconds for new permissions to be effective.' Start-Sleep 20 Write-Verbose -Message 'Disconnecting from Exchange Online' - $Global:MSCloudLoginConnectionProfile.ExchangeOnline.Disconnect() + Reset-MSCloudLoginConnectionProfileContext } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 index c8230fed2e..c5594b62f9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 @@ -574,7 +574,7 @@ function Get-TargetResource } else { - $uri = $global:MsCloudLoginConnectionProfile.Fabric.HostUrl + '/v1/admin/tenantsettings' + $uri = (Get-MSCloudLoginConnectionProfile -Workload Fabric).HostUrl + '/v1/admin/tenantsettings' $instance = Invoke-M365DSCFabricWebRequest -Uri $uri -Method 'GET' } if ($null -eq $instance) @@ -1941,7 +1941,7 @@ function Export-TargetResource try { $Script:ExportMode = $true - $uri = $global:MsCloudLoginConnectionProfile.Fabric.HostUrl + '/v1/admin/tenantsettings' + $uri = (Get-MSCloudLoginConnectionProfile -Workload Fabric).HostUrl + '/v1/admin/tenantsettings' [array] $Script:exportedInstances = Invoke-M365DSCFabricWebRequest -Uri $uri -Method 'GET' if ($null -ne $Global:M365DSCExportResourceInstancesCount) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 index 7c11b42a97..c6f59d5c4d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 @@ -551,7 +551,7 @@ function Set-TargetResource #Update-MgBetaDeviceManagementIntent does not support updating the property settings #Update-MgBetaDeviceManagementIntentSetting only support updating a single setting at a time #Using Rest to reduce the number of calls - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/intents/$($currentPolicy.Identity)/updateSettings" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/intents/$($currentPolicy.Identity)/updateSettings" $body = @{'settings' = $settings } Invoke-MgGraphRequest -Method POST -Uri $Uri -Body ($body | ConvertTo-Json -Depth 20) -ContentType 'application/json' 4> $null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 index c6bb81224f..ba9f0795c9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 @@ -452,7 +452,7 @@ function Set-TargetResource #Update-MgBetaDeviceManagementIntentSetting only support updating a single setting at a time #Using Rest to reduce the number of calls - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/intents/$($currentPolicy.Identity)/updateSettings" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/intents/$($currentPolicy.Identity)/updateSettings" $body = @{'settings' = $settings } Invoke-MgGraphRequest -Method POST -Uri $Uri -Body ($body | ConvertTo-Json -Depth 20) -ContentType 'application/json' 4> $null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 index d0fbc61d7e..72b5ef5b63 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 @@ -1336,7 +1336,7 @@ function Get-IntuneAppProtectionPolicyiOSAssignment try { - $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assignments" + $Url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assignments" $response = Invoke-MgGraphRequest -Method Get ` -Uri $Url return $response.value @@ -1367,7 +1367,7 @@ function Update-IntuneAppProtectionPolicyiOSAssignment ) try { - $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assign" + $Url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assign" $body = ($Assignments | ConvertTo-Json -Depth 20 -Compress) Write-Verbose -Message "Group Assignment for iOS App Protection policy with JSON payload {$Url}: `r`n$body" Invoke-MgGraphRequest -Method POST ` @@ -1401,7 +1401,7 @@ function Update-IntuneAppProtectionPolicyiOSApp try { - $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/targetApps" + $Url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/targetApps" # Write-Verbose -Message "Group Assignment for iOS App Protection policy with JSON payload: `r`n$JSONContent" Invoke-MgGraphRequest -Method POST ` -Uri $Url ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 index c5b4c9199c..b05929a5a0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 @@ -225,7 +225,7 @@ function Set-TargetResource $consentInstance = Get-MgBetaDeviceManagementDataSharingConsent -DataSharingConsentId 'appleMDMPushCertificate' If ($consentInstance.Granted -eq $False) { - Invoke-MgGraphRequest -Method POST -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/dataSharingConsents/appleMDMPushCertificate/consentToDataSharing') -Headers @{ 'Content-Type' = 'application/json' } + Invoke-MgGraphRequest -Method POST -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/dataSharingConsents/appleMDMPushCertificate/consentToDataSharing') -Headers @{ 'Content-Type' = 'application/json' } } else { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 index 8f3ac88c57..c9c5895ece 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 @@ -78,7 +78,7 @@ function Get-TargetResource try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' $cleanupRule = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop $return = @{ @@ -188,7 +188,7 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' $body = @{ DeviceInactivityBeforeRetirementInDays = "$(if ($Enabled) { $DeviceInactivityBeforeRetirementInDays } else { 0 })" } @@ -340,7 +340,7 @@ function Export-TargetResource try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings' [array]$cleanupRules = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop $i = 1 $dscContent = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index 0d5fa40465..3d9afb7b6d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -424,7 +424,7 @@ function Set-TargetResource { $value = $presentationValue.clone() $value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename - $value.add('presentation@odata.bind', $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.add('presentation@odata.bind', (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") $value.remove('PresentationDefinitionId') $value.remove('PresentationDefinitionLabel') $value.remove('id') @@ -432,7 +432,7 @@ function Set-TargetResource } } $complexDefinitionValue = @{ - 'definition@odata.bind' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + 'definition@odata.bind' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" enabled = $definitionValue.Enabled presentationValues = $complexPresentationValues } @@ -520,7 +520,7 @@ function Set-TargetResource { $value = $presentationValue.clone() $value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename - $value.add('presentation@odata.bind', "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.add('presentation@odata.bind', "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") $value.remove('PresentationDefinitionId') $value.remove('PresentationDefinitionLabel') $value.remove('id') @@ -528,7 +528,7 @@ function Set-TargetResource } } $complexDefinitionValue = @{ - 'definition@odata.bind' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + 'definition@odata.bind' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" enabled = $definitionValue.Enabled presentationValues = $complexPresentationValues } @@ -554,7 +554,7 @@ function Set-TargetResource $currentPresentationValue = $currentDefinitionValue.PresentationValues | Where-Object { $_.PresentationDefinitionId -eq $presentationValue.presentationDefinitionId } $value = $presentationValue.clone() $value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename - $value.add('presentation@odata.bind', "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.add('presentation@odata.bind', "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") $value.remove('PresentationDefinitionId') $value.remove('PresentationDefinitionLabel') $value.remove('id') @@ -564,7 +564,7 @@ function Set-TargetResource } $complexDefinitionValue = @{ id = $currentDefinitionValue.Id - 'definition@odata.bind' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + 'definition@odata.bind' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" enabled = $definitionValue.Enabled presentationValues = $complexPresentationValues } @@ -993,7 +993,7 @@ function Update-DeviceConfigurationGroupPolicyDefinitionValue ) try { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyConfigurations/$DeviceConfigurationPolicyId/updateDefinitionValues" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyConfigurations/$DeviceConfigurationPolicyId/updateDefinitionValues" $body = @{} $DefinitionValueToRemoveIds = @() diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 index e68a3d86bf..0b4497b084 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 @@ -522,7 +522,7 @@ function Set-TargetResource } #region resource generator code - $CreateParameters.Add('rootCertificate@odata.bind', "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$RootCertificateId')") + $CreateParameters.Add('rootCertificate@odata.bind', "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$RootCertificateId')") $CreateParameters.Add('@odata.type', '#microsoft.graph.windows81SCEPCertificateProfile') $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments @@ -1012,7 +1012,7 @@ function Get-DeviceConfigurationPolicyRootCertificate [System.String] $DeviceConfigurationPolicyId ) - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate" $result = Invoke-MgGraphRequest -Method Get -Uri $Uri -ErrorAction Stop return $result @@ -1032,9 +1032,9 @@ function Update-DeviceConfigurationPolicyRootCertificateId $RootCertificateId ) - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate/`$ref" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate/`$ref" $ref = @{ - '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$RootCertificateId')" + '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$RootCertificateId')" } Invoke-MgGraphRequest -Method PUT -Uri $Uri -Body ($ref | ConvertTo-Json) -ErrorAction Stop diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 index 28a61c850c..e8f2cf23e1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 @@ -564,7 +564,7 @@ function Set-TargetResource -CertificateId $RootCertificatesForServerValidationIds[$i] ` -CertificateDisplayName $RootCertificatesForServerValidationDisplayNames[$i] ` -OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate') - $rootCertificatesForServerValidation += "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $rootCertificatesForServerValidation += "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" } $CreateParameters.Add('rootCertificatesForServerValidation@odata.bind', $rootCertificatesForServerValidation) } @@ -579,7 +579,7 @@ function Set-TargetResource '#microsoft.graph.windows81TrustedRootCertificate', ` '#microsoft.graph.windows10PkcsCertificateProfile' ` ) - $ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $ref = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" $CreateParameters.Add('identityCertificateForClientAuthentication@odata.bind', $ref) } @@ -593,7 +593,7 @@ function Set-TargetResource '#microsoft.graph.windows81TrustedRootCertificate', ` '#microsoft.graph.windows10PkcsCertificateProfile' ` ) - $ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $ref = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" $CreateParameters.Add('secondaryIdentityCertificateForClientAuthentication@odata.bind', $ref) } @@ -603,7 +603,7 @@ function Set-TargetResource -CertificateId $RootCertificateForClientValidationId ` -CertificateDisplayName $RootCertificateForClientValidationDisplayName ` -OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate') - $ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $ref = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" $CreateParameters.Add('rootCertificateForClientValidation@odata.bind', $ref) } @@ -613,7 +613,7 @@ function Set-TargetResource -CertificateId $SecondaryRootCertificateForClientValidationId ` -CertificateDisplayName $SecondaryRootCertificateForClientValidationDisplayName ` -OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate') - $ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $ref = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" $CreateParameters.Add('secondaryRootCertificateForClientValidation@odata.bind', $ref) } @@ -1189,7 +1189,7 @@ function Get-DeviceConfigurationPolicyCertificate [System.String] $CertificateName ) - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName" try { $result = Invoke-MgGraphRequest -Method Get -Uri $Uri 4>$null @@ -1228,7 +1228,7 @@ function Update-DeviceConfigurationPolicyCertificateId [System.String] $CertificateName ) - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName/`$ref" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName/`$ref" if ($CertificateName -eq 'rootCertificatesForServerValidation') { @@ -1242,7 +1242,7 @@ function Update-DeviceConfigurationPolicyCertificateId foreach ($certificateId in $CertificateIds) { $ref = @{ - '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$certificateId')" + '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$certificateId')" } Invoke-MgGraphRequest -Method $method -Uri $Uri -Body ($ref | ConvertTo-Json) -ErrorAction Stop 4>$null @@ -1270,7 +1270,7 @@ function Remove-DeviceConfigurationPolicyCertificateId foreach ($certificateId in $CertificateIds) { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName/$certificateId/`$ref" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName/$certificateId/`$ref" Invoke-MgGraphRequest -Method DELETE -Uri $Uri -Body ($ref | ConvertTo-Json) -ErrorAction Stop 4>$null } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 index f5a9a6e758..445e2d2428 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 @@ -411,7 +411,7 @@ function Set-TargetResource $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments } $body = @{'enrollmentConfigurationAssignments' = $intuneAssignments } | ConvertTo-Json -Depth 100 - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$($policy.Id)/assign" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$($policy.Id)/assign" Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop Update-DeviceEnrollmentConfigurationPriority ` @@ -449,7 +449,7 @@ function Set-TargetResource $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments } $body = @{'enrollmentConfigurationAssignments' = $intuneAssignments } | ConvertTo-Json -Depth 100 - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$($currentInstance.Id)/assign" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$($currentInstance.Id)/assign" Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop if ($PSBoundParameters.ContainsKey('Priority') -and $Priority -ne $currentInstance.Priority) @@ -827,7 +827,7 @@ function Update-DeviceEnrollmentConfigurationPriority ) try { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$DeviceEnrollmentConfigurationId/setpriority" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$DeviceEnrollmentConfigurationId/setpriority" $body = @{'priority' = $Priority } | ConvertTo-Json -Depth 100 #write-verbose -Message $body Invoke-MgGraphRequest ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 similarity index 81% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 index 1595ccce2b..d2805adee7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1 @@ -50,7 +50,7 @@ function Get-TargetResource $QrCodeContent, [Parameter()] - [System.String] + [Microsoft.Management.Infrastructure.CimInstance] $QrCodeImage, [Parameter()] @@ -149,6 +149,14 @@ function Get-TargetResource -All ` -Filter "displayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue + + # Need to do another call by id to get QrCode info. Can't just expand the property. + if ($null -ne $androidDeviceOwnerEnrollmentProfile) + { + Write-Verbose -Message 'Found by DisplayName, now retrieving additional details by id.' + $androidDeviceOwnerEnrollmentProfile = Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile ` + -AndroidDeviceOwnerEnrollmentProfileId $androidDeviceOwnerEnrollmentProfile.Id + } } if ($null -eq $androidDeviceOwnerEnrollmentProfile) @@ -157,6 +165,15 @@ function Get-TargetResource return $nullResult } + $QrCodeImageValue = $null + if ($null -ne $androidDeviceOwnerEnrollmentProfile.QrCodeImage.Type) + { + $QrCodeImageValue = @{ + type = $androidDeviceOwnerEnrollmentProfile.QrCodeImage.Type + value = [Array] ($androidDeviceOwnerEnrollmentProfile.QrCodeImage.Value -join ',') + } + } + $results = @{ Id = $androidDeviceOwnerEnrollmentProfile.Id DisplayName = $androidDeviceOwnerEnrollmentProfile.DisplayName @@ -169,7 +186,7 @@ function Get-TargetResource EnrollmentTokenUsageCount = $androidDeviceOwnerEnrollmentProfile.EnrollmentTokenUsageCount IsTeamsDeviceProfile = $androidDeviceOwnerEnrollmentProfile.IsTeamsDeviceProfile QrCodeContent = $androidDeviceOwnerEnrollmentProfile.QrCodeContent - QrCodeImage = $androidDeviceOwnerEnrollmentProfile.QrCodeImage + QrCodeImage = $QrCodeImageValue RoleScopeTagIds = $androidDeviceOwnerEnrollmentProfile.RoleScopeTagIds TokenCreationDateTime = $androidDeviceOwnerEnrollmentProfile.TokenCreationDateTime.ToString() TokenExpirationDateTime = $androidDeviceOwnerEnrollmentProfile.TokenExpirationDateTime.ToString() @@ -253,7 +270,7 @@ function Set-TargetResource $QrCodeContent, [Parameter()] - [System.String] + [Microsoft.Management.Infrastructure.CimInstance] $QrCodeImage, [Parameter()] @@ -334,6 +351,21 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + if ($null -ne $QrCodeImage) + { + $QrCodeImageValue = @{ + type = $QrCodeImage.type + value = [System.Byte[]] @() + } + + foreach ($byteValue in $QrCodeImage.value) + { + $convertedValue = [System.Byte]([BitConverter]::GetBytes($byteValue))[0] + $QrCodeImageValue.value += $convertedValue + } + $setParameters.QrCodeImage = $QrCodeImageValue + $setParameters.QrCodeImage.value = [System.Byte[]]($setParameters.QrCodeImage.value) + } # CREATE if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { @@ -411,7 +443,7 @@ function Test-TargetResource $QrCodeContent, [Parameter()] - [System.String] + [Microsoft.Management.Infrastructure.CimInstance] $QrCodeImage, [Parameter()] @@ -491,19 +523,50 @@ function Test-TargetResource Write-Verbose -Message "Testing configuration of AndroidDeviceOwnerEnrollmentProfile: {$DisplayName}" - $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('WifiPassword') | Out-Null $CurrentValues = Get-TargetResource @PSBoundParameters - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + $ValuesToCheck.Remove('WifiPassword') | Out-Null + $ValuesToCheck.Remove("QrCodeImage") | Out-Null + $ValuesToCheck.Remove("QrCodeContent") | Out-Null + $ValuesToCheck.Remove("TokenValue") | Out-Null + $ValuesToCheck.Remove("TokenCreationDateTime") | Out-Null + $ValuesToCheck.Remove("TokenExpirationDateTime") | Out-Null + + #Compare Cim instances + Write-Verbose -Message "Evaluating CIM Instances" + $TestResult = $true + $RemainingValuesToCheck = $ValuesToCheck + foreach ($key in $ValuesToCheck.Keys) + { + $source = $ValuesToCheck.$key + $target = $CurrentValues.