diff --git a/CHANGELOG.md b/CHANGELOG.md
index d8c8952a7b..67ee8001c0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,28 @@
 # Change log for Microsoft365DSC
 
+# UNRELEASED
+
+# 1.24.1211.1
+
+* AADApplication
+  * Changed logic to remove all permissions when an empty array is specified.
+    FIXES [#5534](https://github.com/microsoft/Microsoft365DSC/issues/5534)
+* AADFeatureRolloutPolicy
+  * Fixed policy retrieval
+    FIXES [#5521](https://github.com/microsoft/Microsoft365DSC/issues/5521)
+* IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile
+  * Fixing issue with the way the QrCodeImage property was exported and handled.
+* IntuneFirewallPolicyWindows10
+  * Fix export of properties that appear multiple times in subsections.
+* M365DSCDRGUtil
+  * Improve settings catalog handling for nested objects.
+* M365DSCResourceGenerator
+  * Fixes an issue with nested object creation.
+* MISC
+  * Migrate `MSCloudLoginAssistant` authentication context access to cmdlets.
+* DEPENDENCIES
+  * Updated MSCloudLoginAssistant to version 1.1.29.
+
 # 1.24.1204.1
 
 * All resources
@@ -29,8 +52,14 @@
     FIXES [#5296](https://github.com/microsoft/Microsoft365DSC/issues/5296)
 * EXOTransportRule
   * Fixed conditional logic for creation and update.
+* PPPowerAppsEnvironmant
+  * Fixed [[#5508](https://github.com/microsoft/Microsoft365DSC/issues/5508)]
 * IntuneTrustedRootCertificateIOS
   * Initial release
+* IntuneVPNConfigurationPolicyAndroidDeviceOwner
+  * Initial release
+* IntuneVPNConfigurationPolicyAndroidEnterprise
+  * Initial release
 * IntuneVPNConfigurationPolicyIOS
   * Initial release.
 * M365DSCRuleEvaluation
@@ -40,7 +69,8 @@
 * MISC
   * M365DSCDRGUtil
     * Add separate check for strings with ordinal comparison and standardized line breaks.
-
+  * M365DSCReport
+    * Add support for creating report in CSV-format
 
 # 1.24.1127.1
 
@@ -379,7 +409,7 @@
     selected
   * Fixed retrieval of resource when it cannot be found by `Id`
   * Added a few verbose messages
-* IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile
+* IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile
   * Initial release.
 * IntuneEndpointDetectionAndResponsePolicyWindows10
   * Fixes an issue with `AutoFromConnector` as the Configuration package type.
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1
index 3aa77cfbdb..f888d5f7ea 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdminConsentRequestPolicy/MSFT_AADAdminConsentRequestPolicy.psm1
@@ -272,7 +272,7 @@ function Set-TargetResource
 
     $updateJSON = ConvertTo-Json $updateParameters
     Write-Verbose -Message "Updating the Entra Id Admin Consent Request Policy with values: $updateJSON"
-    $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/adminConsentRequestPolicy'
+    $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/adminConsentRequestPolicy'
     Invoke-MgGraphRequest -Method 'PUT' `
         -Uri $Uri `
         -Body $updateJSON | Out-Null
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1
index 184a4d6c9c..104f0d3693 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1
@@ -188,7 +188,7 @@ function Get-TargetResource
                 foreach ($auMember in $auMembers)
                 {
                     $member = @{}
-                    $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auMember.Id)"
+                    $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryobjects/$($auMember.Id)"
                     $memberObject = Invoke-MgGraphRequest -Uri $url
                     if ($memberObject.'@odata.type' -match 'user')
                     {
@@ -233,7 +233,7 @@ function Get-TargetResource
                     }
                 }
                 Write-Verbose -Message "AU {$DisplayName} verify RoleMemberInfo.Id {$($auScopedRoleMember.RoleMemberInfo.Id)}"
-                $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)"
+                $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryobjects/$($auScopedRoleMember.RoleMemberInfo.Id)"
                 $memberObject = Invoke-MgGraphRequest -Uri $url
                 Write-Verbose -Message "AU {$DisplayName} @odata.Type={$($memberObject.'@odata.type')}"
                 if (($memberObject.'@odata.type') -match 'user')
@@ -563,7 +563,7 @@ function Set-TargetResource
             foreach ($member in $memberSpecification)
             {
                 Write-Verbose -Message "Adding new dynamic member {$($member.Id)}"
-                $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($member.Type)/$($member.Id)"
+                $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($member.Type)/$($member.Id)"
                 $memberBodyParam = @{
                     '@odata.id' = $url
                 }
@@ -657,7 +657,7 @@ function Set-TargetResource
                     {
                         Write-Verbose -Message "AdministrativeUnit {$DisplayName} Adding member {$($diff.Identity)}, type {$($diff.Type)}"
 
-                        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$memberType/$($memberObject.Id)"
+                        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$memberType/$($memberObject.Id)"
                         $memberBodyParam = @{
                             '@odata.id' = $url
                         }
@@ -789,7 +789,7 @@ function Set-TargetResource
         Write-Verbose -Message "Removing AU {$DisplayName}"
         # Workaround since Remove-MgBetaDirectoryAdministrativeUnit is not working with 2.11.1
         # https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/2529
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)"
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/administrativeUnits/$($currentInstance.Id)"
         Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null
         #Remove-MgBetaDirectoryAdministrativeUnit -AdministrativeUnitId $currentInstance.Id
     }
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1
index f60e307747..7e2297c501 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1
@@ -391,7 +391,7 @@ function Get-TargetResource
 
             try
             {
-                $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/applications/$($AADBetaApp.Id)/onPremisesPublishing"
+                $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/applications/$($AADBetaApp.Id)/onPremisesPublishing"
                 $oppInfo = Invoke-MgGraphRequest -Method GET `
                     -Uri $Uri `
                     -ErrorAction SilentlyContinue
@@ -931,7 +931,7 @@ function Set-TargetResource
                 {
                     $Type = 'directoryObjects'
                 }
-                $ObjectUri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/{0}/{1}' -f $Type, $diff.InputObject
+                $ObjectUri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/{0}/{1}' -f $Type, $diff.InputObject
                 $ownerObject = @{
                     '@odata.id' = $ObjectUri
                 }
@@ -975,72 +975,81 @@ function Set-TargetResource
         }
     }
 
-    if ($needToUpdatePermissions -and -not [System.String]::IsNullOrEmpty($Permissions) -and $Permissions.Length -gt 0)
+    if ($needToUpdatePermissions -and $null -ne $Permissions)
     {
         Write-Verbose -Message "Will update permissions for Azure AD Application {$($currentAADApp.DisplayName)}"
-        $allSourceAPIs = $Permissions.SourceAPI | Select-Object -Unique
-        $allRequiredAccess = @()
 
-        foreach ($sourceAPI in $allSourceAPIs)
+        if ($Permissions.Length -eq 0)
         {
-            Write-Verbose -Message "Adding permissions for API {$($sourceAPI)}"
-            $permissionsForcurrentAPI = $Permissions | Where-Object -FilterScript { $_.SourceAPI -eq $sourceAPI }
-            $apiPrincipal = Get-MgServicePrincipal -Filter "DisplayName eq '$($sourceAPI)'"
-            $currentAPIAccess = @{
-                ResourceAppId  = $apiPrincipal.AppId
-                ResourceAccess = @()
-            }
-            foreach ($permission in $permissionsForcurrentAPI)
+            Write-Verbose -Message "Desired set of permissions is empty, removing all permissions on the app."
+            $allRequiredAccess = @()
+        }
+        else
+            {
+            $allSourceAPIs = $Permissions.SourceAPI | Select-Object -Unique
+            $allRequiredAccess = @()
+
+            foreach ($sourceAPI in $allSourceAPIs)
             {
-                if ($permission.Type -eq 'Delegated')
+                Write-Verbose -Message "Adding permissions for API {$($sourceAPI)}"
+                $permissionsForcurrentAPI = $Permissions | Where-Object -FilterScript { $_.SourceAPI -eq $sourceAPI }
+                $apiPrincipal = Get-MgServicePrincipal -Filter "DisplayName eq '$($sourceAPI)'"
+                $currentAPIAccess = @{
+                    ResourceAppId  = $apiPrincipal.AppId
+                    ResourceAccess = @()
+                }
+                foreach ($permission in $permissionsForcurrentAPI)
                 {
-                    $scope = $apiPrincipal.Oauth2PermissionScopes | Where-Object -FilterScript { $_.Value -eq $permission.Name }
-                    $scopeId = $null
-                    if ($null -eq $scope)
+                    if ($permission.Type -eq 'Delegated')
                     {
-                        $ObjectGuid = [System.Guid]::empty
-                        if ([System.Guid]::TryParse($permission.Name, [System.Management.Automation.PSReference]$ObjectGuid))
+                        $scope = $apiPrincipal.Oauth2PermissionScopes | Where-Object -FilterScript { $_.Value -eq $permission.Name }
+                        $scopeId = $null
+                        if ($null -eq $scope)
                         {
-                            $scopeId = $permission.Name
+                            $ObjectGuid = [System.Guid]::empty
+                            if ([System.Guid]::TryParse($permission.Name, [System.Management.Automation.PSReference]$ObjectGuid))
+                            {
+                                $scopeId = $permission.Name
+                            }
                         }
-                    }
-                    else
-                    {
-                        $scopeId = $scope.Id
-                    }
-                    Write-Verbose -Message "Adding Delegated Permission {$($scopeId)}"
-                    $delPermission = @{
-                        Id   = $scopeId
-                        Type = 'Scope'
-                    }
-                    $currentAPIAccess.ResourceAccess += $delPermission
-                }
-                elseif ($permission.Type -eq 'AppOnly')
-                {
-                    $role = $apiPrincipal.AppRoles | Where-Object -FilterScript { $_.Value -eq $permission.Name }
-                    $roleId = $null
-                    if ($null -eq $role)
-                    {
-                        $ObjectGuid = [System.Guid]::empty
-                        if ([System.Guid]::TryParse($permission.Name, [System.Management.Automation.PSReference]$ObjectGuid))
+                        else
                         {
-                            $roleId = $permission.Name
+                            $scopeId = $scope.Id
                         }
+                        Write-Verbose -Message "Adding Delegated Permission {$($scopeId)}"
+                        $delPermission = @{
+                            Id   = $scopeId
+                            Type = 'Scope'
+                        }
+                        $currentAPIAccess.ResourceAccess += $delPermission
                     }
-                    else
+                    elseif ($permission.Type -eq 'AppOnly')
                     {
-                        $roleId = $role.Id
-                    }
-                    $appPermission = @{
-                        Id   = $roleId
-                        Type = 'Role'
+                        $role = $apiPrincipal.AppRoles | Where-Object -FilterScript { $_.Value -eq $permission.Name }
+                        $roleId = $null
+                        if ($null -eq $role)
+                        {
+                            $ObjectGuid = [System.Guid]::empty
+                            if ([System.Guid]::TryParse($permission.Name, [System.Management.Automation.PSReference]$ObjectGuid))
+                            {
+                                $roleId = $permission.Name
+                            }
+                        }
+                        else
+                        {
+                            $roleId = $role.Id
+                        }
+                        $appPermission = @{
+                            Id   = $roleId
+                            Type = 'Role'
+                        }
+                        $currentAPIAccess.ResourceAccess += $appPermission
                     }
-                    $currentAPIAccess.ResourceAccess += $appPermission
                 }
-            }
-            if ($null -ne $currentAPIAccess)
-            {
-                $allRequiredAccess += $currentAPIAccess
+                if ($null -ne $currentAPIAccess)
+                {
+                    $allRequiredAccess += $currentAPIAccess
+                }
             }
         }
 
@@ -1143,7 +1152,7 @@ function Set-TargetResource
         $onPremisesPayload = ConvertTo-Json $onPremisesPublishingValue -Depth 10 -Compress
         Write-Verbose -Message "Updating the OnPremisesPublishing settings for application {$($currentAADApp.DisplayName)} with payload: $onPremisesPayload"
 
-        $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/applications/$($currentAADApp.Id)/onPremisesPublishing"
+        $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/applications/$($currentAADApp.Id)/onPremisesPublishing"
         Invoke-MgGraphRequest -Method 'PATCH' `
             -Uri $Uri `
             -Body $onPremisesPayload
@@ -1298,9 +1307,15 @@ function Test-TargetResource
 
     $CurrentValues = Get-TargetResource @PSBoundParameters
 
-    if ($CurrentValues.Permissions.Length -gt 0 -and $null -ne $CurrentValues.Permissions.Name -and $Permissions.Name.Length -gt 0)
+    if ($CurrentValues.Permissions.Length -gt 0 -and `
+        $null -ne $CurrentValues.Permissions.Name)
     {
-        $permissionsDiff = Compare-Object -ReferenceObject ($CurrentValues.Permissions.Name) -DifferenceObject ($Permissions.Name)
+        $differenceObject = $Permissions.Name
+        if ($null -eq $differenceObject)
+        {
+            $differenceObject = @()
+        }
+        $permissionsDiff = Compare-Object -ReferenceObject ($CurrentValues.Permissions.Name) -DifferenceObject $differenceObject
         $driftedParams = @{}
         if ($null -ne $permissionsDiff)
         {
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyExternal/MSFT_AADAuthenticationMethodPolicyExternal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyExternal/MSFT_AADAuthenticationMethodPolicyExternal.psm1
index ecd65ce44b..e5412c6fed 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyExternal/MSFT_AADAuthenticationMethodPolicyExternal.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyExternal/MSFT_AADAuthenticationMethodPolicyExternal.psm1
@@ -96,7 +96,7 @@ function Get-TargetResource
             }
             else
             {
-                $response = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
+                $response = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
                 $getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName }
             }
         }
@@ -334,7 +334,7 @@ function Set-TargetResource
     {
         Write-Verbose -Message "Updating the Azure AD Authentication Method Policy External with name {$($currentInstance.displayName)}"
 
-        $response = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
+        $response = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
         $getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript { $_.displayName -eq $currentInstance.displayName }
 
         $params.Remove('displayName') | Out-Null
@@ -347,7 +347,7 @@ function Set-TargetResource
     {
         Write-Verbose -Message "Removing the Azure AD Authentication Method Policy External with Id {$($currentInstance.displayName)}"
 
-        $response = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
+        $response = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
         $getValue = $response.authenticationMethodConfigurations | Where-Object -FilterScript { $_.displayName -eq $currentInstance.displayName }
 
         Remove-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $getValue.Id
@@ -539,7 +539,7 @@ function Export-TargetResource
     {
         #region resource generator code
         $desiredType = '#microsoft.graph.externalAuthenticationMethodConfiguration'
-        $getPolicy = Invoke-MgGraphRequest -Method Get -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
+        $getPolicy = Invoke-MgGraphRequest -Method Get -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/authenticationMethodsPolicy/')
         $getValue = $getPolicy.AuthenticationMethodConfigurations | Where-Object -FilterScript { $_.'@odata.type' -eq $desiredType }
         #endregion
 
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1
index a858c0fc4d..bb76b820b1 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationRequirement/MSFT_AADAuthenticationRequirement.psm1
@@ -62,7 +62,7 @@ function Get-TargetResource
         $nullResult = $PSBoundParameters
 
         $getValue = $null
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements"
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements"
         $getValue = Invoke-MgGraphRequest -Method Get -Uri $url
 
         if ($null -eq $getValue)
@@ -155,7 +155,7 @@ function Set-TargetResource
     #endregion
 
     $currentInstance = Get-TargetResource @PSBoundParameters
-    $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements"
+    $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/users/$UserPrincipalName/authentication/requirements"
 
     $params = @{}
     if ($PerUserMfaState -eq 'enabled' -and $currentInstance.PerUserMfaState -eq 'disabled')
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1
index d7e0d55a4e..7f81b5de49 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1
@@ -1457,7 +1457,7 @@ function Set-TargetResource
         if ($currentParameters.ContainsKey('ServicePrincipalFilterMode') -and $currentParameters.ContainsKey('ServicePrincipalFilterRule'))
         {
             #check if the custom attribute exist.
-            $customattribute = Invoke-MgGraphRequest -Method GET -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/directory/customSecurityAttributeDefinitions')
+            $customattribute = Invoke-MgGraphRequest -Method GET -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/directory/customSecurityAttributeDefinitions')
             $ServicePrincipalFilterRule -match 'CustomSecurityAttribute.(?<attribute>.*) -.*'
             $attrinrule = $matches.attribute
             if ($customattribute.value.id -contains $attrinrule)
@@ -1817,7 +1817,7 @@ function Set-TargetResource
         {
             Write-Verbose -Message "Updating existing policy with values: $(Convert-M365DscHashtableToString -Hashtable $NewParameters)"
 
-            $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/conditionalAccess/policies/$($currentPolicy.Id)"
+            $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identity/conditionalAccess/policies/$($currentPolicy.Id)"
             Invoke-MgGraphRequest -Method PATCH -Uri $Uri -Body $NewParameters
         }
         catch
@@ -1841,7 +1841,7 @@ function Set-TargetResource
         {
             try
             {
-                $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identity/conditionalAccess/policies'
+                $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/identity/conditionalAccess/policies'
                 Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $NewParameters
             }
             catch
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1
index 70c85ef25f..5a427827ca 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADDeviceRegistrationPolicy/MSFT_AADDeviceRegistrationPolicy.psm1
@@ -428,7 +428,7 @@ function Set-TargetResource
             }
         }
     }
-    $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/policies/deviceRegistrationPolicy'
+    $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/policies/deviceRegistrationPolicy'
     Write-Verbose -Message "Updating Device Registration Policy with payload:`r`n$(ConvertTo-Json $updateParameters -Depth 10)"
     Invoke-MgGraphRequest -Method PUT -Uri $uri -Body $updateParameters
 }
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1
index 3b82984982..d6ec9888e5 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEnrichedAuditLogs/MSFT_AADEnrichedAuditLogs.psm1
@@ -176,7 +176,7 @@ function Set-TargetResource
         }
     }
     $body = ConvertTo-Json $values -Depth 10 -Compress
-    Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/networkAccess/settings/enrichedAuditLogs') -Method PATCH -Body $body
+    Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/networkAccess/settings/enrichedAuditLogs') -Method PATCH -Body $body
 }
 
 function Test-TargetResource
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1
index 2ef5d6db5a..8a3aa932e3 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1
@@ -355,7 +355,7 @@ function Set-TargetResource
         foreach ($incompatibleAccessPackage in $IncompatibleAccessPackages)
         {
             $ref = @{
-                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage"
+                '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage"
             }
 
             New-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef `
@@ -368,7 +368,7 @@ function Set-TargetResource
         foreach ($IncompatibleGroup in $IncompatibleGroups)
         {
             $ref = @{
-                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/groups/$IncompatibleGroup"
+                '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/groups/$IncompatibleGroup"
             }
 
             New-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef `
@@ -485,7 +485,7 @@ function Set-TargetResource
         foreach ($incompatibleAccessPackage in $toBeAdded.InputObject)
         {
             $ref = @{
-                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage"
+                '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identityGovernance/entitlementManagement/accessPackages/$incompatibleAccessPackage"
             }
 
             New-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackageByRef `
@@ -522,7 +522,7 @@ function Set-TargetResource
         {
 
             $ref = @{
-                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/groups/$incompatibleGroup"
+                '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/groups/$incompatibleGroup"
             }
 
             New-MgBetaEntitlementManagementAccessPackageIncompatibleGroupByRef `
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1
index 1e50576601..dbc861052d 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementConnectedOrganization/MSFT_AADEntitlementManagementConnectedOrganization.psm1
@@ -436,7 +436,7 @@ function Set-TargetResource
         }
         Write-Verbose -Message "Create Parameters: $(Convert-M365DscHashtableToString -Hashtable $CreateParameters)"
         $TenantIdValue = $CreateParameters.IdentitySources.TenantId
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/tenantRelationships/microsoft.graph.findTenantInformationByTenantId(tenantId='$TenantIdValue')"
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/tenantRelationships/microsoft.graph.findTenantInformationByTenantId(tenantId='$TenantIdValue')"
         $DomainName = (Invoke-MgGraphRequest -Method 'GET' -Uri $url).defaultDomainName
         $newConnectedOrganization = New-MgBetaEntitlementManagementConnectedOrganization -Description $CreateParameters.Description -DisplayName $CreateParameters.DisplayName -State $CreateParameters.State -DomainName $DomainName
 
@@ -446,7 +446,7 @@ function Set-TargetResource
             $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type'
             $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1
             $directoryObjectRef = @{
-                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
+                '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
             }
 
             New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef `
@@ -459,7 +459,7 @@ function Set-TargetResource
             $directoryObject = Get-MgBetaDirectoryObject -DirectoryObjectId $sponsor
             $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1
             $directoryObjectRef = @{
-                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
+                '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
             }
 
             New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef `
@@ -515,7 +515,7 @@ function Set-TargetResource
             $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type'
             $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1
             $directoryObjectRef = @{
-                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
+                '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
             }
 
             New-MgBetaEntitlementManagementConnectedOrganizationExternalSponsorByRef `
@@ -553,7 +553,7 @@ function Set-TargetResource
             $directoryObjectType = $directoryObject.AdditionalProperties.'@odata.type'
             $directoryObjectType = ($directoryObject.AdditionalProperties.'@odata.type').split('.') | Select-Object -Last 1
             $directoryObjectRef = @{
-                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
+                '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/$($directoryObjectType)s/$($sponsor)"
             }
 
             New-MgBetaEntitlementManagementConnectedOrganizationInternalSponsorByRef `
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1
index 26944c5c3c..68edefd6e3 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFeatureRolloutPolicy/MSFT_AADFeatureRolloutPolicy.psm1
@@ -98,10 +98,7 @@ function Get-TargetResource
             {
                 $getValue = Get-MgBetaPolicyFeatureRolloutPolicy `
                     -Filter "DisplayName eq '$DisplayName'" `
-                    -ErrorAction SilentlyContinue | Where-Object `
-                    -FilterScript {
-                    $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.FeatureRolloutPolicy'
-                }
+                    -ErrorAction SilentlyContinue
             }
         }
         #endregion
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1
index 47bd688e1b..ba7d827343 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADFederationConfiguration/MSFT_AADFederationConfiguration.psm1
@@ -102,7 +102,7 @@ function Get-TargetResource
         }
         else
         {
-            $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation'
+            $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation'
             $instances = Invoke-MgGraphRequest $uri -Method Get
             if (-not [System.String]::IsNullOrEmpty($Id))
             {
@@ -256,7 +256,7 @@ function Set-TargetResource
     # CREATE
     if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
     {
-        $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation'
+        $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation'
         Write-Verbose -Message "Creating federation configuration {$DisplayName}"
         $body = ConvertTo-Json $instanceParams -Depth 10 -Compress
         Invoke-MgGraphRequest -Uri $uri -Method POST -Body $body
@@ -264,7 +264,7 @@ function Set-TargetResource
     # UPDATE
     elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present')
     {
-        $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/$currentInstance.Id'
+        $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/$currentInstance.Id'
         Write-Verbose -Message "Updating federation configuration {$DisplayName}"
         $body = ConvertTo-Json $instanceParams -Depth 10 -Compress
         Invoke-MgGraphRequest -Uri $uri -Method PATCH -Body $body
@@ -272,7 +272,7 @@ function Set-TargetResource
     # REMOVE
     elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
     {
-        $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/$currentInstance.Id'
+        $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/$currentInstance.Id'
         Write-Verbose -Message "Removing federation configuration {$DisplayName}"
         Invoke-MgGraphRequest -Uri $uri -Method DELETE
     }
@@ -431,7 +431,7 @@ function Export-TargetResource
     try
     {
         $Script:ExportMode = $true
-        $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation'
+        $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation'
         [array] $Script:exportedInstances = Invoke-MgGraphRequest $uri -Method Get
 
         $i = 1
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1
index 538b67f9f6..780169150e 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1
@@ -266,7 +266,7 @@ function Get-TargetResource
 
             # Licenses
             $assignedLicensesValues = $null
-            $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/groups/$($Group.Id)/assignedLicenses"
+            $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/groups/$($Group.Id)/assignedLicenses"
             $assignedLicensesRequest = Invoke-MgGraphRequest -Method 'GET' `
                 -Uri $uri
 
@@ -689,7 +689,7 @@ function Set-TargetResource
                 {
                     Write-Verbose -Message "Adding new owner {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}"
                     $ownerObject = @{
-                        '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}"
+                        '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}"
                     }
                     try
                     {
@@ -751,7 +751,7 @@ function Set-TargetResource
                 {
                     Write-Verbose -Message "Adding new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}"
                     $memberObject = @{
-                        '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}"
+                        '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}"
                     }
                     New-MgGroupMemberByRef -GroupId ($currentGroup.Id) -BodyParameter $memberObject | Out-Null
                 }
@@ -759,7 +759,7 @@ function Set-TargetResource
                 {
                     Write-Verbose -Message "Removing new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}"
                     $memberObject = @{
-                        '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}"
+                        '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}"
                     }
                     Remove-MgGroupMemberDirectoryObjectByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($directoryObject.Id) | Out-Null
                 }
@@ -809,7 +809,7 @@ function Set-TargetResource
                     {
                         Write-Verbose -Message "Adding AAD group {$($groupAsMember.DisplayName)} as member of AAD group {$($currentGroup.DisplayName)}"
                         $groupAsMemberObject = @{
-                            '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($groupAsMember.Id)"
+                            '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/$($groupAsMember.Id)"
                         }
                         New-MgBetaGroupMemberByRef -GroupId ($currentGroup.Id) -Body $groupAsMemberObject | Out-Null
                     }
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1
index c0973a0bee..68ef0c9491 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1
@@ -269,7 +269,7 @@ function Set-TargetResource
         foreach ($provider in $IdentityProviders)
         {
             $params = @{
-                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)"
+                '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identityProviders/$($provider)"
             }
 
             Write-Verbose -Message "Adding the Identity Provider with Id {$provider} to the newly created Azure AD Identity B2X User Flow with Id {$($newObj.Id)}"
@@ -318,7 +318,7 @@ function Set-TargetResource
         {
             $getConnector = Get-MgBetaIdentityApiConnector -Filter "DisplayName eq '$($ApiConnectorConfiguration.postFederationSignupConnectorName)'"
             $params = @{
-                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)"
+                '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)"
             }
 
             Write-Verbose -Message "Updating the Post Federation Signup connector for Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}"
@@ -330,7 +330,7 @@ function Set-TargetResource
         {
             $getConnector = Get-MgBetaIdentityApiConnector -Filter "DisplayName eq '$($ApiConnectorConfiguration.postAttributeCollectionConnectorName)'"
             $params = @{
-                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)"
+                '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)"
             }
 
             Write-Verbose -Message "Updating the Post Attribute Collection connector for Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}"
@@ -344,7 +344,7 @@ function Set-TargetResource
         foreach ($provider in $providersToAdd)
         {
             $params = @{
-                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)"
+                '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/identityProviders/$($provider)"
             }
 
             Write-Verbose -Message "Adding the Identity Provider with Id {$provider} to the Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}"
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1
index bdc8f788a7..3758dbb64b 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityProtectionPolicySettings/MSFT_AADIdentityProtectionPolicySettings.psm1
@@ -59,7 +59,7 @@ function Get-TargetResource
     $nullResult = $PSBoundParameters
     try
     {
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identityProtection/policy'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/identityProtection/policy'
         $instance = Invoke-MgGraphRequest -Method Get -Uri $url
 
         if ($null -eq $instance)
@@ -153,7 +153,7 @@ function Set-TargetResource
 
     $updateJSON = ConvertTo-Json $updateParameters
     Write-Verbose -Message "Updating the AAD Identity Protection Policy settings with values: $updateJSON"
-    $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identityProtection/policy'
+    $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/identityProtection/policy'
 
     Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $updateJSON
 }
@@ -283,7 +283,7 @@ function Export-TargetResource
     {
         $Script:ExportMode = $true
 
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/identityProtection/policy'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/identityProtection/policy'
         [array] $Script:exportedInstances = Invoke-MgGraphRequest -Method Get -Uri $url
 
         $i = 1
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1
index 7a1aab4d46..abd58c3f0c 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1
@@ -315,7 +315,7 @@ function Set-TargetResource
         Write-Verbose -Message "Creating New AAD Named Location {$Displayname)} with attributes: $VerboseAttributes"
         $JSONValue = ConvertTo-Json $desiredValues | Out-String
         Write-Verbose -Message "JSON: $JSONValue"
-        $APIUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/identity/conditionalAccess/namedLocations'
+        $APIUrl = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/identity/conditionalAccess/namedLocations'
         Invoke-MgGraphRequest -Method POST `
             -Uri $APIUrl `
             -Body $JSONValue | Out-Null
@@ -330,7 +330,7 @@ function Set-TargetResource
         Write-Verbose -Message "Updating AAD Named Location {$Displayname)} with attributes: $VerboseAttributes"
         $JSONValue = ConvertTo-Json $desiredValues | Out-String
         Write-Verbose -Message "JSON: $JSONValue"
-        $APIUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/identity/conditionalAccess/namedLocations/$($currentAADNamedLocation.Id)"
+        $APIUrl = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/identity/conditionalAccess/namedLocations/$($currentAADNamedLocation.Id)"
         Invoke-MgGraphRequest -Method PATCH `
             -Uri $APIUrl `
             -Body $JSONValue | Out-Null
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1
index 4233abf5fa..60713f2585 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNetworkAccessForwardingPolicy/MSFT_AADNetworkAccessForwardingPolicy.psm1
@@ -221,7 +221,7 @@ function Set-TargetResource
             rules = $rulesParam
         }
 
-        Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/networkAccess/forwardingPolicies/$($currentPolicy.ID)/updatePolicyRules") -Method Post -Body $updateParams
+        Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/networkAccess/forwardingPolicies/$($currentPolicy.ID)/updatePolicyRules") -Method Post -Body $updateParams
     }
     else
     {
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1
index 87c5b715b6..c73a60ed8f 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOnPremisesPublishingProfilesSettings/MSFT_AADOnPremisesPublishingProfilesSettings.psm1
@@ -59,7 +59,7 @@ function Get-TargetResource
     $nullResult = $PSBoundParameters
     try
     {
-        $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/onPremisesPublishingProfiles('applicationProxy')"
+        $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/onPremisesPublishingProfiles('applicationProxy')"
         $instance = Invoke-MgGraphRequest -Uri $uri -Method Get
         if ($null -eq $instance)
         {
@@ -151,7 +151,7 @@ function Set-TargetResource
         isEnabled = $IsEnabled
     }
     $body = ConvertTo-Json $settings
-    $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/onPremisesPublishingProfiles('applicationProxy')"
+    $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/onPremisesPublishingProfiles('applicationProxy')"
     Invoke-MgGraphRequest -Uri $uri -Method PATCH -Body $Body | Out-Null
 }
 
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1
index f0bb93c5de..109cc8b9a6 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADOrganizationCertificateBasedAuthConfiguration/MSFT_AADOrganizationCertificateBasedAuthConfiguration.psm1
@@ -201,7 +201,7 @@ function Set-TargetResource
 
     # Delete the old configuration
     Write-Verbose -Message 'Removing the current Azure AD Organization Certificate Based Auth Configuration.'
-    Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/$CertificateBasedAuthConfigurationId") -Method DELETE
+    Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/$CertificateBasedAuthConfigurationId") -Method DELETE
 
     if ($Ensure -eq 'Present')
     {
@@ -225,7 +225,7 @@ function Set-TargetResource
             certificateAuthorities = $createCertAuthorities
         }
 
-        $policy = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/") -Method POST -Body $params
+        $policy = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/organization/$OrganizationId/certificateBasedAuthConfiguration/") -Method POST -Body $params
     }
 }
 
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1
index d18a49b234..09860c448d 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1
@@ -267,7 +267,7 @@ function Set-TargetResource
             '@context' = '#$delta'
             value      = @(@{})
         }
-        Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params
+        Invoke-MgGraphRequest -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params
 
         #adding forwarding profiles if required
         if ($forwardingProfilesList.Count -gt 0)
@@ -276,7 +276,7 @@ function Set-TargetResource
                 '@context' = '#$delta'
                 value      = $forwardingProfilesList
             }
-            Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params
+            Invoke-MgGraphRequest -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params
         }
     }
     elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1
index dea562de05..0ec87681ed 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADServicePrincipal/MSFT_AADServicePrincipal.psm1
@@ -237,7 +237,7 @@ function Get-TargetResource
             }
 
             [Array]$complexDelegatedPermissionClassifications = @()
-            $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/servicePrincipals/$($AADServicePrincipal.Id)/delegatedPermissionClassifications"
+            $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/servicePrincipals/$($AADServicePrincipal.Id)/delegatedPermissionClassifications"
             $permissionClassifications = Invoke-MgGraphRequest -Uri $Uri -Method Get
             foreach ($permissionClassification in $permissionClassifications.Value)
             {
@@ -553,7 +553,7 @@ function Set-TargetResource
         {
             $userInfo = Get-MgUser -UserId $owner
             $body = @{
-                '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($userInfo.Id)"
+                '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/$($userInfo.Id)"
             }
             Write-Verbose -Message "Adding new owner {$owner}"
             $newOwner = New-MgServicePrincipalOwnerByRef -ServicePrincipalId $newSP.Id -BodyParameter $body
@@ -568,7 +568,7 @@ function Set-TargetResource
                     classification = $permissionClassification.Classification
                     permissionName = $permissionClassification.permissionName
                 }
-                $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/servicePrincipals(appId='$($currentParameters.AppId)')/delegatedPermissionClassifications"
+                $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/servicePrincipals(appId='$($currentParameters.AppId)')/delegatedPermissionClassifications"
                 Invoke-MgGraphRequest -Uri $Uri -Method Post -Body $params
             }
         }
@@ -601,7 +601,7 @@ function Set-TargetResource
             $CSAParams = @{
                 customSecurityAttributes = $currentAADServicePrincipal.CustomSecurityAttributes
             }
-            Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/servicePrincipals(appId='$($currentParameters.AppId)')") -Method Patch -Body $CSAParams
+            Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/servicePrincipals(appId='$($currentParameters.AppId)')") -Method Patch -Body $CSAParams
         }
 