$key + if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*') + { + $TestResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) + { + Write-Verbose -Message "Found drift in property {$key}" + break + } - $TestResult = Test-M365DSCParameterState ` - -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys + $RemainingValuesToCheck.Remove($key) | Out-Null + } + } + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $RemainingValuesToCheck)" + if ($TestResult) + { + $TestResult = Test-M365DSCParameterState ` + -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $RemainingValuesToCheck.Keys - Write-Verbose -Message "Test-TargetResource returned $TestResult" + Write-Verbose -Message "Test-TargetResource returned $TestResult" + } return $TestResult } @@ -598,12 +661,33 @@ function Export-TargetResource $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results + if ($Results.QrCodeImage) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.QrCodeImage ` + -CIMInstanceName 'IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage' + if ($complexTypeStringResult) + { + $Results.QrCodeImage = $complexTypeStringResult + $Results.QrCodeImage = $Results.QrCodeImage.ReplacE("@('", "@(").Replace("')", "`)") + } + else + { + $Results.Remove('QrCodeImage') | Out-Null + } + } $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential + + if ($Results.QrCodeImage) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'QrCodeImage' -IsCIMArray:$false + + } + $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.schema.mof similarity index 90% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.schema.mof index 22fe3fc6f1..0fa6acdc22 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.schema.mof @@ -1,12 +1,12 @@ [ClassVersion("1.0.0.0")] -class MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfileQRImage +class MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage { [Write, Description("Indicates the content mime type.")] String type; - [Write, Description("The byte array that contains the actual content.")] String value; + [Write, Description("The byte array that contains the actual content.")] UInt32 value[]; }; -[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile")] -class MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile : OMI_BaseResource +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile")] +class MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile : OMI_BaseResource { [Key, Description("Display name for the enrollment profile.")] String DisplayName; [Write, Description("Unique GUID for the enrollment profile. Read-Only.")] String Id; @@ -21,7 +21,7 @@ class MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile : OMI_BaseRe [Write, Description("Total number of Android devices that have enrolled using this enrollment profile.")] UInt32 EnrolledDeviceCount; [Write, Description("Total number of AOSP devices that have enrolled using the current token. Valid values 0 to 20000")] UInt32 EnrollmentTokenUsageCount; [Write, Description("String used to generate a QR code for the token.")] String QrCodeContent; - [Write, Description("String used to generate a QR code for the token.")] String QrCodeImage; + [Write, Description("String used to generate a QR code for the token."), EmbeddedInstance("MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage")] String QrCodeImage; [Write, Description("List of Scope Tags for this Entity instance.")] String RoleScopeTagIds[]; [Write, Description("Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default.")] Boolean ConfigureWifi; [Write, Description("String that contains the wi-fi login ssid")] String WifiSsid; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/readme.md similarity index 64% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/readme.md rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/readme.md index 14e5fe1b0d..8b23554c8a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/readme.md @@ -1,4 +1,4 @@ -# IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile +# IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile ## Description diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/settings.json similarity index 91% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/settings.json rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/settings.json index 8507274e9b..243c0277e1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/settings.json @@ -1,5 +1,5 @@ { - "resourceName": "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile", + "resourceName": "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile", "description": "Enrollment Profile used to enroll Android Enterprise devices using Google's Cloud Management.", "permissions": { "graph": { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 index 4768ea03b2..56b2d35928 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 @@ -65,7 +65,7 @@ function Get-TargetResource $nullResult = $PSBoundParameters try { - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/settings' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/settings' $settings = Invoke-MgGraphRequest -Method 'GET' -Uri $uri $results = @{ IsSingleInstance = 'Yes' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 index d5274b53e4..3bc1e3949f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 @@ -226,7 +226,7 @@ function Set-TargetResource if ($dataSharingConsent.granted -eq $false) { Write-Verbose -Message 'Consent not granted, requesting consent...' - $consentResult = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/dataSharingConsents/androidManagedStore/consentToDataSharing') -Method 'POST' -Body @{ + $consentResult = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/dataSharingConsents/androidManagedStore/consentToDataSharing') -Method 'POST' -Body @{ DataSharingConsentId = 'androidManagedStore' } -ContentType 'application/json' } @@ -239,7 +239,7 @@ function Set-TargetResource # hostName = "intune.microsoft.com" # } - # $signupUrl = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/requestSignupUrl") -Method 'POST' -Body @{ + # $signupUrl = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/requestSignupUrl") -Method 'POST' -Body @{ # hostName = "intune.microsoft.com" # } -ContentType "application/json" @@ -249,7 +249,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Host "Remove the Intune Device Management Android Google Play Enrollment with Id {$($currentInstance.Id)}" - $unbindResult = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/unbind') -Method 'POST' -Body @{} -ContentType 'application/json' + $unbindResult = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/unbind') -Method 'POST' -Body @{} -ContentType 'application/json' } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 index 282ecce2df..09fd5184be 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 @@ -378,7 +378,7 @@ function Set-TargetResource Update-MgBetaDeviceManagementIntent -DeviceManagementIntentId $currentInstance.Id -BodyParameter $UpdateParameters #region resource generator code - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/intents/$($currentInstance.Id)/updateSettings" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/intents/$($currentInstance.Id)/updateSettings" $body = @{'settings' = $settings } Invoke-MgGraphRequest -Method POST -Uri $Uri -Body ($body | ConvertTo-Json -Depth 20) -ContentType 'application/json' 4> $null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 index 143dd5854a..b8bf713da7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 @@ -492,12 +492,19 @@ function Get-TargetResource # Retrieve policy specific settings [array]$settings = Get-MgBetaDeviceManagementConfigurationPolicySetting ` + -All ` -DeviceManagementConfigurationPolicyId $Id ` -ExpandProperty 'settingDefinitions' ` -ErrorAction Stop + $policyTemplateId = $getValue.TemplateReference.TemplateId + [array]$settingDefinitions = Get-MgBetaDeviceManagementConfigurationPolicyTemplateSettingTemplate ` + -DeviceManagementConfigurationPolicyTemplateId $policyTemplateId ` + -ExpandProperty 'settingDefinitions' ` + -All ` + -ErrorAction Stop | Select-Object -ExpandProperty SettingDefinitions $policySettings = @{} - $policySettings = Export-IntuneSettingCatalogPolicySettings -Settings $settings -ReturnHashtable $policySettings + $policySettings = Export-IntuneSettingCatalogPolicySettings -Settings $settings -ReturnHashtable $policySettings -AllSettingDefinitions $settingDefinitions $results = @{ #region resource generator code diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 index 17eef55b35..615b33c648 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 @@ -451,8 +451,8 @@ function Set-TargetResource throw "Mobile App Category with DisplayName $($category.DisplayName) not found." } - Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{ - '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" + Invoke-MgGraphRequest -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{ + '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" } } @@ -522,7 +522,7 @@ function Set-TargetResource } Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($currentInstance.Id)/categories/`$ref" -Method 'POST' -Body @{ - '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" + '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" } } else diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 index ae5cde27a3..1368a66c89 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 @@ -490,7 +490,7 @@ function Set-TargetResource } Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{ - '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" + '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" } } @@ -561,7 +561,7 @@ function Set-TargetResource } Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($currentInstance.Id)/categories/`$ref" -Method 'POST' -Body @{ - '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" + '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" } } else diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 index 465fc6b8bc..f44b492b8a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 @@ -347,7 +347,7 @@ function Set-TargetResource Update-MgBetaDeviceAppManagementPolicySet @UpdateParameters - $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/policySets/$($currentInstance.Id)/update" + $Url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceAppManagement/policySets/$($currentInstance.Id)/update" if ($null -ne ($itemamendments = Get-ItemsAmendmentsObject -currentObjectItems $currentInstance.Items -targetObjectItems $items)) { Invoke-MgGraphRequest -Method POST -Uri $url -Body $itemamendments diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 index 257f402310..e70d0bdb77 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 @@ -361,7 +361,7 @@ function Set-TargetResource scopeType = $ScopeType members = $Members '@odata.type' = '#microsoft.graph.deviceAndAppManagementRoleAssignment' - 'roleDefinition@odata.bind' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')" + 'roleDefinition@odata.bind' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')" } $null = New-MgBetaDeviceManagementRoleAssignment -BodyParameter $CreateParameters } @@ -376,7 +376,7 @@ function Set-TargetResource scopeType = $ScopeType members = $Members '@odata.type' = '#microsoft.graph.deviceAndAppManagementRoleAssignment' - 'roleDefinition@odata.bind' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')" + 'roleDefinition@odata.bind' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')" } Update-MgBetaDeviceManagementRoleAssignment -BodyParameter $UpdateParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 index a70eabcd0b..23203de188 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 @@ -930,7 +930,7 @@ function Update-IntuneDeviceConfigurationPolicy ) try { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/configurationPolicies/$DeviceManagementConfigurationPolicyId" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/configurationPolicies/$DeviceManagementConfigurationPolicyId" $policy = @{ 'name' = $Name diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 new file mode 100644 index 0000000000..7cce954857 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 @@ -0,0 +1,1075 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.string[]] + $targetedPackageIds, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [System.Boolean] + $alwaysOn, + + [Parameter()] + [System.Boolean] + $alwaysOnLockdown, + + [Parameter()] + [System.string] + $microsoftTunnelSiteId, + + [Parameter()] + [System.string[]] + $proxyExclusionList, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message 'Connection to the workload failed.' + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if (-not [string]::IsNullOrWhiteSpace($id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + } + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerVpnConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune VPN Policy for Android Device Owner with Id {$id} was found" + return $nullResult + } + + $Id = $getValue.Id + + Write-Verbose -Message "An Intune VPN Policy for Android Device Owner with id {$id} and DisplayName {$DisplayName} was found" + + $complexServers = @() + foreach ($currentservers in $getValue.AdditionalProperties.servers) + { + $myservers = @{} + $myservers.Add('address', $currentservers.address) + $myservers.Add('description', $currentservers.description) + $myservers.Add('isDefaultServer', $currentservers.isDefaultServer) + if ($myservers.values.Where({$null -ne $_}).count -gt 0) + { + $complexServers += $myservers + } + } + + $complexProxyServers = @() + foreach ($currentservers in $getValue.AdditionalProperties.proxyServer) + { + $myservers = @{} + $myservers.Add('automaticConfigurationScriptUrl', $currentservers.automaticConfigurationScriptUrl) + $myservers.Add('address', $currentservers.address) + $myservers.Add('port', $currentservers.port) + if ($myservers.values.Where({$null -ne $_}).count -gt 0) + { + $complexProxyServers += $myservers + } + } + + $complexCustomData = @() + foreach ($value in $getValue.AdditionalProperties.customData) + { + $myCustomdata = @{} + $myCustomdata.Add('key', $value.key) + $myCustomdata.Add('value', $value.value) + if ($myCustomdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexCustomData += $myCustomdata + } + } + + $complexCustomKeyValueData = @() + foreach ($value in $getValue.AdditionalProperties.customKeyValueData) + { + $myCVdata = @{} + $myCVdata.Add('name', $value.name) + $myCVdata.Add('value', $value.value) + if ($myCVdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexCustomKeyValueData += $myCVdata + } + } + + $complexTargetedMobileApps = @() + foreach ($value in $getValue.AdditionalProperties.targetedMobileApps) + { + $myTMAdata = @{} + $myTMAdata.Add('name', $value.name) + $myTMAdata.Add('publisher', $value.publisher) + $myTMAdata.Add('appStoreUrl', $value.appStoreUrl) + $myTMAdata.Add('appId', $value.appId) + if ($myTMAdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexTargetedMobileApps += $myTMAdata + } + } + + $results = @{ + #region resource generator code + Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + authenticationMethod = $getValue.AdditionalProperties.authenticationMethod + connectionName = $getValue.AdditionalProperties.connectionName + role = $getValue.AdditionalProperties.role + realm = $getValue.AdditionalProperties.realm + servers = $complexServers + connectionType = $getValue.AdditionalProperties.connectionType + proxyServer = $complexProxyServers + targetedPackageIds = $getValue.AdditionalProperties.targetedPackageIds + targetedMobileApps = $complexTargetedMobileApps + alwaysOn = $getValue.AdditionalProperties.alwaysOn + alwaysOnLockdown = $getValue.AdditionalProperties.alwaysOnLockdown + microsoftTunnelSiteId = $getValue.AdditionalProperties.microsoftTunnelSiteId + proxyExclusionList = $getValue.AdditionalProperties.proxyExclusionList + customData = $complexCustomData + customKeyValueData = $complexCustomKeyValueData + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Results.Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.string[]] + $targetedPackageIds, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [System.Boolean] + $alwaysOn, + + [Parameter()] + [System.Boolean] + $alwaysOnLockdown, + + [Parameter()] + [System.string] + $microsoftTunnelSiteId, + + [Parameter()] + [System.string[]] + $proxyExclusionList, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message $_ + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + #proxy and server values need converting before new- / update- cmdlets will accept parameters + #creating hashtables now for use later in both present/present and present/absent blocks + $allTargetValues = Convert-M365DscHashtableToString -Hashtable $BoundParameters + + if ($allTargetValues -match '\bproxyServer=\(\{([^\)]+)\}\)') + { + $proxyBlock = $matches[1] + } + + $proxyHashtable = @{} + $proxyBlock -split ";" | ForEach-Object { + if ($_ -match '^(.*?)=(.*)$') { + $key = $matches[1].Trim() + $value = $matches[2].Trim() + $proxyHashtable[$key] = $value + } + } + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $CreateParameters = ([Hashtable]$BoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $CreateParameters.remove($keyName) + } + } + + $CreateParameters.Remove('Id') | Out-Null + + foreach ($key in ($CreateParameters.clone()).Keys) + { + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] + } + } + + if ($AdditionalProperties.proxyServer) + { + $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier + } + + $CreateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + $policy = New-MgBetaDeviceManagementDeviceConfiguration @CreateParameters + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating {$DisplayName}" + + $BoundParameters.Remove('Assignments') | Out-Null + $UpdateParameters = ([Hashtable]$BoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $UpdateParameters.remove($keyName) + } + } + + $UpdateParameters.Remove('Id') | Out-Null + + foreach ($key in ($UpdateParameters.clone()).Keys) + { + if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key] + } + } + + if ($AdditionalProperties.proxyServer) + { + $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier + } + + if ($AdditionalProperties) + { + #add the additional properties to the updateparameters + $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) + } + + #region resource generator code + Update-MgBetaDeviceManagementDeviceConfiguration @UpdateParameters ` + -DeviceConfigurationId $currentInstance.Id + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing {$DisplayName}" + #region resource generator code + Remove-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.string[]] + $targetedPackageIds, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [System.Boolean] + $alwaysOn, + + [Parameter()] + [System.Boolean] + $alwaysOnLockdown, + + [Parameter()] + [System.string] + $microsoftTunnelSiteId, + + [Parameter()] + [System.string[]] + $proxyExclusionList, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of {$id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) { break } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].toString() + } + } + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + + #region resource generator code + [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerVpnConfiguration' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + Write-Host " |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline + $params = @{ + Id = $config.id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + if ($null -ne $Results.servers) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.servers ` + -CIMInstanceName 'MicrosoftGraphvpnServer' #MSFT_MicrosoftGraphVpnServer + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.servers = $complexTypeStringResult + } + else + { + $Results.Remove('servers') | Out-Null + } + } + + if ($null -ne $Results.proxyServer) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.proxyServer ` + -CIMInstanceName 'MSFT_MicrosoftvpnProxyServer' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.proxyServer = $complexTypeStringResult + } + else + { + $Results.Remove('proxyServer') | Out-Null + } + } + + if ($null -ne $Results.customData) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.customData ` + -CIMInstanceName 'MSFT_CustomData' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.customData = $complexTypeStringResult + } + else + { + $Results.Remove('customData') | Out-Null + } + } + + if ($null -ne $Results.customKeyValueData) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.customKeyValueData ` + -CIMInstanceName 'MSFT_customKeyValueData' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.customKeyValueData = $complexTypeStringResult + } + else + { + $Results.Remove('customKeyValueData') | Out-Null + } + } + + if ($null -ne $Results.targetedMobileApps) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.targetedMobileApps ` + -CIMInstanceName 'MSFT_targetedMobileApps' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.targetedMobileApps = $complexTypeStringResult + } + else + { + $Results.Remove('targetedMobileApps') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + if ($Results.servers) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "servers" -isCIMArray:$True + } + + if ($Results.proxyServer) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "proxyServer" -isCIMArray:$True + } + + if ($Results.customData) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "customData" -isCIMArray:$True + } + + if ($Results.customKeyValueData) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "customKeyValueData" -isCIMArray:$True + } + + if ($Results.targetedMobileApps) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "targetedMobileApps" -isCIMArray:$True + } + + if ($Results.Assignments) + { + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") + { + Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." + } + else + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + return '' + } +} + +function Get-M365DSCAdditionalProperties +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $Properties + ) + + $additionalProperties = @( + 'authenticationMethod' + 'connectionName' + 'role' + 'realm' + 'servers' + 'connectionType' + 'proxyServer' + 'targetedPackageIds' + 'targetedMobileApps' + 'alwaysOn' + 'alwaysOnLockdown' + 'microsoftTunnelSiteId' + 'proxyExclusionList' + 'customData' + 'customKeyValueData' + ) + + $results = @{'@odata.type' = '#microsoft.graph.androidDeviceOwnerVpnConfiguration' } + $cloneProperties = $Properties.clone() + foreach ($property in $cloneProperties.Keys) + { + if ($property -in ($additionalProperties) ) + { + $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) + if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*') + { + if ($properties.$property.getType().FullName -like '*[[\]]') + { + $array = @() + foreach ($item in $properties.$property) + { + $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $propertyValue = $array + } + else + { + $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property + } + + } + else + { + $propertyValue = $properties.$property + } + + $results.Add($propertyName, $propertyValue) + } + } + if ($results.Count -eq 1) + { + return $null + } + return $results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.schema.mof new file mode 100644 index 0000000000..7fa9bb2c06 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.schema.mof @@ -0,0 +1,74 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphVpnServer +{ + [Write, Description("Address (IP address, FQDN or URL)")] String address; + [Write, Description("Description.")] String description; + [Write, Description("Default server.")] Boolean isDefaultServer; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftvpnProxyServer +{ + [Write, Description("Proxy's automatic configuration script url.")] String automaticConfigurationScriptUrl; + [Write, Description("Address.")] String address; + [Write, Description("Port. Valid values 0 to 65535.")] uint32 port; +}; +[ClassVersion("1.0.0")] +class MSFT_targetedMobileApps +{ + [Write, Description("The application name.")] String name; + [Write, Description("The publisher of the application.")] String publisher; + [Write, Description("The Store URL of the application.")] String appStoreUrl; + [Write, Description("The application or bundle identifier of the application.")] String appId; +}; +class MSFT_CustomData +{ + [Write, Description("Key for the custom data entry.")] String key; + [Write, Description("Value for the custom data entry.")] String value; +}; +class MSFT_customKeyValueData +{ + [Write, Description("Name for the custom data entry.")] String name; + [Write, Description("Value for the custom data entry.")] String value; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneVPNConfigurationPolicyAndroidDeviceOwner")] +class MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner : OMI_BaseResource +{ + [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; + [Write, Description("Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD."), ValueMap{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}, Values{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}] String authenticationMethod; + [Write, Description("Connection name displayed to the user.")] String connectionName; + [Write, Description("Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration.")] String role; + [Write, Description("Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration.")] String realm; + [Write, Description("VPN Server on the network. Make sure end users can access this network location."), EmbeddedInstance("MSFT_MicrosoftGraphvpnServer")] String servers[]; + [Write, Description("Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect."), ValueMap{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "citrix", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}, Values{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "citrix", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}] String connectionType; + [Write, Description("Proxy Server."), EmbeddedInstance("MSFT_MicrosoftvpnProxyServer")] String proxyServer[]; + [Write, Description("Targeted App package IDs.")] String targetedPackageIds[]; + [Write, Description("Targeted mobile apps. This collection can contain a maximum of 500 elements."),EmbeddedInstance("MSFT_targetedMobileApps")] String targetedMobileApps[]; + [Write, Description("Whether or not to enable always-on VPN connection.")] Boolean alwaysOn; + [Write, Description("If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected.")] Boolean alwaysOnLockdown; + [Write, Description("Microsoft Tunnel site ID.")] String microsoftTunnelSiteId; + [Write, Description("List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com.")] String proxyExclusionList[]; + [Write, Description("Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements."), EmbeddedInstance("MSFT_customData")] String customData[]; + [Write, Description("Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements."), EmbeddedInstance("MSFT_customKeyValueData")] String customKeyValueData[]; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/readme.md new file mode 100644 index 0000000000..7b5f001ecb --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/readme.md @@ -0,0 +1,6 @@ + +# IntuneVPNConfigurationPolicyAndroidDeviceOwner + +## Description + +This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/settings.json new file mode 100644 index 0000000000..a2d19acdc4 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/settings.json @@ -0,0 +1,44 @@ +{ + "resourceName": "IntuneVPNConfigurationPolicyAndroidDeviceOwner", + "description": "This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 new file mode 100644 index 0000000000..26830190cb --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 @@ -0,0 +1,1075 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.string[]] + $targetedPackageIds, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [System.Boolean] + $alwaysOn, + + [Parameter()] + [System.Boolean] + $alwaysOnLockdown, + + [Parameter()] + [System.string] + $microsoftTunnelSiteId, + + [Parameter()] + [System.string[]] + $proxyExclusionList, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message 'Connection to the workload failed.' + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if (-not [string]::IsNullOrWhiteSpace($id)) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue + } + + #region resource generator code + if ($null -eq $getValue) + { + $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidVpnConfiguration' ` + } + } + #endregion + + if ($null -eq $getValue) + { + Write-Verbose -Message "No Intune VPN Policy for Android Enterprise with Id {$id} was found" + return $nullResult + } + + $Id = $getValue.Id + + Write-Verbose -Message "An Intune VPN Policy for Android Enterprise with id {$id} and DisplayName {$DisplayName} was found" + + $complexServers = @() + foreach ($currentservers in $getValue.AdditionalProperties.servers) + { + $myservers = @{} + $myservers.Add('address', $currentservers.address) + $myservers.Add('description', $currentservers.description) + $myservers.Add('isDefaultServer', $currentservers.isDefaultServer) + if ($myservers.values.Where({$null -ne $_}).count -gt 0) + { + $complexServers += $myservers + } + } + + $complexProxyServers = @() + foreach ($currentservers in $getValue.AdditionalProperties.proxyServer) + { + $myservers = @{} + $myservers.Add('automaticConfigurationScriptUrl', $currentservers.automaticConfigurationScriptUrl) + $myservers.Add('address', $currentservers.address) + $myservers.Add('port', $currentservers.port) + if ($myservers.values.Where({$null -ne $_}).count -gt 0) + { + $complexProxyServers += $myservers + } + } + + $complexCustomData = @() + foreach ($value in $getValue.AdditionalProperties.customData) + { + $myCustomdata = @{} + $myCustomdata.Add('key', $value.key) + $myCustomdata.Add('value', $value.value) + if ($myCustomdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexCustomData += $myCustomdata + } + } + + $complexCustomKeyValueData = @() + foreach ($value in $getValue.AdditionalProperties.customKeyValueData) + { + $myCVdata = @{} + $myCVdata.Add('name', $value.name) + $myCVdata.Add('value', $value.value) + if ($myCVdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexCustomKeyValueData += $myCVdata + } + } + + $complexTargetedMobileApps = @() + foreach ($value in $getValue.AdditionalProperties.targetedMobileApps) + { + $myTMAdata = @{} + $myTMAdata.Add('name', $value.name) + $myTMAdata.Add('publisher', $value.publisher) + $myTMAdata.Add('appStoreUrl', $value.appStoreUrl) + $myTMAdata.Add('appId', $value.appId) + if ($myTMAdata.values.Where({$null -ne $_}).count -gt 0) + { + $complexTargetedMobileApps += $myTMAdata + } + } + + $results = @{ + #region resource generator code + Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + authenticationMethod = $getValue.AdditionalProperties.authenticationMethod + connectionName = $getValue.AdditionalProperties.connectionName + role = $getValue.AdditionalProperties.role + realm = $getValue.AdditionalProperties.realm + servers = $complexServers + connectionType = $getValue.AdditionalProperties.connectionType + proxyServer = $complexProxyServers + targetedPackageIds = $getValue.AdditionalProperties.targetedPackageIds + targetedMobileApps = $complexTargetedMobileApps + alwaysOn = $getValue.AdditionalProperties.alwaysOn + alwaysOnLockdown = $getValue.AdditionalProperties.alwaysOnLockdown + microsoftTunnelSiteId = $getValue.AdditionalProperties.microsoftTunnelSiteId + proxyExclusionList = $getValue.AdditionalProperties.proxyExclusionList + customData = $complexCustomData + customKeyValueData = $complexCustomKeyValueData + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Results.Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.string[]] + $targetedPackageIds, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [System.Boolean] + $alwaysOn, + + [Parameter()] + [System.Boolean] + $alwaysOnLockdown, + + [Parameter()] + [System.string] + $microsoftTunnelSiteId, + + [Parameter()] + [System.string[]] + $proxyExclusionList, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message $_ + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + #proxy and server values need converting before new- / update- cmdlets will accept parameters + #creating hashtables now for use later in both present/present and present/absent blocks + $allTargetValues = Convert-M365DscHashtableToString -Hashtable $BoundParameters + + if ($allTargetValues -match '\bproxyServer=\(\{([^\)]+)\}\)') + { + $proxyBlock = $matches[1] + } + + $proxyHashtable = @{} + $proxyBlock -split ";" | ForEach-Object { + if ($_ -match '^(.*?)=(.*)$') { + $key = $matches[1].Trim() + $value = $matches[2].Trim() + $proxyHashtable[$key] = $value + } + } + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + $CreateParameters = ([Hashtable]$BoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $CreateParameters.remove($keyName) + } + } + + $CreateParameters.Remove('Id') | Out-Null + + foreach ($key in ($CreateParameters.clone()).Keys) + { + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] + } + } + + if ($AdditionalProperties.proxyServer) + { + $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier + } + + $CreateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + $policy = New-MgBetaDeviceManagementDeviceConfiguration @CreateParameters + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating {$DisplayName}" + + $BoundParameters.Remove('Assignments') | Out-Null + $UpdateParameters = ([Hashtable]$BoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters) + + foreach ($key in $AdditionalProperties.keys) + { + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $UpdateParameters.remove($keyName) + } + } + + $UpdateParameters.Remove('Id') | Out-Null + + foreach ($key in ($UpdateParameters.clone()).Keys) + { + if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*') + { + $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key] + } + } + + if ($AdditionalProperties.proxyServer) + { + $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept + $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier + } + + if ($AdditionalProperties) + { + #add the additional properties to the updateparameters + $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) + } + + #region resource generator code + Update-MgBetaDeviceManagementDeviceConfiguration @UpdateParameters ` + -DeviceConfigurationId $currentInstance.Id + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing {$DisplayName}" + #region resource generator code + Remove-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $Description, + + [Parameter()] + [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')] + [System.String] + $authenticationMethod, + + [Parameter()] + [System.String] + $connectionName, + + [Parameter()] + [System.String] + $role, + + [Parameter()] + [System.String] + $realm, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $servers, + + [Parameter()] + [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')] + [System.String] + $connectionType, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $proxyServer, + + [Parameter()] + [System.string[]] + $targetedPackageIds, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $targetedMobileApps, + + [Parameter()] + [System.Boolean] + $alwaysOn, + + [Parameter()] + [System.Boolean] + $alwaysOnLockdown, + + [Parameter()] + [System.string] + $microsoftTunnelSiteId, + + [Parameter()] + [System.string[]] + $proxyExclusionList, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $customKeyValueData, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of {$id}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) { break } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].toString() + } + } + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + + #region resource generator code + [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidVpnConfiguration' ` + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + + Write-Host " |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline + $params = @{ + Id = $config.id + DisplayName = $config.DisplayName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + if ($null -ne $Results.servers) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.servers ` + -CIMInstanceName 'MicrosoftGraphvpnServer' #MSFT_MicrosoftGraphVpnServer + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.servers = $complexTypeStringResult + } + else + { + $Results.Remove('servers') | Out-Null + } + } + + if ($null -ne $Results.proxyServer) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.proxyServer ` + -CIMInstanceName 'MSFT_MicrosoftvpnProxyServer' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.proxyServer = $complexTypeStringResult + } + else + { + $Results.Remove('proxyServer') | Out-Null + } + } + + if ($null -ne $Results.customData) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.customData ` + -CIMInstanceName 'MSFT_CustomData' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.customData = $complexTypeStringResult + } + else + { + $Results.Remove('customData') | Out-Null + } + } + + if ($null -ne $Results.customKeyValueData) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.customKeyValueData ` + -CIMInstanceName 'MSFT_customKeyValueData' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.customKeyValueData = $complexTypeStringResult + } + else + { + $Results.Remove('customKeyValueData') | Out-Null + } + } + + if ($null -ne $Results.targetedMobileApps) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.targetedMobileApps ` + -CIMInstanceName 'MSFT_targetedMobileApps' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.targetedMobileApps = $complexTypeStringResult + } + else + { + $Results.Remove('targetedMobileApps') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + + if ($Results.servers) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "servers" -isCIMArray:$True + } + + if ($Results.proxyServer) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "proxyServer" -isCIMArray:$True + } + + if ($Results.customData) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "customData" -isCIMArray:$True + } + + if ($Results.customKeyValueData) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "customKeyValueData" -isCIMArray:$True + } + + if ($Results.targetedMobileApps) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "targetedMobileApps" -isCIMArray:$True + } + + if ($Results.Assignments) + { + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") + { + Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." + } + else + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + return '' + } +} + +function Get-M365DSCAdditionalProperties +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $Properties + ) + + $additionalProperties = @( + 'authenticationMethod' + 'connectionName' + 'role' + 'realm' + 'servers' + 'connectionType' + 'proxyServer' + 'targetedPackageIds' + 'targetedMobileApps' + 'alwaysOn' + 'alwaysOnLockdown' + 'microsoftTunnelSiteId' + 'proxyExclusionList' + 'customData' + 'customKeyValueData' + ) + + $results = @{'@odata.type' = '#microsoft.graph.androidVpnConfiguration' } + $cloneProperties = $Properties.clone() + foreach ($property in $cloneProperties.Keys) + { + if ($property -in ($additionalProperties) ) + { + $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) + if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*') + { + if ($properties.$property.getType().FullName -like '*[[\]]') + { + $array = @() + foreach ($item in $properties.$property) + { + $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $propertyValue = $array + } + else + { + $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property + } + + } + else + { + $propertyValue = $properties.$property + } + + $results.Add($propertyName, $propertyValue) + } + } + if ($results.Count -eq 1) + { + return $null + } + return $results +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof new file mode 100644 index 0000000000..384e163043 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof @@ -0,0 +1,74 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphVpnServer +{ + [Write, Description("Address (IP address, FQDN or URL)")] String address; + [Write, Description("Description.")] String description; + [Write, Description("Default server.")] Boolean isDefaultServer; +}; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftvpnProxyServer +{ + [Write, Description("Proxy's automatic configuration script url.")] String automaticConfigurationScriptUrl; + [Write, Description("Address.")] String address; + [Write, Description("Port. Valid values 0 to 65535.")] uint32 port; +}; +[ClassVersion("1.0.0")] +class MSFT_targetedMobileApps +{ + [Write, Description("The application name.")] String name; + [Write, Description("The publisher of the application.")] String publisher; + [Write, Description("The Store URL of the application.")] String appStoreUrl; + [Write, Description("The application or bundle identifier of the application.")] String appId; +}; +class MSFT_CustomData +{ + [Write, Description("Key for the custom data entry.")] String key; + [Write, Description("Value for the custom data entry.")] String value; +}; +class MSFT_customKeyValueData +{ + [Write, Description("Name for the custom data entry.")] String name; + [Write, Description("Value for the custom data entry.")] String value; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneVPNConfigurationPolicyAndroidEnterprise")] +class MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise : OMI_BaseResource +{ + [Write, Description("Id of the Intune policy.")] String Id; + [Key, Description("Display name of the Intune policy.")] String DisplayName; + [Write, Description("Description of the Intune policy.")] String Description; + [Write, Description("Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD."), ValueMap{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}, Values{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}] String authenticationMethod; + [Write, Description("Connection name displayed to the user.")] String connectionName; + [Write, Description("Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration.")] String role; + [Write, Description("Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration.")] String realm; + [Write, Description("VPN Server on the network. Make sure end users can access this network location."), EmbeddedInstance("MSFT_MicrosoftGraphvpnServer")] String servers[]; + [Write, Description("Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect."), ValueMap{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "citrix", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}, Values{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "citrix", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}] String connectionType; + [Write, Description("Proxy Server."), EmbeddedInstance("MSFT_MicrosoftvpnProxyServer")] String proxyServer[]; + [Write, Description("Targeted App package IDs.")] String targetedPackageIds[]; + [Write, Description("Targeted mobile apps. This collection can contain a maximum of 500 elements."),EmbeddedInstance("MSFT_targetedMobileApps")] String targetedMobileApps[]; + [Write, Description("Whether or not to enable always-on VPN connection.")] Boolean alwaysOn; + [Write, Description("If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected.")] Boolean alwaysOnLockdown; + [Write, Description("Microsoft Tunnel site ID.")] String microsoftTunnelSiteId; + [Write, Description("List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com.")] String proxyExclusionList[]; + [Write, Description("Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements."), EmbeddedInstance("MSFT_customData")] String customData[]; + [Write, Description("Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements."), EmbeddedInstance("MSFT_customKeyValueData")] String customKeyValueData[]; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/readme.md new file mode 100644 index 0000000000..606dfcd648 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/readme.md @@ -0,0 +1,6 @@ + +# IntuneVPNConfigurationPolicyAndroidEnterprise + +## Description + +This resource configures an Intune VPN Configuration Policy for Android Enterprise Devices. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/settings.json new file mode 100644 index 0000000000..e4a0357e4b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/settings.json @@ -0,0 +1,44 @@ +{ + "resourceName": "IntuneVPNConfigurationPolicyAndroidEnterprise", + "description": "This resource configures an Intune VPN Configuration Policy for Android Enterprise Devices.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 index 3533a0e8a9..43d40e0b40 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 @@ -352,7 +352,7 @@ function Set-TargetResource $userId = (Get-MgUser -UserId $member).Id # There are no cmldet to remove members from group available at the time of writing this resource (March 8th 2022) - $url = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/groups/$($ADGroup[0].Id)/members/$userId/`$ref" + $url = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/groups/$($ADGroup[0].Id)/members/$userId/`$ref" Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null } } @@ -398,7 +398,7 @@ function Set-TargetResource Write-Verbose -Message "Adding Owner {$owner}" $userId = (Get-MgUser -UserId $owner).Id $newGroupOwner = @{ - '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/users/{$userId}" + '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/users/{$userId}" } New-MgGroupOwnerByRef -GroupId $ADGroup[0].Id -BodyParameter $newGroupOwner @@ -410,7 +410,7 @@ function Set-TargetResource $userId = (Get-MgUser -UserId $owner).Id # There are no cmldet to remove members from group available at the time of writing this resource (March 8th 2022) - $url = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/groups/$($ADGroup[0].Id)/owners/$userId/`$ref" + $url = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/groups/$($ADGroup[0].Id)/owners/$userId/`$ref" Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index da043b7400..aa2d5c8056 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -162,11 +162,10 @@ function Get-TargetResource # Workaround for issue when if connected to S+C prior to calling cmdlet, an error about an invalid token is thrown. # If connected to S+C, then we need to re-initialize the connection to EXO. - if ($Global:MSCloudLoginConnectionProfile.SecurityComplianceCenter.Connected -and ` - $Global:MSCloudLoginConnectionProfile.ExchangeOnline.Connected) + if ((Get-MSCloudLoginConnectionProfile -Workload SecurityComplianceCenter).Connected -and ` + (Get-MSCloudLoginConnectionProfile -Workload ExchangeOnline).Connected) { - $Global:MSCloudLoginConnectionProfile.ExchangeOnline.Disconnect() - $Global:MSCloudLoginConnectionProfile.SecurityComplianceCenter.Connected = $false + Reset-MSCloudLoginConnectionProfileContext } $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters @@ -1139,10 +1138,10 @@ function Get-M365DSCO365OrgSettingsPlannerConfig try { - $Uri = $Global:MSCloudLoginConnectionProfile.Tasks.HostUrl + '/taskAPI/tenantAdminSettings/Settings' + $Uri = (Get-MSCloudLoginConnectionProfile -Workload Tasks).HostUrl + '/taskAPI/tenantAdminSettings/Settings' [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $results = Invoke-RestMethod -ContentType 'application/json;odata.metadata=full' ` - -Headers @{'Accept' = 'application/json'; 'Authorization' = $Global:MSCloudLoginConnectionProfile.Tasks.AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } ` + -Headers @{'Accept' = 'application/json'; 'Authorization' = (Get-MSCloudLoginConnectionProfile -Workload Tasks).AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } ` -Method GET ` $Uri -ErrorAction Stop return $results @@ -1182,9 +1181,9 @@ function Set-M365DSCO365OrgSettingsPlannerConfig } $requestBody = $flags | ConvertTo-Json - $Uri = $Global:MSCloudLoginConnectionProfile.Tasks.HostUrl + '/taskAPI/tenantAdminSettings/Settings' + $Uri = (Get-MSCloudLoginConnectionProfile -Workload Tasks).HostUrl + '/taskAPI/tenantAdminSettings/Settings' $results = Invoke-RestMethod -ContentType 'application/json;odata.metadata=full' ` - -Headers @{'Accept' = 'application/json'; 'Authorization' = $Global:MSCloudLoginConnectionProfile.Tasks.AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } ` + -Headers @{'Accept' = 'application/json'; 'Authorization' = (Get-MSCloudLoginConnectionProfile -Workload Tasks).AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } ` -Method PATCH ` -Body $requestBody ` $Uri @@ -1203,7 +1202,7 @@ function Get-M365DSCOrgSettingsInstallationOptions try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/microsoft365Apps/installationOptions' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/microsoft365Apps/installationOptions' $results = Invoke-MgGraphRequest -Method GET -Uri $url return $results } @@ -1231,7 +1230,7 @@ function Update-M365DSCOrgSettingsInstallationOptions try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/microsoft365Apps/installationOptions' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/microsoft365Apps/installationOptions' Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null } catch @@ -1258,7 +1257,7 @@ function Get-M365DSCOrgSettingsForms try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/forms/settings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/forms/settings' $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop return $results } @@ -1283,7 +1282,7 @@ function Update-M365DSCOrgSettingsForms try { Write-Verbose -Message 'Updating Forms Settings' - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/forms/settings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/forms/settings' Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null } catch @@ -1305,7 +1304,7 @@ function Get-M365DSCOrgSettingsDynamicsCustomerVoice try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/dynamics/customerVoice' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/dynamics/customerVoice' $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop return $results } @@ -1329,7 +1328,7 @@ function Update-M365DSCOrgSettingsDynamicsCustomerVoice try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/dynamics/customerVoice' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/dynamics/customerVoice' Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null } catch @@ -1351,7 +1350,7 @@ function Get-M365DSCOrgSettingsAppsAndServices try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/appsAndServices/settings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/appsAndServices/settings' $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop return $results } @@ -1375,7 +1374,7 @@ function Update-M365DSCOrgSettingsAppsAndServices try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/appsAndServices/settings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/appsAndServices/settings' Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null } catch @@ -1396,7 +1395,7 @@ function Get-M365DSCOrgSettingsToDo try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/todo/settings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/todo/settings' $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop return $results } @@ -1420,7 +1419,7 @@ function Update-M365DSCOrgSettingsToDo try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/todo/settings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/todo/settings' Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null } catch @@ -1443,7 +1442,7 @@ function Get-M365DSCOrgSettingsAdminCenterReport try { - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/reportSettings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/reportSettings' $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop return $results } @@ -1464,9 +1463,9 @@ function Update-M365DSCOrgSettingsAdminCenterReport $DisplayConcealedNames ) $VerbosePreference = 'SilentlyContinue' - $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/reportSettings' + $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/reportSettings' $body = @{ - '@odata.context' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/$metadata#admin/reportSettings/$entity' + '@odata.context' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/$metadata#admin/reportSettings/$entity' displayConcealedNames = $DisplayConcealedNames } Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $body | Out-Null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 index 6854e56b39..e496148206 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 @@ -78,7 +78,7 @@ function Get-TargetResource try { - $environment = Get-AdminPowerAppEnvironment -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName } + $environment = Get-AdminPowerAppEnvironment -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -match $DisplayName } if ($null -eq $environment) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 index 7581137a90..a4cd0a15e6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 @@ -492,7 +492,7 @@ function Set-TargetResource Write-Verbose -Message "Updating Task with:`r`n$JSONDetails" # Need to continue to rely on Invoke-MgGraphRequest Invoke-MgGraphRequest -Method PATCH ` - -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/planner/tasks/$taskId" ` + -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/planner/tasks/$taskId" ` -Headers $Headers ` -Body $JSONDetails @@ -504,7 +504,7 @@ function Set-TargetResource $JSONDetails = (ConvertTo-Json $details) Write-Verbose -Message "Updating Task's details with:`r`n$JSONDetails" Invoke-MgGraphRequest -Method PATCH ` - -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/planner/tasks/$taskId/details" ` + -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/planner/tasks/$taskId/details" ` -Headers $Headers ` -Body $JSONDetails @@ -940,7 +940,7 @@ function Get-M365DSCPlannerTasksFromPlan $Credential ) $results = @() - $uri = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/planner/plans/$PlanId/tasks" + $uri = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/planner/plans/$PlanId/tasks" $taskResponse = Invoke-MSCloudLoginMicrosoftGraphAPI -Credential $Credential ` -Uri $uri ` -Method Get diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 index ae9cc174be..cdc32fb589 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 @@ -212,7 +212,7 @@ function Get-TargetResource 'AllowSelectSecurityGroupsInSPSitesList') $response = Invoke-PnPSPRestMethod -Method Get ` - -Url "$($Global:MSCloudLoginConnectionProfile.PnP.AdminUrl)/_api/SPO.Tenant?`$select=$($parametersToRetrieve -join ',')" + -Url "$((Get-MSCloudLoginConnectionProfile -Workload PnP).AdminUrl)/_api/SPO.Tenant?`$select=$($parametersToRetrieve -join ',')" return @{ @@ -536,7 +536,7 @@ function Set-TargetResource { Write-Verbose -Message 'Updating properties via REST PATCH call.' Invoke-PnPSPRestMethod -Method PATCH ` - -Url "$($Global:MSCloudLoginConnectionProfile.PnP.AdminUrl)/_api/SPO.Tenant" ` + -Url "$((Get-MSCloudLoginConnectionProfile -Workload PnP).AdminUrl)/_api/SPO.Tenant" ` -Content $paramsToUpdate } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 index f2ae6eaa49..325e64db5d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 @@ -368,7 +368,7 @@ function Set-TargetResource Write-Verbose -Message "Params: $($CurrentParameters | Out-String)" $additionalProperties = @{ - 'teamsApp@odata.bind' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/appCatalogs/teamsApps/$TeamsApp" + 'teamsApp@odata.bind' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/appCatalogs/teamsApps/$TeamsApp" } $CurrentParameters.Add('AdditionalProperties', $additionalProperties) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 index 13b7e219ae..e739efbf41 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 @@ -443,7 +443,7 @@ function Set-TargetResource Write-Verbose -Message "Retrieving Group Owner {$currentOwner}" $ownerUser = Get-MgUser -Search $currentOwner -ConsistencyLevel eventual - $ownerOdataID = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/directoryObjects/$($ownerUser.Id)" + $ownerOdataID = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/directoryObjects/$($ownerUser.Id)" Write-Verbose -Message "Adding Owner {$($ownerUser.Id)} to Group {$($group.Id)}" try diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index e6dd487257..815cde6893 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -122,7 +122,7 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.1.28" + RequiredVersion = "1.1.29" }, @{ ModuleName = 'PnP.PowerShell' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 similarity index 91% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 index a5095ed687..8394456533 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 @@ -22,7 +22,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" { AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; ApplicationId = $ApplicationId; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 similarity index 91% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 index c3fe6117bf..0652e3612d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 @@ -21,7 +21,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" { AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; ApplicationId = $ApplicationId; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 similarity index 91% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 index 6bc56f61c7..f4ce34adac 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 @@ -21,7 +21,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" { AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; ApplicationId = $ApplicationId; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 new file mode 100644 index 0000000000..bc5b78f2b0 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 @@ -0,0 +1,76 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + alwaysOn = $False; + authenticationMethod = "azureAD"; + connectionName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName"; + connectionType = "microsoftProtect"; + Description = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + customData = @( + MSFT_CustomData{ + key = 'fakeCustomData' + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + } + ); + customKeyValueData = @( + MSFT_customKeyValueData{ + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + name = 'fakeCustomKeyValueData' + } + ); + microsoftTunnelSiteId = "12345678-1234-abcd-1234-12345678ABCD"; + proxyExclusionList = @(); + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 8080 + automaticConfigurationScriptUrl = 'fakestringvalue' + address = 'fake-proxy-adress.com' + } + ); + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'fakestringvalue' + address = 'fake.server.com:8080' + } + ); + targetedMobileApps = @( + MSFT_targetedMobileApps{ + name = 'fakestringvalue' + publisher = 'Fake Corporation' + appId = 'com.fake.emmx' + } + ); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 new file mode 100644 index 0000000000..ad62d13621 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 @@ -0,0 +1,76 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + alwaysOn = $False; + authenticationMethod = "azureAD"; + connectionName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName"; + connectionType = "microsoftProtect"; + Description = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + customData = @( + MSFT_CustomData{ + key = 'fakeCustomData' + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + } + ); + customKeyValueData = @( + MSFT_customKeyValueData{ + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + name = 'fakeCustomKeyValueData' + } + ); + microsoftTunnelSiteId = "12345678-1234-abcd-1234-12345678ABCD"; + proxyExclusionList = @(); + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 8080 + automaticConfigurationScriptUrl = '' + address = 'fake-proxy-adress.com' + } + ); + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'fakestringvalue' + address = 'fake.NEWserver.com:8080' #CHANGED VALUE + } + ); + targetedMobileApps = @( + MSFT_targetedMobileApps{ + name = 'fakestringvalue' + publisher = 'Fake Corporation' + appId = 'com.fake.emmx' + } + ); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/3-Remove.ps1 new file mode 100644 index 0000000000..0760ff8be4 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + DisplayName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1 new file mode 100644 index 0000000000..4bc3f9b8da --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1 @@ -0,0 +1,47 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName"; + connectionType = "ciscoAnyConnect"; + Description = "IntuneVPNConfigurationPolicyAndroidEnterprise Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1 new file mode 100644 index 0000000000..2e221f6fe3 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1 @@ -0,0 +1,47 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName"; + connectionType = "ciscoAnyConnect"; + Description = "IntuneVPNConfigurationPolicyAndroidEnterprise Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.newAddress.com' #updated VPN address + } + ); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/3-Remove.ps1 new file mode 100644 index 0000000000..d9f0f34fc5 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 272d12703e..ae8e5158c3 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-12-04 +# Generated on: 2024-12-11 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.1204.1' + ModuleVersion = '1.24.1211.