         Update-MgServicePrincipal -ServicePrincipalId $currentAADServicePrincipal.ObjectID @currentParameters
@@ -709,7 +709,7 @@ function Set-TargetResource
             if ($diff.SideIndicator -eq '=>')
             {
                 $body = @{
-                    '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($userInfo.Id)"
+                    '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/directoryObjects/$($userInfo.Id)"
                 }
                 Write-Verbose -Message "Adding owner {$($userInfo.Id)}"
                 New-MgServicePrincipalOwnerByRef -ServicePrincipalId $currentAADServicePrincipal.ObjectId `
@@ -728,7 +728,7 @@ function Set-TargetResource
         if ($null -ne $DelegatedPermissionClassifications)
         {
             # removing old perm classifications
-            $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/servicePrincipals(appId='$($currentParameters.AppId)')/delegatedPermissionClassifications"
+            $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "v1.0/servicePrincipals(appId='$($currentParameters.AppId)')/delegatedPermissionClassifications"
             $permissionClassificationList = Invoke-MgGraphRequest -Uri $Uri -Method Get
             foreach ($permissionClassification in $permissionClassificationList.Value)
             {
@@ -1250,7 +1250,7 @@ function Get-CustomSecurityAttributes
         [String]$ServicePrincipalId
     )
 
-    $customSecurityAttributes = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/servicePrincipals/$($ServicePrincipalId)`?`$select=customSecurityAttributes") -Method Get
+    $customSecurityAttributes = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/servicePrincipals/$($ServicePrincipalId)`?`$select=customSecurityAttributes") -Method Get
     $customSecurityAttributes = $customSecurityAttributes.customSecurityAttributes
     $newCustomSecurityAttributes = @()
 
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1
index 841db686a5..8da0f80edd 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthority/MSFT_AADVerifiedIdAuthority.psm1
@@ -568,7 +568,7 @@ function Invoke-M365DSCVerifiedIdWebRequest
     )
 
     $headers = @{
-        Authorization  = $Global:MSCloudLoginConnectionProfile.AdminAPI.AccessToken
+        Authorization  = (Get-MSCloudLoginConnectionProfile -Workload AdminAPI).AccessToken
         'Content-Type' = 'application/json'
     }
 
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1
index 798db5e0fb..0ff063c803 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADVerifiedIdAuthorityContract/MSFT_AADVerifiedIdAuthorityContract.psm1
@@ -915,7 +915,7 @@ function Invoke-M365DSCVerifiedIdWebRequest
     )
 
     $headers = @{
-        Authorization  = $Global:MSCloudLoginConnectionProfile.AdminAPI.AccessToken
+        Authorization  = (Get-MSCloudLoginConnectionProfile -Workload AdminAPI).AccessToken
         'Content-Type' = 'application/json'
     }
 
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1
index 2198e9fce0..467f46d674 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AzureVerifiedIdFaceCheck/MSFT_AzureVerifiedIdFaceCheck.psm1
@@ -342,7 +342,7 @@ function Export-TargetResource
     try
     {
         $headers = @{
-            Authorization = $Global:MSCloudLoginConnectionProfile.AdminAPI.AccessToken
+            Authorization = (Get-MSCloudLoginConnectionProfile -Workload AdminAPI).AccessToken
         }
         $uri = 'https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/authorities'
         $response = Invoke-WebRequest -Uri $uri -Method Get -Headers $headers
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/settings.json
index ea3b134fe1..e2cda87a9c 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/settings.json
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_DefenderDeviceAuthenticatedScanDefinition/settings.json
@@ -15,6 +15,20 @@
                 "read": [],
                 "update": []
             }
+        },
+        "WindowsDefenderATP":{
+            "delegated": {
+                "read": [],
+                "update": []
+            },
+            "application": {
+                "read": [
+                    "Machine.Read.All"
+                ],
+                "update": [
+                    "Machine.ReadWrite.All"
+                ]
+            }
         }
     }
 }
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1
index fd2489cdf2..8563e58c42 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1
@@ -382,12 +382,12 @@ function Set-TargetResource
     } while (-not $testResults -and $retries -gt 0)
 
     # Need to force reconnect to Exchange for the new permissions to kick in.
-    if ($null -ne $Global:MSCloudLoginConnectionProfile.ExchangeOnline)
+    if ($null -ne (Get-MSCloudLoginConnectionProfile -Workload ExchangeOnline))
     {
         Write-Verbose -Message 'Waiting for 20 seconds for new permissions to be effective.'
         Start-Sleep 20
         Write-Verbose -Message 'Disconnecting from Exchange Online'
-        $Global:MSCloudLoginConnectionProfile.ExchangeOnline.Disconnect()
+        Reset-MSCloudLoginConnectionProfileContext
     }
 }
 
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1
index c8230fed2e..c5594b62f9 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1
@@ -574,7 +574,7 @@ function Get-TargetResource
         }
         else
         {
-            $uri = $global:MsCloudLoginConnectionProfile.Fabric.HostUrl + '/v1/admin/tenantsettings'
+            $uri = (Get-MSCloudLoginConnectionProfile -Workload Fabric).HostUrl + '/v1/admin/tenantsettings'
             $instance = Invoke-M365DSCFabricWebRequest -Uri $uri -Method 'GET'
         }
         if ($null -eq $instance)
@@ -1941,7 +1941,7 @@ function Export-TargetResource
     try
     {
         $Script:ExportMode = $true
-        $uri = $global:MsCloudLoginConnectionProfile.Fabric.HostUrl + '/v1/admin/tenantsettings'
+        $uri = (Get-MSCloudLoginConnectionProfile -Workload Fabric).HostUrl + '/v1/admin/tenantsettings'
         [array] $Script:exportedInstances = Invoke-M365DSCFabricWebRequest -Uri $uri -Method 'GET'
 
         if ($null -ne $Global:M365DSCExportResourceInstancesCount)
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1
index 7c11b42a97..c6f59d5c4d 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneASRRulesPolicyWindows10/MSFT_IntuneASRRulesPolicyWindows10.psm1
@@ -551,7 +551,7 @@ function Set-TargetResource
         #Update-MgBetaDeviceManagementIntent does not support updating the property settings
         #Update-MgBetaDeviceManagementIntentSetting only support updating a single setting at a time
         #Using Rest to reduce the number of calls
-        $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/intents/$($currentPolicy.Identity)/updateSettings"
+        $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/intents/$($currentPolicy.Identity)/updateSettings"
         $body = @{'settings' = $settings }
         Invoke-MgGraphRequest -Method POST -Uri $Uri -Body ($body | ConvertTo-Json -Depth 20) -ContentType 'application/json' 4> $null
 
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1
index c6bb81224f..ba9f0795c9 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1
@@ -452,7 +452,7 @@ function Set-TargetResource
         #Update-MgBetaDeviceManagementIntentSetting only support updating a single setting at a time
         #Using Rest to reduce the number of calls
 
-        $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/intents/$($currentPolicy.Identity)/updateSettings"
+        $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/intents/$($currentPolicy.Identity)/updateSettings"
         $body = @{'settings' = $settings }
         Invoke-MgGraphRequest -Method POST -Uri $Uri -Body ($body | ConvertTo-Json -Depth 20) -ContentType 'application/json' 4> $null
 
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1
index d0fbc61d7e..72b5ef5b63 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1
@@ -1336,7 +1336,7 @@ function Get-IntuneAppProtectionPolicyiOSAssignment
 
     try
     {
-        $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assignments"
+        $Url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assignments"
         $response = Invoke-MgGraphRequest -Method Get `
             -Uri $Url
         return $response.value
@@ -1367,7 +1367,7 @@ function Update-IntuneAppProtectionPolicyiOSAssignment
     )
     try
     {
-        $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assign"
+        $Url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/assign"
         $body = ($Assignments | ConvertTo-Json -Depth 20 -Compress)
         Write-Verbose -Message "Group Assignment for iOS App Protection policy with JSON payload {$Url}: `r`n$body"
         Invoke-MgGraphRequest -Method POST `
@@ -1401,7 +1401,7 @@ function Update-IntuneAppProtectionPolicyiOSApp
 
     try
     {
-        $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/targetApps"
+        $Url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceAppManagement/iosManagedAppProtections('$IosManagedAppProtectionId')/targetApps"
         # Write-Verbose -Message "Group Assignment for iOS App Protection policy with JSON payload: `r`n$JSONContent"
         Invoke-MgGraphRequest -Method POST `
             -Uri $Url `
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1
index c5b4c9199c..b05929a5a0 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppleMDMPushNotificationCertificate/MSFT_IntuneAppleMDMPushNotificationCertificate.psm1
@@ -225,7 +225,7 @@ function Set-TargetResource
         $consentInstance = Get-MgBetaDeviceManagementDataSharingConsent -DataSharingConsentId 'appleMDMPushCertificate'
         If ($consentInstance.Granted -eq $False)
         {
-            Invoke-MgGraphRequest -Method POST -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/dataSharingConsents/appleMDMPushCertificate/consentToDataSharing') -Headers @{ 'Content-Type' = 'application/json' }
+            Invoke-MgGraphRequest -Method POST -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/dataSharingConsents/appleMDMPushCertificate/consentToDataSharing') -Headers @{ 'Content-Type' = 'application/json' }
         }
         else
         {
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1
index 8f3ac88c57..c9c5895ece 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCleanupRule/MSFT_IntuneDeviceCleanupRule.psm1
@@ -78,7 +78,7 @@ function Get-TargetResource
 
     try
     {
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings'
         $cleanupRule = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop
 
         $return = @{
@@ -188,7 +188,7 @@ function Set-TargetResource
     Add-M365DSCTelemetryEvent -Data $data
     #endregion
 
-    $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings'
+    $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings'
     $body = @{
         DeviceInactivityBeforeRetirementInDays = "$(if ($Enabled) { $DeviceInactivityBeforeRetirementInDays } else { 0 })"
     }
@@ -340,7 +340,7 @@ function Export-TargetResource
 
     try
     {
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/managedDeviceCleanupSettings'
         [array]$cleanupRules = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop
         $i = 1
         $dscContent = ''
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1
index 0d5fa40465..3d9afb7b6d 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1
@@ -424,7 +424,7 @@ function Set-TargetResource
                 {
                     $value = $presentationValue.clone()
                     $value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename
-                    $value.add('presentation@odata.bind', $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
+                    $value.add('presentation@odata.bind', (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
                     $value.remove('PresentationDefinitionId')
                     $value.remove('PresentationDefinitionLabel')
                     $value.remove('id')
@@ -432,7 +432,7 @@ function Set-TargetResource
                 }
             }
             $complexDefinitionValue = @{
-                'definition@odata.bind' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
+                'definition@odata.bind' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
                 enabled                 = $definitionValue.Enabled
                 presentationValues      = $complexPresentationValues
             }
@@ -520,7 +520,7 @@ function Set-TargetResource
                 {
                     $value = $presentationValue.clone()
                     $value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename
-                    $value.add('presentation@odata.bind', "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
+                    $value.add('presentation@odata.bind', "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
                     $value.remove('PresentationDefinitionId')
                     $value.remove('PresentationDefinitionLabel')
                     $value.remove('id')
@@ -528,7 +528,7 @@ function Set-TargetResource
                 }
             }
             $complexDefinitionValue = @{
-                'definition@odata.bind' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
+                'definition@odata.bind' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
                 enabled                 = $definitionValue.Enabled
                 presentationValues      = $complexPresentationValues
             }
@@ -554,7 +554,7 @@ function Set-TargetResource
                     $currentPresentationValue = $currentDefinitionValue.PresentationValues | Where-Object { $_.PresentationDefinitionId -eq $presentationValue.presentationDefinitionId }
                     $value = $presentationValue.clone()
                     $value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename
-                    $value.add('presentation@odata.bind', "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
+                    $value.add('presentation@odata.bind', "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
                     $value.remove('PresentationDefinitionId')
                     $value.remove('PresentationDefinitionLabel')
                     $value.remove('id')
@@ -564,7 +564,7 @@ function Set-TargetResource
             }
             $complexDefinitionValue = @{
                 id                      = $currentDefinitionValue.Id
-                'definition@odata.bind' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
+                'definition@odata.bind' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
                 enabled                 = $definitionValue.Enabled
                 presentationValues      = $complexPresentationValues
             }
@@ -993,7 +993,7 @@ function Update-DeviceConfigurationGroupPolicyDefinitionValue
     )
     try
     {
-        $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyConfigurations/$DeviceConfigurationPolicyId/updateDefinitionValues"
+        $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/groupPolicyConfigurations/$DeviceConfigurationPolicyId/updateDefinitionValues"
 
         $body = @{}
         $DefinitionValueToRemoveIds = @()
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1
index e68a3d86bf..0b4497b084 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1
@@ -522,7 +522,7 @@ function Set-TargetResource
         }
 
         #region resource generator code
-        $CreateParameters.Add('rootCertificate@odata.bind', "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$RootCertificateId')")
+        $CreateParameters.Add('rootCertificate@odata.bind', "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$RootCertificateId')")
         $CreateParameters.Add('@odata.type', '#microsoft.graph.windows81SCEPCertificateProfile')
         $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters
         $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments
@@ -1012,7 +1012,7 @@ function Get-DeviceConfigurationPolicyRootCertificate
         [System.String]
         $DeviceConfigurationPolicyId
     )
-    $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate"
+    $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate"
     $result = Invoke-MgGraphRequest -Method Get -Uri $Uri -ErrorAction Stop
 
     return $result
@@ -1032,9 +1032,9 @@ function Update-DeviceConfigurationPolicyRootCertificateId
         $RootCertificateId
     )
 
-    $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate/`$ref"
+    $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate/`$ref"
     $ref = @{
-        '@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$RootCertificateId')"
+        '@odata.id' = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$RootCertificateId')"
     }
 
     Invoke-MgGraphRequest -Method PUT -Uri $Uri -Body ($ref | ConvertTo-Json) -ErrorAction Stop
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1
index 28a61c850c..e8f2cf23e1 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1
@@ -564,7 +564,7 @@ function Set-TargetResource
                     -CertificateId $RootCertificatesForServerValidationIds[$i] `
                     -CertificateDisplayName $RootCertificatesForServerValidationDisplayNames[$i] `
                     -OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate')
-                $rootCertificatesForServerValidation += "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
+                $rootCertificatesForServerValidation += "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
             }
             $CreateParameters.Add('rootCertificatesForServerValidation@odata.bind', $rootCertificatesForServerValidation)
         }
@@ -579,7 +579,7 @@ function Set-TargetResource
                     '#microsoft.graph.windows81TrustedRootCertificate', `
                     '#microsoft.graph.windows10PkcsCertificateProfile' `
             )
-            $ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
+            $ref = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
             $CreateParameters.Add('identityCertificateForClientAuthentication@odata.bind', $ref)
         }
 
@@ -593,7 +593,7 @@ function Set-TargetResource
                     '#microsoft.graph.windows81TrustedRootCertificate', `
                     '#microsoft.graph.windows10PkcsCertificateProfile' `
             )
-            $ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
+            $ref = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
             $CreateParameters.Add('secondaryIdentityCertificateForClientAuthentication@odata.bind', $ref)
         }
 
@@ -603,7 +603,7 @@ function Set-TargetResource
                 -CertificateId $RootCertificateForClientValidationId `
                 -CertificateDisplayName $RootCertificateForClientValidationDisplayName `
                 -OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate')
-            $ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
+            $ref = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
             $CreateParameters.Add('rootCertificateForClientValidation@odata.bind', $ref)
         }
 
@@ -613,7 +613,7 @@ function Set-TargetResource
                 -CertificateId $SecondaryRootCertificateForClientValidationId `
                 -CertificateDisplayName $SecondaryRootCertificateForClientValidationDisplayName `
                 -OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate')
-            $ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
+            $ref = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
             $CreateParameters.Add('secondaryRootCertificateForClientValidation@odata.bind', $ref)
         }
 
@@ -1189,7 +1189,7 @@ function Get-DeviceConfigurationPolicyCertificate
         [System.String]
         $CertificateName
     )
-    $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName"
+    $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName"
     try
     {
         $result = Invoke-MgGraphRequest -Method Get -Uri $Uri 4>$null
@@ -1228,7 +1228,7 @@ function Update-DeviceConfigurationPolicyCertificateId
         [System.String]
         $CertificateName
     )
-    $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName/`$ref"
+    $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName/`$ref"
 
     if ($CertificateName -eq 'rootCertificatesForServerValidation')
     {
@@ -1242,7 +1242,7 @@ function Update-DeviceConfigurationPolicyCertificateId
     foreach ($certificateId in $CertificateIds)
     {
         $ref = @{
-            '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$certificateId')"
+            '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/deviceConfigurations('$certificateId')"
         }
 
         Invoke-MgGraphRequest -Method $method -Uri $Uri -Body ($ref | ConvertTo-Json) -ErrorAction Stop 4>$null
@@ -1270,7 +1270,7 @@ function Remove-DeviceConfigurationPolicyCertificateId
 
     foreach ($certificateId in $CertificateIds)
     {
-        $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName/$certificateId/`$ref"
+        $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName/$certificateId/`$ref"
         Invoke-MgGraphRequest -Method DELETE -Uri $Uri -Body ($ref | ConvertTo-Json) -ErrorAction Stop 4>$null
     }
 }
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1
index f5a9a6e758..445e2d2428 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentStatusPageWindows10/MSFT_IntuneDeviceEnrollmentStatusPageWindows10.psm1
@@ -411,7 +411,7 @@ function Set-TargetResource
             $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments
         }
         $body = @{'enrollmentConfigurationAssignments' = $intuneAssignments } | ConvertTo-Json -Depth 100
-        $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$($policy.Id)/assign"
+        $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$($policy.Id)/assign"
         Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop
 
         Update-DeviceEnrollmentConfigurationPriority `
@@ -449,7 +449,7 @@ function Set-TargetResource
                 $intuneAssignments += ConvertTo-IntunePolicyAssignment -Assignments $Assignments
             }
             $body = @{'enrollmentConfigurationAssignments' = $intuneAssignments } | ConvertTo-Json -Depth 100
-            $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$($currentInstance.Id)/assign"
+            $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$($currentInstance.Id)/assign"
             Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop
 
             if ($PSBoundParameters.ContainsKey('Priority') -and $Priority -ne $currentInstance.Priority)
@@ -827,7 +827,7 @@ function Update-DeviceEnrollmentConfigurationPriority
     )
     try
     {
-        $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$DeviceEnrollmentConfigurationId/setpriority"
+        $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/deviceEnrollmentConfigurations/$DeviceEnrollmentConfigurationId/setpriority"
         $body = @{'priority' = $Priority } | ConvertTo-Json -Depth 100
         #write-verbose -Message $body
         Invoke-MgGraphRequest `
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1
similarity index 81%
rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1
rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1
index 1595ccce2b..d2805adee7 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.psm1
@@ -50,7 +50,7 @@ function Get-TargetResource
         $QrCodeContent,
 
         [Parameter()]
-        [System.String]
+        [Microsoft.Management.Infrastructure.CimInstance]
         $QrCodeImage,
 
         [Parameter()]
@@ -149,6 +149,14 @@ function Get-TargetResource
                 -All `
                 -Filter "displayName eq '$DisplayName'" `
                 -ErrorAction SilentlyContinue
+
+            # Need to do another call by id to get QrCode info. Can't just expand the property.
+            if ($null -ne $androidDeviceOwnerEnrollmentProfile)
+            {
+                Write-Verbose -Message 'Found by DisplayName, now retrieving additional details by id.'
+                $androidDeviceOwnerEnrollmentProfile = Get-MgBetaDeviceManagementAndroidDeviceOwnerEnrollmentProfile `
+                    -AndroidDeviceOwnerEnrollmentProfileId $androidDeviceOwnerEnrollmentProfile.Id
+            }
         }
 
         if ($null -eq $androidDeviceOwnerEnrollmentProfile)
@@ -157,6 +165,15 @@ function Get-TargetResource
             return $nullResult
         }
 
+        $QrCodeImageValue = $null
+        if ($null -ne $androidDeviceOwnerEnrollmentProfile.QrCodeImage.Type)
+        {
+            $QrCodeImageValue = @{
+                type  = $androidDeviceOwnerEnrollmentProfile.QrCodeImage.Type
+                value = [Array] ($androidDeviceOwnerEnrollmentProfile.QrCodeImage.Value -join ',')
+            }
+        }
+
         $results = @{
             Id                        = $androidDeviceOwnerEnrollmentProfile.Id
             DisplayName               = $androidDeviceOwnerEnrollmentProfile.DisplayName
@@ -169,7 +186,7 @@ function Get-TargetResource
             EnrollmentTokenUsageCount = $androidDeviceOwnerEnrollmentProfile.EnrollmentTokenUsageCount
             IsTeamsDeviceProfile      = $androidDeviceOwnerEnrollmentProfile.IsTeamsDeviceProfile
             QrCodeContent             = $androidDeviceOwnerEnrollmentProfile.QrCodeContent
-            QrCodeImage               = $androidDeviceOwnerEnrollmentProfile.QrCodeImage
+            QrCodeImage               = $QrCodeImageValue
             RoleScopeTagIds           = $androidDeviceOwnerEnrollmentProfile.RoleScopeTagIds
             TokenCreationDateTime     = $androidDeviceOwnerEnrollmentProfile.TokenCreationDateTime.ToString()
             TokenExpirationDateTime   = $androidDeviceOwnerEnrollmentProfile.TokenExpirationDateTime.ToString()
@@ -253,7 +270,7 @@ function Set-TargetResource
         $QrCodeContent,
 
         [Parameter()]
-        [System.String]
+        [Microsoft.Management.Infrastructure.CimInstance]
         $QrCodeImage,
 
         [Parameter()]
@@ -334,6 +351,21 @@ function Set-TargetResource
     $currentInstance = Get-TargetResource @PSBoundParameters
     $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters
 
+    if ($null -ne $QrCodeImage)
+    {
+        $QrCodeImageValue = @{
+            type = $QrCodeImage.type
+            value = [System.Byte[]] @()
+        }
+
+        foreach ($byteValue in $QrCodeImage.value)
+        {
+            $convertedValue = [System.Byte]([BitConverter]::GetBytes($byteValue))[0]
+            $QrCodeImageValue.value += $convertedValue
+        }
+        $setParameters.QrCodeImage = $QrCodeImageValue
+        $setParameters.QrCodeImage.value = [System.Byte[]]($setParameters.QrCodeImage.value)
+    }
     # CREATE
     if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
     {
@@ -411,7 +443,7 @@ function Test-TargetResource
         $QrCodeContent,
 
         [Parameter()]
-        [System.String]
+        [Microsoft.Management.Infrastructure.CimInstance]
         $QrCodeImage,
 
         [Parameter()]
@@ -491,19 +523,50 @@ function Test-TargetResource
 
     Write-Verbose -Message "Testing configuration of AndroidDeviceOwnerEnrollmentProfile: {$DisplayName}"
 
-    $ValuesToCheck = $PSBoundParameters
-    $ValuesToCheck.Remove('WifiPassword') | Out-Null
     $CurrentValues = Get-TargetResource @PSBoundParameters
-    Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
-    Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)"
+    $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone()
+    $ValuesToCheck.Remove('WifiPassword') | Out-Null
+    $ValuesToCheck.Remove("QrCodeImage") | Out-Null
+    $ValuesToCheck.Remove("QrCodeContent") | Out-Null
+    $ValuesToCheck.Remove("TokenValue") | Out-Null
+    $ValuesToCheck.Remove("TokenCreationDateTime") | Out-Null
+    $ValuesToCheck.Remove("TokenExpirationDateTime") | Out-Null
+
+    #Compare Cim instances
+    Write-Verbose -Message "Evaluating CIM Instances"
+    $TestResult = $true
+    $RemainingValuesToCheck = $ValuesToCheck
+    foreach ($key in $ValuesToCheck.Keys)
+    {
+        $source = $ValuesToCheck.$key
+        $target = $CurrentValues.$key
+        if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*')
+        {
+            $TestResult = Compare-M365DSCComplexObject `
+                -Source ($source) `
+                -Target ($target)
+
+            if (-not $testResult)
+            {
+                Write-Verbose -Message "Found drift in property {$key}"
+                break
+            }
 
-    $TestResult = Test-M365DSCParameterState `
-        -CurrentValues $CurrentValues `
-        -Source $($MyInvocation.MyCommand.Source) `
-        -DesiredValues $PSBoundParameters `
-        -ValuesToCheck $ValuesToCheck.Keys
+            $RemainingValuesToCheck.Remove($key) | Out-Null
+        }
+    }
+    Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
+    Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $RemainingValuesToCheck)"
+    if ($TestResult)
+    {
+        $TestResult = Test-M365DSCParameterState `
+            -CurrentValues $CurrentValues `
+            -Source $($MyInvocation.MyCommand.Source) `
+            -DesiredValues $PSBoundParameters `
+            -ValuesToCheck $RemainingValuesToCheck.Keys
 
-    Write-Verbose -Message "Test-TargetResource returned $TestResult"
+        Write-Verbose -Message "Test-TargetResource returned $TestResult"
+    }
 
     return $TestResult
 }
@@ -598,12 +661,33 @@ function Export-TargetResource
             $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
                 -Results $Results
 
+            if ($Results.QrCodeImage)
+            {
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.QrCodeImage `
+                                                                             -CIMInstanceName 'IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage'
+                if ($complexTypeStringResult)
+                {
+                    $Results.QrCodeImage = $complexTypeStringResult
+                    $Results.QrCodeImage = $Results.QrCodeImage.ReplacE("@('", "@(").Replace("')", "`)")
+                }
+                else
+                {
+                    $Results.Remove('QrCodeImage') | Out-Null
+                }
+            }
 
             $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName `
                 -ConnectionMode $ConnectionMode `
                 -ModulePath $PSScriptRoot `
                 -Results $Results `
                 -Credential $Credential
+
+            if ($Results.QrCodeImage)
+            {
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'QrCodeImage' -IsCIMArray:$false
+
+            }
+
             $dscContent += $currentDSCBlock
             Save-M365DSCPartialExport -Content $currentDSCBlock `
                 -FileName $Global:PartialExportFileName
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.schema.mof
similarity index 90%
rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof
rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.schema.mof
index 22fe3fc6f1..0fa6acdc22 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.schema.mof
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.schema.mof
@@ -1,12 +1,12 @@
 [ClassVersion("1.0.0.0")]
-class MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfileQRImage
+class MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage
 {
     [Write, Description("Indicates the content mime type.")] String type;
-    [Write, Description("The byte array that contains the actual content.")] String value;
+    [Write, Description("The byte array that contains the actual content.")] UInt32 value[];
 };
 
-[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile")]
-class MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile : OMI_BaseResource
+[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile")]
+class MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile : OMI_BaseResource
 {
     [Key, Description("Display name for the enrollment profile.")] String DisplayName;
     [Write, Description("Unique GUID for the enrollment profile. Read-Only.")] String Id;
@@ -21,7 +21,7 @@ class MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile : OMI_BaseRe
     [Write, Description("Total number of Android devices that have enrolled using this enrollment profile.")] UInt32 EnrolledDeviceCount;
     [Write, Description("Total number of AOSP devices that have enrolled using the current token. Valid values 0 to 20000")] UInt32 EnrollmentTokenUsageCount;
     [Write, Description("String used to generate a QR code for the token.")] String QrCodeContent;
-    [Write, Description("String used to generate a QR code for the token.")] String QrCodeImage;
+    [Write, Description("String used to generate a QR code for the token."), EmbeddedInstance("MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage")] String QrCodeImage;
     [Write, Description("List of Scope Tags for this Entity instance.")] String RoleScopeTagIds[];
     [Write, Description("Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default.")] Boolean ConfigureWifi;
     [Write, Description("String that contains the wi-fi login ssid")] String WifiSsid;
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/readme.md
similarity index 64%
rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/readme.md
rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/readme.md
index 14e5fe1b0d..8b23554c8a 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/readme.md
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/readme.md
@@ -1,4 +1,4 @@
-# IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile
+# IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile
 
 ## Description
 
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/settings.json
similarity index 91%
rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/settings.json
rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/settings.json
index 8507274e9b..243c0277e1 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/settings.json
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/settings.json
@@ -1,5 +1,5 @@
 {
-    "resourceName": "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile",
+    "resourceName": "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile",
     "description": "Enrollment Profile used to enroll Android Enterprise devices using Google's Cloud Management.",
     "permissions": {
         "graph": {
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1
index 4768ea03b2..56b2d35928 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementComplianceSettings/MSFT_IntuneDeviceManagementComplianceSettings.psm1
@@ -65,7 +65,7 @@ function Get-TargetResource
     $nullResult = $PSBoundParameters
     try
     {
-        $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/settings'
+        $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/settings'
         $settings = Invoke-MgGraphRequest -Method 'GET' -Uri $uri
         $results = @{
             IsSingleInstance                     = 'Yes'
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1
index d5274b53e4..3bc1e3949f 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay/MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay.psm1
@@ -226,7 +226,7 @@ function Set-TargetResource
         if ($dataSharingConsent.granted -eq $false)
         {
             Write-Verbose -Message 'Consent not granted, requesting consent...'
-            $consentResult = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/dataSharingConsents/androidManagedStore/consentToDataSharing') -Method 'POST' -Body @{
+            $consentResult = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/dataSharingConsents/androidManagedStore/consentToDataSharing') -Method 'POST' -Body @{
                 DataSharingConsentId = 'androidManagedStore'
             } -ContentType 'application/json'
         }
@@ -239,7 +239,7 @@ function Set-TargetResource
         #         hostName = "intune.microsoft.com"
         #     }
 
-        #     $signupUrl = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/requestSignupUrl") -Method 'POST' -Body @{
+        #     $signupUrl = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/requestSignupUrl") -Method 'POST' -Body @{
         #         hostName = "intune.microsoft.com"
         #     } -ContentType "application/json"
 
@@ -249,7 +249,7 @@ function Set-TargetResource
     elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
     {
         Write-Host "Remove the Intune Device Management Android Google Play Enrollment with Id {$($currentInstance.Id)}"
-        $unbindResult = Invoke-MgGraphRequest -Uri ($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/unbind') -Method 'POST' -Body @{} -ContentType 'application/json'
+        $unbindResult = Invoke-MgGraphRequest -Uri ((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings/unbind') -Method 'POST' -Body @{} -ContentType 'application/json'
     }
 }
 
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1
index 282ecce2df..09fd5184be 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDiskEncryptionMacOS/MSFT_IntuneDiskEncryptionMacOS.psm1
@@ -378,7 +378,7 @@ function Set-TargetResource
         Update-MgBetaDeviceManagementIntent -DeviceManagementIntentId $currentInstance.Id -BodyParameter $UpdateParameters
 
         #region resource generator code
-        $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/intents/$($currentInstance.Id)/updateSettings"
+        $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/intents/$($currentInstance.Id)/updateSettings"
         $body = @{'settings' = $settings }
         Invoke-MgGraphRequest -Method POST -Uri $Uri -Body ($body | ConvertTo-Json -Depth 20) -ContentType 'application/json' 4> $null
 
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1
index 143dd5854a..b8bf713da7 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneFirewallPolicyWindows10/MSFT_IntuneFirewallPolicyWindows10.psm1
@@ -492,12 +492,19 @@ function Get-TargetResource
 
         # Retrieve policy specific settings
         [array]$settings = Get-MgBetaDeviceManagementConfigurationPolicySetting `
+            -All `
             -DeviceManagementConfigurationPolicyId $Id `
             -ExpandProperty 'settingDefinitions' `
             -ErrorAction Stop
+        $policyTemplateId = $getValue.TemplateReference.TemplateId
+        [array]$settingDefinitions = Get-MgBetaDeviceManagementConfigurationPolicyTemplateSettingTemplate `
+            -DeviceManagementConfigurationPolicyTemplateId $policyTemplateId `
+            -ExpandProperty 'settingDefinitions' `
+            -All `
+            -ErrorAction Stop | Select-Object -ExpandProperty SettingDefinitions
 
         $policySettings = @{}
-        $policySettings = Export-IntuneSettingCatalogPolicySettings -Settings $settings -ReturnHashtable $policySettings
+        $policySettings = Export-IntuneSettingCatalogPolicySettings -Settings $settings -ReturnHashtable $policySettings -AllSettingDefinitions $settingDefinitions
 
         $results = @{
             #region resource generator code
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1
index 17eef55b35..615b33c648 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1
@@ -451,8 +451,8 @@ function Set-TargetResource
                 throw "Mobile App Category with DisplayName $($category.DisplayName) not found."
             }
 
-            Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{
-                '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
+            Invoke-MgGraphRequest -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{
+                '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
             }
         }
 
@@ -522,7 +522,7 @@ function Set-TargetResource
                 }
 
                 Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($currentInstance.Id)/categories/`$ref" -Method 'POST' -Body @{
-                    '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
+                    '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
                 }
             }
             else
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1
index ae5cde27a3..1368a66c89 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1
@@ -490,7 +490,7 @@ function Set-TargetResource
             }
 
             Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{
-                '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
+                '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
             }
         }
 
@@ -561,7 +561,7 @@ function Set-TargetResource
                 }
 
                 Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($currentInstance.Id)/categories/`$ref" -Method 'POST' -Body @{
-                    '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
+                    '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
                 }
             }
             else
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1
index 465fc6b8bc..f44b492b8a 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntunePolicySets/MSFT_IntunePolicySets.psm1
@@ -347,7 +347,7 @@ function Set-TargetResource
 
         Update-MgBetaDeviceAppManagementPolicySet @UpdateParameters
 
-        $Url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceAppManagement/policySets/$($currentInstance.Id)/update"
+        $Url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceAppManagement/policySets/$($currentInstance.Id)/update"
         if ($null -ne ($itemamendments = Get-ItemsAmendmentsObject -currentObjectItems $currentInstance.Items -targetObjectItems $items))
         {
             Invoke-MgGraphRequest -Method POST -Uri $url -Body $itemamendments
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1
index 257f402310..e70d0bdb77 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1
@@ -361,7 +361,7 @@ function Set-TargetResource
             scopeType                   = $ScopeType
             members                     = $Members
             '@odata.type'               = '#microsoft.graph.deviceAndAppManagementRoleAssignment'
-            'roleDefinition@odata.bind' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')"
+            'roleDefinition@odata.bind' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')"
         }
         $null = New-MgBetaDeviceManagementRoleAssignment -BodyParameter $CreateParameters
     }
@@ -376,7 +376,7 @@ function Set-TargetResource
             scopeType                   = $ScopeType
             members                     = $Members
             '@odata.type'               = '#microsoft.graph.deviceAndAppManagementRoleAssignment'
-            'roleDefinition@odata.bind' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')"
+            'roleDefinition@odata.bind' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')"
         }
 
         Update-MgBetaDeviceManagementRoleAssignment -BodyParameter $UpdateParameters `
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1
index a70eabcd0b..23203de188 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogCustomPolicyWindows10/MSFT_IntuneSettingCatalogCustomPolicyWindows10.psm1
@@ -930,7 +930,7 @@ function Update-IntuneDeviceConfigurationPolicy
     )
     try
     {
-        $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/configurationPolicies/$DeviceManagementConfigurationPolicyId"
+        $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/configurationPolicies/$DeviceManagementConfigurationPolicyId"
 
         $policy = @{
             'name'              = $Name
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1
new file mode 100644
index 0000000000..7cce954857
--- /dev/null
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.psm1
@@ -0,0 +1,1075 @@
+function Get-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.Collections.Hashtable])]
+    param
+    (
+        #region resource generator code
+        [Parameter()]
+        [System.String]
+        $Id,
+
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $DisplayName,
+
+        [Parameter()]
+        [System.String]
+        $Description,
+   
+        [Parameter()]
+        [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')]
+        [System.String]
+        $authenticationMethod,     
+        
+        [Parameter()]
+        [System.String]
+        $connectionName,   
+
+        [Parameter()]
+        [System.String]
+        $role,
+
+        [Parameter()]
+        [System.String]
+        $realm,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $servers,
+
+        [Parameter()]
+        [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')]
+        [System.String]
+        $connectionType,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $proxyServer,
+
+        [Parameter()]
+        [System.string[]]
+        $targetedPackageIds, 
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $targetedMobileApps,
+
+        [Parameter()]
+        [System.Boolean]
+        $alwaysOn,
+
+        [Parameter()]
+        [System.Boolean]
+        $alwaysOnLockdown,
+
+        [Parameter()]
+        [System.string]
+        $microsoftTunnelSiteId,
+
+        [Parameter()]
+        [System.string[]]
+        $proxyExclusionList, 
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $customData,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $customKeyValueData,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $Assignments,
+        #endregion
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('Absent', 'Present')]
+        $Ensure = 'Present',
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $Credential,
+
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $ApplicationSecret,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint,
+
+        [Parameter()]
+        [Switch]
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
+    )
+
+    try
+    {
+        $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
+            -InboundParameters $PSBoundParameters
+    }
+    catch
+    {
+        Write-Verbose -Message 'Connection to the workload failed.'
+    }
+
+    #Ensure the proper dependencies are installed in the current environment.
+    Confirm-M365DSCDependencies
+
+    #region Telemetry
+    $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '')
+    $CommandName = $MyInvocation.MyCommand
+    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
+        -CommandName $CommandName `
+        -Parameters $PSBoundParameters
+    Add-M365DSCTelemetryEvent -Data $data
+    #endregion    
+
+    $nullResult = $PSBoundParameters
+    $nullResult.Ensure = 'Absent'
+    try
+    {
+        if (-not [string]::IsNullOrWhiteSpace($id))
+        { 
+            $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue 
+        }
+
+        #region resource generator code
+        if ($null -eq $getValue)
+        {
+            $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object `
+            -FilterScript { `
+                $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerVpnConfiguration' `
+            }
+        }
+        #endregion
+
+        if ($null -eq $getValue)
+        {
+            Write-Verbose -Message "No Intune VPN Policy for Android Device Owner with Id {$id} was found"
+            return $nullResult
+        }
+
+        $Id = $getValue.Id
+
+        Write-Verbose -Message "An Intune VPN Policy for Android Device Owner with id {$id} and DisplayName {$DisplayName} was found"
+
+        $complexServers = @()
+        foreach ($currentservers in $getValue.AdditionalProperties.servers)
+        {
+            $myservers = @{}
+            $myservers.Add('address', $currentservers.address)
+            $myservers.Add('description', $currentservers.description)
+            $myservers.Add('isDefaultServer', $currentservers.isDefaultServer)
+            if ($myservers.values.Where({$null -ne $_}).count -gt 0)
+            {
+                $complexServers += $myservers
+            }
+        }
+
+        $complexProxyServers = @()
+        foreach ($currentservers in $getValue.AdditionalProperties.proxyServer)
+        {
+            $myservers = @{}
+            $myservers.Add('automaticConfigurationScriptUrl', $currentservers.automaticConfigurationScriptUrl)
+            $myservers.Add('address', $currentservers.address)
+            $myservers.Add('port', $currentservers.port)
+            if ($myservers.values.Where({$null -ne $_}).count -gt 0)
+            {
+                $complexProxyServers += $myservers
+            }
+        }
+
+        $complexCustomData = @()
+        foreach ($value in $getValue.AdditionalProperties.customData)
+        {
+            $myCustomdata = @{}
+            $myCustomdata.Add('key', $value.key)
+            $myCustomdata.Add('value', $value.value)
+            if ($myCustomdata.values.Where({$null -ne $_}).count -gt 0)
+            {
+                $complexCustomData += $myCustomdata
+            }
+        }
+
+        $complexCustomKeyValueData = @()
+        foreach ($value in $getValue.AdditionalProperties.customKeyValueData)
+        {
+            $myCVdata = @{}
+            $myCVdata.Add('name', $value.name)
+            $myCVdata.Add('value', $value.value)
+            if ($myCVdata.values.Where({$null -ne $_}).count -gt 0)
+            {
+                $complexCustomKeyValueData += $myCVdata
+            }
+        }
+
+        $complexTargetedMobileApps = @()
+        foreach ($value in $getValue.AdditionalProperties.targetedMobileApps)
+        {
+            $myTMAdata = @{}
+            $myTMAdata.Add('name', $value.name)
+            $myTMAdata.Add('publisher', $value.publisher)
+            $myTMAdata.Add('appStoreUrl', $value.appStoreUrl)
+            $myTMAdata.Add('appId', $value.appId)
+            if ($myTMAdata.values.Where({$null -ne $_}).count -gt 0)
+            {
+                $complexTargetedMobileApps += $myTMAdata
+            }
+        }
+
+        $results = @{
+            #region resource generator code
+            Id                             = $getValue.Id
+            Description                    = $getValue.Description
+            DisplayName                    = $getValue.DisplayName
+            authenticationMethod           = $getValue.AdditionalProperties.authenticationMethod    
+            connectionName                 = $getValue.AdditionalProperties.connectionName
+            role                           = $getValue.AdditionalProperties.role
+            realm                          = $getValue.AdditionalProperties.realm
+            servers                        = $complexServers
+            connectionType                 = $getValue.AdditionalProperties.connectionType 
+            proxyServer                    = $complexProxyServers
+            targetedPackageIds             = $getValue.AdditionalProperties.targetedPackageIds 
+            targetedMobileApps             = $complexTargetedMobileApps
+            alwaysOn                       = $getValue.AdditionalProperties.alwaysOn
+            alwaysOnLockdown               = $getValue.AdditionalProperties.alwaysOnLockdown
+            microsoftTunnelSiteId          = $getValue.AdditionalProperties.microsoftTunnelSiteId
+            proxyExclusionList             = $getValue.AdditionalProperties.proxyExclusionList
+            customData                     = $complexCustomData
+            customKeyValueData             = $complexCustomKeyValueData
+            Ensure                         = 'Present'
+            Credential                     = $Credential
+            ApplicationId                  = $ApplicationId
+            TenantId                       = $TenantId
+            ApplicationSecret              = $ApplicationSecret
+            CertificateThumbprint          = $CertificateThumbprint
+            Managedidentity                = $ManagedIdentity.IsPresent
+            AccessTokens                   = $AccessTokens
+        }
+                                          
+        $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Results.Id
+        $assignmentResult = @()
+        if ($assignmentsValues.Count -gt 0)
+        {
+            $assignmentResult += ConvertFrom-IntunePolicyAssignment `
+                                -IncludeDeviceFilter:$true `
+                                -Assignments ($assignmentsValues)
+        }
+        $results.Add('Assignments', $assignmentResult)
+
+        return [System.Collections.Hashtable] $results
+    }
+    catch
+    {
+        New-M365DSCLogEntry -Message 'Error retrieving data:' `
+            -Exception $_ `
+            -Source $($MyInvocation.MyCommand.Source) `
+            -TenantId $TenantId `
+            -Credential $Credential
+
+        return $nullResult
+    }
+}
+
+function Set-TargetResource
+{
+    [CmdletBinding()]
+    param
+    (
+        #region resource generator code
+        [Parameter()]
+        [System.String]
+        $Id,
+
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $DisplayName,
+
+        [Parameter()]
+        [System.String]
+        $Description,
+   
+        [Parameter()]
+        [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')]
+        [System.String]
+        $authenticationMethod,     
+        
+        [Parameter()]
+        [System.String]
+        $connectionName,   
+
+        [Parameter()]
+        [System.String]
+        $role,
+
+        [Parameter()]
+        [System.String]
+        $realm,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $servers,
+
+        [Parameter()]
+        [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')]
+        [System.String]
+        $connectionType,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $proxyServer,
+
+        [Parameter()]
+        [System.string[]]
+        $targetedPackageIds, 
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $targetedMobileApps,
+
+        [Parameter()]
+        [System.Boolean]
+        $alwaysOn,
+
+        [Parameter()]
+        [System.Boolean]
+        $alwaysOnLockdown,
+
+        [Parameter()]
+        [System.string]
+        $microsoftTunnelSiteId,
+
+        [Parameter()]
+        [System.string[]]
+        $proxyExclusionList, 
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $customData,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $customKeyValueData,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $Assignments,
+        #endregion
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('Absent', 'Present')]
+        $Ensure = 'Present',
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $Credential,
+
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $ApplicationSecret,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint,
+
+        [Parameter()]
+        [Switch]
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
+    )
+
+    try
+    {
+        $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
+            -InboundParameters $PSBoundParameters
+    }
+    catch
+    {
+        Write-Verbose -Message $_
+    }
+
+    #Ensure the proper dependencies are installed in the current environment.
+    Confirm-M365DSCDependencies
+
+    #region Telemetry
+    $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '')
+    $CommandName = $MyInvocation.MyCommand
+    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
+        -CommandName $CommandName `
+        -Parameters $PSBoundParameters
+    Add-M365DSCTelemetryEvent -Data $data
+    #endregion
+
+    $currentInstance = Get-TargetResource @PSBoundParameters
+
+    $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters
+
+    #proxy and server values need converting before new- / update- cmdlets will accept parameters
+    #creating hashtables now for use later in both present/present and present/absent blocks
+    $allTargetValues = Convert-M365DscHashtableToString -Hashtable $BoundParameters
+    
+    if ($allTargetValues -match '\bproxyServer=\(\{([^\)]+)\}\)') 
+    {
+        $proxyBlock = $matches[1]
+    }
+
+    $proxyHashtable = @{}
+    $proxyBlock -split ";" | ForEach-Object {
+        if ($_ -match '^(.*?)=(.*)$') {
+            $key = $matches[1].Trim()
+            $value = $matches[2].Trim()
+            $proxyHashtable[$key] = $value
+        }
+    }
+
+    if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
+    {
+        Write-Verbose -Message "Creating {$DisplayName}"
+        $BoundParameters.Remove('Assignments') | Out-Null
+        $CreateParameters = ([Hashtable]$BoundParameters).clone()
+        $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters
+        $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters)
+
+        foreach ($key in $AdditionalProperties.keys)
+        {
+            if ($key -ne '@odata.type')
+            {
+                $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1)
+                $CreateParameters.remove($keyName)
+            }
+        }
+
+        $CreateParameters.Remove('Id') | Out-Null
+
+        foreach ($key in ($CreateParameters.clone()).Keys)
+        {
+            if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*')
+            {
+                $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key]
+            }
+        }
+        
+        if ($AdditionalProperties.proxyServer)
+        {
+            $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept
+            $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier
+        }
+
+        $CreateParameters.add('AdditionalProperties', $AdditionalProperties)
+           
+        #region resource generator code
+        $policy = New-MgBetaDeviceManagementDeviceConfiguration @CreateParameters
+        $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments
+
+        if ($policy.id)
+        {
+            Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id `
+                -Targets $assignmentsHash `
+                -Repository 'deviceManagement/deviceConfigurations'
+        }
+        #endregion
+    }
+    elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present')
+    {
+        Write-Verbose -Message "Updating {$DisplayName}"
+
+        $BoundParameters.Remove('Assignments') | Out-Null
+        $UpdateParameters = ([Hashtable]$BoundParameters).clone()
+        $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters
+        $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters)
+
+        foreach ($key in $AdditionalProperties.keys)
+        {
+            if ($key -ne '@odata.type')
+            {
+                $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1)
+                $UpdateParameters.remove($keyName)
+            }
+        }
+
+        $UpdateParameters.Remove('Id') | Out-Null
+
+        foreach ($key in ($UpdateParameters.clone()).Keys)
+        {
+            if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*')
+            {
+                $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key]
+            }
+        }
+
+        if ($AdditionalProperties.proxyServer)
+        {
+            $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept
+            $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier
+        }
+
+        if ($AdditionalProperties)
+        {           
+            #add the additional properties to the updateparameters
+            $UpdateParameters.add('AdditionalProperties', $AdditionalProperties)
+        }
+
+        #region resource generator code
+        Update-MgBetaDeviceManagementDeviceConfiguration @UpdateParameters `
+            -DeviceConfigurationId $currentInstance.Id
+        $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments
+        Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id `
+            -Targets $assignmentsHash `
+            -Repository 'deviceManagement/deviceConfigurations'
+        #endregion
+    }
+    elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
+    {
+        Write-Verbose -Message "Removing {$DisplayName}"
+        #region resource generator code
+        Remove-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id
+        #endregion
+    }
+}
+
+function Test-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.Boolean])]
+    param
+    (
+        #region resource generator code
+        [Parameter()]
+        [System.String]
+        $Id,
+
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $DisplayName,
+
+        [Parameter()]
+        [System.String]
+        $Description,
+   
+        [Parameter()]
+        [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')]
+        [System.String]
+        $authenticationMethod,     
+        
+        [Parameter()]
+        [System.String]
+        $connectionName,   
+
+        [Parameter()]
+        [System.String]
+        $role,
+
+        [Parameter()]
+        [System.String]
+        $realm,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $servers,
+
+        [Parameter()]
+        [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')]
+        [System.String]
+        $connectionType,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $proxyServer,
+
+        [Parameter()]
+        [System.string[]]
+        $targetedPackageIds, 
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $targetedMobileApps,
+
+        [Parameter()]
+        [System.Boolean]
+        $alwaysOn,
+
+        [Parameter()]
+        [System.Boolean]
+        $alwaysOnLockdown,
+
+        [Parameter()]
+        [System.string]
+        $microsoftTunnelSiteId,
+
+        [Parameter()]
+        [System.string[]]
+        $proxyExclusionList, 
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $customData,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $customKeyValueData,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $Assignments,
+        #endregion
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('Absent', 'Present')]
+        $Ensure = 'Present',
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $Credential,
+
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $ApplicationSecret,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint,
+
+        [Parameter()]
+        [Switch]
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
+    )
+
+    #Ensure the proper dependencies are installed in the current environment.
+    Confirm-M365DSCDependencies
+
+    #region Telemetry
+    $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '')
+    $CommandName = $MyInvocation.MyCommand
+    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
+        -CommandName $CommandName `
+        -Parameters $PSBoundParameters
+    Add-M365DSCTelemetryEvent -Data $data
+    #endregion
+
+    Write-Verbose -Message "Testing configuration of {$id}"
+
+    $CurrentValues = Get-TargetResource @PSBoundParameters
+    $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone()
+
+    if ($CurrentValues.Ensure -ne $Ensure)
+    {
+        Write-Verbose -Message "Test-TargetResource returned $false"
+        return $false
+    }
+    $testResult = $true
+
+    #Compare Cim instances
+    foreach ($key in $PSBoundParameters.Keys)
+    {
+        $source = $PSBoundParameters.$key
+        $target = $CurrentValues.$key
+        if ($source.GetType().Name -like '*CimInstance*')
+        {
+            $testResult = Compare-M365DSCComplexObject `
+                -Source ($source) `
+                -Target ($target)
+
+            if (-not $testResult) { break }
+
+            $ValuesToCheck.Remove($key) | Out-Null
+        }
+    }
+
+    $ValuesToCheck.Remove('Id') | Out-Null
+    $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck
+
+    Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
+    Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)"
+
+    #Convert any DateTime to String
+    foreach ($key in $ValuesToCheck.Keys)
+    {
+        if (($null -ne $CurrentValues[$key]) `
+                -and ($CurrentValues[$key].getType().Name -eq 'DateTime'))
+        {
+            $CurrentValues[$key] = $CurrentValues[$key].toString()
+        }
+    }
+
+    if ($testResult)
+    {
+        $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
+            -Source $($MyInvocation.MyCommand.Source) `
+            -DesiredValues $PSBoundParameters `
+            -ValuesToCheck $ValuesToCheck.Keys
+    }
+
+    Write-Verbose -Message "Test-TargetResource returned $testResult"
+
+    return $testResult
+}
+
+function Export-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.String])]
+    param
+    (
+        [Parameter()]
+        [System.String]
+        $Filter,
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $Credential,
+
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $ApplicationSecret,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint,
+
+        [Parameter()]
+        [Switch]
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
+    )
+
+    $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
+        -InboundParameters $PSBoundParameters
+
+    #Ensure the proper dependencies are installed in the current environment.
+    Confirm-M365DSCDependencies
+
+    #region Telemetry
+    $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '')
+    $CommandName = $MyInvocation.MyCommand
+    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
+        -CommandName $CommandName `
+        -Parameters $PSBoundParameters
+    Add-M365DSCTelemetryEvent -Data $data
+    #endregion
+
+    try
+    {
+
+        #region resource generator code
+        [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All `
+            -ErrorAction Stop | Where-Object `
+            -FilterScript { `
+                $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidDeviceOwnerVpnConfiguration'  `
+        }
+        #endregion
+
+        $i = 1
+        $dscContent = ''
+        if ($getValue.Length -eq 0)
+        {
+            Write-Host $Global:M365DSCEmojiGreenCheckMark
+        }
+        else
+        {
+            Write-Host "`r`n" -NoNewline
+        }
+        foreach ($config in $getValue)
+        {
+            if ($null -ne $Global:M365DSCExportResourceInstancesCount)
+            {
+                $Global:M365DSCExportResourceInstancesCount++
+            }
+
+            Write-Host "    |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline
+            $params = @{
+                Id                    = $config.id
+                DisplayName           = $config.DisplayName
+                Ensure                = 'Present'
+                Credential            = $Credential
+                ApplicationId         = $ApplicationId
+                TenantId              = $TenantId
+                ApplicationSecret     = $ApplicationSecret
+                CertificateThumbprint = $CertificateThumbprint
+                Managedidentity       = $ManagedIdentity.IsPresent
+                AccessTokens          = $AccessTokens
+            }
+
+            $Results = Get-TargetResource @Params
+            $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
+                -Results $Results
+
+            if ($Results.Assignments)
+            {
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments
+                if ($complexTypeStringResult)
+                {
+                    $Results.Assignments = $complexTypeStringResult
+                }
+                else
+                {
+                    $Results.Remove('Assignments') | Out-Null
+                }
+            }
+
+            if ($null -ne $Results.servers)
+            {
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
+                    -ComplexObject $Results.servers `
+                    -CIMInstanceName 'MicrosoftGraphvpnServer' #MSFT_MicrosoftGraphVpnServer
+                if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult))
+                {
+                    $Results.servers = $complexTypeStringResult
+                }
+                else
+                {
+                    $Results.Remove('servers') | Out-Null
+                }
+            }
+
+            if ($null -ne $Results.proxyServer)
+            {
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
+                    -ComplexObject $Results.proxyServer `
+                    -CIMInstanceName 'MSFT_MicrosoftvpnProxyServer' 
+                if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult))
+                {
+                    $Results.proxyServer = $complexTypeStringResult
+                }
+                else
+                {
+                    $Results.Remove('proxyServer') | Out-Null
+                }
+            }
+
+            if ($null -ne $Results.customData)
+            {
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
+                    -ComplexObject $Results.customData `
+                    -CIMInstanceName 'MSFT_CustomData' 
+                if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult))
+                {
+                    $Results.customData = $complexTypeStringResult
+                }
+                else
+                {
+                    $Results.Remove('customData') | Out-Null
+                }
+            }
+
+            if ($null -ne $Results.customKeyValueData)
+            {
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
+                    -ComplexObject $Results.customKeyValueData `
+                    -CIMInstanceName 'MSFT_customKeyValueData' 
+                if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult))
+                {
+                    $Results.customKeyValueData = $complexTypeStringResult
+                }
+                else
+                {
+                    $Results.Remove('customKeyValueData') | Out-Null
+                }
+            }
+            
+            if ($null -ne $Results.targetedMobileApps)
+            {
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
+                    -ComplexObject $Results.targetedMobileApps `
+                    -CIMInstanceName 'MSFT_targetedMobileApps' 
+                if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult))
+                {
+                    $Results.targetedMobileApps = $complexTypeStringResult
+                }
+                else
+                {
+                    $Results.Remove('targetedMobileApps') | Out-Null
+                }
+            }
+
+            $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName `
+                -ConnectionMode $ConnectionMode `
+                -ModulePath $PSScriptRoot `
+                -Results $Results `
+                -Credential $Credential
+
+            if ($Results.servers)
+            {
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "servers" -isCIMArray:$True
+            }
+
+            if ($Results.proxyServer)
+            {
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "proxyServer" -isCIMArray:$True
+            }
+
+            if ($Results.customData)
+            {
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "customData" -isCIMArray:$True
+            }
+
+            if ($Results.customKeyValueData)
+            {
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "customKeyValueData" -isCIMArray:$True
+            }
+
+            if ($Results.targetedMobileApps)
+            {
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "targetedMobileApps" -isCIMArray:$True
+            }
+
+            if ($Results.Assignments)
+            {
+                $isCIMArray = $false
+                if ($Results.Assignments.getType().Fullname -like '*[[\]]')
+                {
+                    $isCIMArray = $true
+                }
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray
+            }
+
+            $dscContent += $currentDSCBlock
+            Save-M365DSCPartialExport -Content $currentDSCBlock `
+                -FileName $Global:PartialExportFileName
+            $i++
+            Write-Host $Global:M365DSCEmojiGreenCheckMark
+        }
+        return $dscContent
+    }
+    catch
+    {
+        if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or `
+        $_.Exception -like "*Request not applicable to target tenant*")
+        {
+            Write-Host "`r`n    $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune."
+        }
+        else
+        {
+            Write-Host $Global:M365DSCEmojiRedX
+
+            New-M365DSCLogEntry -Message 'Error during Export:' `
+                -Exception $_ `
+                -Source $($MyInvocation.MyCommand.Source) `
+                -TenantId $TenantId `
+                -Credential $Credential
+        }
+
+        return ''
+    }
+}
+
+function Get-M365DSCAdditionalProperties
+{
+    [CmdletBinding()]
+    [OutputType([System.Collections.Hashtable])]
+    param
+    (
+        [Parameter(Mandatory = 'true')]
+        [System.Collections.Hashtable]
+        $Properties
+    )
+
+    $additionalProperties = @(
+        'authenticationMethod' 
+        'connectionName'
+        'role'
+        'realm'
+        'servers'
+        'connectionType'
+        'proxyServer'
+        'targetedPackageIds'
+        'targetedMobileApps'
+        'alwaysOn'
+        'alwaysOnLockdown'
+        'microsoftTunnelSiteId'
+        'proxyExclusionList'
+        'customData'
+        'customKeyValueData'
+    )
+
+    $results = @{'@odata.type' = '#microsoft.graph.androidDeviceOwnerVpnConfiguration' }
+    $cloneProperties = $Properties.clone()
+    foreach ($property in $cloneProperties.Keys)
+    {
+        if ($property -in ($additionalProperties) )
+        {
+            $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1)
+            if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*')
+            {
+                if ($properties.$property.getType().FullName -like '*[[\]]')
+                {
+                    $array = @()
+                    foreach ($item in $properties.$property)
+                    {
+                        $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item
+                    }
+                    $propertyValue = $array
+                }
+                else
+                {
+                    $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property
+                }
+
+            }
+            else
+            {
+                $propertyValue = $properties.$property
+            }
+
+            $results.Add($propertyName, $propertyValue)
+        }
+    }
+    if ($results.Count -eq 1)
+    {
+        return $null
+    }
+    return $results
+}
+
+Export-ModuleMember -Function *-TargetResource
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.schema.mof
new file mode 100644
index 0000000000..7fa9bb2c06
--- /dev/null
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner.schema.mof
@@ -0,0 +1,74 @@
+[ClassVersion("1.0.0.0")]
+class MSFT_DeviceManagementConfigurationPolicyAssignments
+{
+    [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType;
+    [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType;
+    [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId;
+    [Write, Description("The group Id that is the target of the assignment.")] String groupId;
+    [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName;
+    [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId;
+};
+[ClassVersion("1.0.0")]
+class MSFT_MicrosoftGraphVpnServer
+{
+    [Write, Description("Address (IP address, FQDN or URL)")] String address;
+    [Write, Description("Description.")] String description;
+    [Write, Description("Default server.")] Boolean isDefaultServer;
+};
+[ClassVersion("1.0.0")]
+class MSFT_MicrosoftvpnProxyServer
+{
+    [Write, Description("Proxy's automatic configuration script url.")] String automaticConfigurationScriptUrl;
+    [Write, Description("Address.")] String address;
+    [Write, Description("Port. Valid values 0 to 65535.")] uint32 port;
+};
+[ClassVersion("1.0.0")]
+class MSFT_targetedMobileApps
+{
+    [Write, Description("The application name.")] String name;
+    [Write, Description("The publisher of the application.")] String publisher;
+    [Write, Description("The Store URL of the application.")] String appStoreUrl;
+    [Write, Description("The application or bundle identifier of the application.")] String appId;
+};
+class MSFT_CustomData
+{
+    [Write, Description("Key for the custom data entry.")] String key;
+    [Write, Description("Value for the custom data entry.")] String value;
+};
+class MSFT_customKeyValueData
+{
+    [Write, Description("Name for the custom data entry.")] String name;
+    [Write, Description("Value for the custom data entry.")] String value;
+};
+
+[ClassVersion("1.0.0.0"), FriendlyName("IntuneVPNConfigurationPolicyAndroidDeviceOwner")]
+class MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner : OMI_BaseResource
+{
+    [Write, Description("Id of the Intune policy.")] String Id;
+    [Key, Description("Display name of the Intune policy.")] String DisplayName;
+    [Write, Description("Description of the Intune policy.")] String Description;
+    [Write, Description("Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD."), ValueMap{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}, Values{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}] String authenticationMethod;
+    [Write, Description("Connection name displayed to the user.")] String connectionName;
+    [Write, Description("Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration.")] String role;
+    [Write, Description("Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration.")] String realm;
+    [Write, Description("VPN Server on the network. Make sure end users can access this network location."), EmbeddedInstance("MSFT_MicrosoftGraphvpnServer")] String servers[];
+    [Write, Description("Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect."), ValueMap{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "citrix", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}, Values{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "citrix", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}] String  connectionType;
+    [Write, Description("Proxy Server."), EmbeddedInstance("MSFT_MicrosoftvpnProxyServer")] String proxyServer[];
+    [Write, Description("Targeted App package IDs.")] String targetedPackageIds[];
+    [Write, Description("Targeted mobile apps. This collection can contain a maximum of 500 elements."),EmbeddedInstance("MSFT_targetedMobileApps")] String targetedMobileApps[];
+    [Write, Description("Whether or not to enable always-on VPN connection.")] Boolean alwaysOn;
+    [Write, Description("If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected.")] Boolean alwaysOnLockdown;
+    [Write, Description("Microsoft Tunnel site ID.")] String microsoftTunnelSiteId;
+    [Write, Description("List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com.")] String proxyExclusionList[];
+    [Write, Description("Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements."), EmbeddedInstance("MSFT_customData")] String customData[];
+    [Write, Description("Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements."), EmbeddedInstance("MSFT_customKeyValueData")] String customKeyValueData[];
+    [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[];
+    [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
+    [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
+    [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
+    [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
+    [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;
+    [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
+    [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
+    [Write, Description("Access token used for authentication.")] String AccessTokens[];
+};
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/readme.md
new file mode 100644
index 0000000000..7b5f001ecb
--- /dev/null
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/readme.md
@@ -0,0 +1,6 @@
+
+# IntuneVPNConfigurationPolicyAndroidDeviceOwner
+
+## Description
+
+This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices.
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/settings.json
new file mode 100644
index 0000000000..a2d19acdc4
--- /dev/null
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner/settings.json
@@ -0,0 +1,44 @@
+{
+    "resourceName": "IntuneVPNConfigurationPolicyAndroidDeviceOwner",
+    "description": "This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices.",
+    "permissions": {
+        "graph": {
+            "delegated": {
+                "read": [
+                    {
+                        "name": "Group.Read.All"
+                    },
+                    {
+                        "name": "DeviceManagementConfiguration.Read.All"
+                    }
+                ],
+                "update": [
+                    {
+                        "name": "Group.Read.All"
+                    },
+                    {
+                        "name": "DeviceManagementConfiguration.ReadWrite.All"
+                    }
+                ]
+            },
+            "application": {
+                "read": [
+                    {
+                        "name": "Group.Read.All"
+                    },
+                    {
+                        "name": "DeviceManagementConfiguration.Read.All"
+                    }
+                ],
+                "update": [
+                    {
+                        "name": "Group.Read.All"
+                    },
+                    {
+                        "name": "DeviceManagementConfiguration.ReadWrite.All"
+                    }
+                ]
+            }
+        }
+    }
+}
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1
new file mode 100644
index 0000000000..26830190cb
--- /dev/null
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.psm1
@@ -0,0 +1,1075 @@
+function Get-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.Collections.Hashtable])]
+    param
+    (
+        #region resource generator code
+        [Parameter()]
+        [System.String]
+        $Id,
+
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $DisplayName,
+
+        [Parameter()]
+        [System.String]
+        $Description,
+   
+        [Parameter()]
+        [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')]
+        [System.String]
+        $authenticationMethod,     
+        
+        [Parameter()]
+        [System.String]
+        $connectionName,   
+
+        [Parameter()]
+        [System.String]
+        $role,
+
+        [Parameter()]
+        [System.String]
+        $realm,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $servers,
+
+        [Parameter()]
+        [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')]
+        [System.String]
+        $connectionType,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $proxyServer,
+
+        [Parameter()]
+        [System.string[]]
+        $targetedPackageIds, 
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $targetedMobileApps,
+
+        [Parameter()]
+        [System.Boolean]
+        $alwaysOn,
+
+        [Parameter()]
+        [System.Boolean]
+        $alwaysOnLockdown,
+
+        [Parameter()]
+        [System.string]
+        $microsoftTunnelSiteId,
+
+        [Parameter()]
+        [System.string[]]
+        $proxyExclusionList, 
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $customData,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $customKeyValueData,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $Assignments,
+        #endregion
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('Absent', 'Present')]
+        $Ensure = 'Present',
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $Credential,
+
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $ApplicationSecret,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint,
+
+        [Parameter()]
+        [Switch]
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
+    )
+
+    try
+    {
+        $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
+            -InboundParameters $PSBoundParameters
+    }
+    catch
+    {
+        Write-Verbose -Message 'Connection to the workload failed.'
+    }
+
+    #Ensure the proper dependencies are installed in the current environment.
+    Confirm-M365DSCDependencies
+
+    #region Telemetry
+    $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '')
+    $CommandName = $MyInvocation.MyCommand
+    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
+        -CommandName $CommandName `
+        -Parameters $PSBoundParameters
+    Add-M365DSCTelemetryEvent -Data $data
+    #endregion    
+
+    $nullResult = $PSBoundParameters
+    $nullResult.Ensure = 'Absent'
+    try
+    {
+        if (-not [string]::IsNullOrWhiteSpace($id))
+        { 
+            $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $id -ErrorAction SilentlyContinue 
+        }
+
+        #region resource generator code
+        if ($null -eq $getValue)
+        {
+            $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -All -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object `
+            -FilterScript { `
+                $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidVpnConfiguration' `
+            }
+        }
+        #endregion
+
+        if ($null -eq $getValue)
+        {
+            Write-Verbose -Message "No Intune VPN Policy for Android Enterprise with Id {$id} was found"
+            return $nullResult
+        }
+
+        $Id = $getValue.Id
+
+        Write-Verbose -Message "An Intune VPN Policy for Android Enterprise with id {$id} and DisplayName {$DisplayName} was found"
+
+        $complexServers = @()
+        foreach ($currentservers in $getValue.AdditionalProperties.servers)
+        {
+            $myservers = @{}
+            $myservers.Add('address', $currentservers.address)
+            $myservers.Add('description', $currentservers.description)
+            $myservers.Add('isDefaultServer', $currentservers.isDefaultServer)
+            if ($myservers.values.Where({$null -ne $_}).count -gt 0)
+            {
+                $complexServers += $myservers
+            }
+        }
+
+        $complexProxyServers = @()
+        foreach ($currentservers in $getValue.AdditionalProperties.proxyServer)
+        {
+            $myservers = @{}
+            $myservers.Add('automaticConfigurationScriptUrl', $currentservers.automaticConfigurationScriptUrl)
+            $myservers.Add('address', $currentservers.address)
+            $myservers.Add('port', $currentservers.port)
+            if ($myservers.values.Where({$null -ne $_}).count -gt 0)
+            {
+                $complexProxyServers += $myservers
+            }
+        }
+
+        $complexCustomData = @()
+        foreach ($value in $getValue.AdditionalProperties.customData)
+        {
+            $myCustomdata = @{}
+            $myCustomdata.Add('key', $value.key)
+            $myCustomdata.Add('value', $value.value)
+            if ($myCustomdata.values.Where({$null -ne $_}).count -gt 0)
+            {
+                $complexCustomData += $myCustomdata
+            }
+        }
+
+        $complexCustomKeyValueData = @()
+        foreach ($value in $getValue.AdditionalProperties.customKeyValueData)
+        {
+            $myCVdata = @{}
+            $myCVdata.Add('name', $value.name)
+            $myCVdata.Add('value', $value.value)
+            if ($myCVdata.values.Where({$null -ne $_}).count -gt 0)
+            {
+                $complexCustomKeyValueData += $myCVdata
+            }
+        }
+
+        $complexTargetedMobileApps = @()
+        foreach ($value in $getValue.AdditionalProperties.targetedMobileApps)
+        {
+            $myTMAdata = @{}
+            $myTMAdata.Add('name', $value.name)
+            $myTMAdata.Add('publisher', $value.publisher)
+            $myTMAdata.Add('appStoreUrl', $value.appStoreUrl)
+            $myTMAdata.Add('appId', $value.appId)
+            if ($myTMAdata.values.Where({$null -ne $_}).count -gt 0)
+            {
+                $complexTargetedMobileApps += $myTMAdata
+            }
+        }
+
+        $results = @{
+            #region resource generator code
+            Id                             = $getValue.Id
+            Description                    = $getValue.Description
+            DisplayName                    = $getValue.DisplayName
+            authenticationMethod           = $getValue.AdditionalProperties.authenticationMethod    
+            connectionName                 = $getValue.AdditionalProperties.connectionName
+            role                           = $getValue.AdditionalProperties.role
+            realm                          = $getValue.AdditionalProperties.realm
+            servers                        = $complexServers
+            connectionType                 = $getValue.AdditionalProperties.connectionType 
+            proxyServer                    = $complexProxyServers
+            targetedPackageIds             = $getValue.AdditionalProperties.targetedPackageIds 
+            targetedMobileApps             = $complexTargetedMobileApps
+            alwaysOn                       = $getValue.AdditionalProperties.alwaysOn
+            alwaysOnLockdown               = $getValue.AdditionalProperties.alwaysOnLockdown
+            microsoftTunnelSiteId          = $getValue.AdditionalProperties.microsoftTunnelSiteId
+            proxyExclusionList             = $getValue.AdditionalProperties.proxyExclusionList
+            customData                     = $complexCustomData
+            customKeyValueData             = $complexCustomKeyValueData
+            Ensure                         = 'Present'
+            Credential                     = $Credential
+            ApplicationId                  = $ApplicationId
+            TenantId                       = $TenantId
+            ApplicationSecret              = $ApplicationSecret
+            CertificateThumbprint          = $CertificateThumbprint
+            Managedidentity                = $ManagedIdentity.IsPresent
+            AccessTokens                   = $AccessTokens
+        }
+                                          
+        $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Results.Id
+        $assignmentResult = @()
+        if ($assignmentsValues.Count -gt 0)
+        {
+            $assignmentResult += ConvertFrom-IntunePolicyAssignment `
+                                -IncludeDeviceFilter:$true `
+                                -Assignments ($assignmentsValues)
+        }
+        $results.Add('Assignments', $assignmentResult)
+
+        return [System.Collections.Hashtable] $results
+    }
+    catch
+    {
+        New-M365DSCLogEntry -Message 'Error retrieving data:' `
+            -Exception $_ `
+            -Source $($MyInvocation.MyCommand.Source) `
+            -TenantId $TenantId `
+            -Credential $Credential
+
+        return $nullResult
+    }
+}
+
+function Set-TargetResource
+{
+    [CmdletBinding()]
+    param
+    (
+        #region resource generator code
+        [Parameter()]
+        [System.String]
+        $Id,
+
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $DisplayName,
+
+        [Parameter()]
+        [System.String]
+        $Description,
+   
+        [Parameter()]
+        [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')]
+        [System.String]
+        $authenticationMethod,     
+        
+        [Parameter()]
+        [System.String]
+        $connectionName,   
+
+        [Parameter()]
+        [System.String]
+        $role,
+
+        [Parameter()]
+        [System.String]
+        $realm,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $servers,
+
+        [Parameter()]
+        [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')]
+        [System.String]
+        $connectionType,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $proxyServer,
+
+        [Parameter()]
+        [System.string[]]
+        $targetedPackageIds, 
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $targetedMobileApps,
+
+        [Parameter()]
+        [System.Boolean]
+        $alwaysOn,
+
+        [Parameter()]
+        [System.Boolean]
+        $alwaysOnLockdown,
+
+        [Parameter()]
+        [System.string]
+        $microsoftTunnelSiteId,
+
+        [Parameter()]
+        [System.string[]]
+        $proxyExclusionList, 
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $customData,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $customKeyValueData,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $Assignments,
+        #endregion
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('Absent', 'Present')]
+        $Ensure = 'Present',
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $Credential,
+
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $ApplicationSecret,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint,
+
+        [Parameter()]
+        [Switch]
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
+    )
+
+    try
+    {
+        $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
+            -InboundParameters $PSBoundParameters
+    }
+    catch
+    {
+        Write-Verbose -Message $_
+    }
+
+    #Ensure the proper dependencies are installed in the current environment.
+    Confirm-M365DSCDependencies
+
+    #region Telemetry
+    $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '')
+    $CommandName = $MyInvocation.MyCommand
+    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
+        -CommandName $CommandName `
+        -Parameters $PSBoundParameters
+    Add-M365DSCTelemetryEvent -Data $data
+    #endregion
+
+    $currentInstance = Get-TargetResource @PSBoundParameters
+
+    $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters
+
+    #proxy and server values need converting before new- / update- cmdlets will accept parameters
+    #creating hashtables now for use later in both present/present and present/absent blocks
+    $allTargetValues = Convert-M365DscHashtableToString -Hashtable $BoundParameters
+
+    if ($allTargetValues -match '\bproxyServer=\(\{([^\)]+)\}\)') 
+    {
+        $proxyBlock = $matches[1]
+    }
+
+    $proxyHashtable = @{}
+    $proxyBlock -split ";" | ForEach-Object {
+        if ($_ -match '^(.*?)=(.*)$') {
+            $key = $matches[1].Trim()
+            $value = $matches[2].Trim()
+            $proxyHashtable[$key] = $value
+        }
+    }
+
+    if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
+    {
+        Write-Verbose -Message "Creating {$DisplayName}"
+        $BoundParameters.Remove('Assignments') | Out-Null
+        $CreateParameters = ([Hashtable]$BoundParameters).clone()
+        $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters
+        $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters)
+
+        foreach ($key in $AdditionalProperties.keys)
+        {
+            if ($key -ne '@odata.type')
+            {
+                $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1)
+                $CreateParameters.remove($keyName)
+            }
+        }
+
+        $CreateParameters.Remove('Id') | Out-Null
+
+        foreach ($key in ($CreateParameters.clone()).Keys)
+        {
+            if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*')
+            {
+                $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key]
+            }
+        }
+        
+        if ($AdditionalProperties.proxyServer)
+        {
+            $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept
+            $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier
+        }
+        
+        $CreateParameters.add('AdditionalProperties', $AdditionalProperties)
+           
+        #region resource generator code
+        $policy = New-MgBetaDeviceManagementDeviceConfiguration @CreateParameters
+        $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments
+
+        if ($policy.id)
+        {
+            Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id `
+                -Targets $assignmentsHash `
+                -Repository 'deviceManagement/deviceConfigurations'
+        }
+        #endregion
+    }
+    elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present')
+    {
+        Write-Verbose -Message "Updating {$DisplayName}"
+
+        $BoundParameters.Remove('Assignments') | Out-Null
+        $UpdateParameters = ([Hashtable]$BoundParameters).clone()
+        $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters
+        $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters)
+
+        foreach ($key in $AdditionalProperties.keys)
+        {
+            if ($key -ne '@odata.type')
+            {
+                $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1)
+                $UpdateParameters.remove($keyName)
+            }
+        }
+
+        $UpdateParameters.Remove('Id') | Out-Null
+
+        foreach ($key in ($UpdateParameters.clone()).Keys)
+        {
+            if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*')
+            {
+                $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key]
+            }
+        }
+
+        if ($AdditionalProperties.proxyServer)
+        {
+            $AdditionalProperties.Remove('proxyServer') #this is not in a format Update-MgBetaDeviceManagementDeviceConfiguration will accept
+            $AdditionalProperties.add('proxyServer',$proxyHashtable) #replaced with the hashtable we created earlier
+        }
+
+        if ($AdditionalProperties)
+        {           
+            #add the additional properties to the updateparameters
+            $UpdateParameters.add('AdditionalProperties', $AdditionalProperties)
+        }
+
+        #region resource generator code
+        Update-MgBetaDeviceManagementDeviceConfiguration @UpdateParameters `
+            -DeviceConfigurationId $currentInstance.Id
+        $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments
+        Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id `
+            -Targets $assignmentsHash `
+            -Repository 'deviceManagement/deviceConfigurations'
+        #endregion
+    }
+    elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
+    {
+        Write-Verbose -Message "Removing {$DisplayName}"
+        #region resource generator code
+        Remove-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id
+        #endregion
+    }
+}
+
+function Test-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.Boolean])]
+    param
+    (
+        #region resource generator code
+        [Parameter()]
+        [System.String]
+        $Id,
+
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $DisplayName,
+
+        [Parameter()]
+        [System.String]
+        $Description,
+   
+        [Parameter()]
+        [ValidateSet('certificate', 'usernameAndPassword', 'sharedSecret', 'derivedCredential', 'azureAD')]
+        [System.String]
+        $authenticationMethod,     
+        
+        [Parameter()]
+        [System.String]
+        $connectionName,   
+
+        [Parameter()]
+        [System.String]
+        $role,
+
+        [Parameter()]
+        [System.String]
+        $realm,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $servers,
+
+        [Parameter()]
+        [ValidateSet('ciscoAnyConnect', 'pulseSecure', 'f5EdgeClient', 'dellSonicWallMobileConnect', 'checkPointCapsuleVpn', 'citrix', 'microsoftTunnel', 'netMotionMobility', 'microsoftProtect')]
+        [System.String]
+        $connectionType,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $proxyServer,
+
+        [Parameter()]
+        [System.string[]]
+        $targetedPackageIds, 
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $targetedMobileApps,
+
+        [Parameter()]
+        [System.Boolean]
+        $alwaysOn,
+
+        [Parameter()]
+        [System.Boolean]
+        $alwaysOnLockdown,
+
+        [Parameter()]
+        [System.string]
+        $microsoftTunnelSiteId,
+
+        [Parameter()]
+        [System.string[]]
+        $proxyExclusionList, 
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $customData,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $customKeyValueData,
+
+        [Parameter()]
+        [Microsoft.Management.Infrastructure.CimInstance[]]
+        $Assignments,
+        #endregion
+
+        [Parameter()]
+        [System.String]
+        [ValidateSet('Absent', 'Present')]
+        $Ensure = 'Present',
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $Credential,
+
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $ApplicationSecret,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint,
+
+        [Parameter()]
+        [Switch]
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
+    )
+
+    #Ensure the proper dependencies are installed in the current environment.
+    Confirm-M365DSCDependencies
+
+    #region Telemetry
+    $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '')
+    $CommandName = $MyInvocation.MyCommand
+    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
+        -CommandName $CommandName `
+        -Parameters $PSBoundParameters
+    Add-M365DSCTelemetryEvent -Data $data
+    #endregion
+
+    Write-Verbose -Message "Testing configuration of {$id}"
+
+    $CurrentValues = Get-TargetResource @PSBoundParameters
+    $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone()
+
+    if ($CurrentValues.Ensure -ne $Ensure)
+    {
+        Write-Verbose -Message "Test-TargetResource returned $false"
+        return $false
+    }
+    $testResult = $true
+
+    #Compare Cim instances
+    foreach ($key in $PSBoundParameters.Keys)
+    {
+        $source = $PSBoundParameters.$key
+        $target = $CurrentValues.$key
+        if ($source.GetType().Name -like '*CimInstance*')
+        {
+            $testResult = Compare-M365DSCComplexObject `
+                -Source ($source) `
+                -Target ($target)
+
+            if (-not $testResult) { break }
+
+            $ValuesToCheck.Remove($key) | Out-Null
+        }
+    }
+
+    $ValuesToCheck.Remove('Id') | Out-Null
+    $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck
+
+    Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
+    Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)"
+
+    #Convert any DateTime to String
+    foreach ($key in $ValuesToCheck.Keys)
+    {
+        if (($null -ne $CurrentValues[$key]) `
+                -and ($CurrentValues[$key].getType().Name -eq 'DateTime'))
+        {
+            $CurrentValues[$key] = $CurrentValues[$key].toString()
+        }
+    }
+
+    if ($testResult)
+    {
+        $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
+            -Source $($MyInvocation.MyCommand.Source) `
+            -DesiredValues $PSBoundParameters `
+            -ValuesToCheck $ValuesToCheck.Keys
+    }
+
+    Write-Verbose -Message "Test-TargetResource returned $testResult"
+
+    return $testResult
+}
+
+function Export-TargetResource
+{
+    [CmdletBinding()]
+    [OutputType([System.String])]
+    param
+    (
+        [Parameter()]
+        [System.String]
+        $Filter,
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $Credential,
+
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $ApplicationSecret,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint,
+
+        [Parameter()]
+        [Switch]
+        $ManagedIdentity,
+
+        [Parameter()]
+        [System.String[]]
+        $AccessTokens
+    )
+
+    $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
+        -InboundParameters $PSBoundParameters
+
+    #Ensure the proper dependencies are installed in the current environment.
+    Confirm-M365DSCDependencies
+
+    #region Telemetry
+    $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '')
+    $CommandName = $MyInvocation.MyCommand
+    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
+        -CommandName $CommandName `
+        -Parameters $PSBoundParameters
+    Add-M365DSCTelemetryEvent -Data $data
+    #endregion
+
+    try
+    {
+
+        #region resource generator code
+        [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration -Filter $Filter -All `
+            -ErrorAction Stop | Where-Object `
+            -FilterScript { `
+                $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidVpnConfiguration'  `
+        }
+        #endregion
+
+        $i = 1
+        $dscContent = ''
+        if ($getValue.Length -eq 0)
+        {
+            Write-Host $Global:M365DSCEmojiGreenCheckMark
+        }
+        else
+        {
+            Write-Host "`r`n" -NoNewline
+        }
+        foreach ($config in $getValue)
+        {
+            if ($null -ne $Global:M365DSCExportResourceInstancesCount)
+            {
+                $Global:M365DSCExportResourceInstancesCount++
+            }
+
+            Write-Host "    |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline
+            $params = @{
+                Id                    = $config.id
+                DisplayName           = $config.DisplayName
+                Ensure                = 'Present'
+                Credential            = $Credential
+                ApplicationId         = $ApplicationId
+                TenantId              = $TenantId
+                ApplicationSecret     = $ApplicationSecret
+                CertificateThumbprint = $CertificateThumbprint
+                Managedidentity       = $ManagedIdentity.IsPresent
+                AccessTokens          = $AccessTokens
+            }
+
+            $Results = Get-TargetResource @Params
+            $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
+                -Results $Results
+
+            if ($Results.Assignments)
+            {
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments
+                if ($complexTypeStringResult)
+                {
+                    $Results.Assignments = $complexTypeStringResult
+                }
+                else
+                {
+                    $Results.Remove('Assignments') | Out-Null
+                }
+            }
+
+            if ($null -ne $Results.servers)
+            {
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
+                    -ComplexObject $Results.servers `
+                    -CIMInstanceName 'MicrosoftGraphvpnServer' #MSFT_MicrosoftGraphVpnServer
+                if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult))
+                {
+                    $Results.servers = $complexTypeStringResult
+                }
+                else
+                {
+                    $Results.Remove('servers') | Out-Null
+                }
+            }
+
+            if ($null -ne $Results.proxyServer)
+            {
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
+                    -ComplexObject $Results.proxyServer `
+                    -CIMInstanceName 'MSFT_MicrosoftvpnProxyServer' 
+                if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult))
+                {
+                    $Results.proxyServer = $complexTypeStringResult
+                }
+                else
+                {
+                    $Results.Remove('proxyServer') | Out-Null
+                }
+            }
+
+            if ($null -ne $Results.customData)
+            {
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
+                    -ComplexObject $Results.customData `
+                    -CIMInstanceName 'MSFT_CustomData' 
+                if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult))
+                {
+                    $Results.customData = $complexTypeStringResult
+                }
+                else
+                {
+                    $Results.Remove('customData') | Out-Null
+                }
+            }
+
+            if ($null -ne $Results.customKeyValueData)
+            {
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
+                    -ComplexObject $Results.customKeyValueData `
+                    -CIMInstanceName 'MSFT_customKeyValueData' 
+                if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult))
+                {
+                    $Results.customKeyValueData = $complexTypeStringResult
+                }
+                else
+                {
+                    $Results.Remove('customKeyValueData') | Out-Null
+                }
+            }
+            
+            if ($null -ne $Results.targetedMobileApps)
+            {
+                $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
+                    -ComplexObject $Results.targetedMobileApps `
+                    -CIMInstanceName 'MSFT_targetedMobileApps' 
+                if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult))
+                {
+                    $Results.targetedMobileApps = $complexTypeStringResult
+                }
+                else
+                {
+                    $Results.Remove('targetedMobileApps') | Out-Null
+                }
+            }
+
+            $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName `
+                -ConnectionMode $ConnectionMode `
+                -ModulePath $PSScriptRoot `
+                -Results $Results `
+                -Credential $Credential
+
+            if ($Results.servers)
+            {
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "servers" -isCIMArray:$True
+            }
+
+            if ($Results.proxyServer)
+            {
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "proxyServer" -isCIMArray:$True
+            }
+
+            if ($Results.customData)
+            {
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "customData" -isCIMArray:$True
+            }
+
+            if ($Results.customKeyValueData)
+            {
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "customKeyValueData" -isCIMArray:$True
+            }
+
+            if ($Results.targetedMobileApps)
+            {
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "targetedMobileApps" -isCIMArray:$True
+            }
+
+            if ($Results.Assignments)
+            {
+                $isCIMArray = $false
+                if ($Results.Assignments.getType().Fullname -like '*[[\]]')
+                {
+                    $isCIMArray = $true
+                }
+                $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray
+            }
+
+            $dscContent += $currentDSCBlock
+            Save-M365DSCPartialExport -Content $currentDSCBlock `
+                -FileName $Global:PartialExportFileName
+            $i++
+            Write-Host $Global:M365DSCEmojiGreenCheckMark
+        }
+        return $dscContent
+    }
+    catch
+    {
+        if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or `
+        $_.Exception -like "*Request not applicable to target tenant*")
+        {
+            Write-Host "`r`n    $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune."
+        }
+        else
+        {
+            Write-Host $Global:M365DSCEmojiRedX
+
+            New-M365DSCLogEntry -Message 'Error during Export:' `
+                -Exception $_ `
+                -Source $($MyInvocation.MyCommand.Source) `
+                -TenantId $TenantId `
+                -Credential $Credential
+        }
+
+        return ''
+    }
+}
+
+function Get-M365DSCAdditionalProperties
+{
+    [CmdletBinding()]
+    [OutputType([System.Collections.Hashtable])]
+    param
+    (
+        [Parameter(Mandatory = 'true')]
+        [System.Collections.Hashtable]
+        $Properties
+    )
+
+    $additionalProperties = @(
+        'authenticationMethod' 
+        'connectionName'
+        'role'
+        'realm'
+        'servers'
+        'connectionType'
+        'proxyServer'
+        'targetedPackageIds'
+        'targetedMobileApps'
+        'alwaysOn'
+        'alwaysOnLockdown'
+        'microsoftTunnelSiteId'
+        'proxyExclusionList'
+        'customData'
+        'customKeyValueData'
+    )
+
+    $results = @{'@odata.type' = '#microsoft.graph.androidVpnConfiguration' }
+    $cloneProperties = $Properties.clone()
+    foreach ($property in $cloneProperties.Keys)
+    {
+        if ($property -in ($additionalProperties) )
+        {
+            $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1)
+            if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*')
+            {
+                if ($properties.$property.getType().FullName -like '*[[\]]')
+                {
+                    $array = @()
+                    foreach ($item in $properties.$property)
+                    {
+                        $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item
+                    }
+                    $propertyValue = $array
+                }
+                else
+                {
+                    $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property
+                }
+
+            }
+            else
+            {
+                $propertyValue = $properties.$property
+            }
+
+            $results.Add($propertyName, $propertyValue)
+        }
+    }
+    if ($results.Count -eq 1)
+    {
+        return $null
+    }
+    return $results
+}
+
+Export-ModuleMember -Function *-TargetResource
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof
new file mode 100644
index 0000000000..384e163043
--- /dev/null
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise.schema.mof
@@ -0,0 +1,74 @@
+[ClassVersion("1.0.0.0")]
+class MSFT_DeviceManagementConfigurationPolicyAssignments
+{
+    [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType;
+    [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType;
+    [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId;
+    [Write, Description("The group Id that is the target of the assignment.")] String groupId;
+    [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName;
+    [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId;
+};
+[ClassVersion("1.0.0")]
+class MSFT_MicrosoftGraphVpnServer
+{
+    [Write, Description("Address (IP address, FQDN or URL)")] String address;
+    [Write, Description("Description.")] String description;
+    [Write, Description("Default server.")] Boolean isDefaultServer;
+};
+[ClassVersion("1.0.0")]
+class MSFT_MicrosoftvpnProxyServer
+{
+    [Write, Description("Proxy's automatic configuration script url.")] String automaticConfigurationScriptUrl;
+    [Write, Description("Address.")] String address;
+    [Write, Description("Port. Valid values 0 to 65535.")] uint32 port;
+};
+[ClassVersion("1.0.0")]
+class MSFT_targetedMobileApps
+{
+    [Write, Description("The application name.")] String name;
+    [Write, Description("The publisher of the application.")] String publisher;
+    [Write, Description("The Store URL of the application.")] String appStoreUrl;
+    [Write, Description("The application or bundle identifier of the application.")] String appId;
+};
+class MSFT_CustomData
+{
+    [Write, Description("Key for the custom data entry.")] String key;
+    [Write, Description("Value for the custom data entry.")] String value;
+};
+class MSFT_customKeyValueData
+{
+    [Write, Description("Name for the custom data entry.")] String name;
+    [Write, Description("Value for the custom data entry.")] String value;
+};
+
+[ClassVersion("1.0.0.0"), FriendlyName("IntuneVPNConfigurationPolicyAndroidEnterprise")]
+class MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise : OMI_BaseResource
+{
+    [Write, Description("Id of the Intune policy.")] String Id;
+    [Key, Description("Display name of the Intune policy.")] String DisplayName;
+    [Write, Description("Description of the Intune policy.")] String Description;
+    [Write, Description("Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD."), ValueMap{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}, Values{"certificate", "usernameAndPassword", "sharedSecret", "derivedCredential", "azureAD"}] String authenticationMethod;
+    [Write, Description("Connection name displayed to the user.")] String connectionName;
+    [Write, Description("Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration.")] String role;
+    [Write, Description("Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration.")] String realm;
+    [Write, Description("VPN Server on the network. Make sure end users can access this network location."), EmbeddedInstance("MSFT_MicrosoftGraphvpnServer")] String servers[];
+    [Write, Description("Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect."), ValueMap{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "citrix", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}, Values{"ciscoAnyConnect", "pulseSecure", "f5EdgeClient", "dellSonicWallMobileConnect", "checkPointCapsuleVpn", "citrix", "microsoftTunnel", "netMotionMobility", "microsoftProtect"}] String  connectionType;
+    [Write, Description("Proxy Server."), EmbeddedInstance("MSFT_MicrosoftvpnProxyServer")] String proxyServer[];
+    [Write, Description("Targeted App package IDs.")] String targetedPackageIds[];
+    [Write, Description("Targeted mobile apps. This collection can contain a maximum of 500 elements."),EmbeddedInstance("MSFT_targetedMobileApps")] String targetedMobileApps[];
+    [Write, Description("Whether or not to enable always-on VPN connection.")] Boolean alwaysOn;
+    [Write, Description("If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected.")] Boolean alwaysOnLockdown;
+    [Write, Description("Microsoft Tunnel site ID.")] String microsoftTunnelSiteId;
+    [Write, Description("List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com.")] String proxyExclusionList[];
+    [Write, Description("Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements."), EmbeddedInstance("MSFT_customData")] String customData[];
+    [Write, Description("Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements."), EmbeddedInstance("MSFT_customKeyValueData")] String customKeyValueData[];
+    [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[];
+    [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
+    [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
+    [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
+    [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
+    [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;
+    [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
+    [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
+    [Write, Description("Access token used for authentication.")] String AccessTokens[];
+};
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/readme.md
new file mode 100644
index 0000000000..606dfcd648
--- /dev/null
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/readme.md
@@ -0,0 +1,6 @@
+
+# IntuneVPNConfigurationPolicyAndroidEnterprise
+
+## Description
+
+This resource configures an Intune VPN Configuration Policy for Android Enterprise Devices.
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/settings.json
new file mode 100644
index 0000000000..e4a0357e4b
--- /dev/null
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise/settings.json
@@ -0,0 +1,44 @@
+{
+    "resourceName": "IntuneVPNConfigurationPolicyAndroidEnterprise",
+    "description": "This resource configures an Intune VPN Configuration Policy for Android Enterprise Devices.",
+    "permissions": {
+        "graph": {
+            "delegated": {
+                "read": [
+                    {
+                        "name": "Group.Read.All"
+                    },
+                    {
+                        "name": "DeviceManagementConfiguration.Read.All"
+                    }
+                ],
+                "update": [
+                    {
+                        "name": "Group.Read.All"
+                    },
+                    {
+                        "name": "DeviceManagementConfiguration.ReadWrite.All"
+                    }
+                ]
+            },
+            "application": {
+                "read": [
+                    {
+                        "name": "Group.Read.All"
+                    },
+                    {
+                        "name": "DeviceManagementConfiguration.Read.All"
+                    }
+                ],
+                "update": [
+                    {
+                        "name": "Group.Read.All"
+                    },
+                    {
+                        "name": "DeviceManagementConfiguration.ReadWrite.All"
+                    }
+                ]
+            }
+        }
+    }
+}
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1
index 3533a0e8a9..43d40e0b40 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1
@@ -352,7 +352,7 @@ function Set-TargetResource
                     $userId = (Get-MgUser -UserId $member).Id
 