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -147,44 +147,24 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* All resources - * Applying project default formatting on all files, to improve - reading and troubleshooting. -* AADAccessReviewDefinition - * Added support for #microsoft.graph.accessReviewInactiveUsersQueryScope in odatatype. -* AADActivityBasedTimeoutPolicy - * Added support for AccessTokens. -* AADClaimsMappingPolicy + ReleaseNotes = '* AADApplication + * Changed logic to remove all permissions when an empty array is specified. + FIXES [#5534](https://github.com/microsoft/Microsoft365DSC/issues/5534) +* AADFeatureRolloutPolicy * Fixed policy retrieval - FIXES [#5505](https://github.com/microsoft/Microsoft365DSC/issues/5505) -* AADIdentityAPIConnector - * Changed the export logic to export passwords as credential objects instead of string. -* AADRoleManagementPolicyRule - * Added the logic to handle filters in the Export logic flow. -* EXOAuthenticationPolicyAssignment - * Added $confirm flag to the Set-TargetResource function for PowerShell 7 compatibility. -* EXOClientAccessRule - * Added $confirm flag to the Set-TargetResource function for PowerShell 7 compatibility. -* EXOManagementRoleAssignment - * Changed logic to detect drift. -* EXOServicePrincipal - * Removed ObjectID from the return of the Get-TargetResource method. -* EXOTeamsProtectionPolicy - * Initial release - FIXES [#5296](https://github.com/microsoft/Microsoft365DSC/issues/5296) -* EXOTransportRule - * Fixed conditional logic for creation and update. -* IntuneTrustedRootCertificateIOS - * Initial release -* IntuneVPNConfigurationPolicyIOS - * Initial release. -* M365DSCRuleEvaluation - * Only attempt to pass AccessTokens if specified. -* SPORetentionLabelsSettings - * Initial release. + FIXES [#5521](https://github.com/microsoft/Microsoft365DSC/issues/5521) +* IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile + * Fixing issue with the way the QrCodeImage property was exported and handled. +* IntuneFirewallPolicyWindows10 + * Fix export of properties that appear multiple times in subsections. +* M365DSCDRGUtil + * Improve settings catalog handling for nested objects. +* M365DSCResourceGenerator + * Fixes an issue with nested object creation. * MISC - * M365DSCDRGUtil - * Add separate check for strings with ordinal comparison and standardized line breaks.' + * Migrate `MSCloudLoginAssistant` authentication context access to cmdlets. +* DEPENDENCIES + * Updated MSCloudLoginAssistant to version 1.1.29.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index d7b2a9be5a..9ed3c0922c 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -831,7 +831,11 @@ function Convert-M365DSCDRGComplexTypeToHashtable [Parameter()] [switch] - $SingleLevel + $SingleLevel, + + [Parameter()] + [switch] + $ExcludeUnchangedProperties ) if ($null -eq $ComplexObject) @@ -854,6 +858,24 @@ function Convert-M365DSCDRGComplexTypeToHashtable #However, an array can be preserved on return by prepending it with the array construction operator (,) return , [hashtable[]]$results } + + if ($SingleLevel) + { + $returnObject = @{} + $keys = $ComplexObject.CimInstanceProperties | Where-Object -FilterScript { $_.Name -ne 'PSComputerName' } + foreach ($key in $keys) + { + if ($ExcludeUnchangedProperties -and -not $key.IsValueModified) + { + continue + } + $propertyName = $key.Name[0].ToString().ToLower() + $key.Name.Substring(1, $key.Name.Length - 1) + $propertyValue = $ComplexObject.$($key.Name) + $returnObject.Add($propertyName, $propertyValue) + } + return [hashtable]$returnObject + } + $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject if ($null -ne $hashComplexObject) @@ -1656,8 +1678,8 @@ function Get-IntuneSettingCatalogPolicySetting $userSettingTemplates = $SettingTemplates | Where-object -FilterScript { $_.SettingInstanceTemplate.SettingDefinitionId.StartsWith("user_") } - $deviceDscParams = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $DSCParams.DeviceSettings -SingleLevel - $userDscParams = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $DSCParams.UserSettings -SingleLevel + $deviceDscParams = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $DSCParams.DeviceSettings -SingleLevel -ExcludeUnchangedProperties + $userDscParams = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $DSCParams.UserSettings -SingleLevel -ExcludeUnchangedProperties $combinedSettingInstances = @() $combinedSettingInstances += Get-IntuneSettingCatalogPolicySetting -DSCParams $deviceDscParams -SettingTemplates $deviceSettingTemplates $combinedSettingInstances += Get-IntuneSettingCatalogPolicySetting -DSCParams $userDscParams -SettingTemplates $userSettingTemplates @@ -1692,8 +1714,8 @@ function Get-IntuneSettingCatalogPolicySetting } $settingValueName = $settingType.Replace('#microsoft.graph.deviceManagementConfiguration', '').Replace('Instance', 'Value') $settingValueName = $settingValueName.Substring(0, 1).ToLower() + $settingValueName.Substring(1, $settingValueName.length - 1 ) - $settingValueType = $settingInstanceTemplate.AdditionalProperties."$($settingValueName)Template".'@odata.type' - if ($null -ne $settingValueType) + [string]$settingValueType = $settingInstanceTemplate.AdditionalProperties."$($settingValueName)Template".'@odata.type' + if (-not [System.String]::IsNullOrEmpty($settingValueType)) { $settingValueType = $settingValueType.Replace('ValueTemplate', 'Value') } @@ -1838,7 +1860,7 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue $DSCParams = @{ $cimDSCParamsName = if ($instanceCount -eq 1) { $newDSCParams.$cimDSCParamsName[0] } else { $newDSCParams.$cimDSCParamsName } } - $AllSettingDefinitions = $groupSettingCollectionDefinitionChildren + $AllSettingDefinitions = $groupSettingCollectionDefinitionChildren + $SettingDefinition } for ($i = 0; $i -lt $instanceCount; $i++) @@ -2525,7 +2547,7 @@ function Update-IntuneDeviceConfigurationPolicy try { - $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/configurationPolicies/$DeviceConfigurationPolicyId" + $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/configurationPolicies/$DeviceConfigurationPolicyId" $policy = @{ 'name' = $Name diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index 7258cda1bd..1ecbbefb85 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -554,6 +554,105 @@ function New-M365DSCConfigurationToExcel $excel.Quit() } +<# +.Description +This function creates a new CSV file from the specified exported configuration + +.Functionality +Internal, Hidden +#> +function New-M365DSCConfigurationToCSV +{ + [CmdletBinding()] + param + ( + [Parameter()] + [Array] + $ParsedContent, + + [Parameter(Mandatory = $true)] + [System.String] + $OutputPath, + + [Parameter()] + [System.String] + $Delimiter = ',' + ) + + $modelRow = @{'Component Name'=$null; Property=$null; Value = $null} + $row = 0 + $csvOutput = @() + + foreach ($resource in $parsedContent) + { + $newRow = $modelRow.Clone() + if ($row -gt 0) + { + Write-Verbose -Message "add separator-line in CSV-file between resources" + $newRow.'Component Name' = '======================' + $csvOutput += [pscustomobject]$newRow + $row++ + } + $beginRow = $row + foreach ($property in $resource.Keys) + { + $newRow = $modelRow.Clone() + if ($property -ne 'ResourceName' -and $property -ne 'Credential') + { + $newRow.'Component Name' = $resource.ResourceName + $newRow.Property = $property + try + { + if ([System.String]::IsNullOrEmpty($resource.$property)) + { + $newRow.Value = "`$Null" + } + else + { + if ($resource.$property.GetType().Name -eq 'Object[]') + { + $value = $resource.$property | Out-String + $newRow.Value = $value + } + else + { + $value = ($resource.$property).ToString().Replace('$', '') + $value = $value.Replace('@', '') + $value = $value.Replace('(', '') + $value = $value.Replace(')', '') + $newRow.Value = $value + } + } + } + catch + { + New-M365DSCLogEntry -Message 'Error during conversion to CSV:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } + + if ($property -in @('Identity', 'Name', 'IsSingleInstance', 'DisplayName')) + { + $OriginPropertyName = $csvOutput[$beginRow].Property + $OriginPropertyValue = $csvOutput[$beginRow].Value + $CurrentPropertyName = $newRow.Property + $CurrentPropertyValue = $newRow.Value + + $csvOutput[$beginRow].Property = $CurrentPropertyName + $csvOutput[$beginRow].Value = $CurrentPropertyValue + $newRow.Property = $OriginPropertyName + $newRow.Value = $OriginPropertyValue + } + $csvOutput += [pscustomobject]$newRow + $row++ + } + } + } + $csvOutput | Export-Csv -Path $OutputPath -Encoding UTF8 -Delimiter $Delimiter -NoTypeInformation +} + <# .Description This function creates a report from the specified exported configuration, @@ -586,7 +685,7 @@ function New-M365DSCReportFromConfiguration param ( [Parameter(Mandatory = $true)] - [ValidateSet('Excel', 'HTML', 'JSON', 'Markdown')] + [ValidateSet('Excel', 'HTML', 'JSON', 'Markdown', 'CSV')] [System.String] $Type, @@ -598,51 +697,81 @@ function New-M365DSCReportFromConfiguration [System.String] $OutputPath ) + DynamicParam # parameter 'Delimiter' is only available when Type = 'CSV' + { + $paramDictionary = [System.Management.Automation.RuntimeDefinedParameterDictionary]::new() + if ($Type -eq 'CSV') + { + $delimiterAttr = [System.Management.Automation.ParameterAttribute]::New() + $delimiterAttr.Mandatory = $false + $attributeCollection = [System.Collections.ObjectModel.Collection[System.Attribute]]::New() + $attributeCollection.Add($delimiterAttr) + $delimiterParam = [System.Management.Automation.RuntimeDefinedParameter]::New("Delimiter", [System.String], $attributeCollection) + $delimiterParam.Value = ';' # default value, comma makes a mess when importing a CSV-file in Excel + $paramDictionary.Add("Delimiter", $delimiterParam) + } + return $paramDictionary + } - # Validate that the latest version of the module is installed. - Test-M365DSCModuleValidity - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $data = [System.Collections.Generic.Dictionary[[String], [String]]]::new() - $data.Add('Event', 'Report') - $data.Add('Type', $Type) - Add-M365DSCTelemetryEvent -Data $data -Type 'NewReport' - #endregion - - [Array] $parsedContent = Initialize-M365DSCReporting -ConfigurationPath $ConfigurationPath - - if ($null -ne $parsedContent) + begin { - switch ($Type) + if ($PSBoundParameters.ContainsKey('Delimiter')) { - 'Excel' - { - New-M365DSCConfigurationToExcel -ParsedContent $parsedContent -OutputPath $OutputPath - } - 'HTML' - { - $template = Get-Item $ConfigurationPath - $templateName = $Template.Name.Split('.')[0] - New-M365DSCConfigurationToHTML -ParsedContent $parsedContent -OutputPath $OutputPath -TemplateName $templateName - } - 'JSON' - { - New-M365DSCConfigurationToJSON -ParsedContent $parsedContent -OutputPath $OutputPath - } - 'Markdown' - { - $template = Get-Item $ConfigurationPath - $templateName = $Template.Name.Split('.')[0] - New-M365DSCConfigurationToMarkdown -ParsedContent $parsedContent -OutputPath $OutputPath -TemplateName $templateName - } + $Delimiter = $PSBoundParameters.Delimiter } } - else + process # required with DynamicParam { - Write-Warning -Message "Parsed content was null. No report was generated." + + # Validate that the latest version of the module is installed. + Test-M365DSCModuleValidity + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $data = [System.Collections.Generic.Dictionary[[String], [String]]]::new() + $data.Add('Event', 'Report') + $data.Add('Type', $Type) + Add-M365DSCTelemetryEvent -Data $data -Type 'NewReport' + #endregion + + [Array] $parsedContent = Initialize-M365DSCReporting -ConfigurationPath $ConfigurationPath + + if ($null -ne $parsedContent) + { + switch ($Type) + { + 'Excel' + { + New-M365DSCConfigurationToExcel -ParsedContent $parsedContent -OutputPath $OutputPath + } + 'HTML' + { + $template = Get-Item $ConfigurationPath + $templateName = $Template.Name.Split('.')[0] + New-M365DSCConfigurationToHTML -ParsedContent $parsedContent -OutputPath $OutputPath -TemplateName $templateName + } + 'JSON' + { + New-M365DSCConfigurationToJSON -ParsedContent $parsedContent -OutputPath $OutputPath + } + 'Markdown' + { + $template = Get-Item $ConfigurationPath + $templateName = $Template.Name.Split('.')[0] + New-M365DSCConfigurationToMarkdown -ParsedContent $parsedContent -OutputPath $OutputPath -TemplateName $templateName + } + 'CSV' + { + New-M365DSCConfigurationToCSV -ParsedContent $parsedContent -OutputPath $OutputPath -Delimiter $Delimiter + } + } + } + else + { + Write-Warning -Message "Parsed content was null. No report was generated." + } } } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 index cd9fb23c62..a99991adbe 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 @@ -118,7 +118,7 @@ function Add-M365DSCTelemetryEvent } $Script:M365DSCCurrentRoles = @() - $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/me?$select=id' + $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/me?$select=id' $currentUser = Invoke-MgGraphRequest -Uri $uri -Method GET $currentUserId = $currentUser.id diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index e6f62bf958..c5e20e3cfb 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -1437,7 +1437,7 @@ function Export-M365DSCConfiguration try { Disconnect-MgGraph -ErrorAction Stop | Out-Null - $global:MsCloudLoginConnectionProfile.MicrosoftGraph.Connected = $false + Reset-MSCloudLoginConnectionProfileContext } catch { diff --git a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1 b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1 index 92375e9444..864993c93d 100644 --- a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1 +++ b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1 @@ -21,7 +21,7 @@ function Invoke-M365DSCAzureDevOPSWebRequest ) $headers = @{ - Authorization = $global:MsCloudLoginConnectionProfile.AzureDevOPS.AccessToken + Authorization = (Get-MSCloudLoginConnectionProfile -Workload AzureDevOPS).AccessToken 'Content-Type' = $ContentType } diff --git a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCDefenderHelper.psm1 b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCDefenderHelper.psm1 index ebbec02b6e..df62ffcf32 100644 --- a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCDefenderHelper.psm1 +++ b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCDefenderHelper.psm1 @@ -18,7 +18,7 @@ function Invoke-M365DSCDefenderREST $bodyJSON = ConvertTo-Json $Body -Depth 10 -Compress $headers = @{ - Authorization = $Global:MSCloudLoginConnectionProfile.DefenderForEndpoint.AccessToken + Authorization = (Get-MSCloudLoginConnectionProfile -Workload DefenderForEndpoint).AccessToken "Content-Type" = "application/json" } $response = Invoke-WebRequest -Method $Method ` diff --git a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 index ca390ae10c..a7b8bbae4a 100644 --- a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 +++ b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 @@ -17,7 +17,7 @@ function Invoke-M365DSCFabricWebRequest ) $headers = @{ - Authorization = $global:MsCloudLoginConnectionProfile.Fabric.AccessToken + Authorization = (Get-MSCloudLoginConnectionProfile -Workload Fabric).AccessToken } $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers -Body $Body diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index eb7af2d696..a4fdffd024 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -40221,100 +40221,110 @@ ] }, { - "ClassName": "MSFT_IntuneDeviceManagementComplianceSettings", + "ClassName": "MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage", "Parameters": [ { "CIMType": "String", - "Name": "IsSingleInstance", - "Option": "Key" + "Name": "type", + "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "SecureByDefault", + "CIMType": "UInt32[]", + "Name": "value", "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile", + "Parameters": [ + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" }, { - "CIMType": "UInt32", - "Name": "DeviceComplianceCheckinThresholdDays", + "CIMType": "String", + "Name": "Id", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "Credential", + "CIMType": "String", + "Name": "AccountId", "Option": "Write" }, { "CIMType": "String", - "Name": "ApplicationId", + "Name": "Description", "Option": "Write" }, { "CIMType": "String", - "Name": "TenantId", + "Name": "TokenValue", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", + "CIMType": "String", + "Name": "TokenCreationDateTime", "Option": "Write" }, { "CIMType": "String", - "Name": "CertificateThumbprint", + "Name": "TokenExpirationDateTime", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ManagedIdentity", + "CIMType": "UInt32", + "Name": "EnrolledDeviceCount", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "AccessTokens", + "CIMType": "UInt32", + "Name": "EnrollmentTokenUsageCount", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay", - "Parameters": [ + }, { "CIMType": "String", - "Name": "Id", - "Option": "Key" + "Name": "QrCodeContent", + "Option": "Write" }, { - "CIMType": "String", - "Name": "BindStatus", + "CIMType": "MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage", + "Name": "QrCodeImage", "Option": "Write" }, { - "CIMType": "String", - "Name": "OwnerUserPrincipalName", + "CIMType": "String[]", + "Name": "RoleScopeTagIds", "Option": "Write" }, { - "CIMType": "String", - "Name": "OwnerOrganizationName", + "CIMType": "Boolean", + "Name": "ConfigureWifi", "Option": "Write" }, { "CIMType": "String", - "Name": "EnrollmentTarget", + "Name": "WifiSsid", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "WifiPassword", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "DeviceOwnerManagementEnabled", + "Name": "WifiHidden", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "AndroidDeviceOwnerFullyManagedEnrollmentEnabled", + "Name": "IsTeamsDeviceProfile", "Option": "Write" }, { - "CIMType": "String", + "CIMType": "string", "Name": "Ensure", "Option": "Write" }, @@ -40338,11 +40348,6 @@ "Name": "CertificateThumbprint", "Option": "Write" }, - { - "CIMType": "MSFT_Credential", - "Name": "ApplicationSecret", - "Option": "Write" - }, { "CIMType": "Boolean", "Name": "ManagedIdentity", @@ -40356,110 +40361,100 @@ ] }, { - "ClassName": "MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfileQRImage", + "ClassName": "MSFT_IntuneDeviceManagementComplianceSettings", "Parameters": [ { "CIMType": "String", - "Name": "type", - "Option": "Write" + "Name": "IsSingleInstance", + "Option": "Key" }, { - "CIMType": "String", - "Name": "value", + "CIMType": "Boolean", + "Name": "SecureByDefault", "Option": "Write" - } - ] - }, - { - "ClassName": "MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile", - "Parameters": [ - { - "CIMType": "String", - "Name": "DisplayName", - "Option": "Key" }, { - "CIMType": "String", - "Name": "Id", + "CIMType": "UInt32", + "Name": "DeviceComplianceCheckinThresholdDays", "Option": "Write" }, { - "CIMType": "String", - "Name": "AccountId", + "CIMType": "MSFT_Credential", + "Name": "Credential", "Option": "Write" }, { "CIMType": "String", - "Name": "Description", + "Name": "ApplicationId", "Option": "Write" }, { "CIMType": "String", - "Name": "TokenValue", + "Name": "TenantId", "Option": "Write" }, { - "CIMType": "String", - "Name": "TokenCreationDateTime", + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", "Option": "Write" }, { "CIMType": "String", - "Name": "TokenExpirationDateTime", + "Name": "CertificateThumbprint", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "EnrolledDeviceCount", + "CIMType": "Boolean", + "Name": "ManagedIdentity", "Option": "Write" }, { - "CIMType": "UInt32", - "Name": "EnrollmentTokenUsageCount", + "CIMType": "String[]", + "Name": "AccessTokens", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay", + "Parameters": [ { "CIMType": "String", - "Name": "QrCodeContent", - "Option": "Write" + "Name": "Id", + "Option": "Key" }, { "CIMType": "String", - "Name": "QrCodeImage", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "RoleScopeTagIds", + "Name": "BindStatus", "Option": "Write" }, { - "CIMType": "Boolean", - "Name": "ConfigureWifi", + "CIMType": "String", + "Name": "OwnerUserPrincipalName", "Option": "Write" }, { "CIMType": "String", - "Name": "WifiSsid", + "Name": "OwnerOrganizationName", "Option": "Write" }, { - "CIMType": "MSFT_Credential", - "Name": "WifiPassword", + "CIMType": "String", + "Name": "EnrollmentTarget", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "WifiHidden", + "Name": "DeviceOwnerManagementEnabled", "Option": "Write" }, { "CIMType": "Boolean", - "Name": "IsTeamsDeviceProfile", + "Name": "AndroidDeviceOwnerFullyManagedEnrollmentEnabled", "Option": "Write" }, { - "CIMType": "string", + "CIMType": "String", "Name": "Ensure", "Option": "Write" }, @@ -40483,6 +40478,11 @@ "Name": "CertificateThumbprint", "Option": "Write" }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, { "CIMType": "Boolean", "Name": "ManagedIdentity", @@ -47491,126 +47491,406 @@ ] }, { - "ClassName": "MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule", + "ClassName": "MSFT_MicrosoftvpnProxyServer", "Parameters": [ { - "CIMType": "String[]", - "Name": "ssids", + "CIMType": "String", + "Name": "automaticConfigurationScriptUrl", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "dnsSearchDomains", + "CIMType": "String", + "Name": "address", "Option": "Write" }, { - "CIMType": "String", - "Name": "probeUrl", + "CIMType": "uint32", + "Name": "port", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_targetedMobileApps", + "Parameters": [ { "CIMType": "String", - "Name": "action", + "Name": "name", "Option": "Write" }, { "CIMType": "String", - "Name": "domainAction", + "Name": "publisher", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "domains", + "CIMType": "String", + "Name": "appStoreUrl", "Option": "Write" }, { "CIMType": "String", - "Name": "probeRequiredUrl", + "Name": "appId", "Option": "Write" - }, + } + ] + }, + { + "ClassName": "MSFT_CustomData", + "Parameters": [ { "CIMType": "String", - "Name": "interfaceTypeMatch", + "Name": "key", "Option": "Write" }, { - "CIMType": "String[]", - "Name": "dnsServerAddressMatch", + "CIMType": "String", + "Name": "value", "Option": "Write" } ] }, { - "ClassName": "MSFT_MicrosoftvpnProxyServer", + "ClassName": "MSFT_customKeyValueData", "Parameters": [ { "CIMType": "String", - "Name": "automaticConfigurationScriptUrl", + "Name": "name", "Option": "Write" }, { "CIMType": "String", - "Name": "address", - "Option": "Write" - }, - { - "CIMType": "uint32", - "Name": "port", + "Name": "value", "Option": "Write" } ] }, { - "ClassName": "MSFT_targetedMobileApps", + "ClassName": "MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner", "Parameters": [ { "CIMType": "String", - "Name": "name", + "Name": "Id", "Option": "Write" }, { "CIMType": "String", - "Name": "publisher", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", "Option": "Write" }, { "CIMType": "String", - "Name": "appStoreUrl", + "Name": "authenticationMethod", "Option": "Write" }, { "CIMType": "String", - "Name": "appId", + "Name": "connectionName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "role", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "realm", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphvpnServer[]", + "Name": "servers", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "connectionType", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftvpnProxyServer[]", + "Name": "proxyServer", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "targetedPackageIds", + "Option": "Write" + }, + { + "CIMType": "MSFT_targetedMobileApps[]", + "Name": "targetedMobileApps", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "alwaysOn", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "alwaysOnLockdown", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "microsoftTunnelSiteId", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "proxyExclusionList", + "Option": "Write" + }, + { + "CIMType": "MSFT_customData[]", + "Name": "customData", + "Option": "Write" + }, + { + "CIMType": "MSFT_customKeyValueData[]", + "Name": "customKeyValueData", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", "Option": "Write" } ] }, { - "ClassName": "MSFT_CustomData", + "ClassName": "MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise", "Parameters": [ { "CIMType": "String", - "Name": "key", + "Name": "Id", "Option": "Write" }, { "CIMType": "String", - "Name": "value", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "authenticationMethod", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "connectionName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "role", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "realm", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphvpnServer[]", + "Name": "servers", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "connectionType", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftvpnProxyServer[]", + "Name": "proxyServer", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "targetedPackageIds", + "Option": "Write" + }, + { + "CIMType": "MSFT_targetedMobileApps[]", + "Name": "targetedMobileApps", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "alwaysOn", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "alwaysOnLockdown", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "microsoftTunnelSiteId", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "proxyExclusionList", + "Option": "Write" + }, + { + "CIMType": "MSFT_customData[]", + "Name": "customData", + "Option": "Write" + }, + { + "CIMType": "MSFT_customKeyValueData[]", + "Name": "customKeyValueData", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", "Option": "Write" } ] }, { - "ClassName": "MSFT_customKeyValueData", + "ClassName": "MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule", "Parameters": [ + { + "CIMType": "String[]", + "Name": "ssids", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "dnsSearchDomains", + "Option": "Write" + }, { "CIMType": "String", - "Name": "name", + "Name": "probeUrl", "Option": "Write" }, { "CIMType": "String", - "Name": "value", + "Name": "action", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "domainAction", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "domains", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "probeRequiredUrl", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "interfaceTypeMatch", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "dnsServerAddressMatch", "Option": "Write" } ] diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index c23fd156db..f89162869b 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -388,42 +388,7 @@ $($userDefinitionSettings.MOF -join "`r`n") { $parameter -match '\$.*$' $parameterName = $Matches[0].Replace('$', '') - $parameterType = 'IntuneSettingsCatalog' + $parameterName + $(if ($parameterName -in @('DeviceSettings', 'UserSettings')) { "_$ResourceName" }) - $cimInstance = $definitionSettings.MOFInstance | Where-Object -FilterScript { $_ -like "*$parameterType`n*" -or $_ -like "*$parameterType`r`n*" } - $rowFilter = '\[.*;' - $cimRows = [regex]::Matches($cimInstance, $rowFilter) | Foreach-Object { - $_.Value - } - $cimPropertyNamequery = '[a-zA-Z0-9_]+[\[\]]*;' - $cimProperties = @() - foreach ($row in $cimRows) - { - $cimProperties += [regex]::Matches($row, $cimPropertyNamequery) | Foreach-Object { - $props = @{ - Name = $_.Value.Replace('[', '').Replace(']', '').Replace(';', '') - IsArray = $_.Value.Contains('[]') - IsComplexType = $row.Contains('EmbeddedInstance') - } - if ($props.IsComplexType) - { - Write-Warning -Message "Attention: No automatic complex type conversion is available for the property $($props.Name) in $parameterName. Please implement the conversion manually." - $props.Type = $row.Split(' ')[2].Replace('EmbeddedInstance("', '').Replace('")]', '') - } - $props - } - } - $parameterInformation += @{ - Name = $parameterName - IsComplexType = $true - IsMandatory = $false - IsArray = $parameter -match '\[.*\[\]\]' - Type = $parameterType - Properties = $cimProperties - } - - Write-Warning -Message "* Do not forget to replace the value `$getValue.$parameterName with `$policySettings.$parameterName in Get-TargetResource, remove it using `$policySettings.Remove('$parameterName')` and update the description in the MOF template. " - Write-Warning -Message "* Make sure to remove the duplicate entry of '$parameterName' in the MOF template." - Write-Warning -Message "* Check all CimInstanceNames in the `$complexTypeMapping in Export-TargetResource because they are not generated correctly." + $parameterInformation += Get-ComplexParameter -Parameter $parameterName -CimInstance $definitionSettings.MOFInstance -ResourceName $ResourceName } Write-Warning -Message "* Update all occurences of 'Name' from parameters to 'DisplayName', since security and settings catalog policies use 'Name' internally, but the DSC resource uses 'DisplayName' for clarity." @@ -1375,6 +1340,77 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments } } +function Get-ComplexParameter { + param ( + [Parameter(Mandatory = $true)] + [System.String] + $Parameter, + + [Parameter(Mandatory = $true)] + [System.String] + $CimInstance, + + [Parameter(Mandatory = $true)] + [System.String] + $ResourceName + ) + + $parameterType = 'IntuneSettingsCatalog' + $Parameter + $(if ($Parameter -in @('DeviceSettings', 'UserSettings')) { "_$ResourceName" }) + $filteredCimInstance = $CimInstance | Where-Object -FilterScript { $_ -like "*$parameterType`n*" -or $_ -like "*$parameterType`r`n*" } + $splittedCimInstance = $filteredCimInstance.Split("`n") + $rowFilter = '\[.*;' + $startRow = for ($i = 0; $i -lt $splittedCimInstance.Count; $i++) { + if ($splittedCimInstance[$i] -like "*$parameterType*") + { + $i + break + } + } + $endRow = for ($i = $startRow; $i -lt $splittedCimInstance.Count; $i++) { + if ($splittedCimInstance[$i] -like "*};*") + { + $i + break + } + } + + $cimInstanceOfInterest = $splittedCimInstance[$startRow..$endRow] + $cimRows = [regex]::Matches($cimInstanceOfInterest -join "`n", $rowFilter) | Foreach-Object { + $_.Value + } + $cimPropertyNamequery = '[a-zA-Z0-9_]+[\[\]]*;' + $cimProperties = @() + foreach ($row in $cimRows) + { + $cimProperties += [regex]::Matches($row, $cimPropertyNamequery) | Foreach-Object { + $props = @{ + Name = $_.Value.Replace('[', '').Replace(']', '').Replace(';', '') + IsArray = $_.Value.Contains('[]') + IsComplexType = $row.Contains('EmbeddedInstance') + } + if ($props.IsComplexType) + { + Write-Warning -Message "Attention: No automatic complex type conversion is available for the property $($props.Name) in $parameterName. Please implement the conversion manually." + $props.Type = $row.Split(', ')[2].Replace('EmbeddedInstance("', '').Split(' ')[0].Replace('")]', '') + $props.Properties = (Get-ComplexParameter -Parameter $props.Name -CimInstance $CimInstance -ResourceName $ResourceName).Properties + } + $props + } + } + @{ + Name = $parameterName + IsComplexType = $true + IsMandatory = $false + IsArray = $parameter -match '\[.*\[\]\]' + Type = $parameterType + Properties = $cimProperties + } + + Write-Warning -Message "* Do not forget to replace the value `$getValue.$parameterName with `$policySettings.$parameterName in Get-TargetResource, remove it using `$policySettings.Remove('$parameterName')` and update the description in the MOF template. " + Write-Warning -Message "* Make sure to remove the duplicate entry of '$parameterName' in the MOF template." + Write-Warning -Message "* Check all CimInstanceNames in the `$complexTypeMapping in Export-TargetResource because they are not generated correctly." +} + function Get-MgGraphModuleCmdLetDifference { $modules = Get-Module -Name Microsoft.Graph.* -ListAvailable | Sort-Object -Property Name, Version | Out-GridView -PassThru @@ -3933,8 +3969,8 @@ function New-SettingsCatalogSettingDefinitionSettingsFromTemplate { } $instanceName = "MSFT_MicrosoftGraphIntuneSettingsCatalog" - if (($Level -gt 1 -and $type -like "GroupCollection*" -and $childSettings.Count -gt 1) -or - ($Level -eq 1 -and $type -like "GroupCollection*" -and $childSettings.Count -ge 1 -and $childSettings.AdditionalProperties.'@odata.type' -notcontains "#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition")) + if (($Level -gt 1 -and $type -like "GroupCollection*" -and $childSettings.Count -gt 1) -or + ($Level -eq 1 -and $type -eq "GroupCollectionCollection" -and $childSettings.Count -ge 1 -and $childSettings.AdditionalProperties.'@odata.type' -notcontains "#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition")) { $instanceName = $ParentInstanceName + $settingName } diff --git a/ResourceGenerator/UnitTest.Template.ps1 b/ResourceGenerator/UnitTest.Template.ps1 index 456efa2ffb..5547276186 100644 --- a/ResourceGenerator/UnitTest.Template.ps1 +++ b/ResourceGenerator/UnitTest.Template.ps1 @@ -27,6 +27,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + + Mock -CommandName Reset-MSCloudLoginConnectionProfileContext -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 index b5e98a4478..d2945db555 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -2411,7 +2411,7 @@ TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; } - IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile 'IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile' + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile 'IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile' { AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; ApplicationId = $ApplicationId; @@ -3179,6 +3179,77 @@ TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; } + IntuneVPNConfigurationPolicyAndroidDeviceOwner 'IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example' + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + alwaysOn = $False; + authenticationMethod = "azureAD"; + connectionName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName"; + connectionType = "microsoftProtect"; + Description = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + customData = @( + MSFT_CustomData{ + key = 'fakeCustomData' + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + } + ); + customKeyValueData = @( + MSFT_customKeyValueData{ + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + name = 'fakeCustomKeyValueData' + } + ); + microsoftTunnelSiteId = "12345678-1234-abcd-1234-12345678ABCD"; + proxyExclusionList = @(); + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 8080 + automaticConfigurationScriptUrl = 'fakestringvalue' + address = 'fake-proxy-adress.com' + } + ); + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'fakestringvalue' + address = 'fake.server.com:8080' + } + ); + targetedMobileApps = @( + MSFT_targetedMobileApps{ + name = 'fakestringvalue' + publisher = 'Fake Corporation' + appId = 'com.fake.emmx' + } + ); + } + IntuneVPNConfigurationPolicyAndroidEnterprise 'IntuneVPNConfigurationPolicyAndroidEnterprise-Example' + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName"; + connectionType = "ciscoAnyConnect"; + Description = "IntuneVPNConfigurationPolicyAndroidEnterprise Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ); + } IntuneVPNConfigurationPolicyIOS 'IntuneVPNConfigurationPolicyIOS-Example' { ApplicationId = $ApplicationId; diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdminConsentRequestPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdminConsentRequestPolicy.Tests.ps1 index 0e517729de..8c913408a9 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdminConsentRequestPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdminConsentRequestPolicy.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 index f9b56e9ab3..0c35485867 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Add-M365DSCTelemetryEvent -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Confirm-M365DSCDependencies -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 index 2a713b43f4..d27befe1a4 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 @@ -26,6 +26,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyExternal.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyExternal.Tests.ps1 index ec4f10ace8..fa4d32cc54 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyExternal.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyExternal.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationRequirement.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationRequirement.Tests.ps1 index 04b2234a09..b98bb26460 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationRequirement.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationRequirement.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1 index 78a0fa3010..44e159540e 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1 @@ -26,7 +26,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { } Mock -CommandName New-M365DSCConnection -MockWith { diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADDeviceRegistrationPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADDeviceRegistrationPolicy.Tests.ps1 index 5a438157f0..03e9998394 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADDeviceRegistrationPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADDeviceRegistrationPolicy.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Update-MgBetaDirectoryAttributeSet -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEnrichedAuditLogs.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEnrichedAuditLogs.Tests.ps1 index 403ed9873f..8d094fce83 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEnrichedAuditLogs.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEnrichedAuditLogs.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } @@ -85,7 +88,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential; } } - + It 'Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1 index 92dfca03b2..7ee2a2a695 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 index b0ec9d4a0a..fa55f1cbe5 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Update-MgBetaEntitlementManagementConnectedOrganization -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFederationConfiguration.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFederationConfiguration.Tests.ps1 index 63a52ce0d5..b972d800e9 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFederationConfiguration.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFederationConfiguration.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 index 06e568b265..44561e63a6 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityB2XUserFlow.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityB2XUserFlow.Tests.ps1 index b0dd2cbd56..97b4a3f657 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityB2XUserFlow.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityB2XUserFlow.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityProtectionPolicySettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityProtectionPolicySettings.Tests.ps1 index 0b1586f83f..86e9d1d5e6 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityProtectionPolicySettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityProtectionPolicySettings.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNamedLocationPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNamedLocationPolicy.Tests.ps1 index dbd6467749..dec1193386 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNamedLocationPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNamedLocationPolicy.Tests.ps1 @@ -26,6 +26,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNetworkAccessForwardingPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNetworkAccessForwardingPolicy.Tests.ps1 index 45562b9072..8c17890f68 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNetworkAccessForwardingPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNetworkAccessForwardingPolicy.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOnPremisesPublishingProfilesSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOnPremisesPublishingProfilesSettings.Tests.ps1 index a8552503e0..1734dd8b93 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOnPremisesPublishingProfilesSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOnPremisesPublishingProfilesSettings.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOrganizationCertificateBasedAuthConfiguration.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOrganizationCertificateBasedAuthConfiguration.Tests.ps1 index 0f0800c5a8..1cfbb6993a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOrganizationCertificateBasedAuthConfiguration.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOrganizationCertificateBasedAuthConfiguration.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRemoteNetwork.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRemoteNetwork.Tests.ps1 index 80f13f2dcd..5e88c9a116 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRemoteNetwork.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRemoteNetwork.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-MgBetaNetworkAccessConnectivityRemoteNetwork -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 index b2f735572e..d603524a7d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 @@ -23,10 +23,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@contoso.com', $secpasswd) - Mock -CommandName Get-PSSession -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Remove-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1 index 95be94a0da..0c01f44993 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } @@ -75,7 +78,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } It 'Should Create the id from the Set method' { - Set-TargetResource @testParams + Set-TargetResource @testParams Should -Invoke -CommandName Invoke-M365DSCVerifiedIdWebRequest -Exactly 2 } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1 index 4fc725b180..6e058fd01b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } @@ -62,7 +65,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } -ClientOnly) attestations = (New-CimInstance -ClassName MSFT_AADVerifiedIdAuthorityContractAttestations -Property @{ required = $True - } -ClientOnly) + } -ClientOnly) } -ClientOnly) Ensure = 'Present' @@ -92,7 +95,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } } - default { + default { return @{ value = @() } @@ -108,7 +111,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Test-TargetResource @testParams | Should -Be $false } It 'Should Create the id from the Set method' { - Set-TargetResource @testParams + Set-TargetResource @testParams Should -Invoke -CommandName Invoke-M365DSCVerifiedIdWebRequest -Exactly 4 } } @@ -195,7 +198,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } } - default { + default { return @{ value = @( @{ @@ -416,7 +419,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } } - default { + default { return @{ value = @( @{ @@ -628,7 +631,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } } - default { + default { return @{ value = @( @{ @@ -799,7 +802,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } } - default { + default { return @{ value = @( @{ diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureVerifiedIdFaceCheck.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureVerifiedIdFaceCheck.Tests.ps1 index cde4d69eaf..6453346a50 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureVerifiedIdFaceCheck.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureVerifiedIdFaceCheck.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 index fc8ba8aec7..bd265e2b50 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 @@ -29,6 +29,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Save-M365DSCPartialExport -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + + Mock -CommandName Reset-MSCloudLoginConnectionProfileContext -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1 index da1e78d7ae..6fa2cd7b08 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "ServicePrincipalWithThumbprint" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneASRRulesPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneASRRulesPolicyWindows10.Tests.ps1 index 524bbbe878..9a325b1f44 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneASRRulesPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneASRRulesPolicyWindows10.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Save-M365DSCPartialExport -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 index db536619f4..2f60f5a80c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 index 7b0a983390..f9816cfe26 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } @@ -55,7 +58,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { @{ id = '3eacc231-d77b-4efb-bb5f-310f68bd6198' DisplayName = 'MyExcludedGroup' - }, + }, @{ id = '6ee86c9f-2b3c-471d-ad38-ff4673ed723e' DisplayName = 'MyAssignedGroup' diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppleMDMPushNotificationCertificate.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppleMDMPushNotificationCertificate.Tests.ps1 index ed85027560..df50dddc7f 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppleMDMPushNotificationCertificate.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppleMDMPushNotificationCertificate.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCleanupRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCleanupRule.Tests.ps1 index e276673109..285a396bab 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCleanupRule.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCleanupRule.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 index 1bdab9fafa..280beac665 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.Tests.ps1 index 7af27e93c3..18255505f7 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1 index f93421bccd..9961c061bd 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 index 4aa84407d2..671e217fe8 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 @@ -26,6 +26,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith {} + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {} + Mock -CommandName Get-PSSession -MockWith {} Mock -CommandName Remove-PSSession -MockWith {} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.Tests.ps1 similarity index 100% rename from Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.Tests.ps1 rename to Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.Tests.ps1 diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1 index d074c4be78..74821ea2f9 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementEnrollmentAndroidGooglePlay.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementEnrollmentAndroidGooglePlay.Tests.ps1 index 3b34d8d51e..5560d09194 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementEnrollmentAndroidGooglePlay.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementEnrollmentAndroidGooglePlay.Tests.ps1 @@ -18,6 +18,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith {} + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {} Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" } Mock -CommandName Get-MgBetaDeviceManagementAndroidManagedStoreAccountEnterpriseSetting -MockWith {} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionMacOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionMacOS.Tests.ps1 index 83a37dd25a..c199828d14 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionMacOS.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionMacOS.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 index 9dae7098d7..f4455f536b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 @@ -279,6 +279,150 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) } + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicyTemplateSettingTemplate -MockWith { + return @( + @{ + SettingDefinitions = @( + @{ + Id = 'vendor_msft_firewall_mdmstore_global_disablestatefulftp' + Name = 'DisableStatefulFtp' + OffsetUri = '/MdmStore/Global/DisableStatefulFtp' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + } + } + ) + }, + @{ + SettingDefinitions = @( + @{ + Id = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall' + Name = 'EnableFirewall' + OffsetUri = '/MdmStore/DomainProfile/EnableFirewall' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_domainprofile_logfilepath' + Name = 'LogFilePath' + OffsetUri = '/MdmStore/DomainProfile/LogFilePath' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall_true' + parentSettingId = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall' + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_publicprofile_enablefirewall' + Name = 'EnableFirewall' + OffsetUri = '/MdmStore/PublicProfile/EnableFirewall' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_publicprofile_logfilepath' + Name = 'LogFilePath' + OffsetUri = '/MdmStore/PublicProfile/LogFilePath' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_publicprofile_enablefirewall_true' + parentSettingId = 'vendor_msft_firewall_mdmstore_publicprofile_enablefirewall' + } + ) + } + } + ) + }, + @{ + SettingDefinitions = @( + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_domainprofile_enablefirewall' + Name = 'EnableFirewall' + OffsetUri = '/MdmStore/HyperVVMSettings/{0}/DomainProfile/EnableFirewall' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + # Only option used in the tests is defined here + @{ + name = 'Enable Firewall' + itemId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_domainprofile_enablefirewall_true' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl' + parentSettingId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + } + ) + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_publicprofile_enablefirewall' + Name = 'EnableFirewall' + OffsetUri = '/MdmStore/HyperVVMSettings/{0}/PublicProfile/EnableFirewall' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + # Only option used in the tests is defined here + @{ + name = 'Enable Firewall' + itemId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_publicprofile_enablefirewall_true' + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl' + parentSettingId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + } + ) + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + Name = 'Target' + OffsetUri = '/MdmStore/HyperVVMSettings/{0}/Target' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + @{ + dependentOn = @( + @{ + dependentOn = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}' + parentSettingId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}' + } + ) + name = 'WSL' + itemId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl' + } + ) + } + }, + @{ + Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}' + Name = '{VMCreatorId}' + OffsetUri = '/MdmStore/HyperVVMSettings/{0}' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition' + childIds = @( + 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target' + ) + maximumCount = 1 + minimumCount = 0 + } + } + ) + } + ) + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsMacOSLobApp.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsMacOSLobApp.Tests.ps1 index 0e5552d5fd..9661d9fa2a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsMacOSLobApp.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsMacOSLobApp.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsWindowsOfficeSuiteApp.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsWindowsOfficeSuiteApp.Tests.ps1 index ff169134f0..f1054f03ec 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsWindowsOfficeSuiteApp.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsWindowsOfficeSuiteApp.Tests.ps1 @@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1 index c6742bc497..4ceff9776a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneRoleAssignment.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneRoleAssignment.Tests.ps1 index 9dbc8a713c..c4c962dc2d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneRoleAssignment.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneRoleAssignment.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 index d8b2b14c14..f3b3350c30 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Get-PSSession -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidDeviceOwner.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidDeviceOwner.Tests.ps1 new file mode 100644 index 0000000000..e9fbe0e949 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidDeviceOwner.Tests.ps1 @@ -0,0 +1,477 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'IntuneVPNConfigurationPolicyAndroidDeviceOwner' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith { + + return @() + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name "When the IntuneVPNConfigurationPolicyAndroidDeviceOwner doesn't already exist" -Fixture { + BeforeAll { + $testParams = @{ + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + + It 'Should return absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the IntuneVPNConfigurationPolicyAndroidDeviceOwner from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgBetaDeviceManagementDeviceConfiguration' -Exactly 1 + } + } + + Context -Name 'When the IntuneVPNConfigurationPolicyAndroidDeviceOwner already exists and is NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + Id = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + Id = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidDeviceOwnerVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + customData = @( + @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + customKeyValueData = @( + @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.CHANGED.com' #changed value + } + ) + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + targetedMobileApps = @( + @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } + ) + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' #-Displayname 'FakeStringValue').Ensure | Should -Be 'Present' # + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should update the IntuneVPNConfigurationPolicyAndroidDeviceOwner from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + + } + } + + Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidDeviceOwnerVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + customData = @( + @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + customKeyValueData = @( + @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + targetedMobileApps = @( + @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } + ) + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidDeviceOwnerVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the IntuneVPNConfigurationPolicyAndroidDeviceOwner from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidDeviceOwnerVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + } + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope \ No newline at end of file diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidEnterprise.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidEnterprise.Tests.ps1 new file mode 100644 index 0000000000..6248661dbb --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidEnterprise.Tests.ps1 @@ -0,0 +1,477 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'IntuneVPNConfigurationPolicyAndroidEnterprise' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith { + + return @() + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name "When the IntuneVPNConfigurationPolicyAndroidEnterprise doesn't already exist" -Fixture { + BeforeAll { + $testParams = @{ + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + Description = 'FakeStringValue' + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return $null + } + } + + It 'Should return absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the IntuneVPNConfigurationPolicyAndroidEnterprise from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgBetaDeviceManagementDeviceConfiguration' -Exactly 1 + } + } + + Context -Name 'When the IntuneVPNConfigurationPolicyAndroidEnterprise already exists and is NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + Id = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + Id = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + customData = @( + @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + customKeyValueData = @( + @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.CHANGED.com' #changed value + } + ) + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + targetedMobileApps = @( + @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } + ) + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' #-Displayname 'FakeStringValue').Ensure | Should -Be 'Present' # + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should update the IntuneVPNConfigurationPolicyAndroidEnterprise from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + + } + } + + Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + customData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + customKeyValueData = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_CustomData ` + -Property @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } -ClientOnly) + ) + targetedMobileApps = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_targetedMobileApps ` + -Property @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } -ClientOnly) + ) + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + customData = @( + @{ + key = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + customKeyValueData = @( + @{ + name = 'FakeStringValue' + value = 'FakeStringValue' + } + ) + targetedMobileApps = @( + @{ + name = 'FakeStringValue' + publisher = 'FakeStringValue' + appStoreUrl = 'FakeStringValue' + appId = 'FakeStringValue' + } + ) + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftvpnProxyServer ` + -Property @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } -ClientOnly) + ) + servers = [CimInstance[]]@( + (New-CimInstance ` + -ClassName MSFT_MicrosoftGraphvpnServer ` + -Property @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } -ClientOnly) + ) + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the IntuneVPNConfigurationPolicyAndroidEnterprise from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Description = 'FakeStringValue' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.androidVpnConfiguration' + authenticationMethod = 'usernameAndPassword' + connectionName = 'FakeStringValue' + connectionType = 'ciscoAnyConnect' + proxyServer = @( + @{ + port = 80 + automaticConfigurationScriptUrl = 'https://www.test.com' + address = 'proxy.test.com' + } + ) + servers = @( + @{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ) + } + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope \ No newline at end of file diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365Group.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365Group.Tests.ps1 index 689076b986..f82ac6aa03 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365Group.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365Group.Tests.ps1 @@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 index be6cb38e38..36439be509 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 @@ -28,6 +28,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + + Mock -CommandName Reset-MSCloudLoginConnectionProfileContext -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.PlannerTask.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.PlannerTask.Tests.ps1 index ff88c6593e..fe372d8589 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.PlannerTask.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.PlannerTask.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Save-M365DSCPartialExport -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName Connect-Graph -MockWith { } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1 index de2f686924..c87fdb9bfd 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1 @@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Confirm-M365DSCDependencies -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsChannelTab.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsChannelTab.Tests.ps1 index d301eb29ba..c15f4eaca2 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsChannelTab.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsChannelTab.Tests.ps1 @@ -30,6 +30,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Save-M365DSCPartialExport -MockWith { } + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } + Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1 index d14b7cb764..bb298c8291 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1 @@ -27,6 +27,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { $Global:PartialExportFileName = 'c:\TestPath' + Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith { + } Mock -CommandName Save-M365DSCPartialExport -MockWith { } diff --git a/Tests/Unit/Stubs/Generic.psm1 b/Tests/Unit/Stubs/Generic.psm1 index 6ad5a76fa7..eedf2c58dd 100644 --- a/Tests/Unit/Stubs/Generic.psm1 +++ b/Tests/Unit/Stubs/Generic.psm1 @@ -1273,3 +1273,20 @@ function Disable-EOPProtectionPolicyRule $Identity ) } + + +#region MSCloudLoginAssistant +function Get-MSCloudLoginConnectionProfile{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $Workload + ) +} + +function Reset-MSCloudLoginConnectionProfileContext +{ +} +#endregion diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index 7ae62a90b4..4f8feade39 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -105148,3 +105148,294 @@ function Update-MgBetaDeviceManagementRoleScopeTagAssignment #endregion +#region MgDeviceManagementDeviceConfigurationAssignment +function Get-MgDeviceManagementDeviceConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $DeviceConfigurationAssignmentId, + + [Parameter()] + [System.String] + $DeviceConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String[]] + $ExpandProperty, + + [Parameter()] + [System.String[]] + $Property, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Search, + + [Parameter()] + [System.Int32] + $Skip, + + [Parameter()] + [System.String[]] + $Sort, + + [Parameter()] + [System.Int32] + $Top, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Int32] + $PageSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $All, + + [Parameter()] + [System.String] + $CountVariable + ) +} + +function New-MgDeviceManagementDeviceConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $DeviceConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Collections.Hashtable] + $Target, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Remove-MgDeviceManagementDeviceConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $DeviceConfigurationAssignmentId, + + [Parameter()] + [System.String] + $DeviceConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PassThru, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +function Update-MgDeviceManagementDeviceConfigurationAssignment +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $DeviceConfigurationAssignmentId, + + [Parameter()] + [System.String] + $DeviceConfigurationId, + + [Parameter()] + [PSObject] + $InputObject, + + [Parameter()] + [PSObject] + $BodyParameter, + + [Parameter()] + [System.String] + $ResponseHeadersVariable, + + [Parameter()] + [System.Collections.Hashtable] + $AdditionalProperties, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.Collections.Hashtable] + $Target, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Break, + + [Parameter()] + [System.Collections.IDictionary] + $Headers, + + [Parameter()] + [PSObject[]] + $HttpPipelineAppend, + + [Parameter()] + [PSObject[]] + $HttpPipelinePrepend, + + [Parameter()] + [System.Uri] + $Proxy, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ProxyCredential, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ProxyUseDefaultCredentials, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm + ) +} + +#endregion + diff --git a/docs/docs/resources/intune/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.md b/docs/docs/resources/intune/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.md new file mode 100644 index 0000000000..7b3ad2b526 --- /dev/null +++ b/docs/docs/resources/intune/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.md @@ -0,0 +1,223 @@ +# IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Key | String | Display name for the enrollment profile. | | +| **Id** | Write | String | Unique GUID for the enrollment profile. Read-Only. | | +| **AccountId** | Write | String | Intune AccountId GUID the enrollment profile belongs to. | | +| **Description** | Write | String | Description for the enrollment profile. | | +| **EnrollmentMode** | Write | String | The enrollment mode of devices that use this enrollment profile. | `corporateOwnedDedicatedDevice`, `corporateOwnedFullyManaged`, `corporateOwnedWorkProfile`, `corporateOwnedAOSPUserlessDevice`, `corporateOwnedAOSPUserAssociatedDevice` | +| **EnrollmentTokenType** | Write | String | The enrollment token type for an enrollment profile. | `default`, `corporateOwnedDedicatedDeviceWithAzureADSharedMode`, `deviceStaging` | +| **TokenValue** | Write | String | Value of the most recently created token for this enrollment profile. | | +| **TokenCreationDateTime** | Write | String | Date time the most recently created token was created. | | +| **TokenExpirationDateTime** | Write | String | Date time the most recently created token will expire. | | +| **EnrolledDeviceCount** | Write | UInt32 | Total number of Android devices that have enrolled using this enrollment profile. | | +| **EnrollmentTokenUsageCount** | Write | UInt32 | Total number of AOSP devices that have enrolled using the current token. Valid values 0 to 20000 | | +| **QrCodeContent** | Write | String | String used to generate a QR code for the token. | | +| **QrCodeImage** | Write | MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage | String used to generate a QR code for the token. | | +| **RoleScopeTagIds** | Write | StringArray[] | List of Scope Tags for this Entity instance. | | +| **ConfigureWifi** | Write | Boolean | Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default. | | +| **WifiSsid** | Write | String | String that contains the wi-fi login ssid | | +| **WifiPassword** | Write | PSCredential | String that contains the wi-fi login password. The parameter is a PSCredential object. | | +| **WifiSecurityType** | Write | String | String that contains the wi-fi security type. | `none`, `wpa`, `wep` | +| **WifiHidden** | Write | Boolean | Boolean that indicates if hidden wifi networks are enabled | | +| **IsTeamsDeviceProfile** | Write | Boolean | Boolean indicating if this profile is an Android AOSP for Teams device profile. | | +| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the workload's Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **type** | Write | String | Indicates the content mime type. | | +| **value** | Write | UInt32Array[] | The byte array that contains the actual content. | | + +## Description + +Enrollment Profile used to enroll Android Enterprise devices using Google's Cloud Management. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + { + AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + ConfigureWifi = $True; + Description = "This is my enrollment profile"; + DisplayName = "MyTestEnrollmentProfile"; + EnrolledDeviceCount = 0; + EnrollmentMode = "corporateOwnedDedicatedDevice"; + EnrollmentTokenType = "default"; + EnrollmentTokenUsageCount = 0; + Ensure = "Present"; + IsTeamsDeviceProfile = $False; + RoleScopeTagIds = @("0"); + TenantId = $TenantId; + TokenCreationDateTime = "10/26/2024 1:02:29 AM"; + TokenExpirationDateTime = "10/31/2024 3:59:59 AM"; + WifiHidden = $False; + WifiSecurityType = "none"; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + { + AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + ConfigureWifi = $True; + Description = "This is my enrollment profile"; + DisplayName = "MyTestEnrollmentProfile"; + EnrolledDeviceCount = 0; + EnrollmentMode = "corporateOwnedDedicatedDevice"; + EnrollmentTokenType = "default"; + EnrollmentTokenUsageCount = 0; + Ensure = "Present"; + IsTeamsDeviceProfile = $False; + RoleScopeTagIds = @("0"); + TenantId = $TenantId; + TokenCreationDateTime = "10/26/2024 1:02:29 AM"; + TokenExpirationDateTime = "10/31/2024 3:59:59 AM"; + WifiHidden = $True; #Drift + WifiSecurityType = "none"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + { + AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; + ApplicationId = $ApplicationId; + CertificateThumbprint = $CertificateThumbprint; + ConfigureWifi = $True; + Description = "This is my enrollment profile"; + DisplayName = "MyTestEnrollmentProfile"; + EnrolledDeviceCount = 0; + EnrollmentMode = "corporateOwnedDedicatedDevice"; + EnrollmentTokenType = "default"; + EnrollmentTokenUsageCount = 0; + Ensure = "Absent"; + IsTeamsDeviceProfile = $False; + RoleScopeTagIds = @("0"); + TenantId = $TenantId; + TokenCreationDateTime = "10/26/2024 1:02:29 AM"; + TokenExpirationDateTime = "10/31/2024 3:59:59 AM"; + WifiHidden = $False; + WifiSecurityType = "none"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.md b/docs/docs/resources/intune/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.md index 5418d04e0f..e5bbfaa8ad 100644 --- a/docs/docs/resources/intune/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.md +++ b/docs/docs/resources/intune/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.md @@ -1,4 +1,4 @@ -# IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile +# IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile ## Parameters @@ -32,7 +32,7 @@ | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | | **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | -### MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfileQRImage +### MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage #### Parameters @@ -97,8 +97,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost - { - IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + {"IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" { AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; ApplicationId = $ApplicationId; @@ -147,7 +146,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC node localhost { - IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" { AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; ApplicationId = $ApplicationId; @@ -195,8 +194,7 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC node localhost - { - IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" + {"IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile" { AccountId = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e"; ApplicationId = $ApplicationId; diff --git a/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidDeviceOwner.md b/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidDeviceOwner.md new file mode 100644 index 0000000000..64f3069235 --- /dev/null +++ b/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidDeviceOwner.md @@ -0,0 +1,324 @@ +# IntuneVPNConfigurationPolicyAndroidDeviceOwner + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Id** | Write | String | Id of the Intune policy. | | +| **DisplayName** | Key | String | Display name of the Intune policy. | | +| **Description** | Write | String | Description of the Intune policy. | | +| **authenticationMethod** | Write | String | Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. | `certificate`, `usernameAndPassword`, `sharedSecret`, `derivedCredential`, `azureAD` | +| **connectionName** | Write | String | Connection name displayed to the user. | | +| **role** | Write | String | Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration. | | +| **realm** | Write | String | Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration. | | +| **servers** | Write | MSFT_MicrosoftGraphvpnServer[] | VPN Server on the network. Make sure end users can access this network location. | | +| **connectionType** | Write | String | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect. | `ciscoAnyConnect`, `pulseSecure`, `f5EdgeClient`, `dellSonicWallMobileConnect`, `checkPointCapsuleVpn`, `citrix`, `microsoftTunnel`, `netMotionMobility`, `microsoftProtect` | +| **proxyServer** | Write | MSFT_MicrosoftvpnProxyServer[] | Proxy Server. | | +| **targetedPackageIds** | Write | StringArray[] | Targeted App package IDs. | | +| **targetedMobileApps** | Write | MSFT_targetedMobileApps[] | Targeted mobile apps. This collection can contain a maximum of 500 elements. | | +| **alwaysOn** | Write | Boolean | Whether or not to enable always-on VPN connection. | | +| **alwaysOnLockdown** | Write | Boolean | If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected. | | +| **microsoftTunnelSiteId** | Write | String | Microsoft Tunnel site ID. | | +| **proxyExclusionList** | Write | StringArray[] | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. | | +| **customData** | Write | MSFT_customData[] | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. | | +| **customKeyValueData** | Write | MSFT_customKeyValueData[] | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Intune Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + +### MSFT_MicrosoftGraphVpnServer + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **address** | Write | String | Address (IP address, FQDN or URL) | | +| **description** | Write | String | Description. | | +| **isDefaultServer** | Write | Boolean | Default server. | | + +### MSFT_MicrosoftvpnProxyServer + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **automaticConfigurationScriptUrl** | Write | String | Proxy's automatic configuration script url. | | +| **address** | Write | String | Address. | | +| **port** | Write | UInt32 | Port. Valid values 0 to 65535. | | + +### MSFT_targetedMobileApps + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **name** | Write | String | The application name. | | +| **publisher** | Write | String | The publisher of the application. | | +| **appStoreUrl** | Write | String | The Store URL of the application. | | +| **appId** | Write | String | The application or bundle identifier of the application. | | + +### MSFT_CustomData + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **key** | Write | String | Key for the custom data entry. | | +| **value** | Write | String | Value for the custom data entry. | | + +### MSFT_customKeyValueData + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **name** | Write | String | Name for the custom data entry. | | +| **value** | Write | String | Value for the custom data entry. | | + + +## Description + +This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + alwaysOn = $False; + authenticationMethod = "azureAD"; + connectionName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName"; + connectionType = "microsoftProtect"; + Description = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + customData = @( + MSFT_CustomData{ + key = 'fakeCustomData' + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + } + ); + customKeyValueData = @( + MSFT_customKeyValueData{ + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + name = 'fakeCustomKeyValueData' + } + ); + microsoftTunnelSiteId = "12345678-1234-abcd-1234-12345678ABCD"; + proxyExclusionList = @(); + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 8080 + automaticConfigurationScriptUrl = 'fakestringvalue' + address = 'fake-proxy-adress.com' + } + ); + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'fakestringvalue' + address = 'fake.server.com:8080' + } + ); + targetedMobileApps = @( + MSFT_targetedMobileApps{ + name = 'fakestringvalue' + publisher = 'Fake Corporation' + appId = 'com.fake.emmx' + } + ); + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + alwaysOn = $False; + authenticationMethod = "azureAD"; + connectionName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName"; + connectionType = "microsoftProtect"; + Description = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + customData = @( + MSFT_CustomData{ + key = 'fakeCustomData' + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + } + ); + customKeyValueData = @( + MSFT_customKeyValueData{ + value = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]' + name = 'fakeCustomKeyValueData' + } + ); + microsoftTunnelSiteId = "12345678-1234-abcd-1234-12345678ABCD"; + proxyExclusionList = @(); + proxyServer = @( + MSFT_MicrosoftvpnProxyServer{ + port = 8080 + automaticConfigurationScriptUrl = '' + address = 'fake-proxy-adress.com' + } + ); + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'fakestringvalue' + address = 'fake.NEWserver.com:8080' #CHANGED VALUE + } + ); + targetedMobileApps = @( + MSFT_targetedMobileApps{ + name = 'fakestringvalue' + publisher = 'Fake Corporation' + appId = 'com.fake.emmx' + } + ); + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + DisplayName = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidEnterprise.md b/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidEnterprise.md new file mode 100644 index 0000000000..b325f4cfdc --- /dev/null +++ b/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidEnterprise.md @@ -0,0 +1,266 @@ +# IntuneVPNConfigurationPolicyAndroidEnterprise + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Id** | Write | String | Id of the Intune policy. | | +| **DisplayName** | Key | String | Display name of the Intune policy. | | +| **Description** | Write | String | Description of the Intune policy. | | +| **authenticationMethod** | Write | String | Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. | `certificate`, `usernameAndPassword`, `sharedSecret`, `derivedCredential`, `azureAD` | +| **connectionName** | Write | String | Connection name displayed to the user. | | +| **role** | Write | String | Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration. | | +| **realm** | Write | String | Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration. | | +| **servers** | Write | MSFT_MicrosoftGraphvpnServer[] | VPN Server on the network. Make sure end users can access this network location. | | +| **connectionType** | Write | String | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect. | `ciscoAnyConnect`, `pulseSecure`, `f5EdgeClient`, `dellSonicWallMobileConnect`, `checkPointCapsuleVpn`, `citrix`, `microsoftTunnel`, `netMotionMobility`, `microsoftProtect` | +| **proxyServer** | Write | MSFT_MicrosoftvpnProxyServer[] | Proxy Server. | | +| **targetedPackageIds** | Write | StringArray[] | Targeted App package IDs. | | +| **targetedMobileApps** | Write | MSFT_targetedMobileApps[] | Targeted mobile apps. This collection can contain a maximum of 500 elements. | | +| **alwaysOn** | Write | Boolean | Whether or not to enable always-on VPN connection. | | +| **alwaysOnLockdown** | Write | Boolean | If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected. | | +| **microsoftTunnelSiteId** | Write | String | Microsoft Tunnel site ID. | | +| **proxyExclusionList** | Write | StringArray[] | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. | | +| **customData** | Write | MSFT_customData[] | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. | | +| **customKeyValueData** | Write | MSFT_customKeyValueData[] | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Intune Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + +### MSFT_MicrosoftGraphVpnServer + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **address** | Write | String | Address (IP address, FQDN or URL) | | +| **description** | Write | String | Description. | | +| **isDefaultServer** | Write | Boolean | Default server. | | + +### MSFT_MicrosoftvpnProxyServer + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **automaticConfigurationScriptUrl** | Write | String | Proxy's automatic configuration script url. | | +| **address** | Write | String | Address. | | +| **port** | Write | UInt32 | Port. Valid values 0 to 65535. | | + +### MSFT_targetedMobileApps + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **name** | Write | String | The application name. | | +| **publisher** | Write | String | The publisher of the application. | | +| **appStoreUrl** | Write | String | The Store URL of the application. | | +| **appId** | Write | String | The application or bundle identifier of the application. | | + +### MSFT_CustomData + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **key** | Write | String | Key for the custom data entry. | | +| **value** | Write | String | Value for the custom data entry. | | + +### MSFT_customKeyValueData + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **name** | Write | String | Name for the custom data entry. | | +| **value** | Write | String | Value for the custom data entry. | | + + +## Description + +This resource configures an Intune VPN Configuration Policy for Android Enterprise Devices. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - Group.Read.All, DeviceManagementConfiguration.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName"; + connectionType = "ciscoAnyConnect"; + Description = "IntuneVPNConfigurationPolicyAndroidEnterprise Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.test.com' + } + ); + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + Assignments = @(); + authenticationMethod = "usernameAndPassword"; + connectionName = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName"; + connectionType = "ciscoAnyConnect"; + Description = "IntuneVPNConfigurationPolicyAndroidEnterprise Description"; + DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; + Ensure = "Present"; + Id = "12345678-1234-abcd-1234-12345678ABCD"; + servers = @( + MSFT_MicrosoftGraphvpnServer{ + isDefaultServer = $True + description = 'server' + address = 'vpn.newAddress.com' #updated VPN address + } + ); + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example" + { + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + DisplayName = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/user-guide/cmdlets/New-M365DSCReportFromConfiguration.md b/docs/docs/user-guide/cmdlets/New-M365DSCReportFromConfiguration.md index 507fad21f2..5c67a55f34 100644 --- a/docs/docs/user-guide/cmdlets/New-M365DSCReportFromConfiguration.md +++ b/docs/docs/user-guide/cmdlets/New-M365DSCReportFromConfiguration.md @@ -13,7 +13,7 @@ This function does not generate any output. | Parameter | Required | DataType | Default Value | Allowed Values | Description | | --- | --- | --- | --- | --- | --- | -| Type | True | String | | Excel, HTML, JSON, Markdown | The type of report that should be created: Excel or HTML. | +| Type | True | String | | Excel, HTML, JSON, Markdown, CSV | The type of report that should be created: Excel or HTML. | | ConfigurationPath | True | String | | | The path to the exported DSC configuration that the report should be created for. | | OutputPath | True | String | | | The output path of the report. |