                     # There are no cmldet to remove members from group available at the time of writing this resource (March 8th 2022)
-                    $url = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/groups/$($ADGroup[0].Id)/members/$userId/`$ref"
+                    $url = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/groups/$($ADGroup[0].Id)/members/$userId/`$ref"
                     Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null
                 }
             }
@@ -398,7 +398,7 @@ function Set-TargetResource
                     Write-Verbose -Message "Adding Owner {$owner}"
                     $userId = (Get-MgUser -UserId $owner).Id
                     $newGroupOwner = @{
-                        '@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/users/{$userId}"
+                        '@odata.id' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/users/{$userId}"
                     }
 
                     New-MgGroupOwnerByRef -GroupId $ADGroup[0].Id -BodyParameter $newGroupOwner
@@ -410,7 +410,7 @@ function Set-TargetResource
                     $userId = (Get-MgUser -UserId $owner).Id
 
                     # There are no cmldet to remove members from group available at the time of writing this resource (March 8th 2022)
-                    $url = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/groups/$($ADGroup[0].Id)/owners/$userId/`$ref"
+                    $url = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/groups/$($ADGroup[0].Id)/owners/$userId/`$ref"
                     Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null
                 }
             }
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1
index da043b7400..aa2d5c8056 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1
@@ -162,11 +162,10 @@ function Get-TargetResource
 
     # Workaround for issue when if connected to S+C prior to calling cmdlet, an error about an invalid token is thrown.
     # If connected to S+C, then we need to re-initialize the connection to EXO.
-    if ($Global:MSCloudLoginConnectionProfile.SecurityComplianceCenter.Connected -and `
-            $Global:MSCloudLoginConnectionProfile.ExchangeOnline.Connected)
+    if ((Get-MSCloudLoginConnectionProfile -Workload SecurityComplianceCenter).Connected -and `
+            (Get-MSCloudLoginConnectionProfile -Workload ExchangeOnline).Connected)
     {
-        $Global:MSCloudLoginConnectionProfile.ExchangeOnline.Disconnect()
-        $Global:MSCloudLoginConnectionProfile.SecurityComplianceCenter.Connected = $false
+        Reset-MSCloudLoginConnectionProfileContext
     }
     $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' `
         -InboundParameters $PSBoundParameters
@@ -1139,10 +1138,10 @@ function Get-M365DSCO365OrgSettingsPlannerConfig
 
     try
     {
-        $Uri = $Global:MSCloudLoginConnectionProfile.Tasks.HostUrl + '/taskAPI/tenantAdminSettings/Settings'
+        $Uri = (Get-MSCloudLoginConnectionProfile -Workload Tasks).HostUrl + '/taskAPI/tenantAdminSettings/Settings'
         [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
         $results = Invoke-RestMethod -ContentType 'application/json;odata.metadata=full' `
-            -Headers @{'Accept' = 'application/json'; 'Authorization' = $Global:MSCloudLoginConnectionProfile.Tasks.AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } `
+            -Headers @{'Accept' = 'application/json'; 'Authorization' = (Get-MSCloudLoginConnectionProfile -Workload Tasks).AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } `
             -Method GET `
             $Uri -ErrorAction Stop
         return $results
@@ -1182,9 +1181,9 @@ function Set-M365DSCO365OrgSettingsPlannerConfig
     }
 
     $requestBody = $flags | ConvertTo-Json
-    $Uri = $Global:MSCloudLoginConnectionProfile.Tasks.HostUrl + '/taskAPI/tenantAdminSettings/Settings'
+    $Uri = (Get-MSCloudLoginConnectionProfile -Workload Tasks).HostUrl + '/taskAPI/tenantAdminSettings/Settings'
     $results = Invoke-RestMethod -ContentType 'application/json;odata.metadata=full' `
-        -Headers @{'Accept' = 'application/json'; 'Authorization' = $Global:MSCloudLoginConnectionProfile.Tasks.AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } `
+        -Headers @{'Accept' = 'application/json'; 'Authorization' = (Get-MSCloudLoginConnectionProfile -Workload Tasks).AccessToken; 'Accept-Charset' = 'UTF-8'; 'OData-Version' = '4.0;NetFx'; 'OData-MaxVersion' = '4.0;NetFx' } `
         -Method PATCH `
         -Body $requestBody `
         $Uri
@@ -1203,7 +1202,7 @@ function Get-M365DSCOrgSettingsInstallationOptions
 
     try
     {
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/microsoft365Apps/installationOptions'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/microsoft365Apps/installationOptions'
         $results = Invoke-MgGraphRequest -Method GET -Uri $url
         return $results
     }
@@ -1231,7 +1230,7 @@ function Update-M365DSCOrgSettingsInstallationOptions
 
     try
     {
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/microsoft365Apps/installationOptions'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/microsoft365Apps/installationOptions'
         Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null
     }
     catch
@@ -1258,7 +1257,7 @@ function Get-M365DSCOrgSettingsForms
 
     try
     {
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/forms/settings'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/forms/settings'
         $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop
         return $results
     }
@@ -1283,7 +1282,7 @@ function Update-M365DSCOrgSettingsForms
     try
     {
         Write-Verbose -Message 'Updating Forms Settings'
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/forms/settings'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/forms/settings'
         Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null
     }
     catch
@@ -1305,7 +1304,7 @@ function Get-M365DSCOrgSettingsDynamicsCustomerVoice
 
     try
     {
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/dynamics/customerVoice'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/dynamics/customerVoice'
         $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop
         return $results
     }
@@ -1329,7 +1328,7 @@ function Update-M365DSCOrgSettingsDynamicsCustomerVoice
 
     try
     {
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/dynamics/customerVoice'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/dynamics/customerVoice'
         Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null
     }
     catch
@@ -1351,7 +1350,7 @@ function Get-M365DSCOrgSettingsAppsAndServices
 
     try
     {
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/appsAndServices/settings'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/appsAndServices/settings'
         $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop
         return $results
     }
@@ -1375,7 +1374,7 @@ function Update-M365DSCOrgSettingsAppsAndServices
 
     try
     {
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/appsAndServices/settings'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/appsAndServices/settings'
         Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null
     }
     catch
@@ -1396,7 +1395,7 @@ function Get-M365DSCOrgSettingsToDo
 
     try
     {
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/todo/settings'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/todo/settings'
         $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop
         return $results
     }
@@ -1420,7 +1419,7 @@ function Update-M365DSCOrgSettingsToDo
 
     try
     {
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/todo/settings'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/todo/settings'
         Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $Options | Out-Null
     }
     catch
@@ -1443,7 +1442,7 @@ function Get-M365DSCOrgSettingsAdminCenterReport
 
     try
     {
-        $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/reportSettings'
+        $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/reportSettings'
         $results = Invoke-MgGraphRequest -Method GET -Uri $url -ErrorAction Stop
         return $results
     }
@@ -1464,9 +1463,9 @@ function Update-M365DSCOrgSettingsAdminCenterReport
         $DisplayConcealedNames
     )
     $VerbosePreference = 'SilentlyContinue'
-    $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/admin/reportSettings'
+    $url = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/admin/reportSettings'
     $body = @{
-        '@odata.context'      = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/$metadata#admin/reportSettings/$entity'
+        '@odata.context'      = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'beta/$metadata#admin/reportSettings/$entity'
         displayConcealedNames = $DisplayConcealedNames
     }
     Invoke-MgGraphRequest -Method PATCH -Uri $url -Body $body | Out-Null
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1
index 6854e56b39..e496148206 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppsEnvironment/MSFT_PPPowerAppsEnvironment.psm1
@@ -78,7 +78,7 @@ function Get-TargetResource
 
     try
     {
-        $environment = Get-AdminPowerAppEnvironment -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -eq $DisplayName }
+        $environment = Get-AdminPowerAppEnvironment -ErrorAction Stop | Where-Object -FilterScript { $_.DisplayName -match $DisplayName }
 
         if ($null -eq $environment)
         {
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1
index 7581137a90..a4cd0a15e6 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1
@@ -492,7 +492,7 @@ function Set-TargetResource
         Write-Verbose -Message "Updating Task with:`r`n$JSONDetails"
         # Need to continue to rely on Invoke-MgGraphRequest
         Invoke-MgGraphRequest -Method PATCH `
-            -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/planner/tasks/$taskId" `
+            -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/planner/tasks/$taskId" `
             -Headers $Headers `
             -Body $JSONDetails
 
@@ -504,7 +504,7 @@ function Set-TargetResource
         $JSONDetails = (ConvertTo-Json $details)
         Write-Verbose -Message "Updating Task's details with:`r`n$JSONDetails"
         Invoke-MgGraphRequest -Method PATCH `
-            -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/planner/tasks/$taskId/details" `
+            -Uri "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/planner/tasks/$taskId/details" `
             -Headers $Headers `
             -Body $JSONDetails
 
@@ -940,7 +940,7 @@ function Get-M365DSCPlannerTasksFromPlan
         $Credential
     )
     $results = @()
-    $uri = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/planner/plans/$PlanId/tasks"
+    $uri = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/planner/plans/$PlanId/tasks"
     $taskResponse = Invoke-MSCloudLoginMicrosoftGraphAPI -Credential $Credential `
         -Uri $uri `
         -Method Get
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1
index ae9cc174be..cdc32fb589 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOTenantSettings/MSFT_SPOTenantSettings.psm1
@@ -212,7 +212,7 @@ function Get-TargetResource
             'AllowSelectSecurityGroupsInSPSitesList')
 
         $response = Invoke-PnPSPRestMethod -Method Get `
-            -Url "$($Global:MSCloudLoginConnectionProfile.PnP.AdminUrl)/_api/SPO.Tenant?`$select=$($parametersToRetrieve -join ',')"
+            -Url "$((Get-MSCloudLoginConnectionProfile -Workload PnP).AdminUrl)/_api/SPO.Tenant?`$select=$($parametersToRetrieve -join ',')"
 
 
         return @{
@@ -536,7 +536,7 @@ function Set-TargetResource
         {
             Write-Verbose -Message 'Updating properties via REST PATCH call.'
             Invoke-PnPSPRestMethod -Method PATCH `
-                -Url "$($Global:MSCloudLoginConnectionProfile.PnP.AdminUrl)/_api/SPO.Tenant" `
+                -Url "$((Get-MSCloudLoginConnectionProfile -Workload PnP).AdminUrl)/_api/SPO.Tenant" `
                 -Content $paramsToUpdate
         }
     }
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1
index f2ae6eaa49..325e64db5d 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1
@@ -368,7 +368,7 @@ function Set-TargetResource
         Write-Verbose -Message "Params: $($CurrentParameters | Out-String)"
 
         $additionalProperties = @{
-            'teamsApp@odata.bind' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/appCatalogs/teamsApps/$TeamsApp"
+            'teamsApp@odata.bind' = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/appCatalogs/teamsApps/$TeamsApp"
         }
         $CurrentParameters.Add('AdditionalProperties', $additionalProperties)
 
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1
index 13b7e219ae..e739efbf41 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1
@@ -443,7 +443,7 @@ function Set-TargetResource
 
             Write-Verbose -Message "Retrieving Group Owner {$currentOwner}"
             $ownerUser = Get-MgUser -Search $currentOwner -ConsistencyLevel eventual
-            $ownerOdataID = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)v1.0/directoryObjects/$($ownerUser.Id)"
+            $ownerOdataID = "$((Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl)v1.0/directoryObjects/$($ownerUser.Id)"
 
             Write-Verbose -Message "Adding Owner {$($ownerUser.Id)} to Group {$($group.Id)}"
             try
diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1
index e6dd487257..815cde6893 100644
--- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1
+++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1
@@ -122,7 +122,7 @@
         },
         @{
             ModuleName      = "MSCloudLoginAssistant"
-            RequiredVersion = "1.1.28"
+            RequiredVersion = "1.1.29"
         },
         @{
             ModuleName      = 'PnP.PowerShell'
diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1
similarity index 91%
rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1
rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1
index a5095ed687..8394456533 100644
--- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1
+++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/1-Create.ps1
@@ -22,7 +22,7 @@ Configuration Example
     Import-DscResource -ModuleName Microsoft365DSC
     node localhost
     {
-        IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
+        IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
         {
             AccountId                 = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e";
             ApplicationId             = $ApplicationId;
diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1
similarity index 91%
rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1
rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1
index c3fe6117bf..0652e3612d 100644
--- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1
+++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/2-Update.ps1
@@ -21,7 +21,7 @@ Configuration Example
     Import-DscResource -ModuleName Microsoft365DSC
     node localhost
     {
-        IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
+        IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
         {
             AccountId                 = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e";
             ApplicationId             = $ApplicationId;
diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1
similarity index 91%
rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1
rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1
index 6bc56f61c7..f4ce34adac 100644
--- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1
+++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile/3-Remove.ps1
@@ -21,7 +21,7 @@ Configuration Example
     Import-DscResource -ModuleName Microsoft365DSC
     node localhost
     {
-        IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
+        IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
         {
             AccountId                 = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e";
             ApplicationId             = $ApplicationId;
diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1
new file mode 100644
index 0000000000..bc5b78f2b0
--- /dev/null
+++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/1-Create.ps1
@@ -0,0 +1,76 @@
+<#
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+#>
+
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example"
+        {
+            ApplicationId                           = $ApplicationId;
+            TenantId                                = $TenantId;
+            CertificateThumbprint                   = $CertificateThumbprint;
+            Assignments                             = @();
+            alwaysOn                                = $False;
+            authenticationMethod                    = "azureAD";
+            connectionName                          = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName";
+            connectionType                          = "microsoftProtect";
+            Description                             = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description";
+            DisplayName                             = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName";
+            Ensure                                  = "Present";
+            Id                                      = "12345678-1234-abcd-1234-12345678ABCD";
+            customData                              = @(
+                MSFT_CustomData{
+                    key                             = 'fakeCustomData'
+                    value                           = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]'
+                }
+            );
+            customKeyValueData                      = @(
+                MSFT_customKeyValueData{
+                    value                           = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]'
+                    name                            = 'fakeCustomKeyValueData'
+                }
+            );
+            microsoftTunnelSiteId                   = "12345678-1234-abcd-1234-12345678ABCD";
+            proxyExclusionList                      = @();
+            proxyServer                             = @(
+                MSFT_MicrosoftvpnProxyServer{
+                    port                            = 8080
+                    automaticConfigurationScriptUrl = 'fakestringvalue'
+                    address                         = 'fake-proxy-adress.com'
+                }
+            );
+            servers                                 = @(
+                MSFT_MicrosoftGraphvpnServer{
+                    isDefaultServer                 = $True
+                    description                     = 'fakestringvalue'
+                    address                         = 'fake.server.com:8080'
+                }
+            );
+            targetedMobileApps                      = @(
+                MSFT_targetedMobileApps{
+                    name                            = 'fakestringvalue'
+                    publisher                       = 'Fake Corporation'
+                    appId                           = 'com.fake.emmx'
+                }
+            );
+        }
+    }
+}
diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1
new file mode 100644
index 0000000000..ad62d13621
--- /dev/null
+++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/2-Update.ps1
@@ -0,0 +1,76 @@
+<#
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+#>
+
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example"
+        {
+            ApplicationId                           = $ApplicationId;
+            TenantId                                = $TenantId;
+            CertificateThumbprint                   = $CertificateThumbprint;
+            Assignments                             = @();
+            alwaysOn                                = $False;
+            authenticationMethod                    = "azureAD";
+            connectionName                          = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName";
+            connectionType                          = "microsoftProtect";
+            Description                             = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description";
+            DisplayName                             = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName";
+            Ensure                                  = "Present";
+            Id                                      = "12345678-1234-abcd-1234-12345678ABCD";
+            customData                              = @(
+                MSFT_CustomData{
+                    key                             = 'fakeCustomData'
+                    value                           = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]'
+                }
+            );
+            customKeyValueData                      = @(
+                MSFT_customKeyValueData{
+                    value                           = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]'
+                    name                            = 'fakeCustomKeyValueData'
+                }
+            );
+            microsoftTunnelSiteId                   = "12345678-1234-abcd-1234-12345678ABCD";
+            proxyExclusionList                      = @();
+            proxyServer                             = @(
+                MSFT_MicrosoftvpnProxyServer{
+                    port                            = 8080
+                    automaticConfigurationScriptUrl = ''
+                    address                         = 'fake-proxy-adress.com'
+                }
+            );
+            servers                                 = @(
+                MSFT_MicrosoftGraphvpnServer{
+                    isDefaultServer                 = $True
+                    description                     = 'fakestringvalue'
+                    address                         = 'fake.NEWserver.com:8080' #CHANGED VALUE
+                }
+            );
+            targetedMobileApps                      = @(
+                MSFT_targetedMobileApps{
+                    name                            = 'fakestringvalue'
+                    publisher                       = 'Fake Corporation'
+                    appId                           = 'com.fake.emmx'
+                }
+            );
+        }
+    }
+}
diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/3-Remove.ps1
new file mode 100644
index 0000000000..0760ff8be4
--- /dev/null
+++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidDeviceOwner/3-Remove.ps1
@@ -0,0 +1,34 @@
+<#
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+#>
+
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example"
+        {
+            ApplicationId         = $ApplicationId;
+            TenantId              = $TenantId;
+            CertificateThumbprint = $CertificateThumbprint;
+            DisplayName           = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName";
+            Ensure                = "Absent";
+        }
+    }
+}
diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1
new file mode 100644
index 0000000000..4bc3f9b8da
--- /dev/null
+++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/1-Create.ps1
@@ -0,0 +1,47 @@
+<#
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+#>
+
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example"
+        {
+            ApplicationId                      = $ApplicationId;
+            TenantId                           = $TenantId;
+            CertificateThumbprint              = $CertificateThumbprint;
+            Assignments                        = @();
+            authenticationMethod               = "usernameAndPassword";
+            connectionName                     = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName";
+            connectionType                     = "ciscoAnyConnect";
+            Description                        = "IntuneVPNConfigurationPolicyAndroidEnterprise Description";
+            DisplayName                        = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName";
+            Ensure                             = "Present";
+            Id                                 = "12345678-1234-abcd-1234-12345678ABCD";
+            servers                            = @(
+                MSFT_MicrosoftGraphvpnServer{
+                    isDefaultServer            = $True
+                    description                = 'server'
+                    address                    = 'vpn.test.com'
+                }
+            );
+        }
+    }
+}
diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1
new file mode 100644
index 0000000000..2e221f6fe3
--- /dev/null
+++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/2-Update.ps1
@@ -0,0 +1,47 @@
+<#
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+#>
+
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example"
+        {
+            ApplicationId                       = $ApplicationId;
+            TenantId                            = $TenantId;
+            CertificateThumbprint               = $CertificateThumbprint;
+            Assignments                         = @();
+            authenticationMethod                = "usernameAndPassword";
+            connectionName                      = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName";
+            connectionType                      = "ciscoAnyConnect";
+            Description                         = "IntuneVPNConfigurationPolicyAndroidEnterprise Description";
+            DisplayName                         = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName";
+            Ensure                              = "Present";
+            Id                                  = "12345678-1234-abcd-1234-12345678ABCD";
+            servers                             = @(
+                MSFT_MicrosoftGraphvpnServer{
+                    isDefaultServer             = $True
+                    description                 = 'server'
+                    address                     = 'vpn.newAddress.com' #updated VPN address
+                }
+            );
+        }
+    }
+}
diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/3-Remove.ps1
new file mode 100644
index 0000000000..d9f0f34fc5
--- /dev/null
+++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneVPNConfigurationPolicyAndroidEnterprise/3-Remove.ps1
@@ -0,0 +1,34 @@
+<#
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+#>
+
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example"
+        {
+            ApplicationId         = $ApplicationId;
+            TenantId              = $TenantId;
+            CertificateThumbprint = $CertificateThumbprint;
+            DisplayName           = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName";
+            Ensure                = "Absent";
+        }
+    }
+}
diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1
index 272d12703e..ae8e5158c3 100644
--- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1
+++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1
@@ -3,7 +3,7 @@
 #
 # Generated by: Microsoft Corporation
 #
-# Generated on: 2024-12-04
+# Generated on: 2024-12-11
 
 @{
 
@@ -11,7 +11,7 @@
   # RootModule = ''
 
   # Version number of this module.
-  ModuleVersion     = '1.24.1204.1'
+  ModuleVersion     = '1.24.1211.1'
 
   # Supported PSEditions
   # CompatiblePSEditions = @()
@@ -147,44 +147,24 @@
       IconUri      = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true'
 
       # ReleaseNotes of this module
-      ReleaseNotes = '* All resources
-  * Applying project default formatting on all files, to improve
-    reading and troubleshooting.
-* AADAccessReviewDefinition
-  * Added support for #microsoft.graph.accessReviewInactiveUsersQueryScope in odatatype.
-* AADActivityBasedTimeoutPolicy
-  * Added support for AccessTokens.
-* AADClaimsMappingPolicy
+      ReleaseNotes = '* AADApplication
+  * Changed logic to remove all permissions when an empty array is specified.
+    FIXES [#5534](https://github.com/microsoft/Microsoft365DSC/issues/5534)
+* AADFeatureRolloutPolicy
   * Fixed policy retrieval
-    FIXES [#5505](https://github.com/microsoft/Microsoft365DSC/issues/5505)
-* AADIdentityAPIConnector
-  * Changed the export logic to export passwords as credential objects instead of string.
-* AADRoleManagementPolicyRule
-  * Added the logic to handle filters in the Export logic flow.
-* EXOAuthenticationPolicyAssignment
-  * Added $confirm flag to the Set-TargetResource function for PowerShell 7 compatibility.
-* EXOClientAccessRule
-  * Added $confirm flag to the Set-TargetResource function for PowerShell 7 compatibility.
-* EXOManagementRoleAssignment
-  * Changed logic to detect drift.
-* EXOServicePrincipal
-  * Removed ObjectID from the return of the Get-TargetResource method.
-* EXOTeamsProtectionPolicy
-  * Initial release
-    FIXES [#5296](https://github.com/microsoft/Microsoft365DSC/issues/5296)
-* EXOTransportRule
-  * Fixed conditional logic for creation and update.
-* IntuneTrustedRootCertificateIOS
-  * Initial release
-* IntuneVPNConfigurationPolicyIOS
-  * Initial release.
-* M365DSCRuleEvaluation
-  * Only attempt to pass AccessTokens if specified.
-* SPORetentionLabelsSettings
-  * Initial release.
+    FIXES [#5521](https://github.com/microsoft/Microsoft365DSC/issues/5521)
+* IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile
+  * Fixing issue with the way the QrCodeImage property was exported and handled.
+* IntuneFirewallPolicyWindows10
+  * Fix export of properties that appear multiple times in subsections.
+* M365DSCDRGUtil
+  * Improve settings catalog handling for nested objects.
+* M365DSCResourceGenerator
+  * Fixes an issue with nested object creation.
 * MISC
-  * M365DSCDRGUtil
-    * Add separate check for strings with ordinal comparison and standardized line breaks.'
+  * Migrate `MSCloudLoginAssistant` authentication context access to cmdlets.
+* DEPENDENCIES
+  * Updated MSCloudLoginAssistant to version 1.1.29.'
 
       # Flag to indicate whether the module requires explicit user acceptance for install/update
       # RequireLicenseAcceptance = $false
diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1
index d7b2a9be5a..9ed3c0922c 100644
--- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1
+++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1
@@ -831,7 +831,11 @@ function Convert-M365DSCDRGComplexTypeToHashtable
 
         [Parameter()]
         [switch]
-        $SingleLevel
+        $SingleLevel,
+
+        [Parameter()]
+        [switch]
+        $ExcludeUnchangedProperties
     )
 
     if ($null -eq $ComplexObject)
@@ -854,6 +858,24 @@ function Convert-M365DSCDRGComplexTypeToHashtable
         #However, an array can be preserved on return by prepending it with the array construction operator (,)
         return , [hashtable[]]$results
     }
+
+    if ($SingleLevel)
+    {
+        $returnObject = @{}
+        $keys = $ComplexObject.CimInstanceProperties | Where-Object -FilterScript { $_.Name -ne 'PSComputerName' }
+        foreach ($key in $keys)
+        {
+            if ($ExcludeUnchangedProperties -and -not $key.IsValueModified)
+            {
+                continue
+            }
+            $propertyName = $key.Name[0].ToString().ToLower() + $key.Name.Substring(1, $key.Name.Length - 1)
+            $propertyValue = $ComplexObject.$($key.Name)
+            $returnObject.Add($propertyName, $propertyValue)
+        }
+        return [hashtable]$returnObject
+    }
+
     $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject
 
     if ($null -ne $hashComplexObject)
@@ -1656,8 +1678,8 @@ function Get-IntuneSettingCatalogPolicySetting
             $userSettingTemplates = $SettingTemplates | Where-object -FilterScript {
                 $_.SettingInstanceTemplate.SettingDefinitionId.StartsWith("user_")
             }
-            $deviceDscParams = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $DSCParams.DeviceSettings -SingleLevel
-            $userDscParams = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $DSCParams.UserSettings -SingleLevel
+            $deviceDscParams = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $DSCParams.DeviceSettings -SingleLevel -ExcludeUnchangedProperties
+            $userDscParams = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $DSCParams.UserSettings -SingleLevel -ExcludeUnchangedProperties
             $combinedSettingInstances = @()
             $combinedSettingInstances += Get-IntuneSettingCatalogPolicySetting -DSCParams $deviceDscParams -SettingTemplates $deviceSettingTemplates
             $combinedSettingInstances += Get-IntuneSettingCatalogPolicySetting -DSCParams $userDscParams -SettingTemplates $userSettingTemplates
@@ -1692,8 +1714,8 @@ function Get-IntuneSettingCatalogPolicySetting
         }
         $settingValueName = $settingType.Replace('#microsoft.graph.deviceManagementConfiguration', '').Replace('Instance', 'Value')
         $settingValueName = $settingValueName.Substring(0, 1).ToLower() + $settingValueName.Substring(1, $settingValueName.length - 1 )
-        $settingValueType = $settingInstanceTemplate.AdditionalProperties."$($settingValueName)Template".'@odata.type'
-        if ($null -ne $settingValueType)
+        [string]$settingValueType = $settingInstanceTemplate.AdditionalProperties."$($settingValueName)Template".'@odata.type'
+        if (-not [System.String]::IsNullOrEmpty($settingValueType))
         {
             $settingValueType = $settingValueType.Replace('ValueTemplate', 'Value')
         }
@@ -1838,7 +1860,7 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue
                 $DSCParams = @{
                     $cimDSCParamsName = if ($instanceCount -eq 1) { $newDSCParams.$cimDSCParamsName[0] } else { $newDSCParams.$cimDSCParamsName }
                 }
-                $AllSettingDefinitions = $groupSettingCollectionDefinitionChildren
+                $AllSettingDefinitions = $groupSettingCollectionDefinitionChildren + $SettingDefinition
             }
 
             for ($i = 0; $i -lt $instanceCount; $i++)
@@ -2525,7 +2547,7 @@ function Update-IntuneDeviceConfigurationPolicy
 
     try
     {
-        $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/configurationPolicies/$DeviceConfigurationPolicyId"
+        $Uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + "beta/deviceManagement/configurationPolicies/$DeviceConfigurationPolicyId"
 
         $policy = @{
             'name'              = $Name
diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1
index 7258cda1bd..1ecbbefb85 100644
--- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1
+++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1
@@ -554,6 +554,105 @@ function New-M365DSCConfigurationToExcel
     $excel.Quit()
 }
 
+<#
+.Description
+This function creates a new CSV file from the specified exported configuration
+
+.Functionality
+Internal, Hidden
+#>
+function New-M365DSCConfigurationToCSV
+{
+    [CmdletBinding()]
+    param
+    (
+        [Parameter()]
+        [Array]
+        $ParsedContent,
+
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $OutputPath,
+
+        [Parameter()]
+        [System.String]
+        $Delimiter = ','
+    )
+
+    $modelRow = @{'Component Name'=$null; Property=$null; Value = $null}
+    $row = 0
+    $csvOutput = @()
+
+    foreach ($resource in $parsedContent)
+    {
+        $newRow = $modelRow.Clone()
+        if ($row -gt 0)
+        {
+            Write-Verbose -Message "add separator-line in CSV-file between resources"
+            $newRow.'Component Name' = '======================'
+            $csvOutput += [pscustomobject]$newRow
+            $row++
+        }
+        $beginRow = $row
+        foreach ($property in $resource.Keys)
+        {
+            $newRow = $modelRow.Clone()
+            if ($property -ne 'ResourceName' -and $property -ne 'Credential')
+            {
+                $newRow.'Component Name' = $resource.ResourceName
+                $newRow.Property        = $property
+                try
+                {
+                    if ([System.String]::IsNullOrEmpty($resource.$property))
+                    {
+                        $newRow.Value = "`$Null"
+                    }
+                    else
+                    {
+                        if ($resource.$property.GetType().Name -eq 'Object[]')
+                        {
+                            $value = $resource.$property | Out-String
+                            $newRow.Value = $value
+                        }
+                        else
+                        {
+                            $value = ($resource.$property).ToString().Replace('$', '')
+                            $value = $value.Replace('@', '')
+                            $value = $value.Replace('(', '')
+                            $value = $value.Replace(')', '')
+                            $newRow.Value = $value
+                        }
+                    }
+                }
+                catch
+                {
+                    New-M365DSCLogEntry -Message 'Error during conversion to CSV:' `
+                        -Exception $_ `
+                        -Source $($MyInvocation.MyCommand.Source) `
+                        -TenantId $TenantId `
+                        -Credential $Credential
+                }
+
+                if ($property -in @('Identity', 'Name', 'IsSingleInstance', 'DisplayName'))
+                {
+                    $OriginPropertyName  = $csvOutput[$beginRow].Property
+                    $OriginPropertyValue  = $csvOutput[$beginRow].Value
+                    $CurrentPropertyName  = $newRow.Property
+                    $CurrentPropertyValue = $newRow.Value
+
+                    $csvOutput[$beginRow].Property = $CurrentPropertyName
+                    $csvOutput[$beginRow].Value    = $CurrentPropertyValue
+                    $newRow.Property = $OriginPropertyName
+                    $newRow.Value    = $OriginPropertyValue
+                }
+                $csvOutput += [pscustomobject]$newRow
+                $row++
+            }
+        }
+    }
+    $csvOutput | Export-Csv -Path $OutputPath -Encoding UTF8 -Delimiter $Delimiter -NoTypeInformation
+}
+
 <#
 .Description
 This function creates a report from the specified exported configuration,
@@ -586,7 +685,7 @@ function New-M365DSCReportFromConfiguration
     param
     (
         [Parameter(Mandatory = $true)]
-        [ValidateSet('Excel', 'HTML', 'JSON', 'Markdown')]
+        [ValidateSet('Excel', 'HTML', 'JSON', 'Markdown', 'CSV')]
         [System.String]
         $Type,
 
@@ -598,51 +697,81 @@ function New-M365DSCReportFromConfiguration
         [System.String]
         $OutputPath
     )
+    DynamicParam # parameter 'Delimiter' is only available when Type = 'CSV'
+    {
+        $paramDictionary = [System.Management.Automation.RuntimeDefinedParameterDictionary]::new()
+        if ($Type -eq 'CSV')
+        {
+            $delimiterAttr = [System.Management.Automation.ParameterAttribute]::New()
+            $delimiterAttr.Mandatory = $false
+            $attributeCollection = [System.Collections.ObjectModel.Collection[System.Attribute]]::New()
+            $attributeCollection.Add($delimiterAttr)
+            $delimiterParam = [System.Management.Automation.RuntimeDefinedParameter]::New("Delimiter", [System.String], $attributeCollection)
+            $delimiterParam.Value = ';' # default value, comma makes a mess when importing a CSV-file in Excel
+            $paramDictionary.Add("Delimiter", $delimiterParam)
+        }
+        return $paramDictionary
+    }
 
-    # Validate that the latest version of the module is installed.
-    Test-M365DSCModuleValidity
-
-    #Ensure the proper dependencies are installed in the current environment.
-    Confirm-M365DSCDependencies
-
-    #region Telemetry
-    $data = [System.Collections.Generic.Dictionary[[String], [String]]]::new()
-    $data.Add('Event', 'Report')
-    $data.Add('Type', $Type)
-    Add-M365DSCTelemetryEvent -Data $data -Type 'NewReport'
-    #endregion
-
-    [Array] $parsedContent = Initialize-M365DSCReporting -ConfigurationPath $ConfigurationPath
-
-    if ($null -ne $parsedContent)
+    begin
     {
-        switch ($Type)
+        if ($PSBoundParameters.ContainsKey('Delimiter'))
         {
-            'Excel'
-            {
-                New-M365DSCConfigurationToExcel -ParsedContent $parsedContent -OutputPath $OutputPath
-            }
-            'HTML'
-            {
-                $template = Get-Item $ConfigurationPath
-                $templateName = $Template.Name.Split('.')[0]
-                New-M365DSCConfigurationToHTML -ParsedContent $parsedContent -OutputPath $OutputPath -TemplateName $templateName
-            }
-            'JSON'
-            {
-                New-M365DSCConfigurationToJSON -ParsedContent $parsedContent -OutputPath $OutputPath
-            }
-            'Markdown'
-            {
-                $template = Get-Item $ConfigurationPath
-                $templateName = $Template.Name.Split('.')[0]
-                New-M365DSCConfigurationToMarkdown -ParsedContent $parsedContent -OutputPath $OutputPath -TemplateName $templateName
-            }
+            $Delimiter = $PSBoundParameters.Delimiter
         }
     }
-    else
+    process # required with DynamicParam
     {
-        Write-Warning -Message "Parsed content was null. No report was generated."
+    
+        # Validate that the latest version of the module is installed.
+        Test-M365DSCModuleValidity
+    
+        #Ensure the proper dependencies are installed in the current environment.
+        Confirm-M365DSCDependencies
+    
+        #region Telemetry
+        $data = [System.Collections.Generic.Dictionary[[String], [String]]]::new()
+        $data.Add('Event', 'Report')
+        $data.Add('Type', $Type)
+        Add-M365DSCTelemetryEvent -Data $data -Type 'NewReport'
+        #endregion
+    
+        [Array] $parsedContent = Initialize-M365DSCReporting -ConfigurationPath $ConfigurationPath
+    
+        if ($null -ne $parsedContent)
+        {
+            switch ($Type)
+            {
+                'Excel'
+                {
+                    New-M365DSCConfigurationToExcel -ParsedContent $parsedContent -OutputPath $OutputPath
+                }
+                'HTML'
+                {
+                    $template = Get-Item $ConfigurationPath
+                    $templateName = $Template.Name.Split('.')[0]
+                    New-M365DSCConfigurationToHTML -ParsedContent $parsedContent -OutputPath $OutputPath -TemplateName $templateName
+                }
+                'JSON'
+                {
+                    New-M365DSCConfigurationToJSON -ParsedContent $parsedContent -OutputPath $OutputPath
+                }
+                'Markdown'
+                {
+                    $template = Get-Item $ConfigurationPath
+                    $templateName = $Template.Name.Split('.')[0]
+                    New-M365DSCConfigurationToMarkdown -ParsedContent $parsedContent -OutputPath $OutputPath -TemplateName  $templateName
+                }
+                'CSV'
+                {
+                    New-M365DSCConfigurationToCSV -ParsedContent $parsedContent -OutputPath $OutputPath -Delimiter $Delimiter
+                }
+            }
+        }
+        else
+        {
+            Write-Warning -Message "Parsed content was null. No report was generated."
+        }
     }
 }
 
diff --git a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1
index cd9fb23c62..a99991adbe 100644
--- a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1
+++ b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1
@@ -118,7 +118,7 @@ function Add-M365DSCTelemetryEvent
                     }
                     $Script:M365DSCCurrentRoles = @()
 
-                    $uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'v1.0/me?$select=id'
+                    $uri = (Get-MSCloudLoginConnectionProfile -Workload MicrosoftGraph).ResourceUrl + 'v1.0/me?$select=id'
                     $currentUser = Invoke-MgGraphRequest -Uri $uri -Method GET
                     $currentUserId = $currentUser.id
 
diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1
index e6f62bf958..c5e20e3cfb 100644
--- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1
+++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1
@@ -1437,7 +1437,7 @@ function Export-M365DSCConfiguration
     try
     {
         Disconnect-MgGraph -ErrorAction Stop | Out-Null
-        $global:MsCloudLoginConnectionProfile.MicrosoftGraph.Connected = $false
+        Reset-MSCloudLoginConnectionProfileContext
     }
     catch
     {
diff --git a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1 b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1
index 92375e9444..864993c93d 100644
--- a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1
+++ b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCAzureDevOPSHelper.psm1
@@ -21,7 +21,7 @@ function Invoke-M365DSCAzureDevOPSWebRequest
     )
 
     $headers = @{
-        Authorization = $global:MsCloudLoginConnectionProfile.AzureDevOPS.AccessToken
+        Authorization = (Get-MSCloudLoginConnectionProfile -Workload AzureDevOPS).AccessToken
         'Content-Type' = $ContentType
     }
 
diff --git a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCDefenderHelper.psm1 b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCDefenderHelper.psm1
index ebbec02b6e..df62ffcf32 100644
--- a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCDefenderHelper.psm1
+++ b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCDefenderHelper.psm1
@@ -18,7 +18,7 @@ function Invoke-M365DSCDefenderREST
 
     $bodyJSON = ConvertTo-Json $Body -Depth 10 -Compress
     $headers = @{
-        Authorization = $Global:MSCloudLoginConnectionProfile.DefenderForEndpoint.AccessToken
+        Authorization = (Get-MSCloudLoginConnectionProfile -Workload DefenderForEndpoint).AccessToken
         "Content-Type" = "application/json"
     }
     $response = Invoke-WebRequest -Method $Method `
diff --git a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1
index ca390ae10c..a7b8bbae4a 100644
--- a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1
+++ b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1
@@ -17,7 +17,7 @@ function Invoke-M365DSCFabricWebRequest
     )
 
     $headers = @{
-        Authorization = $global:MsCloudLoginConnectionProfile.Fabric.AccessToken
+        Authorization = (Get-MSCloudLoginConnectionProfile -Workload Fabric).AccessToken
     }
 
     $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers -Body $Body
diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json
index eb7af2d696..a4fdffd024 100644
--- a/Modules/Microsoft365DSC/SchemaDefinition.json
+++ b/Modules/Microsoft365DSC/SchemaDefinition.json
@@ -40221,100 +40221,110 @@
                        ]
     },
     {
-        "ClassName":  "MSFT_IntuneDeviceManagementComplianceSettings",
+        "ClassName":  "MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage",
         "Parameters":  [
                            {
                                "CIMType":  "String",
-                               "Name":  "IsSingleInstance",
-                               "Option":  "Key"
+                               "Name":  "type",
+                               "Option":  "Write"
                            },
                            {
-                               "CIMType":  "Boolean",
-                               "Name":  "SecureByDefault",
+                               "CIMType":  "UInt32[]",
+                               "Name":  "value",
                                "Option":  "Write"
+                           }
+                       ]
+    },
+    {
+        "ClassName":  "MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile",
+        "Parameters":  [
+                           {
+                               "CIMType":  "String",
+                               "Name":  "DisplayName",
+                               "Option":  "Key"
                            },
                            {
-                               "CIMType":  "UInt32",
-                               "Name":  "DeviceComplianceCheckinThresholdDays",
+                               "CIMType":  "String",
+                               "Name":  "Id",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "MSFT_Credential",
-                               "Name":  "Credential",
+                               "CIMType":  "String",
+                               "Name":  "AccountId",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "ApplicationId",
+                               "Name":  "Description",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "TenantId",
+                               "Name":  "TokenValue",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "MSFT_Credential",
-                               "Name":  "ApplicationSecret",
+                               "CIMType":  "String",
+                               "Name":  "TokenCreationDateTime",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "CertificateThumbprint",
+                               "Name":  "TokenExpirationDateTime",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "Boolean",
-                               "Name":  "ManagedIdentity",
+                               "CIMType":  "UInt32",
+                               "Name":  "EnrolledDeviceCount",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "String[]",
-                               "Name":  "AccessTokens",
+                               "CIMType":  "UInt32",
+                               "Name":  "EnrollmentTokenUsageCount",
                                "Option":  "Write"
-                           }
-                       ]
-    },
-    {
-        "ClassName":  "MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay",
-        "Parameters":  [
+                           },
                            {
                                "CIMType":  "String",
-                               "Name":  "Id",
-                               "Option":  "Key"
+                               "Name":  "QrCodeContent",
+                               "Option":  "Write"
                            },
                            {
-                               "CIMType":  "String",
-                               "Name":  "BindStatus",
+                               "CIMType":  "MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage",
+                               "Name":  "QrCodeImage",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "String",
-                               "Name":  "OwnerUserPrincipalName",
+                               "CIMType":  "String[]",
+                               "Name":  "RoleScopeTagIds",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "String",
-                               "Name":  "OwnerOrganizationName",
+                               "CIMType":  "Boolean",
+                               "Name":  "ConfigureWifi",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "EnrollmentTarget",
+                               "Name":  "WifiSsid",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_Credential",
+                               "Name":  "WifiPassword",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "Boolean",
-                               "Name":  "DeviceOwnerManagementEnabled",
+                               "Name":  "WifiHidden",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "Boolean",
-                               "Name":  "AndroidDeviceOwnerFullyManagedEnrollmentEnabled",
+                               "Name":  "IsTeamsDeviceProfile",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "String",
+                               "CIMType":  "string",
                                "Name":  "Ensure",
                                "Option":  "Write"
                            },
@@ -40338,11 +40348,6 @@
                                "Name":  "CertificateThumbprint",
                                "Option":  "Write"
                            },
-                           {
-                               "CIMType":  "MSFT_Credential",
-                               "Name":  "ApplicationSecret",
-                               "Option":  "Write"
-                           },
                            {
                                "CIMType":  "Boolean",
                                "Name":  "ManagedIdentity",
@@ -40356,110 +40361,100 @@
                        ]
     },
     {
-        "ClassName":  "MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfileQRImage",
+        "ClassName":  "MSFT_IntuneDeviceManagementComplianceSettings",
         "Parameters":  [
                            {
                                "CIMType":  "String",
-                               "Name":  "type",
-                               "Option":  "Write"
+                               "Name":  "IsSingleInstance",
+                               "Option":  "Key"
                            },
                            {
-                               "CIMType":  "String",
-                               "Name":  "value",
+                               "CIMType":  "Boolean",
+                               "Name":  "SecureByDefault",
                                "Option":  "Write"
-                           }
-                       ]
-    },
-    {
-        "ClassName":  "MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile",
-        "Parameters":  [
-                           {
-                               "CIMType":  "String",
-                               "Name":  "DisplayName",
-                               "Option":  "Key"
                            },
                            {
-                               "CIMType":  "String",
-                               "Name":  "Id",
+                               "CIMType":  "UInt32",
+                               "Name":  "DeviceComplianceCheckinThresholdDays",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "String",
-                               "Name":  "AccountId",
+                               "CIMType":  "MSFT_Credential",
+                               "Name":  "Credential",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "Description",
+                               "Name":  "ApplicationId",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "TokenValue",
+                               "Name":  "TenantId",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "String",
-                               "Name":  "TokenCreationDateTime",
+                               "CIMType":  "MSFT_Credential",
+                               "Name":  "ApplicationSecret",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "TokenExpirationDateTime",
+                               "Name":  "CertificateThumbprint",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "UInt32",
-                               "Name":  "EnrolledDeviceCount",
+                               "CIMType":  "Boolean",
+                               "Name":  "ManagedIdentity",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "UInt32",
-                               "Name":  "EnrollmentTokenUsageCount",
+                               "CIMType":  "String[]",
+                               "Name":  "AccessTokens",
                                "Option":  "Write"
-                           },
+                           }
+                       ]
+    },
+    {
+        "ClassName":  "MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay",
+        "Parameters":  [
                            {
                                "CIMType":  "String",
-                               "Name":  "QrCodeContent",
-                               "Option":  "Write"
+                               "Name":  "Id",
+                               "Option":  "Key"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "QrCodeImage",
-                               "Option":  "Write"
-                           },
-                           {
-                               "CIMType":  "String[]",
-                               "Name":  "RoleScopeTagIds",
+                               "Name":  "BindStatus",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "Boolean",
-                               "Name":  "ConfigureWifi",
+                               "CIMType":  "String",
+                               "Name":  "OwnerUserPrincipalName",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "WifiSsid",
+                               "Name":  "OwnerOrganizationName",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "MSFT_Credential",
-                               "Name":  "WifiPassword",
+                               "CIMType":  "String",
+                               "Name":  "EnrollmentTarget",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "Boolean",
-                               "Name":  "WifiHidden",
+                               "Name":  "DeviceOwnerManagementEnabled",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "Boolean",
-                               "Name":  "IsTeamsDeviceProfile",
+                               "Name":  "AndroidDeviceOwnerFullyManagedEnrollmentEnabled",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "string",
+                               "CIMType":  "String",
                                "Name":  "Ensure",
                                "Option":  "Write"
                            },
@@ -40483,6 +40478,11 @@
                                "Name":  "CertificateThumbprint",
                                "Option":  "Write"
                            },
+                           {
+                               "CIMType":  "MSFT_Credential",
+                               "Name":  "ApplicationSecret",
+                               "Option":  "Write"
+                           },
                            {
                                "CIMType":  "Boolean",
                                "Name":  "ManagedIdentity",
@@ -47491,126 +47491,406 @@
                        ]
     },
     {
-        "ClassName":  "MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule",
+        "ClassName":  "MSFT_MicrosoftvpnProxyServer",
         "Parameters":  [
                            {
-                               "CIMType":  "String[]",
-                               "Name":  "ssids",
+                               "CIMType":  "String",
+                               "Name":  "automaticConfigurationScriptUrl",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "String[]",
-                               "Name":  "dnsSearchDomains",
+                               "CIMType":  "String",
+                               "Name":  "address",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "String",
-                               "Name":  "probeUrl",
+                               "CIMType":  "uint32",
+                               "Name":  "port",
                                "Option":  "Write"
-                           },
+                           }
+                       ]
+    },
+    {
+        "ClassName":  "MSFT_targetedMobileApps",
+        "Parameters":  [
                            {
                                "CIMType":  "String",
-                               "Name":  "action",
+                               "Name":  "name",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "domainAction",
+                               "Name":  "publisher",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "String[]",
-                               "Name":  "domains",
+                               "CIMType":  "String",
+                               "Name":  "appStoreUrl",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "probeRequiredUrl",
+                               "Name":  "appId",
                                "Option":  "Write"
-                           },
+                           }
+                       ]
+    },
+    {
+        "ClassName":  "MSFT_CustomData",
+        "Parameters":  [
                            {
                                "CIMType":  "String",
-                               "Name":  "interfaceTypeMatch",
+                               "Name":  "key",
                                "Option":  "Write"
                            },
                            {
-                               "CIMType":  "String[]",
-                               "Name":  "dnsServerAddressMatch",
+                               "CIMType":  "String",
+                               "Name":  "value",
                                "Option":  "Write"
                            }
                        ]
     },
     {
-        "ClassName":  "MSFT_MicrosoftvpnProxyServer",
+        "ClassName":  "MSFT_customKeyValueData",
         "Parameters":  [
                            {
                                "CIMType":  "String",
-                               "Name":  "automaticConfigurationScriptUrl",
+                               "Name":  "name",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "address",
-                               "Option":  "Write"
-                           },
-                           {
-                               "CIMType":  "uint32",
-                               "Name":  "port",
+                               "Name":  "value",
                                "Option":  "Write"
                            }
                        ]
     },
     {
-        "ClassName":  "MSFT_targetedMobileApps",
+        "ClassName":  "MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner",
         "Parameters":  [
                            {
                                "CIMType":  "String",
-                               "Name":  "name",
+                               "Name":  "Id",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "publisher",
+                               "Name":  "DisplayName",
+                               "Option":  "Key"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "Description",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "appStoreUrl",
+                               "Name":  "authenticationMethod",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "appId",
+                               "Name":  "connectionName",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "role",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "realm",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_MicrosoftGraphvpnServer[]",
+                               "Name":  "servers",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "connectionType",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_MicrosoftvpnProxyServer[]",
+                               "Name":  "proxyServer",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String[]",
+                               "Name":  "targetedPackageIds",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_targetedMobileApps[]",
+                               "Name":  "targetedMobileApps",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "Boolean",
+                               "Name":  "alwaysOn",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "Boolean",
+                               "Name":  "alwaysOnLockdown",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "microsoftTunnelSiteId",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String[]",
+                               "Name":  "proxyExclusionList",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_customData[]",
+                               "Name":  "customData",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_customKeyValueData[]",
+                               "Name":  "customKeyValueData",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_DeviceManagementConfigurationPolicyAssignments[]",
+                               "Name":  "Assignments",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "string",
+                               "Name":  "Ensure",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_Credential",
+                               "Name":  "Credential",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "ApplicationId",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "TenantId",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_Credential",
+                               "Name":  "ApplicationSecret",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "CertificateThumbprint",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "Boolean",
+                               "Name":  "ManagedIdentity",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String[]",
+                               "Name":  "AccessTokens",
                                "Option":  "Write"
                            }
                        ]
     },
     {
-        "ClassName":  "MSFT_CustomData",
+        "ClassName":  "MSFT_IntuneVPNConfigurationPolicyAndroidEnterprise",
         "Parameters":  [
                            {
                                "CIMType":  "String",
-                               "Name":  "key",
+                               "Name":  "Id",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "value",
+                               "Name":  "DisplayName",
+                               "Option":  "Key"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "Description",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "authenticationMethod",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "connectionName",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "role",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "realm",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_MicrosoftGraphvpnServer[]",
+                               "Name":  "servers",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "connectionType",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_MicrosoftvpnProxyServer[]",
+                               "Name":  "proxyServer",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String[]",
+                               "Name":  "targetedPackageIds",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_targetedMobileApps[]",
+                               "Name":  "targetedMobileApps",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "Boolean",
+                               "Name":  "alwaysOn",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "Boolean",
+                               "Name":  "alwaysOnLockdown",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "microsoftTunnelSiteId",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String[]",
+                               "Name":  "proxyExclusionList",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_customData[]",
+                               "Name":  "customData",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_customKeyValueData[]",
+                               "Name":  "customKeyValueData",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_DeviceManagementConfigurationPolicyAssignments[]",
+                               "Name":  "Assignments",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "string",
+                               "Name":  "Ensure",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_Credential",
+                               "Name":  "Credential",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "ApplicationId",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "TenantId",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "MSFT_Credential",
+                               "Name":  "ApplicationSecret",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "CertificateThumbprint",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "Boolean",
+                               "Name":  "ManagedIdentity",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String[]",
+                               "Name":  "AccessTokens",
                                "Option":  "Write"
                            }
                        ]
     },
     {
-        "ClassName":  "MSFT_customKeyValueData",
+        "ClassName":  "MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule",
         "Parameters":  [
+                           {
+                               "CIMType":  "String[]",
+                               "Name":  "ssids",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String[]",
+                               "Name":  "dnsSearchDomains",
+                               "Option":  "Write"
+                           },
                            {
                                "CIMType":  "String",
-                               "Name":  "name",
+                               "Name":  "probeUrl",
                                "Option":  "Write"
                            },
                            {
                                "CIMType":  "String",
-                               "Name":  "value",
+                               "Name":  "action",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "domainAction",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String[]",
+                               "Name":  "domains",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "probeRequiredUrl",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String",
+                               "Name":  "interfaceTypeMatch",
+                               "Option":  "Write"
+                           },
+                           {
+                               "CIMType":  "String[]",
+                               "Name":  "dnsServerAddressMatch",
                                "Option":  "Write"
                            }
                        ]
diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1
index c23fd156db..f89162869b 100644
--- a/ResourceGenerator/M365DSCResourceGenerator.psm1
+++ b/ResourceGenerator/M365DSCResourceGenerator.psm1
@@ -388,42 +388,7 @@ $($userDefinitionSettings.MOF -join "`r`n")
             {
                 $parameter -match '\$.*$'
                 $parameterName = $Matches[0].Replace('$', '')
-                $parameterType = 'IntuneSettingsCatalog' + $parameterName + $(if ($parameterName -in @('DeviceSettings', 'UserSettings')) { "_$ResourceName" })
-                $cimInstance = $definitionSettings.MOFInstance | Where-Object -FilterScript { $_ -like "*$parameterType`n*" -or $_ -like "*$parameterType`r`n*" }
-                $rowFilter = '\[.*;'
-                $cimRows = [regex]::Matches($cimInstance, $rowFilter) | Foreach-Object {
-                    $_.Value
-                }
-                $cimPropertyNamequery = '[a-zA-Z0-9_]+[\[\]]*;'
-                $cimProperties = @()
-                foreach ($row in $cimRows)
-                {
-                    $cimProperties += [regex]::Matches($row, $cimPropertyNamequery) | Foreach-Object {
-                        $props = @{
-                            Name = $_.Value.Replace('[', '').Replace(']', '').Replace(';', '')
-                            IsArray = $_.Value.Contains('[]')
-                            IsComplexType = $row.Contains('EmbeddedInstance')
-                        }
-                        if ($props.IsComplexType)
-                        {
-                            Write-Warning -Message "Attention: No automatic complex type conversion is available for the property $($props.Name) in $parameterName. Please implement the conversion manually."
-                            $props.Type = $row.Split(' ')[2].Replace('EmbeddedInstance("', '').Replace('")]', '')
-                        }
-                        $props
-                    }
-                }
-                $parameterInformation += @{
-                    Name = $parameterName
-                    IsComplexType = $true
-                    IsMandatory = $false
-                    IsArray = $parameter -match '\[.*\[\]\]'
-                    Type = $parameterType
-                    Properties = $cimProperties
-                }
-
-                Write-Warning -Message "* Do not forget to replace the value `$getValue.$parameterName with `$policySettings.$parameterName in Get-TargetResource, remove it using `$policySettings.Remove('$parameterName')` and update the description in the MOF template. "
-                Write-Warning -Message "* Make sure to remove the duplicate entry of '$parameterName' in the MOF template."
-                Write-Warning -Message "* Check all CimInstanceNames in the `$complexTypeMapping in Export-TargetResource because they are not generated correctly."
+                $parameterInformation += Get-ComplexParameter -Parameter $parameterName -CimInstance $definitionSettings.MOFInstance -ResourceName $ResourceName
             }
 
             Write-Warning -Message "* Update all occurences of 'Name' from parameters to 'DisplayName', since security and settings catalog policies use 'Name' internally, but the DSC resource uses 'DisplayName' for clarity."
@@ -1375,6 +1340,77 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments
     }
 }
 
+function Get-ComplexParameter {
+    param (
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $Parameter,
+
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $CimInstance,
+
+        [Parameter(Mandatory = $true)]
+        [System.String]
+        $ResourceName
+    )
+
+    $parameterType = 'IntuneSettingsCatalog' + $Parameter + $(if ($Parameter -in @('DeviceSettings', 'UserSettings')) { "_$ResourceName" })
+    $filteredCimInstance = $CimInstance | Where-Object -FilterScript { $_ -like "*$parameterType`n*" -or $_ -like "*$parameterType`r`n*" }
+    $splittedCimInstance = $filteredCimInstance.Split("`n")
+    $rowFilter = '\[.*;'
+    $startRow = for ($i = 0; $i -lt $splittedCimInstance.Count; $i++) {
+        if ($splittedCimInstance[$i] -like "*$parameterType*")
+        {
+            $i
+            break
+        }
+    }
+    $endRow = for ($i = $startRow; $i -lt $splittedCimInstance.Count; $i++) {
+        if ($splittedCimInstance[$i] -like "*};*")
+        {
+            $i
+            break
+        }
+    }
+
+    $cimInstanceOfInterest = $splittedCimInstance[$startRow..$endRow]
+    $cimRows = [regex]::Matches($cimInstanceOfInterest -join "`n", $rowFilter) | Foreach-Object {
+        $_.Value
+    }
+    $cimPropertyNamequery = '[a-zA-Z0-9_]+[\[\]]*;'
+    $cimProperties = @()
+    foreach ($row in $cimRows)
+    {
+        $cimProperties += [regex]::Matches($row, $cimPropertyNamequery) | Foreach-Object {
+            $props = @{
+                Name = $_.Value.Replace('[', '').Replace(']', '').Replace(';', '')
+                IsArray = $_.Value.Contains('[]')
+                IsComplexType = $row.Contains('EmbeddedInstance')
+            }
+            if ($props.IsComplexType)
+            {
+                Write-Warning -Message "Attention: No automatic complex type conversion is available for the property $($props.Name) in $parameterName. Please implement the conversion manually."
+                $props.Type = $row.Split(', ')[2].Replace('EmbeddedInstance("', '').Split(' ')[0].Replace('")]', '')
+                $props.Properties = (Get-ComplexParameter -Parameter $props.Name -CimInstance $CimInstance -ResourceName $ResourceName).Properties
+            }
+            $props
+        }
+    }
+    @{
+        Name = $parameterName
+        IsComplexType = $true
+        IsMandatory = $false
+        IsArray = $parameter -match '\[.*\[\]\]'
+        Type = $parameterType
+        Properties = $cimProperties
+    }
+
+    Write-Warning -Message "* Do not forget to replace the value `$getValue.$parameterName with `$policySettings.$parameterName in Get-TargetResource, remove it using `$policySettings.Remove('$parameterName')` and update the description in the MOF template. "
+    Write-Warning -Message "* Make sure to remove the duplicate entry of '$parameterName' in the MOF template."
+    Write-Warning -Message "* Check all CimInstanceNames in the `$complexTypeMapping in Export-TargetResource because they are not generated correctly."
+}
+
 function Get-MgGraphModuleCmdLetDifference
 {
     $modules = Get-Module -Name Microsoft.Graph.* -ListAvailable | Sort-Object -Property Name, Version | Out-GridView -PassThru
@@ -3933,8 +3969,8 @@ function New-SettingsCatalogSettingDefinitionSettingsFromTemplate {
     }
 
     $instanceName = "MSFT_MicrosoftGraphIntuneSettingsCatalog"
-    if (($Level -gt 1 -and $type -like "GroupCollection*" -and $childSettings.Count -gt 1) -or 
-        ($Level -eq 1 -and $type -like "GroupCollection*" -and $childSettings.Count -ge 1 -and $childSettings.AdditionalProperties.'@odata.type' -notcontains "#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition"))
+    if (($Level -gt 1 -and $type -like "GroupCollection*" -and $childSettings.Count -gt 1) -or
+        ($Level -eq 1 -and $type -eq "GroupCollectionCollection" -and $childSettings.Count -ge 1 -and $childSettings.AdditionalProperties.'@odata.type' -notcontains "#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition"))
     {
         $instanceName = $ParentInstanceName + $settingName
     }
diff --git a/ResourceGenerator/UnitTest.Template.ps1 b/ResourceGenerator/UnitTest.Template.ps1
index 456efa2ffb..5547276186 100644
--- a/ResourceGenerator/UnitTest.Template.ps1
+++ b/ResourceGenerator/UnitTest.Template.ps1
@@ -27,6 +27,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
+            Mock -CommandName Reset-MSCloudLoginConnectionProfileContext -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1
index b5e98a4478..d2945db555 100644
--- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1
+++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1
@@ -2411,7 +2411,7 @@
                     TenantId              = $TenantId;
                     CertificateThumbprint = $CertificateThumbprint;
                 }
-                IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile 'IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile'
+                IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile 'IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile'
                 {
                     AccountId                 = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e";
                     ApplicationId             = $ApplicationId;
@@ -3179,6 +3179,77 @@
                     TenantId               = $TenantId;
                     CertificateThumbprint  = $CertificateThumbprint;
                 }
+                IntuneVPNConfigurationPolicyAndroidDeviceOwner 'IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example'
+                {
+                    ApplicationId                           = $ApplicationId;
+                    TenantId                                = $TenantId;
+                    CertificateThumbprint                   = $CertificateThumbprint;
+                    Assignments                             = @();
+                    alwaysOn                                = $False;
+                    authenticationMethod                    = "azureAD";
+                    connectionName                          = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName";
+                    connectionType                          = "microsoftProtect";
+                    Description                             = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description";
+                    DisplayName                             = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName";
+                    Ensure                                  = "Present";
+                    Id                                      = "12345678-1234-abcd-1234-12345678ABCD";
+                    customData                              = @(
+                        MSFT_CustomData{
+                            key                             = 'fakeCustomData'
+                            value                           = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]'
+                        }
+                    );
+                    customKeyValueData                      = @(
+                        MSFT_customKeyValueData{
+                            value                           = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]'
+                            name                            = 'fakeCustomKeyValueData'
+                        }
+                    );
+                    microsoftTunnelSiteId                   = "12345678-1234-abcd-1234-12345678ABCD";
+                    proxyExclusionList                      = @();
+                    proxyServer                             = @(
+                        MSFT_MicrosoftvpnProxyServer{
+                            port                            = 8080
+                            automaticConfigurationScriptUrl = 'fakestringvalue'
+                            address                         = 'fake-proxy-adress.com'
+                        }
+                    );
+                    servers                                 = @(
+                        MSFT_MicrosoftGraphvpnServer{
+                            isDefaultServer                 = $True
+                            description                     = 'fakestringvalue'
+                            address                         = 'fake.server.com:8080'
+                        }
+                    );
+                    targetedMobileApps                      = @(
+                        MSFT_targetedMobileApps{
+                            name                            = 'fakestringvalue'
+                            publisher                       = 'Fake Corporation'
+                            appId                           = 'com.fake.emmx'
+                        }
+                    );
+                }
+                IntuneVPNConfigurationPolicyAndroidEnterprise 'IntuneVPNConfigurationPolicyAndroidEnterprise-Example'
+                {
+                    ApplicationId                      = $ApplicationId;
+                    TenantId                           = $TenantId;
+                    CertificateThumbprint              = $CertificateThumbprint;
+                    Assignments                        = @();
+                    authenticationMethod               = "usernameAndPassword";
+                    connectionName                     = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName";
+                    connectionType                     = "ciscoAnyConnect";
+                    Description                        = "IntuneVPNConfigurationPolicyAndroidEnterprise Description";
+                    DisplayName                        = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName";
+                    Ensure                             = "Present";
+                    Id                                 = "12345678-1234-abcd-1234-12345678ABCD";
+                    servers                            = @(
+                        MSFT_MicrosoftGraphvpnServer{
+                            isDefaultServer            = $True
+                            description                = 'server'
+                            address                    = 'vpn.test.com'
+                        }
+                    );
+                }
                 IntuneVPNConfigurationPolicyIOS 'IntuneVPNConfigurationPolicyIOS-Example'
                 {
                     ApplicationId         = $ApplicationId;
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdminConsentRequestPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdminConsentRequestPolicy.Tests.ps1
index 0e517729de..8c913408a9 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdminConsentRequestPolicy.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdminConsentRequestPolicy.Tests.ps1
@@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return "Credentials"
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1
index f9b56e9ab3..0c35485867 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1
@@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Add-M365DSCTelemetryEvent -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1
index 2a713b43f4..d27befe1a4 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1
@@ -26,6 +26,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyExternal.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyExternal.Tests.ps1
index ec4f10ace8..fa4d32cc54 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyExternal.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyExternal.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationRequirement.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationRequirement.Tests.ps1
index 04b2234a09..b98bb26460 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationRequirement.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationRequirement.Tests.ps1
@@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return "Credentials"
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1
index 78a0fa3010..44e159540e 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADConditionalAccessPolicy.Tests.ps1
@@ -26,7 +26,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd)
 
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
+            }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
             }
 
             Mock -CommandName New-M365DSCConnection -MockWith {
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADDeviceRegistrationPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADDeviceRegistrationPolicy.Tests.ps1
index 5a438157f0..03e9998394 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADDeviceRegistrationPolicy.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADDeviceRegistrationPolicy.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Update-MgBetaDirectoryAttributeSet -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEnrichedAuditLogs.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEnrichedAuditLogs.Tests.ps1
index 403ed9873f..8d094fce83 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEnrichedAuditLogs.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEnrichedAuditLogs.Tests.ps1
@@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return "Credentials"
             }
@@ -85,7 +88,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                     Credential            = $Credential;
                 }
             }
-            
+
             It 'Should return false from the Test method' {
                 Test-TargetResource @testParams | Should -Be $false
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1
index 92dfca03b2..7ee2a2a695 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1
index b0ec9d4a0a..fa55f1cbe5 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementConnectedOrganization.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Update-MgBetaEntitlementManagementConnectedOrganization -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFederationConfiguration.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFederationConfiguration.Tests.ps1
index 63a52ce0d5..b972d800e9 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFederationConfiguration.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADFederationConfiguration.Tests.ps1
@@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return "Credentials"
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1
index 06e568b265..44561e63a6 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADGroup.Tests.ps1
@@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityB2XUserFlow.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityB2XUserFlow.Tests.ps1
index b0dd2cbd56..97b4a3f657 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityB2XUserFlow.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityB2XUserFlow.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityProtectionPolicySettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityProtectionPolicySettings.Tests.ps1
index 0b1586f83f..86e9d1d5e6 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityProtectionPolicySettings.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADIdentityProtectionPolicySettings.Tests.ps1
@@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return "Credentials"
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNamedLocationPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNamedLocationPolicy.Tests.ps1
index dbd6467749..dec1193386 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNamedLocationPolicy.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNamedLocationPolicy.Tests.ps1
@@ -26,6 +26,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNetworkAccessForwardingPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNetworkAccessForwardingPolicy.Tests.ps1
index 45562b9072..8c17890f68 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNetworkAccessForwardingPolicy.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADNetworkAccessForwardingPolicy.Tests.ps1
@@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return "Credentials"
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOnPremisesPublishingProfilesSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOnPremisesPublishingProfilesSettings.Tests.ps1
index a8552503e0..1734dd8b93 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOnPremisesPublishingProfilesSettings.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOnPremisesPublishingProfilesSettings.Tests.ps1
@@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return "Credentials"
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOrganizationCertificateBasedAuthConfiguration.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOrganizationCertificateBasedAuthConfiguration.Tests.ps1
index 0f0800c5a8..1cfbb6993a 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOrganizationCertificateBasedAuthConfiguration.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADOrganizationCertificateBasedAuthConfiguration.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRemoteNetwork.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRemoteNetwork.Tests.ps1
index 80f13f2dcd..5e88c9a116 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRemoteNetwork.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADRemoteNetwork.Tests.ps1
@@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-MgBetaNetworkAccessConnectivityRemoteNetwork -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1
index b2f735572e..d603524a7d 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADServicePrincipal.Tests.ps1
@@ -23,10 +23,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force
             $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@contoso.com', $secpasswd)
 
-
             Mock -CommandName Get-PSSession -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Remove-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1
index 95be94a0da..0c01f44993 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
@@ -75,7 +78,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                 Test-TargetResource @testParams | Should -Be $false
             }
             It 'Should Create the id from the Set method' {
-                Set-TargetResource @testParams 
+                Set-TargetResource @testParams
                 Should -Invoke -CommandName Invoke-M365DSCVerifiedIdWebRequest -Exactly 2
             }
         }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1
index 4fc725b180..6e058fd01b 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
@@ -62,7 +65,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                         } -ClientOnly)
                         attestations = (New-CimInstance -ClassName MSFT_AADVerifiedIdAuthorityContractAttestations -Property @{
                             required = $True
-                        } -ClientOnly) 
+                        } -ClientOnly)
 
                     } -ClientOnly)
                     Ensure = 'Present'
@@ -92,7 +95,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                                 )
                             }
                         }
-                        default { 
+                        default {
                             return @{
                                 value = @()
                             }
@@ -108,7 +111,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                 Test-TargetResource @testParams | Should -Be $false
             }
             It 'Should Create the id from the Set method' {
-                Set-TargetResource @testParams 
+                Set-TargetResource @testParams
                 Should -Invoke -CommandName Invoke-M365DSCVerifiedIdWebRequest -Exactly 4
             }
         }
@@ -195,7 +198,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                                 )
                             }
                         }
-                        default { 
+                        default {
                             return @{
                                 value = @(
                                     @{
@@ -416,7 +419,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                                 )
                             }
                         }
-                        default { 
+                        default {
                             return @{
                                 value = @(
                                     @{
@@ -628,7 +631,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                                 )
                             }
                         }
-                        default { 
+                        default {
                             return @{
                                 value = @(
                                     @{
@@ -799,7 +802,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                                 )
                             }
                         }
-                        default { 
+                        default {
                             return @{
                                 value = @(
                                     @{
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureVerifiedIdFaceCheck.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureVerifiedIdFaceCheck.Tests.ps1
index cde4d69eaf..6453346a50 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureVerifiedIdFaceCheck.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AzureVerifiedIdFaceCheck.Tests.ps1
@@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return "Credentials"
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1
index fc8ba8aec7..bd265e2b50 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOManagementRoleAssignment.Tests.ps1
@@ -29,6 +29,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Save-M365DSCPartialExport -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
+            Mock -CommandName Reset-MSCloudLoginConnectionProfileContext -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return 'Credentials'
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1
index da1e78d7ae..6fa2cd7b08 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.FabricAdminTenantSettings.Tests.ps1
@@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return "ServicePrincipalWithThumbprint"
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneASRRulesPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneASRRulesPolicyWindows10.Tests.ps1
index 524bbbe878..9a325b1f44 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneASRRulesPolicyWindows10.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneASRRulesPolicyWindows10.Tests.ps1
@@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Save-M365DSCPartialExport  -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1
index db536619f4..2f60f5a80c 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1
@@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return 'Credentials'
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1
index 7b0a983390..f9816cfe26 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppProtectionPolicyiOS.Tests.ps1
@@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return 'Credentials'
             }
@@ -55,7 +58,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                     @{
                         id = '3eacc231-d77b-4efb-bb5f-310f68bd6198'
                         DisplayName = 'MyExcludedGroup'
-                    },                    
+                    },
                     @{
                         id = '6ee86c9f-2b3c-471d-ad38-ff4673ed723e'
                         DisplayName = 'MyAssignedGroup'
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppleMDMPushNotificationCertificate.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppleMDMPushNotificationCertificate.Tests.ps1
index ed85027560..df50dddc7f 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppleMDMPushNotificationCertificate.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppleMDMPushNotificationCertificate.Tests.ps1
@@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return "Credentials"
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCleanupRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCleanupRule.Tests.ps1
index e276673109..285a396bab 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCleanupRule.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceCleanupRule.Tests.ps1
@@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return 'Credentials'
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1
index 1bdab9fafa..280beac665 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.Tests.ps1
index 7af27e93c3..18255505f7 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1
index f93421bccd..9961c061bd 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationWiredNetworkPolicyWindows10.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1
index 4aa84407d2..671e217fe8 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentStatusPageWindows10.Tests.ps1
@@ -26,6 +26,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
 
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {}
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {}
+
             Mock -CommandName Get-PSSession -MockWith {}
 
             Mock -CommandName Remove-PSSession -MockWith {}
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.Tests.ps1
similarity index 100%
rename from Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.Tests.ps1
rename to Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.Tests.ps1
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1
index d074c4be78..74821ea2f9 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementComplianceSettings.Tests.ps1
@@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return 'Credentials'
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementEnrollmentAndroidGooglePlay.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementEnrollmentAndroidGooglePlay.Tests.ps1
index 3b34d8d51e..5560d09194 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementEnrollmentAndroidGooglePlay.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceManagementEnrollmentAndroidGooglePlay.Tests.ps1
@@ -18,6 +18,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd)
 
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {}
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {}
             Mock -CommandName New-M365DSCConnection -MockWith { return "Credentials" }
 
             Mock -CommandName Get-MgBetaDeviceManagementAndroidManagedStoreAccountEnterpriseSetting -MockWith {}
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionMacOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionMacOS.Tests.ps1
index 83a37dd25a..c199828d14 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionMacOS.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionMacOS.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1
index 9dae7098d7..f4455f536b 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1
@@ -279,6 +279,150 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                 )
             }
 
+            Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicyTemplateSettingTemplate -MockWith {
+                return @(
+                    @{
+                        SettingDefinitions = @(
+                            @{
+                                Id = 'vendor_msft_firewall_mdmstore_global_disablestatefulftp'
+                                Name = 'DisableStatefulFtp'
+                                OffsetUri = '/MdmStore/Global/DisableStatefulFtp'
+                                AdditionalProperties = @{
+                                    '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition'
+                                }
+                            }
+                        )
+                    },
+                    @{
+                        SettingDefinitions = @(
+                            @{
+                                Id = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall'
+                                Name = 'EnableFirewall'
+                                OffsetUri = '/MdmStore/DomainProfile/EnableFirewall'
+                                AdditionalProperties = @{
+                                    '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition'
+                                }
+                            },
+                            @{
+                                Id = 'vendor_msft_firewall_mdmstore_domainprofile_logfilepath'
+                                Name = 'LogFilePath'
+                                OffsetUri = '/MdmStore/DomainProfile/LogFilePath'
+                                AdditionalProperties = @{
+                                    '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingDefinition'
+                                    dependentOn = @(
+                                        @{
+                                            dependentOn = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall_true'
+                                            parentSettingId = 'vendor_msft_firewall_mdmstore_domainprofile_enablefirewall'
+                                        }
+                                    )
+                                }
+                            },
+                            @{
+                                Id = 'vendor_msft_firewall_mdmstore_publicprofile_enablefirewall'
+                                Name = 'EnableFirewall'
+                                OffsetUri = '/MdmStore/PublicProfile/EnableFirewall'
+                                AdditionalProperties = @{
+                                    '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition'
+                                }
+                            },
+                            @{
+                                Id = 'vendor_msft_firewall_mdmstore_publicprofile_logfilepath'
+                                Name = 'LogFilePath'
+                                OffsetUri = '/MdmStore/PublicProfile/LogFilePath'
+                                AdditionalProperties = @{
+                                    '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingDefinition'
+                                    dependentOn = @(
+                                        @{
+                                            dependentOn = 'vendor_msft_firewall_mdmstore_publicprofile_enablefirewall_true'
+                                            parentSettingId = 'vendor_msft_firewall_mdmstore_publicprofile_enablefirewall'
+                                        }
+                                    )
+                                }
+                            }
+                        )
+                    },
+                    @{
+                        SettingDefinitions = @(
+                            @{
+                                Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_domainprofile_enablefirewall'
+                                Name = 'EnableFirewall'
+                                OffsetUri = '/MdmStore/HyperVVMSettings/{0}/DomainProfile/EnableFirewall'
+                                AdditionalProperties = @{
+                                    '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition'
+                                    options = @(
+                                        # Only option used in the tests is defined here
+                                        @{
+                                            name = 'Enable Firewall'
+                                            itemId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_domainprofile_enablefirewall_true'
+                                            dependentOn = @(
+                                                @{
+                                                    dependentOn = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl'
+                                                    parentSettingId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target'
+                                                }
+                                            )
+                                        }
+                                    )
+                                }
+                            },
+                            @{
+                                Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_publicprofile_enablefirewall'
+                                Name = 'EnableFirewall'
+                                OffsetUri = '/MdmStore/HyperVVMSettings/{0}/PublicProfile/EnableFirewall'
+                                AdditionalProperties = @{
+                                    '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition'
+                                    options = @(
+                                        # Only option used in the tests is defined here
+                                        @{
+                                            name = 'Enable Firewall'
+                                            itemId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_publicprofile_enablefirewall_true'
+                                            dependentOn = @(
+                                                @{
+                                                    dependentOn = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl'
+                                                    parentSettingId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target'
+                                                }
+                                            )
+                                        }
+                                    )
+                                }
+                            },
+                            @{
+                                Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target'
+                                Name = 'Target'
+                                OffsetUri = '/MdmStore/HyperVVMSettings/{0}/Target'
+                                AdditionalProperties = @{
+                                    '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition'
+                                    options = @(
+                                        @{
+                                            dependentOn = @(
+                                                @{
+                                                    dependentOn = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}'
+                                                    parentSettingId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}'
+                                                }
+                                            )
+                                            name = 'WSL'
+                                            itemId = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target_wsl'
+                                        }
+                                    )
+                                }
+                            },
+                            @{
+                                Id = 'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}'
+                                Name = '{VMCreatorId}'
+                                OffsetUri = '/MdmStore/HyperVVMSettings/{0}'
+                                AdditionalProperties = @{
+                                    '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition'
+                                    childIds = @(
+                                        'vendor_msft_firewall_mdmstore_hypervvmsettings_{vmcreatorid}_target'
+                                    )
+                                    maximumCount = 1
+                                    minimumCount = 0
+                                }
+                            }
+                        )
+                    }
+                )
+            }
+
             Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsMacOSLobApp.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsMacOSLobApp.Tests.ps1
index 0e5552d5fd..9661d9fa2a 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsMacOSLobApp.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsMacOSLobApp.Tests.ps1
@@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsWindowsOfficeSuiteApp.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsWindowsOfficeSuiteApp.Tests.ps1
index ff169134f0..f1054f03ec 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsWindowsOfficeSuiteApp.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppsWindowsOfficeSuiteApp.Tests.ps1
@@ -31,6 +31,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1
index c6742bc497..4ceff9776a 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneRoleAssignment.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneRoleAssignment.Tests.ps1
index 9dbc8a713c..c4c962dc2d 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneRoleAssignment.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneRoleAssignment.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1
index d8b2b14c14..f3b3350c30 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogCustomPolicyWindows10.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Get-PSSession -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidDeviceOwner.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidDeviceOwner.Tests.ps1
new file mode 100644
index 0000000000..e9fbe0e949
--- /dev/null
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidDeviceOwner.Tests.ps1
@@ -0,0 +1,477 @@
+[CmdletBinding()]
+param(
+)
+$M365DSCTestFolder = Join-Path -Path $PSScriptRoot `
+    -ChildPath '..\..\Unit' `
+    -Resolve
+$CmdletModule = (Join-Path -Path $M365DSCTestFolder `
+        -ChildPath '\Stubs\Microsoft365.psm1' `
+        -Resolve)
+$GenericStubPath = (Join-Path -Path $M365DSCTestFolder `
+        -ChildPath '\Stubs\Generic.psm1' `
+        -Resolve)
+Import-Module -Name (Join-Path -Path $M365DSCTestFolder `
+        -ChildPath '\UnitTestHelper.psm1' `
+        -Resolve)
+
+$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule `
+    -DscResource 'IntuneVPNConfigurationPolicyAndroidDeviceOwner' -GenericStubModule $GenericStubPath
+Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
+    InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock {
+        Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope
+        BeforeAll {
+            $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force
+            $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd)
+
+            Mock -CommandName Confirm-M365DSCDependencies -MockWith {
+            }
+
+            Mock -CommandName New-M365DSCConnection -MockWith {
+                return 'Credentials'
+            }
+
+            Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+            }
+
+            Mock -CommandName New-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+            }
+
+            Mock -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+            }
+
+            Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith {
+
+                return @()
+            }
+            Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith {
+            }
+            # Mock Write-Host to hide output during the tests
+            Mock -CommandName Write-Host -MockWith {
+            }
+            $Script:exportedInstances =$null
+            $Script:ExportMode = $false
+        }
+
+        # Test contexts
+        Context -Name "When the IntuneVPNConfigurationPolicyAndroidDeviceOwner doesn't already exist" -Fixture {
+            BeforeAll {
+               $testParams = @{
+                    connectionName                             = 'FakeStringValue'
+                    connectionType                             = 'ciscoAnyConnect'
+                    Description                                = 'FakeStringValue'
+                    DisplayName                                = 'FakeStringValue'
+                    Id                                         = 'FakeStringValue'
+                    proxyServer                                = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftvpnProxyServer `
+                        -Property @{
+                            port                               = 80
+                            automaticConfigurationScriptUrl    = 'https://www.test.com'
+                            address                            = 'proxy.test.com'
+                        } -ClientOnly)
+                    )
+                    servers                                    = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftGraphvpnServer `
+                        -Property @{
+                            isDefaultServer                    = $True
+                            description                        = 'server'
+                            address                            = 'vpn.test.com'
+                        } -ClientOnly)
+                    )                                                                                         
+                    customData                                 = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_CustomData `
+                        -Property @{
+                            key                                = 'FakeStringValue'
+                            value                              = 'FakeStringValue'
+                        } -ClientOnly)
+                    )     
+                    customKeyValueData                         = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_CustomData `
+                        -Property @{
+                            name                               = 'FakeStringValue'
+                            value                              = 'FakeStringValue'
+                        } -ClientOnly)
+                    )                                                                                                                                                                                    
+                     targetedMobileApps                      = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_targetedMobileApps `
+                        -Property @{
+                            name                               = 'FakeStringValue'
+                            publisher                          = 'FakeStringValue'
+                            appStoreUrl                        = 'FakeStringValue'
+                            appId                              = 'FakeStringValue'
+                        } -ClientOnly)
+                    )
+                    Ensure                                     = 'Present'
+                    Credential                                 = $Credential
+                }
+
+                Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+                    return $null
+                }
+            }
+
+            It 'Should return absent from the Get method' {
+                    (Get-TargetResource @testParams).Ensure | Should -Be 'Absent'
+            }
+
+            It 'Should return false from the Test method' {
+                Test-TargetResource @testParams | Should -Be $false
+            }
+
+            It 'Should create the IntuneVPNConfigurationPolicyAndroidDeviceOwner from the Set method' {
+                Set-TargetResource @testParams
+                Should -Invoke -CommandName 'New-MgBetaDeviceManagementDeviceConfiguration' -Exactly 1
+            }
+        }
+
+        Context -Name 'When the IntuneVPNConfigurationPolicyAndroidDeviceOwner already exists and is NOT in the Desired State' -Fixture {
+            BeforeAll {
+               $testParams = @{
+                    DisplayName                               = 'FakeStringValue'
+                    Description                               = 'FakeStringValue'
+                    Id                                        = 'FakeStringValue'
+                    authenticationMethod                      = 'usernameAndPassword'
+                    connectionName                            = 'FakeStringValue'
+                    connectionType                            = 'ciscoAnyConnect'
+                    proxyServer                               = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftvpnProxyServer `
+                        -Property @{
+                            port                              = 80
+                            automaticConfigurationScriptUrl   = 'https://www.test.com'
+                            address                           = 'proxy.test.com'
+                        } -ClientOnly)
+                    )
+                    servers                                   = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftGraphvpnServer `
+                        -Property @{
+                            isDefaultServer                   = $True
+                            description                       = 'server'
+                            address                           = 'vpn.test.com'
+                        } -ClientOnly)
+                    )                                                                                        
+                    customData                                = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_CustomData `
+                        -Property @{
+                           key                                = 'FakeStringValue'
+                            value                             = 'FakeStringValue'
+                        } -ClientOnly)
+                    )     
+                    customKeyValueData                        = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_CustomData `
+                        -Property @{
+                            name                              = 'FakeStringValue'
+                            value                             = 'FakeStringValue'
+                        } -ClientOnly)
+                    )                                                                                                                                                                                       
+                    targetedMobileApps                      = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_targetedMobileApps `
+                        -Property @{
+                            name                             = 'FakeStringValue'
+                            publisher                        = 'FakeStringValue'
+                            appStoreUrl                      = 'FakeStringValue'
+                            appId                            = 'FakeStringValue'
+                        } -ClientOnly)
+                    )
+                    Ensure                                   = 'Present'
+                    Credential                               = $Credential
+                }
+
+                Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+                   return  @{
+                        DisplayName                                 = 'FakeStringValue'
+                        Description                                 = 'FakeStringValue'
+                        Id                              = 'FakeStringValue'
+                        AdditionalProperties                        = @{
+                            '@odata.type'                           = '#microsoft.graph.androidDeviceOwnerVpnConfiguration'
+                            authenticationMethod                    = 'usernameAndPassword'
+                            connectionName                          = 'FakeStringValue'
+                            connectionType                          = 'ciscoAnyConnect'
+                            customData             = @(
+                                @{
+                                    key                  = 'FakeStringValue'
+                                    value                = 'FakeStringValue'
+                                }
+                            )     
+                            customKeyValueData      = @(
+                                @{
+                                    name                  = 'FakeStringValue'
+                                    value                = 'FakeStringValue'
+                                }
+                            )                                                                                                                                                                             
+                            servers                                  = @(
+                                @{
+                                    isDefaultServer                  = $True
+                                    description                      = 'server'
+                                    address                          = 'vpn.CHANGED.com' #changed value
+                                }
+                            )    
+                            proxyServer                              = @(
+                                 @{
+                                    port                             = 80
+                                    automaticConfigurationScriptUrl  = 'https://www.test.com'
+                                    address                          = 'proxy.test.com'
+                                 }
+                            )
+                            targetedMobileApps                      = @(
+                                @{
+                                    name                            = 'FakeStringValue'
+                                    publisher                       = 'FakeStringValue'
+                                    appStoreUrl                     = 'FakeStringValue'
+                                    appId                           = 'FakeStringValue'
+                                }
+                            )                                                                                      
+                        }
+                    }
+                }
+            }
+
+            It 'Should return Present from the Get method' {
+                    (Get-TargetResource @testParams).Ensure | Should -Be 'Present' #-Displayname 'FakeStringValue').Ensure | Should -Be 'Present' #
+            }
+
+            It 'Should return false from the Test method' {
+                Test-TargetResource @testParams | Should -Be $false
+            }
+
+            It 'Should update the IntuneVPNConfigurationPolicyAndroidDeviceOwner from the Set method' {
+                Set-TargetResource @testParams
+                Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -Exactly 1
+               
+            }
+        }
+
+       Context -Name 'When the policy already exists and IS in the Desired State' -Fixture {
+            BeforeAll {
+               $testParams = @{
+                    DisplayName                              = 'FakeStringValue'
+                    Description                              = 'FakeStringValue'
+                    authenticationMethod                     = 'usernameAndPassword'
+                    connectionName                           = 'FakeStringValue'
+                    connectionType                           = 'ciscoAnyConnect'
+                    proxyServer                              = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftvpnProxyServer `
+                        -Property @{
+                            port                             = 80
+                            automaticConfigurationScriptUrl  = 'https://www.test.com'
+                            address                          = 'proxy.test.com'
+                        } -ClientOnly)
+                    )
+                    servers                                   = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftGraphvpnServer `
+                        -Property @{
+                            isDefaultServer                  = $True
+                            description                      = 'server'
+                            address                          = 'vpn.test.com'
+                        } -ClientOnly)
+                    )
+                    customData                               = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_CustomData `
+                        -Property @{
+                            key                              = 'FakeStringValue'
+                            value                            = 'FakeStringValue'
+                        } -ClientOnly)
+                    )  
+                    customKeyValueData      = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_CustomData `
+                        -Property @{
+                            name                            = 'FakeStringValue'
+                            value                           = 'FakeStringValue'
+                        } -ClientOnly)
+                    )                                                                                                                                                                       
+                    targetedMobileApps                    = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_targetedMobileApps `
+                        -Property @{
+                            name                            = 'FakeStringValue'
+                            publisher                       = 'FakeStringValue'
+                            appStoreUrl                     = 'FakeStringValue'
+                            appId                           = 'FakeStringValue'
+                        } -ClientOnly)
+                    )  
+                    Ensure                                  = 'Present'
+                    Credential                              = $Credential
+                }
+
+                Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+                   return  @{
+                        DisplayName                                 = 'FakeStringValue'
+                        Description                                 = 'FakeStringValue'
+                        AdditionalProperties                        = @{
+                            '@odata.type'                           = '#microsoft.graph.androidDeviceOwnerVpnConfiguration'
+                            authenticationMethod                    = 'usernameAndPassword'
+                            connectionName                          = 'FakeStringValue'
+                            connectionType                          = 'ciscoAnyConnect'
+                            proxyServer                             = @(
+                                @{
+                                    port                            = 80
+                                    automaticConfigurationScriptUrl = 'https://www.test.com'
+                                    address                         = 'proxy.test.com'
+                                }
+                            )
+                            servers                                  = @(
+                                @{
+                                    isDefaultServer                 = $True
+                                    description                     = 'server'
+                                    address                         = 'vpn.test.com'
+                                }
+                            )
+                            customData                              = @(
+                                @{
+                                    key                             = 'FakeStringValue'
+                                    value                           = 'FakeStringValue'
+                                }
+                            )
+                            customKeyValueData                      = @(
+                                @{
+                                    name                            = 'FakeStringValue'
+                                    value                           = 'FakeStringValue'
+                                }
+                            )
+                            targetedMobileApps                    = @(
+                                @{
+                                    name                            = 'FakeStringValue'
+                                    publisher                       = 'FakeStringValue'
+                                    appStoreUrl                     = 'FakeStringValue'
+                                    appId                           = 'FakeStringValue'
+                                }
+                            )
+                        }
+                    }
+                }
+            }
+
+            It 'Should return true from the Test method' {
+                Test-TargetResource @testParams | Should -Be $true
+            }
+        }
+
+        Context -Name 'When the policy exists and it SHOULD NOT' -Fixture {
+            BeforeAll {
+                $testParams = @{
+                    DisplayName                             = 'FakeStringValue'
+                    Description                             = 'FakeStringValue'
+                    authenticationMethod                    = 'usernameAndPassword'
+                    connectionName                          = 'FakeStringValue'
+                    connectionType                          = 'ciscoAnyConnect'
+                    proxyServer                             = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftvpnProxyServer `
+                        -Property @{
+                            port = 80
+                            automaticConfigurationScriptUrl = 'https://www.test.com'
+                            address                         = 'proxy.test.com'
+                        } -ClientOnly)
+                    )
+                    servers                                 = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftGraphvpnServer `
+                        -Property @{
+                            isDefaultServer                 = $True
+                            description                     = 'server'
+                            address                         = 'vpn.test.com'
+                        } -ClientOnly)
+                    )
+                    Ensure                                  = 'Absent'
+                    Credential                              = $Credential
+                }
+
+                Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+                   return @{
+                        DisplayName                                  = 'FakeStringValue'
+                        Description                                  = 'FakeStringValue'
+                        AdditionalProperties                         = @{
+                            '@odata.type'                           = '#microsoft.graph.androidDeviceOwnerVpnConfiguration'
+                            authenticationMethod                     = 'usernameAndPassword'
+                            connectionName                           = 'FakeStringValue'
+                            connectionType                           = 'ciscoAnyConnect'
+                            proxyServer                              = @(
+                                @{
+                                    port                             = 80
+                                    automaticConfigurationScriptUrl  = 'https://www.test.com'
+                                    address                          = 'proxy.test.com'
+                                }
+                            )
+                            servers                                  = @(
+                                @{
+                                    isDefaultServer                  = $True
+                                    description                      = 'server'
+                                    address                          = 'vpn.test.com'
+                                }
+                            )
+                        }
+                    }
+                }
+            }
+
+            It 'Should return Present from the Get method' {
+                    (Get-TargetResource @testParams).Ensure | Should -Be 'Present'
+            }
+
+            It 'Should return true from the Test method' {
+                Test-TargetResource @testParams | Should -Be $false
+            }
+
+            It 'Should remove the IntuneVPNConfigurationPolicyAndroidDeviceOwner from the Set method' {
+                Set-TargetResource @testParams
+                Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -Exactly 1
+            }
+        }
+
+        Context -Name 'ReverseDSC Tests' -Fixture {
+            BeforeAll {
+                $Global:CurrentModeIsExport = $true
+                $Global:PartialExportFileName = "$(New-Guid).partial.ps1"
+                $testParams = @{
+                    Credential = $Credential
+                }
+
+                Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+                   return @{
+                        DisplayName                                 = 'FakeStringValue'
+                        Description                                 = 'FakeStringValue'
+                        AdditionalProperties                        = @{
+                            '@odata.type'                           = '#microsoft.graph.androidDeviceOwnerVpnConfiguration'
+                            authenticationMethod                    = 'usernameAndPassword'
+                            connectionName                          = 'FakeStringValue'
+                            connectionType                          = 'ciscoAnyConnect'
+                            proxyServer                             = @(
+                                @{
+                                    port                            = 80
+                                    automaticConfigurationScriptUrl = 'https://www.test.com'
+                                    address                         = 'proxy.test.com'
+                                }
+                            )
+                            servers                                 = @(
+                                @{
+                                    isDefaultServer                 = $True
+                                    description                     = 'server'
+                                    address                         = 'vpn.test.com'
+                                }
+                            )
+                        }
+                    }
+                }
+            }
+
+            It 'Should Reverse Engineer resource from the Export method' {
+                $result = Export-TargetResource @testParams
+                $result | Should -Not -BeNullOrEmpty
+            }
+        }
+    }
+}
+
+Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope
\ No newline at end of file
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidEnterprise.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidEnterprise.Tests.ps1
new file mode 100644
index 0000000000..6248661dbb
--- /dev/null
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneVPNConfigurationPolicyAndroidEnterprise.Tests.ps1
@@ -0,0 +1,477 @@
+[CmdletBinding()]
+param(
+)
+$M365DSCTestFolder = Join-Path -Path $PSScriptRoot `
+    -ChildPath '..\..\Unit' `
+    -Resolve
+$CmdletModule = (Join-Path -Path $M365DSCTestFolder `
+        -ChildPath '\Stubs\Microsoft365.psm1' `
+        -Resolve)
+$GenericStubPath = (Join-Path -Path $M365DSCTestFolder `
+        -ChildPath '\Stubs\Generic.psm1' `
+        -Resolve)
+Import-Module -Name (Join-Path -Path $M365DSCTestFolder `
+        -ChildPath '\UnitTestHelper.psm1' `
+        -Resolve)
+
+$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule `
+    -DscResource 'IntuneVPNConfigurationPolicyAndroidEnterprise' -GenericStubModule $GenericStubPath
+Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
+    InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock {
+        Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope
+        BeforeAll {
+            $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force
+            $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd)
+
+            Mock -CommandName Confirm-M365DSCDependencies -MockWith {
+            }
+
+            Mock -CommandName New-M365DSCConnection -MockWith {
+                return 'Credentials'
+            }
+
+            Mock -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+            }
+
+            Mock -CommandName New-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+            }
+
+            Mock -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+            }
+
+            Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith {
+
+                return @()
+            }
+            Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith {
+            }
+            # Mock Write-Host to hide output during the tests
+            Mock -CommandName Write-Host -MockWith {
+            }
+            $Script:exportedInstances =$null
+            $Script:ExportMode = $false
+        }
+
+        # Test contexts
+        Context -Name "When the IntuneVPNConfigurationPolicyAndroidEnterprise doesn't already exist" -Fixture {
+            BeforeAll {
+               $testParams = @{
+                    connectionName                             = 'FakeStringValue'
+                    connectionType                             = 'ciscoAnyConnect'
+                    Description                                = 'FakeStringValue'
+                    DisplayName                                = 'FakeStringValue'
+                    Id                                         = 'FakeStringValue'
+                    proxyServer                                = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftvpnProxyServer `
+                        -Property @{
+                            port                               = 80
+                            automaticConfigurationScriptUrl    = 'https://www.test.com'
+                            address                            = 'proxy.test.com'
+                        } -ClientOnly)
+                    )
+                    servers                                    = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftGraphvpnServer `
+                        -Property @{
+                            isDefaultServer                    = $True
+                            description                        = 'server'
+                            address                            = 'vpn.test.com'
+                        } -ClientOnly)
+                    )                                                                                         
+                    customData                                 = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_CustomData `
+                        -Property @{
+                            key                                = 'FakeStringValue'
+                            value                              = 'FakeStringValue'
+                        } -ClientOnly)
+                    )     
+                    customKeyValueData                         = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_CustomData `
+                        -Property @{
+                            name                               = 'FakeStringValue'
+                            value                              = 'FakeStringValue'
+                        } -ClientOnly)
+                    )                                                                                                                                                                                    
+                     targetedMobileApps                      = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_targetedMobileApps `
+                        -Property @{
+                            name                               = 'FakeStringValue'
+                            publisher                          = 'FakeStringValue'
+                            appStoreUrl                        = 'FakeStringValue'
+                            appId                              = 'FakeStringValue'
+                        } -ClientOnly)
+                    )
+                    Ensure                                     = 'Present'
+                    Credential                                 = $Credential
+                }
+
+                Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+                    return $null
+                }
+            }
+
+            It 'Should return absent from the Get method' {
+                    (Get-TargetResource @testParams).Ensure | Should -Be 'Absent'
+            }
+
+            It 'Should return false from the Test method' {
+                Test-TargetResource @testParams | Should -Be $false
+            }
+
+            It 'Should create the IntuneVPNConfigurationPolicyAndroidEnterprise from the Set method' {
+                Set-TargetResource @testParams
+                Should -Invoke -CommandName 'New-MgBetaDeviceManagementDeviceConfiguration' -Exactly 1
+            }
+        }
+
+        Context -Name 'When the IntuneVPNConfigurationPolicyAndroidEnterprise already exists and is NOT in the Desired State' -Fixture {
+            BeforeAll {
+               $testParams = @{
+                    DisplayName                               = 'FakeStringValue'
+                    Description                               = 'FakeStringValue'
+                    Id                                        = 'FakeStringValue'
+                    authenticationMethod                      = 'usernameAndPassword'
+                    connectionName                            = 'FakeStringValue'
+                    connectionType                            = 'ciscoAnyConnect'
+                    proxyServer                               = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftvpnProxyServer `
+                        -Property @{
+                            port                              = 80
+                            automaticConfigurationScriptUrl   = 'https://www.test.com'
+                            address                           = 'proxy.test.com'
+                        } -ClientOnly)
+                    )
+                    servers                                   = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftGraphvpnServer `
+                        -Property @{
+                            isDefaultServer                   = $True
+                            description                       = 'server'
+                            address                           = 'vpn.test.com'
+                        } -ClientOnly)
+                    )                                                                                        
+                    customData                                = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_CustomData `
+                        -Property @{
+                           key                                = 'FakeStringValue'
+                            value                             = 'FakeStringValue'
+                        } -ClientOnly)
+                    )     
+                    customKeyValueData                        = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_CustomData `
+                        -Property @{
+                            name                              = 'FakeStringValue'
+                            value                             = 'FakeStringValue'
+                        } -ClientOnly)
+                    )                                                                                                                                                                                       
+                    targetedMobileApps                      = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_targetedMobileApps `
+                        -Property @{
+                            name                             = 'FakeStringValue'
+                            publisher                        = 'FakeStringValue'
+                            appStoreUrl                      = 'FakeStringValue'
+                            appId                            = 'FakeStringValue'
+                        } -ClientOnly)
+                    )
+                    Ensure                                   = 'Present'
+                    Credential                               = $Credential
+                }
+
+                Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+                   return  @{
+                        DisplayName                                 = 'FakeStringValue'
+                        Description                                 = 'FakeStringValue'
+                        Id                              = 'FakeStringValue'
+                        AdditionalProperties                        = @{
+                            '@odata.type'                           = '#microsoft.graph.androidVpnConfiguration'
+                            authenticationMethod                    = 'usernameAndPassword'
+                            connectionName                          = 'FakeStringValue'
+                            connectionType                          = 'ciscoAnyConnect'
+                            customData             = @(
+                                @{
+                                    key                  = 'FakeStringValue'
+                                    value                = 'FakeStringValue'
+                                }
+                            )     
+                            customKeyValueData      = @(
+                                @{
+                                    name                  = 'FakeStringValue'
+                                    value                = 'FakeStringValue'
+                                }
+                            )                                                                                                                                                                             
+                            servers                                  = @(
+                                @{
+                                    isDefaultServer                  = $True
+                                    description                      = 'server'
+                                    address                          = 'vpn.CHANGED.com' #changed value
+                                }
+                            )    
+                            proxyServer                              = @(
+                                 @{
+                                    port                             = 80
+                                    automaticConfigurationScriptUrl  = 'https://www.test.com'
+                                    address                          = 'proxy.test.com'
+                                 }
+                            )
+                            targetedMobileApps                      = @(
+                                @{
+                                    name                            = 'FakeStringValue'
+                                    publisher                       = 'FakeStringValue'
+                                    appStoreUrl                     = 'FakeStringValue'
+                                    appId                           = 'FakeStringValue'
+                                }
+                            )                                                                                      
+                        }
+                    }
+                }
+            }
+
+            It 'Should return Present from the Get method' {
+                    (Get-TargetResource @testParams).Ensure | Should -Be 'Present' #-Displayname 'FakeStringValue').Ensure | Should -Be 'Present' #
+            }
+
+            It 'Should return false from the Test method' {
+                Test-TargetResource @testParams | Should -Be $false
+            }
+
+            It 'Should update the IntuneVPNConfigurationPolicyAndroidEnterprise from the Set method' {
+                Set-TargetResource @testParams
+                Should -Invoke -CommandName Update-MgBetaDeviceManagementDeviceConfiguration -Exactly 1
+               
+            }
+        }
+
+       Context -Name 'When the policy already exists and IS in the Desired State' -Fixture {
+            BeforeAll {
+               $testParams = @{
+                    DisplayName                              = 'FakeStringValue'
+                    Description                              = 'FakeStringValue'
+                    authenticationMethod                     = 'usernameAndPassword'
+                    connectionName                           = 'FakeStringValue'
+                    connectionType                           = 'ciscoAnyConnect'
+                    proxyServer                              = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftvpnProxyServer `
+                        -Property @{
+                            port                             = 80
+                            automaticConfigurationScriptUrl  = 'https://www.test.com'
+                            address                          = 'proxy.test.com'
+                        } -ClientOnly)
+                    )
+                    servers                                   = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftGraphvpnServer `
+                        -Property @{
+                            isDefaultServer                  = $True
+                            description                      = 'server'
+                            address                          = 'vpn.test.com'
+                        } -ClientOnly)
+                    )
+                    customData                               = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_CustomData `
+                        -Property @{
+                            key                              = 'FakeStringValue'
+                            value                            = 'FakeStringValue'
+                        } -ClientOnly)
+                    )  
+                    customKeyValueData      = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_CustomData `
+                        -Property @{
+                            name                            = 'FakeStringValue'
+                            value                           = 'FakeStringValue'
+                        } -ClientOnly)
+                    )                                                                                                                                                                       
+                    targetedMobileApps                    = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_targetedMobileApps `
+                        -Property @{
+                            name                            = 'FakeStringValue'
+                            publisher                       = 'FakeStringValue'
+                            appStoreUrl                     = 'FakeStringValue'
+                            appId                           = 'FakeStringValue'
+                        } -ClientOnly)
+                    )  
+                    Ensure                                  = 'Present'
+                    Credential                              = $Credential
+                }
+
+                Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+                   return  @{
+                        DisplayName                                 = 'FakeStringValue'
+                        Description                                 = 'FakeStringValue'
+                        AdditionalProperties                        = @{
+                            '@odata.type'                           = '#microsoft.graph.androidVpnConfiguration'
+                            authenticationMethod                    = 'usernameAndPassword'
+                            connectionName                          = 'FakeStringValue'
+                            connectionType                          = 'ciscoAnyConnect'
+                            proxyServer                             = @(
+                                @{
+                                    port                            = 80
+                                    automaticConfigurationScriptUrl = 'https://www.test.com'
+                                    address                         = 'proxy.test.com'
+                                }
+                            )
+                            servers                                  = @(
+                                @{
+                                    isDefaultServer                 = $True
+                                    description                     = 'server'
+                                    address                         = 'vpn.test.com'
+                                }
+                            )
+                            customData                              = @(
+                                @{
+                                    key                             = 'FakeStringValue'
+                                    value                           = 'FakeStringValue'
+                                }
+                            )
+                            customKeyValueData                      = @(
+                                @{
+                                    name                            = 'FakeStringValue'
+                                    value                           = 'FakeStringValue'
+                                }
+                            )
+                            targetedMobileApps                    = @(
+                                @{
+                                    name                            = 'FakeStringValue'
+                                    publisher                       = 'FakeStringValue'
+                                    appStoreUrl                     = 'FakeStringValue'
+                                    appId                           = 'FakeStringValue'
+                                }
+                            )
+                        }
+                    }
+                }
+            }
+
+            It 'Should return true from the Test method' {
+                Test-TargetResource @testParams | Should -Be $true
+            }
+        }
+
+        Context -Name 'When the policy exists and it SHOULD NOT' -Fixture {
+            BeforeAll {
+                $testParams = @{
+                    DisplayName                             = 'FakeStringValue'
+                    Description                             = 'FakeStringValue'
+                    authenticationMethod                    = 'usernameAndPassword'
+                    connectionName                          = 'FakeStringValue'
+                    connectionType                          = 'ciscoAnyConnect'
+                    proxyServer                             = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftvpnProxyServer `
+                        -Property @{
+                            port = 80
+                            automaticConfigurationScriptUrl = 'https://www.test.com'
+                            address                         = 'proxy.test.com'
+                        } -ClientOnly)
+                    )
+                    servers                                 = [CimInstance[]]@(
+                        (New-CimInstance `
+                        -ClassName MSFT_MicrosoftGraphvpnServer `
+                        -Property @{
+                            isDefaultServer                 = $True
+                            description                     = 'server'
+                            address                         = 'vpn.test.com'
+                        } -ClientOnly)
+                    )
+                    Ensure                                  = 'Absent'
+                    Credential                              = $Credential
+                }
+
+                Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+                   return @{
+                        DisplayName                                  = 'FakeStringValue'
+                        Description                                  = 'FakeStringValue'
+                        AdditionalProperties                         = @{
+                            '@odata.type'                           = '#microsoft.graph.androidVpnConfiguration'
+                            authenticationMethod                     = 'usernameAndPassword'
+                            connectionName                           = 'FakeStringValue'
+                            connectionType                           = 'ciscoAnyConnect'
+                            proxyServer                              = @(
+                                @{
+                                    port                             = 80
+                                    automaticConfigurationScriptUrl  = 'https://www.test.com'
+                                    address                          = 'proxy.test.com'
+                                }
+                            )
+                            servers                                  = @(
+                                @{
+                                    isDefaultServer                  = $True
+                                    description                      = 'server'
+                                    address                          = 'vpn.test.com'
+                                }
+                            )
+                        }
+                    }
+                }
+            }
+
+            It 'Should return Present from the Get method' {
+                    (Get-TargetResource @testParams).Ensure | Should -Be 'Present'
+            }
+
+            It 'Should return true from the Test method' {
+                Test-TargetResource @testParams | Should -Be $false
+            }
+
+            It 'Should remove the IntuneVPNConfigurationPolicyAndroidEnterprise from the Set method' {
+                Set-TargetResource @testParams
+                Should -Invoke -CommandName Remove-MgBetaDeviceManagementDeviceConfiguration -Exactly 1
+            }
+        }
+
+        Context -Name 'ReverseDSC Tests' -Fixture {
+            BeforeAll {
+                $Global:CurrentModeIsExport = $true
+                $Global:PartialExportFileName = "$(New-Guid).partial.ps1"
+                $testParams = @{
+                    Credential = $Credential
+                }
+
+                Mock -CommandName Get-MgBetaDeviceManagementDeviceConfiguration -MockWith {
+                   return @{
+                        DisplayName                                 = 'FakeStringValue'
+                        Description                                 = 'FakeStringValue'
+                        AdditionalProperties                        = @{
+                            '@odata.type'                           = '#microsoft.graph.androidVpnConfiguration'
+                            authenticationMethod                    = 'usernameAndPassword'
+                            connectionName                          = 'FakeStringValue'
+                            connectionType                          = 'ciscoAnyConnect'
+                            proxyServer                             = @(
+                                @{
+                                    port                            = 80
+                                    automaticConfigurationScriptUrl = 'https://www.test.com'
+                                    address                         = 'proxy.test.com'
+                                }
+                            )
+                            servers                                 = @(
+                                @{
+                                    isDefaultServer                 = $True
+                                    description                     = 'server'
+                                    address                         = 'vpn.test.com'
+                                }
+                            )
+                        }
+                    }
+                }
+            }
+
+            It 'Should Reverse Engineer resource from the Export method' {
+                $result = Export-TargetResource @testParams
+                $result | Should -Not -BeNullOrEmpty
+            }
+        }
+    }
+}
+
+Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope
\ No newline at end of file
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365Group.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365Group.Tests.ps1
index 689076b986..f82ac6aa03 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365Group.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365Group.Tests.ps1
@@ -27,6 +27,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return 'Credentials'
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1
index be6cb38e38..36439be509 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1
@@ -28,6 +28,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
+            Mock -CommandName Reset-MSCloudLoginConnectionProfileContext -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return 'Credentials'
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.PlannerTask.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.PlannerTask.Tests.ps1
index ff88c6593e..fe372d8589 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.PlannerTask.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.PlannerTask.Tests.ps1
@@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Save-M365DSCPartialExport -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName Connect-Graph -MockWith {
             }
 
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1
index de2f686924..c87fdb9bfd 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.SPOTenantSettings.Tests.ps1
@@ -28,6 +28,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Confirm-M365DSCDependencies -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return 'Credentials'
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsChannelTab.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsChannelTab.Tests.ps1
index d301eb29ba..c15f4eaca2 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsChannelTab.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsChannelTab.Tests.ps1
@@ -30,6 +30,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
             Mock -CommandName Save-M365DSCPartialExport -MockWith {
             }
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
+
             Mock -CommandName New-M365DSCConnection -MockWith {
                 return 'Credentials'
             }
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1
index d14b7cb764..bb298c8291 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.TeamsTeam.Tests.ps1
@@ -27,6 +27,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
 
             $Global:PartialExportFileName = 'c:\TestPath'
 
+            Mock -CommandName Get-MSCloudLoginConnectionProfile -MockWith {
+            }
 
             Mock -CommandName Save-M365DSCPartialExport -MockWith {
             }
diff --git a/Tests/Unit/Stubs/Generic.psm1 b/Tests/Unit/Stubs/Generic.psm1
index 6ad5a76fa7..eedf2c58dd 100644
--- a/Tests/Unit/Stubs/Generic.psm1
+++ b/Tests/Unit/Stubs/Generic.psm1
@@ -1273,3 +1273,20 @@ function Disable-EOPProtectionPolicyRule
         $Identity
     )
 }
+
+
+#region MSCloudLoginAssistant
+function Get-MSCloudLoginConnectionProfile{
+    [CmdletBinding()]
+    param
+    (
+        [Parameter()]
+        [System.String]
+        $Workload
+    )
+}
+
+function Reset-MSCloudLoginConnectionProfileContext
+{
+}
+#endregion
diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1
index 7ae62a90b4..4f8feade39 100644
--- a/Tests/Unit/Stubs/Microsoft365.psm1
+++ b/Tests/Unit/Stubs/Microsoft365.psm1
@@ -105148,3 +105148,294 @@ function Update-MgBetaDeviceManagementRoleScopeTagAssignment
 
 #endregion
 
+#region MgDeviceManagementDeviceConfigurationAssignment
+function Get-MgDeviceManagementDeviceConfigurationAssignment
+{
+    [CmdletBinding()]
+    param
+    (
+        [Parameter()]
+        [System.String]
+        $DeviceConfigurationAssignmentId,
+
+        [Parameter()]
+        [System.String]
+        $DeviceConfigurationId,
+
+        [Parameter()]
+        [PSObject]
+        $InputObject,
+
+        [Parameter()]
+        [System.String[]]
+        $ExpandProperty,
+
+        [Parameter()]
+        [System.String[]]
+        $Property,
+
+        [Parameter()]
+        [System.String]
+        $Filter,
+
+        [Parameter()]
+        [System.String]
+        $Search,
+
+        [Parameter()]
+        [System.Int32]
+        $Skip,
+
+        [Parameter()]
+        [System.String[]]
+        $Sort,
+
+        [Parameter()]
+        [System.Int32]
+        $Top,
+
+        [Parameter()]
+        [System.String]
+        $ResponseHeadersVariable,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $Break,
+
+        [Parameter()]
+        [System.Collections.IDictionary]
+        $Headers,
+
+        [Parameter()]
+        [PSObject[]]
+        $HttpPipelineAppend,
+
+        [Parameter()]
+        [PSObject[]]
+        $HttpPipelinePrepend,
+
+        [Parameter()]
+        [System.Uri]
+        $Proxy,
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $ProxyCredential,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $ProxyUseDefaultCredentials,
+
+        [Parameter()]
+        [System.Int32]
+        $PageSize,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $All,
+
+        [Parameter()]
+        [System.String]
+        $CountVariable
+    )
+}
+
+function New-MgDeviceManagementDeviceConfigurationAssignment
+{
+    [CmdletBinding()]
+    param
+    (
+        [Parameter()]
+        [System.String]
+        $DeviceConfigurationId,
+
+        [Parameter()]
+        [PSObject]
+        $InputObject,
+
+        [Parameter()]
+        [PSObject]
+        $BodyParameter,
+
+        [Parameter()]
+        [System.String]
+        $ResponseHeadersVariable,
+
+        [Parameter()]
+        [System.Collections.Hashtable]
+        $AdditionalProperties,
+
+        [Parameter()]
+        [System.String]
+        $Id,
+
+        [Parameter()]
+        [System.Collections.Hashtable]
+        $Target,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $Break,
+
+        [Parameter()]
+        [System.Collections.IDictionary]
+        $Headers,
+
+        [Parameter()]
+        [PSObject[]]
+        $HttpPipelineAppend,
+
+        [Parameter()]
+        [PSObject[]]
+        $HttpPipelinePrepend,
+
+        [Parameter()]
+        [System.Uri]
+        $Proxy,
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $ProxyCredential,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $ProxyUseDefaultCredentials,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $Confirm
+    )
+}
+
+function Remove-MgDeviceManagementDeviceConfigurationAssignment
+{
+    [CmdletBinding()]
+    param
+    (
+        [Parameter()]
+        [System.String]
+        $DeviceConfigurationAssignmentId,
+
+        [Parameter()]
+        [System.String]
+        $DeviceConfigurationId,
+
+        [Parameter()]
+        [PSObject]
+        $InputObject,
+
+        [Parameter()]
+        [System.String]
+        $ResponseHeadersVariable,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $Break,
+
+        [Parameter()]
+        [System.Collections.IDictionary]
+        $Headers,
+
+        [Parameter()]
+        [PSObject[]]
+        $HttpPipelineAppend,
+
+        [Parameter()]
+        [PSObject[]]
+        $HttpPipelinePrepend,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $PassThru,
+
+        [Parameter()]
+        [System.Uri]
+        $Proxy,
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $ProxyCredential,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $ProxyUseDefaultCredentials,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $Confirm
+    )
+}
+
+function Update-MgDeviceManagementDeviceConfigurationAssignment
+{
+    [CmdletBinding()]
+    param
+    (
+        [Parameter()]
+        [System.String]
+        $DeviceConfigurationAssignmentId,
+
+        [Parameter()]
+        [System.String]
+        $DeviceConfigurationId,
+
+        [Parameter()]
+        [PSObject]
+        $InputObject,
+
+        [Parameter()]
+        [PSObject]
+        $BodyParameter,
+
+        [Parameter()]
+        [System.String]
+        $ResponseHeadersVariable,
+
+        [Parameter()]
+        [System.Collections.Hashtable]
+        $AdditionalProperties,
+
+        [Parameter()]
+        [System.String]
+        $Id,
+
+        [Parameter()]
+        [System.Collections.Hashtable]
+        $Target,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $Break,
+
+        [Parameter()]
+        [System.Collections.IDictionary]
+        $Headers,
+
+        [Parameter()]
+        [PSObject[]]
+        $HttpPipelineAppend,
+
+        [Parameter()]
+        [PSObject[]]
+        $HttpPipelinePrepend,
+
+        [Parameter()]
+        [System.Uri]
+        $Proxy,
+
+        [Parameter()]
+        [System.Management.Automation.PSCredential]
+        $ProxyCredential,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $ProxyUseDefaultCredentials,
+
+        [Parameter()]
+        [System.Management.Automation.SwitchParameter]
+        $Confirm
+    )
+}
+
+#endregion
+
diff --git a/docs/docs/resources/intune/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.md b/docs/docs/resources/intune/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.md
new file mode 100644
index 0000000000..7b3ad2b526
--- /dev/null
+++ b/docs/docs/resources/intune/IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile.md
@@ -0,0 +1,223 @@
+# IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile
+
+## Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **DisplayName** | Key | String | Display name for the enrollment profile. | |
+| **Id** | Write | String | Unique GUID for the enrollment profile. Read-Only. | |
+| **AccountId** | Write | String | Intune AccountId GUID the enrollment profile belongs to. | |
+| **Description** | Write | String | Description for the enrollment profile. | |
+| **EnrollmentMode** | Write | String | The enrollment mode of devices that use this enrollment profile. | `corporateOwnedDedicatedDevice`, `corporateOwnedFullyManaged`, `corporateOwnedWorkProfile`, `corporateOwnedAOSPUserlessDevice`, `corporateOwnedAOSPUserAssociatedDevice` |
+| **EnrollmentTokenType** | Write | String | The enrollment token type for an enrollment profile. | `default`, `corporateOwnedDedicatedDeviceWithAzureADSharedMode`, `deviceStaging` |
+| **TokenValue** | Write | String | Value of the most recently created token for this enrollment profile. | |
+| **TokenCreationDateTime** | Write | String | Date time the most recently created token was created. | |
+| **TokenExpirationDateTime** | Write | String | Date time the most recently created token will expire. | |
+| **EnrolledDeviceCount** | Write | UInt32 | Total number of Android devices that have enrolled using this enrollment profile. | |
+| **EnrollmentTokenUsageCount** | Write | UInt32 | Total number of AOSP devices that have enrolled using the current token. Valid values 0 to 20000 | |
+| **QrCodeContent** | Write | String | String used to generate a QR code for the token. | |
+| **QrCodeImage** | Write | MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage | String used to generate a QR code for the token. | |
+| **RoleScopeTagIds** | Write | StringArray[] | List of Scope Tags for this Entity instance. | |
+| **ConfigureWifi** | Write | Boolean | Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default. | |
+| **WifiSsid** | Write | String | String that contains the wi-fi login ssid | |
+| **WifiPassword** | Write | PSCredential | String that contains the wi-fi login password. The parameter is a PSCredential object. | |
+| **WifiSecurityType** | Write | String | String that contains the wi-fi security type. | `none`, `wpa`, `wep` |
+| **WifiHidden** | Write | Boolean | Boolean that indicates if hidden wifi networks are enabled | |
+| **IsTeamsDeviceProfile** | Write | Boolean | Boolean indicating if this profile is an Android AOSP for Teams device profile. | |
+| **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` |
+| **Credential** | Write | PSCredential | Credentials of the workload's Admin | |
+| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | |
+| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
+| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
+| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | |
+| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | |
+
+### MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage
+
+#### Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **type** | Write | String | Indicates the content mime type. | |
+| **value** | Write | UInt32Array[] | The byte array that contains the actual content. | |
+
+## Description
+
+Enrollment Profile used to enroll Android Enterprise devices using Google's Cloud Management.
+
+## Permissions
+
+### Microsoft Graph
+
+To authenticate with the Microsoft Graph API, this resource required the following permissions:
+
+#### Delegated permissions
+
+- **Read**
+
+    - DeviceManagementConfiguration.Read.All
+
+- **Update**
+
+    - DeviceManagementConfiguration.ReadWrite.All
+
+#### Application permissions
+
+- **Read**
+
+    - DeviceManagementConfiguration.Read.All
+
+- **Update**
+
+    - DeviceManagementConfiguration.ReadWrite.All
+
+## Examples
+
+### Example 1
+
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+
+```powershell
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+
+    Import-DscResource -ModuleName Microsoft365DSC
+    node localhost
+    {
+        IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
+        {
+            AccountId                 = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e";
+            ApplicationId             = $ApplicationId;
+            CertificateThumbprint     = $CertificateThumbprint;
+            ConfigureWifi             = $True;
+            Description               = "This is my enrollment profile";
+            DisplayName               = "MyTestEnrollmentProfile";
+            EnrolledDeviceCount       = 0;
+            EnrollmentMode            = "corporateOwnedDedicatedDevice";
+            EnrollmentTokenType       = "default";
+            EnrollmentTokenUsageCount = 0;
+            Ensure                    = "Present";
+            IsTeamsDeviceProfile      = $False;
+            RoleScopeTagIds           = @("0");
+            TenantId                  = $TenantId;
+            TokenCreationDateTime     = "10/26/2024 1:02:29 AM";
+            TokenExpirationDateTime   = "10/31/2024 3:59:59 AM";
+            WifiHidden                = $False;
+            WifiSecurityType          = "none";
+        }
+    }
+}
+```
+
+### Example 2
+
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+
+```powershell
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+    node localhost
+    {
+        IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
+        {
+            AccountId                 = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e";
+            ApplicationId             = $ApplicationId;
+            CertificateThumbprint     = $CertificateThumbprint;
+            ConfigureWifi             = $True;
+            Description               = "This is my enrollment profile";
+            DisplayName               = "MyTestEnrollmentProfile";
+            EnrolledDeviceCount       = 0;
+            EnrollmentMode            = "corporateOwnedDedicatedDevice";
+            EnrollmentTokenType       = "default";
+            EnrollmentTokenUsageCount = 0;
+            Ensure                    = "Present";
+            IsTeamsDeviceProfile      = $False;
+            RoleScopeTagIds           = @("0");
+            TenantId                  = $TenantId;
+            TokenCreationDateTime     = "10/26/2024 1:02:29 AM";
+            TokenExpirationDateTime   = "10/31/2024 3:59:59 AM";
+            WifiHidden                = $True; #Drift
+            WifiSecurityType          = "none";
+        }
+    }
+}
+```
+
+### Example 3
+
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+
+```powershell
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+    node localhost
+    {
+        IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
+        {
+            AccountId                 = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e";
+            ApplicationId             = $ApplicationId;
+            CertificateThumbprint     = $CertificateThumbprint;
+            ConfigureWifi             = $True;
+            Description               = "This is my enrollment profile";
+            DisplayName               = "MyTestEnrollmentProfile";
+            EnrolledDeviceCount       = 0;
+            EnrollmentMode            = "corporateOwnedDedicatedDevice";
+            EnrollmentTokenType       = "default";
+            EnrollmentTokenUsageCount = 0;
+            Ensure                    = "Absent";
+            IsTeamsDeviceProfile      = $False;
+            RoleScopeTagIds           = @("0");
+            TenantId                  = $TenantId;
+            TokenCreationDateTime     = "10/26/2024 1:02:29 AM";
+            TokenExpirationDateTime   = "10/31/2024 3:59:59 AM";
+            WifiHidden                = $False;
+            WifiSecurityType          = "none";
+        }
+    }
+}
+```
+
diff --git a/docs/docs/resources/intune/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.md b/docs/docs/resources/intune/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.md
index 5418d04e0f..e5bbfaa8ad 100644
--- a/docs/docs/resources/intune/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.md
+++ b/docs/docs/resources/intune/IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile.md
@@ -1,4 +1,4 @@
-# IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile
+# IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile
 
 ## Parameters
 
@@ -32,7 +32,7 @@
 | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | |
 | **AccessTokens** | Write | StringArray[] | Access token used for authentication. | |
 
-### MSFT_IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfileQRImage
+### MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfileQRImage
 
 #### Parameters
 
@@ -97,8 +97,7 @@ Configuration Example
 
     Import-DscResource -ModuleName Microsoft365DSC
     node localhost
-    {
-        IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
+    {"IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
         {
             AccountId                 = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e";
             ApplicationId             = $ApplicationId;
@@ -147,7 +146,7 @@ Configuration Example
     Import-DscResource -ModuleName Microsoft365DSC
     node localhost
     {
-        IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
+        "IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
         {
             AccountId                 = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e";
             ApplicationId             = $ApplicationId;
@@ -195,8 +194,7 @@ Configuration Example
     )
     Import-DscResource -ModuleName Microsoft365DSC
     node localhost
-    {
-        IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile "IntuneDeviceManagmentAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
+    {"IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile-MyTestEnrollmentProfile"
         {
             AccountId                 = "8d2ac1fd-0ac9-4047-af2f-f1e6323c9a34e";
             ApplicationId             = $ApplicationId;
diff --git a/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidDeviceOwner.md b/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidDeviceOwner.md
new file mode 100644
index 0000000000..64f3069235
--- /dev/null
+++ b/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidDeviceOwner.md
@@ -0,0 +1,324 @@
+# IntuneVPNConfigurationPolicyAndroidDeviceOwner
+
+## Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **Id** | Write | String | Id of the Intune policy. | |
+| **DisplayName** | Key | String | Display name of the Intune policy. | |
+| **Description** | Write | String | Description of the Intune policy. | |
+| **authenticationMethod** | Write | String | Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. | `certificate`, `usernameAndPassword`, `sharedSecret`, `derivedCredential`, `azureAD` |
+| **connectionName** | Write | String | Connection name displayed to the user. | |
+| **role** | Write | String | Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration. | |
+| **realm** | Write | String | Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration. | |
+| **servers** | Write | MSFT_MicrosoftGraphvpnServer[] | VPN Server on the network. Make sure end users can access this network location. | |
+| **connectionType** | Write | String | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect. | `ciscoAnyConnect`, `pulseSecure`, `f5EdgeClient`, `dellSonicWallMobileConnect`, `checkPointCapsuleVpn`, `citrix`, `microsoftTunnel`, `netMotionMobility`, `microsoftProtect` |
+| **proxyServer** | Write | MSFT_MicrosoftvpnProxyServer[] | Proxy Server. | |
+| **targetedPackageIds** | Write | StringArray[] | Targeted App package IDs. | |
+| **targetedMobileApps** | Write | MSFT_targetedMobileApps[] | Targeted mobile apps. This collection can contain a maximum of 500 elements. | |
+| **alwaysOn** | Write | Boolean | Whether or not to enable always-on VPN connection. | |
+| **alwaysOnLockdown** | Write | Boolean | If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected. | |
+| **microsoftTunnelSiteId** | Write | String | Microsoft Tunnel site ID. | |
+| **proxyExclusionList** | Write | StringArray[] | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. | |
+| **customData** | Write | MSFT_customData[] | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. | |
+| **customKeyValueData** | Write | MSFT_customKeyValueData[] | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. | |
+| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | |
+| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` |
+| **Credential** | Write | PSCredential | Credentials of the Intune Admin | |
+| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | |
+| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
+| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | |
+| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
+| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | |
+| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | |
+
+### MSFT_DeviceManagementConfigurationPolicyAssignments
+
+#### Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` |
+| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` |
+| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | |
+| **groupId** | Write | String | The group Id that is the target of the assignment. | |
+| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | |
+| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | |
+
+### MSFT_MicrosoftGraphVpnServer
+
+#### Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **address** | Write | String | Address (IP address, FQDN or URL) | |
+| **description** | Write | String | Description. | |
+| **isDefaultServer** | Write | Boolean | Default server. | |
+
+### MSFT_MicrosoftvpnProxyServer
+
+#### Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **automaticConfigurationScriptUrl** | Write | String | Proxy's automatic configuration script url. | |
+| **address** | Write | String | Address. | |
+| **port** | Write | UInt32 | Port. Valid values 0 to 65535. | |
+
+### MSFT_targetedMobileApps
+
+#### Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **name** | Write | String | The application name. | |
+| **publisher** | Write | String | The publisher of the application. | |
+| **appStoreUrl** | Write | String | The Store URL of the application. | |
+| **appId** | Write | String | The application or bundle identifier of the application. | |
+
+### MSFT_CustomData
+
+#### Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **key** | Write | String | Key for the custom data entry. | |
+| **value** | Write | String | Value for the custom data entry. | |
+
+### MSFT_customKeyValueData
+
+#### Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **name** | Write | String | Name for the custom data entry. | |
+| **value** | Write | String | Value for the custom data entry. | |
+
+
+## Description
+
+This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices.
+
+## Permissions
+
+### Microsoft Graph
+
+To authenticate with the Microsoft Graph API, this resource required the following permissions:
+
+#### Delegated permissions
+
+- **Read**
+
+    - Group.Read.All, DeviceManagementConfiguration.Read.All
+
+- **Update**
+
+    - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All
+
+#### Application permissions
+
+- **Read**
+
+    - Group.Read.All, DeviceManagementConfiguration.Read.All
+
+- **Update**
+
+    - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All
+
+## Examples
+
+### Example 1
+
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+
+```powershell
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example"
+        {
+            ApplicationId                           = $ApplicationId;
+            TenantId                                = $TenantId;
+            CertificateThumbprint                   = $CertificateThumbprint;
+            Assignments                             = @();
+            alwaysOn                                = $False;
+            authenticationMethod                    = "azureAD";
+            connectionName                          = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName";
+            connectionType                          = "microsoftProtect";
+            Description                             = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description";
+            DisplayName                             = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName";
+            Ensure                                  = "Present";
+            Id                                      = "12345678-1234-abcd-1234-12345678ABCD";
+            customData                              = @(
+                MSFT_CustomData{
+                    key                             = 'fakeCustomData'
+                    value                           = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]'
+                }
+            );
+            customKeyValueData                      = @(
+                MSFT_customKeyValueData{
+                    value                           = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]'
+                    name                            = 'fakeCustomKeyValueData'
+                }
+            );
+            microsoftTunnelSiteId                   = "12345678-1234-abcd-1234-12345678ABCD";
+            proxyExclusionList                      = @();
+            proxyServer                             = @(
+                MSFT_MicrosoftvpnProxyServer{
+                    port                            = 8080
+                    automaticConfigurationScriptUrl = 'fakestringvalue'
+                    address                         = 'fake-proxy-adress.com'
+                }
+            );
+            servers                                 = @(
+                MSFT_MicrosoftGraphvpnServer{
+                    isDefaultServer                 = $True
+                    description                     = 'fakestringvalue'
+                    address                         = 'fake.server.com:8080'
+                }
+            );
+            targetedMobileApps                      = @(
+                MSFT_targetedMobileApps{
+                    name                            = 'fakestringvalue'
+                    publisher                       = 'Fake Corporation'
+                    appId                           = 'com.fake.emmx'
+                }
+            );
+        }
+    }
+}
+```
+
+### Example 2
+
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+
+```powershell
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example"
+        {
+            ApplicationId                           = $ApplicationId;
+            TenantId                                = $TenantId;
+            CertificateThumbprint                   = $CertificateThumbprint;
+            Assignments                             = @();
+            alwaysOn                                = $False;
+            authenticationMethod                    = "azureAD";
+            connectionName                          = "IntuneVPNConfigurationPolicyAndroidDeviceOwner ConnectionName";
+            connectionType                          = "microsoftProtect";
+            Description                             = "IntuneVPNConfigurationPolicyAndroidDeviceOwner Description";
+            DisplayName                             = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName";
+            Ensure                                  = "Present";
+            Id                                      = "12345678-1234-abcd-1234-12345678ABCD";
+            customData                              = @(
+                MSFT_CustomData{
+                    key                             = 'fakeCustomData'
+                    value                           = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]'
+                }
+            );
+            customKeyValueData                      = @(
+                MSFT_customKeyValueData{
+                    value                           = '[{"key":"fakestring1","type":"int","value":"1"},{"type":"int","key":"fakestring2","value":"0"}]'
+                    name                            = 'fakeCustomKeyValueData'
+                }
+            );
+            microsoftTunnelSiteId                   = "12345678-1234-abcd-1234-12345678ABCD";
+            proxyExclusionList                      = @();
+            proxyServer                             = @(
+                MSFT_MicrosoftvpnProxyServer{
+                    port                            = 8080
+                    automaticConfigurationScriptUrl = ''
+                    address                         = 'fake-proxy-adress.com'
+                }
+            );
+            servers                                 = @(
+                MSFT_MicrosoftGraphvpnServer{
+                    isDefaultServer                 = $True
+                    description                     = 'fakestringvalue'
+                    address                         = 'fake.NEWserver.com:8080' #CHANGED VALUE
+                }
+            );
+            targetedMobileApps                      = @(
+                MSFT_targetedMobileApps{
+                    name                            = 'fakestringvalue'
+                    publisher                       = 'Fake Corporation'
+                    appId                           = 'com.fake.emmx'
+                }
+            );
+        }
+    }
+}
+```
+
+### Example 3
+
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+
+```powershell
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        IntuneVPNConfigurationPolicyAndroidDeviceOwner "IntuneVPNConfigurationPolicyAndroidDeviceOwner-Example"
+        {
+            ApplicationId         = $ApplicationId;
+            TenantId              = $TenantId;
+            CertificateThumbprint = $CertificateThumbprint;
+            DisplayName           = "IntuneVPNConfigurationPolicyAndroidDeviceOwner DisplayName";
+            Ensure                = "Absent";
+        }
+    }
+}
+```
+
diff --git a/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidEnterprise.md b/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidEnterprise.md
new file mode 100644
index 0000000000..b325f4cfdc
--- /dev/null
+++ b/docs/docs/resources/intune/IntuneVPNConfigurationPolicyAndroidEnterprise.md
@@ -0,0 +1,266 @@
+# IntuneVPNConfigurationPolicyAndroidEnterprise
+
+## Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **Id** | Write | String | Id of the Intune policy. | |
+| **DisplayName** | Key | String | Display name of the Intune policy. | |
+| **Description** | Write | String | Description of the Intune policy. | |
+| **authenticationMethod** | Write | String | Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. | `certificate`, `usernameAndPassword`, `sharedSecret`, `derivedCredential`, `azureAD` |
+| **connectionName** | Write | String | Connection name displayed to the user. | |
+| **role** | Write | String | Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration. | |
+| **realm** | Write | String | Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration. | |
+| **servers** | Write | MSFT_MicrosoftGraphvpnServer[] | VPN Server on the network. Make sure end users can access this network location. | |
+| **connectionType** | Write | String | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect. | `ciscoAnyConnect`, `pulseSecure`, `f5EdgeClient`, `dellSonicWallMobileConnect`, `checkPointCapsuleVpn`, `citrix`, `microsoftTunnel`, `netMotionMobility`, `microsoftProtect` |
+| **proxyServer** | Write | MSFT_MicrosoftvpnProxyServer[] | Proxy Server. | |
+| **targetedPackageIds** | Write | StringArray[] | Targeted App package IDs. | |
+| **targetedMobileApps** | Write | MSFT_targetedMobileApps[] | Targeted mobile apps. This collection can contain a maximum of 500 elements. | |
+| **alwaysOn** | Write | Boolean | Whether or not to enable always-on VPN connection. | |
+| **alwaysOnLockdown** | Write | Boolean | If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected. | |
+| **microsoftTunnelSiteId** | Write | String | Microsoft Tunnel site ID. | |
+| **proxyExclusionList** | Write | StringArray[] | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. | |
+| **customData** | Write | MSFT_customData[] | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. | |
+| **customKeyValueData** | Write | MSFT_customKeyValueData[] | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. | |
+| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | |
+| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` |
+| **Credential** | Write | PSCredential | Credentials of the Intune Admin | |
+| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | |
+| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
+| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | |
+| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
+| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | |
+| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | |
+
+### MSFT_DeviceManagementConfigurationPolicyAssignments
+
+#### Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` |
+| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` |
+| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | |
+| **groupId** | Write | String | The group Id that is the target of the assignment. | |
+| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | |
+| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | |
+
+### MSFT_MicrosoftGraphVpnServer
+
+#### Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **address** | Write | String | Address (IP address, FQDN or URL) | |
+| **description** | Write | String | Description. | |
+| **isDefaultServer** | Write | Boolean | Default server. | |
+
+### MSFT_MicrosoftvpnProxyServer
+
+#### Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **automaticConfigurationScriptUrl** | Write | String | Proxy's automatic configuration script url. | |
+| **address** | Write | String | Address. | |
+| **port** | Write | UInt32 | Port. Valid values 0 to 65535. | |
+
+### MSFT_targetedMobileApps
+
+#### Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **name** | Write | String | The application name. | |
+| **publisher** | Write | String | The publisher of the application. | |
+| **appStoreUrl** | Write | String | The Store URL of the application. | |
+| **appId** | Write | String | The application or bundle identifier of the application. | |
+
+### MSFT_CustomData
+
+#### Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **key** | Write | String | Key for the custom data entry. | |
+| **value** | Write | String | Value for the custom data entry. | |
+
+### MSFT_customKeyValueData
+
+#### Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **name** | Write | String | Name for the custom data entry. | |
+| **value** | Write | String | Value for the custom data entry. | |
+
+
+## Description
+
+This resource configures an Intune VPN Configuration Policy for Android Enterprise Devices.
+
+## Permissions
+
+### Microsoft Graph
+
+To authenticate with the Microsoft Graph API, this resource required the following permissions:
+
+#### Delegated permissions
+
+- **Read**
+
+    - Group.Read.All, DeviceManagementConfiguration.Read.All
+
+- **Update**
+
+    - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All
+
+#### Application permissions
+
+- **Read**
+
+    - Group.Read.All, DeviceManagementConfiguration.Read.All
+
+- **Update**
+
+    - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All
+
+## Examples
+
+### Example 1
+
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+
+```powershell
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example"
+        {
+            ApplicationId                      = $ApplicationId;
+            TenantId                           = $TenantId;
+            CertificateThumbprint              = $CertificateThumbprint;
+            Assignments                        = @();
+            authenticationMethod               = "usernameAndPassword";
+            connectionName                     = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName";
+            connectionType                     = "ciscoAnyConnect";
+            Description                        = "IntuneVPNConfigurationPolicyAndroidEnterprise Description";
+            DisplayName                        = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName";
+            Ensure                             = "Present";
+            Id                                 = "12345678-1234-abcd-1234-12345678ABCD";
+            servers                            = @(
+                MSFT_MicrosoftGraphvpnServer{
+                    isDefaultServer            = $True
+                    description                = 'server'
+                    address                    = 'vpn.test.com'
+                }
+            );
+        }
+    }
+}
+```
+
+### Example 2
+
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+
+```powershell
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example"
+        {
+            ApplicationId                       = $ApplicationId;
+            TenantId                            = $TenantId;
+            CertificateThumbprint               = $CertificateThumbprint;
+            Assignments                         = @();
+            authenticationMethod                = "usernameAndPassword";
+            connectionName                      = "IntuneVPNConfigurationPolicyAndroidEnterprise ConnectionName";
+            connectionType                      = "ciscoAnyConnect";
+            Description                         = "IntuneVPNConfigurationPolicyAndroidEnterprise Description";
+            DisplayName                         = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName";
+            Ensure                              = "Present";
+            Id                                  = "12345678-1234-abcd-1234-12345678ABCD";
+            servers                             = @(
+                MSFT_MicrosoftGraphvpnServer{
+                    isDefaultServer             = $True
+                    description                 = 'server'
+                    address                     = 'vpn.newAddress.com' #updated VPN address
+                }
+            );
+        }
+    }
+}
+```
+
+### Example 3
+
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+
+```powershell
+Configuration Example
+{
+    param(
+        [Parameter()]
+        [System.String]
+        $ApplicationId,
+
+        [Parameter()]
+        [System.String]
+        $TenantId,
+
+        [Parameter()]
+        [System.String]
+        $CertificateThumbprint
+    )
+    Import-DscResource -ModuleName Microsoft365DSC
+
+    node localhost
+    {
+        IntuneVPNConfigurationPolicyAndroidEnterprise "IntuneVPNConfigurationPolicyAndroidEnterprise-Example"
+        {
+            ApplicationId         = $ApplicationId;
+            TenantId              = $TenantId;
+            CertificateThumbprint = $CertificateThumbprint;
+            DisplayName           = "IntuneVPNConfigurationPolicyAndroidEnterprise DisplayName";
+            Ensure                = "Absent";
+        }
+    }
+}
+```
+
diff --git a/docs/docs/user-guide/cmdlets/New-M365DSCReportFromConfiguration.md b/docs/docs/user-guide/cmdlets/New-M365DSCReportFromConfiguration.md
index 507fad21f2..5c67a55f34 100644
--- a/docs/docs/user-guide/cmdlets/New-M365DSCReportFromConfiguration.md
+++ b/docs/docs/user-guide/cmdlets/New-M365DSCReportFromConfiguration.md
@@ -13,7 +13,7 @@ This function does not generate any output.
 
 | Parameter | Required | DataType | Default Value | Allowed Values | Description |
 | --- | --- | --- | --- | --- | --- |
-| Type | True | String |  | Excel, HTML, JSON, Markdown | The type of report that should be created: Excel or HTML. |
+| Type | True | String |  | Excel, HTML, JSON, Markdown, CSV | The type of report that should be created: Excel or HTML. |
 | ConfigurationPath | True | String |  |  | The path to the exported DSC configuration that the report should be created for. |
 | OutputPath | True | String |  |  | The output path of the report. |